Merge pull request #332 from matthiasdg/feature/no_fixed_url

arnested · web-flow · commit dc749962c492 · 2023-12-01T20:30:32.000+01:00
Support for GitHub enterprise
diff --git a/docker-compose.override.example.yml b/docker-compose.override.example.yml
@@ -6,6 +6,9 @@ services:
         # Repo name (normally set automatically by the action) eg.
         # 'reload/github-security-jira'.
         GITHUB_REPOSITORY: reload/github-security-jira
+        # GitHub URLs (normally set automatically by the action)
+        GITHUB_GRAPHQL_URL: https://api.github.com/graphql
+        GITHUB_SERVER_URL: https://github.com
         # In repos, this is the 'GitHubSecurityToken' secret.
         GH_SECURITY_TOKEN: github_pat
         # In repos, this is the 'JiraApiToken' secret.
diff --git a/src/PullRequestIssue.php b/src/PullRequestIssue.php
@@ -33,9 +33,10 @@ public function __construct(array $data)
         $this->safeVersion = \preg_filter('/.*to ([^ ]+).*/', '$1', $data['title']) ?? '';
 
         $githubRepo = \getenv('GITHUB_REPOSITORY') ?: '';
+        $githubUrl = \getenv('GITHUB_SERVER_URL') ?: 'https://github.com';
 
         $body = <<<EOT
-- Repository: [{$githubRepo}|https://github.com/{$githubRepo}]
+- Repository: [{$githubRepo}|{$githubUrl}/{$githubRepo}]
 - Package: {$this->package}
 - Secure version: {$this->safeVersion}
 - Pull request with more info: [#{$data['number']}|{$data['url']}]
diff --git a/src/SecurityAlertIssue.php b/src/SecurityAlertIssue.php
@@ -78,11 +78,12 @@ public function __construct(array $data)
         $advisory_description = \wordwrap($data['securityVulnerability']['advisory']['description'] ?? '', 100);
         $ecosystem = $data['securityVulnerability']['package']['ecosystem'] ?? '';
         $githubRepo = \getenv('GITHUB_REPOSITORY') ?: '';
+        $githubUrl = \getenv('GITHUB_SERVER_URL') ?: 'https://github.com';
         $safeVersion = $this->safeVersion ?? 'no fix';
 
         $body = <<<EOT
-- Repository: [{$githubRepo}|https://github.com/{$githubRepo}]
-- Alert: [{$this->advisorySummary}|https://github.com/{$githubRepo}/security/dependabot/{$this->alertNumber}]
+- Repository: [{$githubRepo}|{$githubUrl}/{$githubRepo}]
+- Alert: [{$this->advisorySummary}|{$githubUrl}/{$githubRepo}/security/dependabot/{$this->alertNumber}]
 - Package: {$this->package} ($ecosystem)
 - Vulnerable version: {$this->vulnerableVersionRange}
 - Secure version: {$safeVersion}
diff --git a/src/SyncCommand.php b/src/SyncCommand.php
@@ -264,8 +264,8 @@ protected function fetchPullRequestData(): array
     protected function getGHClient(): GraphQLClient
     {
         $access_token = \getenv('GH_SECURITY_TOKEN');
-
-        return ClientBuilder::build('https://api.github.com/graphql', [
+        $graphql_url = \getenv('GITHUB_GRAPHQL_URL') ?: 'https://api.github.com/graphql';
+        return ClientBuilder::build($graphql_url, [
             'headers' => [
                 'Accept' => 'application/json',
                 'Authorization' => "Bearer {$access_token}",
