From 8b298a233eb2fd1210455fa112b55c7d117822f7 Mon Sep 17 00:00:00 2001
From: Matt Silverlock <matt@eatsleeprepeat.net>
Date: Thu, 18 Dec 2025 12:31:13 -0500
Subject: [PATCH] github: add OIDC_BASE_URL for custom GitHub App installs
 (#5756)

---
 github/action.yml                       |  5 +++++
 packages/opencode/src/cli/cmd/github.ts | 11 +++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/github/action.yml b/github/action.yml
index 2b45534604..cf276b51c8 100644
--- a/github/action.yml
+++ b/github/action.yml
@@ -26,6 +26,10 @@ inputs:
     description: "Comma-separated list of trigger phrases (case-insensitive). Defaults to '/opencode,/oc'"
     required: false
 
+  oidc_base_url:
+    description: "Base URL for OIDC token exchange API. Only required when running a custom GitHub App install. Defaults to https://api.opencode.ai"
+    required: false
+
 runs:
   using: "composite"
   steps:
@@ -62,3 +66,4 @@ runs:
         PROMPT: ${{ inputs.prompt }}
         USE_GITHUB_TOKEN: ${{ inputs.use_github_token }}
         MENTIONS: ${{ inputs.mentions }}
+        OIDC_BASE_URL: ${{ inputs.oidc_base_url }}
diff --git a/packages/opencode/src/cli/cmd/github.ts b/packages/opencode/src/cli/cmd/github.ts
index 7a8fe098df..027a9be06a 100644
--- a/packages/opencode/src/cli/cmd/github.ts
+++ b/packages/opencode/src/cli/cmd/github.ts
@@ -395,6 +395,7 @@ export const GithubRunCommand = cmd({
       const { providerID, modelID } = normalizeModel()
       const runId = normalizeRunId()
       const share = normalizeShare()
+      const oidcBaseUrl = normalizeOidcBaseUrl()
       const { owner, repo } = context.repo
       const payload = context.payload as IssueCommentEvent | PullRequestReviewCommentEvent
       const issueEvent = isIssueCommentEvent(payload) ? payload : undefined
@@ -572,6 +573,12 @@ export const GithubRunCommand = cmd({
         throw new Error(`Invalid use_github_token value: ${value}. Must be a boolean.`)
       }
 
+      function normalizeOidcBaseUrl(): string {
+        const value = process.env["OIDC_BASE_URL"]
+        if (!value) return "https://api.opencode.ai"
+        return value.replace(/\/+$/, "")
+      }
+
       function isIssueCommentEvent(
         event: IssueCommentEvent | PullRequestReviewCommentEvent,
       ): event is IssueCommentEvent {
@@ -809,14 +816,14 @@ export const GithubRunCommand = cmd({
 
       async function exchangeForAppToken(token: string) {
         const response = token.startsWith("github_pat_")
-          ? await fetch("https://api.opencode.ai/exchange_github_app_token_with_pat", {
+          ? await fetch(`${oidcBaseUrl}/exchange_github_app_token_with_pat`, {
               method: "POST",
               headers: {
                 Authorization: `Bearer ${token}`,
               },
               body: JSON.stringify({ owner, repo }),
             })
-          : await fetch("https://api.opencode.ai/exchange_github_app_token", {
+          : await fetch(`${oidcBaseUrl}/exchange_github_app_token`, {
               method: "POST",
               headers: {
                 Authorization: `Bearer ${token}`,