github: add OIDC_BASE_URL for custom GitHub App installs (#5756)

2026-02-01 22:48:16 +00:00 · 2025-12-18 12:31:13 -05:00
parent 6f43d03043
commit 8b298a233e
2 changed files with 14 additions and 2 deletions
--- a/github/action.yml
+++ b/github/action.yml
@@ -26,6 +26,10 @@ inputs:
    description: "Comma-separated list of trigger phrases (case-insensitive). Defaults to '/opencode,/oc'"
    required: false

+  oidc_base_url:
+    description: "Base URL for OIDC token exchange API. Only required when running a custom GitHub App install. Defaults to https://api.opencode.ai"
+    required: false
+
 runs:
  using: "composite"
  steps:
@@ -62,3 +66,4 @@ runs:
        PROMPT: ${{ inputs.prompt }}
        USE_GITHUB_TOKEN: ${{ inputs.use_github_token }}
        MENTIONS: ${{ inputs.mentions }}
+        OIDC_BASE_URL: ${{ inputs.oidc_base_url }}
--- a/packages/opencode/src/cli/cmd/github.ts
+++ b/packages/opencode/src/cli/cmd/github.ts
@@ -395,6 +395,7 @@ export const GithubRunCommand = cmd({
      const { providerID, modelID } = normalizeModel()
      const runId = normalizeRunId()
      const share = normalizeShare()
+      const oidcBaseUrl = normalizeOidcBaseUrl()
      const { owner, repo } = context.repo
      const payload = context.payload as IssueCommentEvent | PullRequestReviewCommentEvent
      const issueEvent = isIssueCommentEvent(payload) ? payload : undefined
@@ -572,6 +573,12 @@ export const GithubRunCommand = cmd({
        throw new Error(`Invalid use_github_token value: ${value}. Must be a boolean.`)
      }

+      function normalizeOidcBaseUrl(): string {
+        const value = process.env["OIDC_BASE_URL"]
+        if (!value) return "https://api.opencode.ai"
+        return value.replace(/\/+$/, "")
+      }
+
      function isIssueCommentEvent(
        event: IssueCommentEvent | PullRequestReviewCommentEvent,
      ): event is IssueCommentEvent {
@@ -809,14 +816,14 @@ export const GithubRunCommand = cmd({

      async function exchangeForAppToken(token: string) {
        const response = token.startsWith("github_pat_")
-          ? await fetch("https://api.opencode.ai/exchange_github_app_token_with_pat", {
+          ? await fetch(`${oidcBaseUrl}/exchange_github_app_token_with_pat`, {
              method: "POST",
              headers: {
                Authorization: `Bearer ${token}`,
              },
              body: JSON.stringify({ owner, repo }),
            })
-          : await fetch("https://api.opencode.ai/exchange_github_app_token", {
+          : await fetch(`${oidcBaseUrl}/exchange_github_app_token`, {
              method: "POST",
              headers: {
                Authorization: `Bearer ${token}`,