Fix GHEC base URL Issue#4777
Conversation
…ew() to ensure the enterprise BaseURL is properly inherited
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| if err != nil { | ||
| return nil, fmt.Errorf("could not normalize GHE.com endpoint: %w", err) | ||
| } | ||
| installationTransport.BaseURL = normalizedURL |
There was a problem hiding this comment.
Trailing slash on ghinstallation BaseURL causes mismatch
Medium Severity
normalizeGHECloudAPIEndpoint appends a trailing slash (for go-github's BaseURL requirement), but here its result is assigned to installationTransport.BaseURL, which is a ghinstallation field. The ghinstallation library expects BaseURL without a trailing slash (its default is "https://api.github.com"). This trailing slash can produce double-slash URLs during token refresh (e.g., https://api.company.ghe.com//app/installations/...).
shahzadhaider1
force-pushed
the
fix/ghec-baseurl
branch
from
ee910b3 to
5c03bf8
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| baseURLField := transportVal.FieldByName("BaseURL") | ||
| require.True(t, baseURLField.IsValid(), "Transport should have a BaseURL field") | ||
| assert.Equal(t, enterpriseEndpoint, baseURLField.String(), | ||
| "Transport.BaseURL should be set to enterprise endpoint") |
There was a problem hiding this comment.
Test expects BaseURL without trailing slash, code adds one
Medium Severity
The test asserts that the transport's BaseURL equals enterpriseEndpoint ("https://api.example.ghe.com", no trailing slash). However, normalizeGHECloudAPIEndpoint always sets u.Path = "/" before returning, so the actual BaseURL stored on the installationTransport (and inherited by apiTransport via NewFromAppsTransport) will be "https://api.example.ghe.com/" — with a trailing slash. Both assertions at lines 396 and 408 will fail due to this mismatch.
Additional Locations (1)
1 participant
Description:
Explain the purpose of the PR.
Checklist:
make test-community)?make lintthis requires golangci-lint)?Note
Medium Risk
Changes how GitHub REST/GraphQL clients and GitHub App transports derive
BaseURLfor enterprise endpoints; mis-detection or URL normalization could break authentication or API calls for some enterprise configurations, though coverage is improved with new targeted tests.Overview
Fixes GitHub Enterprise Cloud with data residency (
*.ghe.com) endpoint handling by detecting GHE.com instances, normalizing web vs API hostnames, and building REST/GraphQL clients without/api/v3(GraphQL at/graphql).Updates GitHub App auth to ensure
ghinstallationtoken refresh and clients inherit the correct enterpriseBaseURL(viaNewFromAppsTransport), and adds tests covering GHE.com normalization/detection, correct BaseURL construction for cloud vs GHES vs GHE.com, and App transport BaseURL propagation.Written by Cursor Bugbot for commit 2021488. This will update automatically on new commits. Configure here.