githubocto / flat Goto Github PK

View Code? Open in Web Editor NEW

427.0 8.0 39.0 49.55 MB

The GitHub Action which powers Flat

Home Page: https://next.github.com/projects/flat-data/

License: MIT License

JavaScript 1.09% TypeScript 98.60% Shell 0.32%

flat-data

flat's People

Contributors

Stargazers

Watchers

Forkers

mattrothenberg raineydavid ashvina kvemani dzsquared andmos bayanijulian 4lch4 artificial-cassiano haphut harlow zkan nolim1t boundaryalarm matttateb salinas890609 dwoffinden wattenberger flavianmissi carlos-zwin halcyondude cyberflamego alexxnica alecglen peerawoot-ace mis-saaa-ace nickscript0 invasionbiologyhypotheses cybernetics dinavinter visibilitysaurus evgenyrahman huamichaelchen dalanmiller javierarce jsoref mattpaz

flat's Issues

Feature Request: Make it possible to hide source

👋
Hi guys, thanks for a cool project!
I'm using it to sync down some data from a private URL I would like to keep private, so I have configured the URL from a secret like so:

http_url: ${{ secrets.MY_SECRET_URL }}

But the source comes out in plain text in the commit message:

{
  "date": "2021-05-31T14:01:16.071Z",
  "files": [
    {
      "name": "myfile.json",
      "deltaBytes": 167,
      "source": "https://my_private_server.com"
   }
  ]
}

It would be nice to have the repo open, but able to hide the datasource.

Support `curl` to download

I'd like to be able to set a user-agent (curl -A "MyApp" ...) when downloading files via this action. Could you support curl as well?

How about generating a Deno binary for the action too?

Motivation

I want to use Flat data to track my internet connection speed at home. I can't do that from inside a GitHub Action. I could expose the data via HTTP, but that would require exposing a computer on my network to the internet. I want to run flat on a cron on a computer and push the data to a GitHub repository.

Unfortunately, flat doesn't seem to be particularly easy to consume because it's an unpublished Node.js package.

Approach

Have you considered making the source of flat GitHub Action available as a Deno package? Deno can even build a binary that would make using flat very easy locally.

`mod` import should be fixed

Getting an error on my action here: https://github.com/dalanmiller/baby-swim-flat/runs/3052840184?check_suite_focus=true

Looks like the @octokit/request import within mod.ts is causing issues with an uncaught error

Error: Command failed: NO_COLOR=true deno run -q --allow-read --allow-write --allow-run --allow-net --allow-env --unstable postprocess.ts classes.json
Warning Implicitly using latest version (1.0.0) for https://deno.land/x/url_join/mod.ts
error: Uncaught (in promise) HttpError: Not Found
      const error = new RequestError(toErrorMessage(data), status, {
                    ^
    at https://cdn.skypack.dev/-/@octokit/[email protected]/dist=es2020,mode=imports/optimized/@octokit/request.js:81:21
    at async file:///home/runner/work/baby-swim-flat/baby-swim-flat/postprocess.ts:348:13

Error when running githubocto/flat@v2: Relative import path "ssf" not prefixed with / or ./ or ../ from "https://cdn.deno.land/sheetjs/versions/v0.16.8/raw/types/index.d.ts"

Since three days a step in the github action for the githubcoto/flat@v2 fails with

Relative import path "ssf" not prefixed with / or ./ or ../ from "https://cdn.deno.land/sheetjs/versions/v0.16.8/raw/types/index.d.ts"

The log is here

Any hints for how to resolve this issue?

SQL connection error with Heroku

I'm trying to use the SQL connection with a Heroku database. Heroku requires SSL for postgres connections but provides a self-signed cert.

With a connection string of the form: postgres://user:password@host:post/database

Fetching: SQL
  Error: Unable to connect to database: no pg_hba.conf entry for host "xx.xxx.xx.xxx", user "Read-only", database "xxxxxxxxxxx", SSL off
  Error: Workflow failed! no pg_hba.conf entry for host "xx.xxx.xx.xxx", user "Read-only", database "xxxxxxxxxx", SSL off

With a connection string of the form postgres://user:password@host:post/database?sslmode=require

 Fetching: SQL
  Error: Unable to connect to database: self signed certificate
  Error: Workflow failed! self signed certificate

I think the solution is to add an option to ignore invalid certificates. Here

flat/src/backends/sql.ts

Lines 68 to 71 in e83e6ea

    
           connection = await createConnection({ 
        
             type: protocol, 
        
             url: config.sql_connstring, 
        
           })

I think this needs to pass an ssl object like…

connection = await createConnection({
      type: protocol,
      url: config.sql_connstring,
      ssl: {
        rejectUnauthorized: config.require_valid_cert
      }
    })

Something like that. I'm not a typescript developer but I hope that helps

Using Matrix Strategy results in fast-forward errors

I'm using this action to pull in data from our content repos and commit into the main repo for building. Seems like a great little action for this.

I have a small issue when using matrix strategy with this action. Essentially the problem is that depending on the order of the execution and timing of the execution of the matrix jobs some will fail with a git fast-forward error. One of the other jobs has pushed to the repo in between. This isn't directly related to matrix strategy and any clashing workflows that perform commits to their repos will be affected here.

There are a few possible fixes non of which are perfect so I'm not sure this is necessarily a solvable problem:

Do a git pull before git push (this will reduce the chance of this error occurring but not solve it)
Handle the git push fast-forward error and repeat operation up to say 5 times (e.g. pull then push, pull then push, ...)
Some other magical fix which essentially does a pull push in one operation which I'm not aware exists 😄

I'm more than happy to raise a PR to sort this but just wanted to see which one was preferable from the maintainers!

RFC: GraphQL Support

Hi! Thanks for the awesome functionality provided by Flat Data!

I have come across the need to make a GraphQL query with Flat Data. Specifically, to gather a set of sponsors for a given GitHub organization. I want to then be able to fetch that data in a static website to show a dynamic list of sponsors. I also believe that there could be many other uses for GraphQL queries that are a natural fit for Flat Data.

I am willing to implement a Pull Request to address this functionality. Before I started implementing this change and level of effort I wanted to ensure the maintainers are open to incorporating the feature.

Any feedback is greatly appreciated! Thanks!

Nothing to commit, error code 1

I'm trying out using flat to fetch a json file. This json file changes very infrequently so when testing the file is exactly the same. When I try to run the action the commit command gives an error.

This is my repo where I'm testing things out. If anyone has any pointers that'll be great

`v3` branch is not pointing to latest v3 release

The v3 ref is pointing to v3.3.1 rather than the latest v3.4.0 release, so running this workflow against the v3 ref still yields node12 deprecation warning:

Could someone update the v3 branch to include @mattrothenberg's changes in #86?

I should note that the example in the docs uses v3: https://github.com/githubocto/flat#option-2-manually-create-a-github-actions-workflow-yml-file

Thanks in advance! Big fan of this tool 🙂

Support Node 20, address deprecation warnings

This action now receives the following warning:

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: githubocto/[email protected]. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

(As per issue #76)

Relative import path "ssf" not prefixed with / or ./ or ../

Thanks for developing flat action.

Yesterday my action started failing with an error:

  Warning Implicitly using latest version (1.0.0) for deno.land/x/url_join/mod.ts
  Error: Error: Command failed: deno run -q --allow-read --allow-write --allow-run --allow-net --allow-env --unstable postprocess.js data-raw.json
  Warning Implicitly using latest version (1.0.0) for deno.land/x/url_join/mod.ts
  error: Relative import path "ssf" not prefixed with / or ./ or ../ from "cdn.deno.land/sheetjs/versions/v0.16.8/raw/types/index.d.ts"
  
  error: Relative import path "ssf" not prefixed with / or ./ or ../ from "cdn.deno.land/sheetjs/versions/v0.16.8/raw/types/index.d.ts"

What can I do?

[Feature Request] Ability to specify an alternative header name for authorization

There is an authorization config option which enables the user to specify the Authorization HTTP header value.

However I am wanting to fetch data from an API that uses a different header name for authorization. It would be great if we could configure an alternative header name to use for authorization where I could put my secret - ${{secrets.NAME_OF_THE_CREATED_SECRET}}.

I am aware of axios_config but I don't believe I can reference secrets in there. Thanks!

[Feature Request] Support saving file in a new directory

What did I do

I setup a repo to collect holdings of ARK funds using flat. The repo is up and running.

However, the holding csv downloaded from https://ark-funds.com contains a line of disclosure at the end of the files. I would like to remove the line by applying a postprocessing script to the raw file.

I tried to save the files downloaded from https://ark-funds.com to raw/ARK_INNOVATION_ETF_{fund}_HOLDINGS.csv, and then use the script to remove the disclosure from the raw file, and save the cleared file in ARK_INNOVATION_ETF_{fund}_HOLDINGS.csv.

Here is the GitHub Action config I used:

      - name: Fetch data
        uses: githubocto/flat@v3
        with:
          http_url: https://ark-funds.com/wp-content/uploads/funds-etf-csv/ARK_INNOVATION_ETF_ARKK_HOLDINGS.csv
          downloaded_filename: raw/ARK_INNOVATION_ETF_ARKK_HOLDINGS.csv
          axios_config: query.json
          postprocess: ./postprocess.js

What did I see

GitHub Action execution failed because of Error: ENOENT: no such file or directory, open 'raw/ARK_INNOVATION_ETF_ARKK_HOLDINGS.csv'

What do I want

The file can be created successfully. The action should help me to create the raw directory if it is not exist.

Node upgrade / deprecation warnings

Getting these in the action summary:

Git push fails with error that remote has changes not available locally

Flat action started to fail 2 days in a row. The error happens during push

! [rejected]        master -> master (fetch first)
  error: failed to push some refs to '<repo>/flat'
  hint: Updates were rejected because the remote contains work that you do
  hint: not have locally. This is usually caused by another repository pushing
  hint: to the same ref. You may want to first integrate the remote changes
  hint: (e.g., 'git pull ...') before pushing again.
  hint: See the 'Note about fast-forwards' in 'git push --help' for details.

I checked and I don't have outdated flat action if it was a known issue.

Some runs fail: error: Expected a JavaScript or TypeScript module

Error: Command failed: NO_COLOR=true deno run -q --allow-read --allow-write --allow-run --allow-net --allow-env --unstable post-process.js data.json
Warning Implicitly using latest version (1.0.0) for https://deno.land/x/url_join/mod.ts
error: Expected a JavaScript or TypeScript module, but identified a Unknown module. Importing these types of modules is currently not supported.
  Specifier: https://jspm.dev/npm:[email protected]!cjs
    at https://jspm.dev/xlsx:5:25

I’m running a GitHub action to download images from an api every hour, I used the nasa image example as the template. However sometimes the run fails with this error, what could be the issue?

here’s the failed run:
https://github.com/weirdyang/causeway-image/actions/runs/1737018565
Here’s my post process script
https://github.com/weirdyang/causeway-image/blob/main/post-process.js

Ability to use HTTPS URL with self-signed certificate

I'm looking for an option to use a HTTPS URL with a self-signed certificate.

The solution could either ignore SSL warnings all together, or an option to provide a CA bundle to trust.

I was unable to figure out a way to do this with axios_config.

The URL I'm attempting to use is at https://gdmf.apple.com/v2/pmv.

CI job fails with Module "jspm.dev/xlsx" has no default export

Thanks for working on flat. Recently my pipeline started failing with the following error:

Warning Implicitly using latest version (1.0.0) for [deno.land/x/url_join/mod.ts](https://deno.land/x/url_join/mod.ts)
  Error: Error: Command failed: NO_COLOR=true deno run -q --allow-read --allow-write --allow-run --allow-net --allow-env --unstable postprocess.js data-raw.json
  Warning Implicitly using latest version (1.0.0) for [deno.land/x/url_join/mod.ts](https://deno.land/x/url_join/mod.ts)
  Error: TS1192 [ERROR]: Module '"[jspm.dev/xlsx](https://jspm.dev/xlsx)"' has no default export.
  import xlsxlib from '[jspm.dev/xlsx](https://jspm.dev/xlsx)'
         ~~~~~~~
      at [deno.land/x/[email protected]/src/xlsx.ts:1:8](https://deno.land/x/[email protected]/src/xlsx.ts:1:8)
  
  Error: TS1192 [ERROR]: Module '"[jspm.dev/xlsx](https://jspm.dev/xlsx)"' has no default export.
  import xlsxlib from '[jspm.dev/xlsx](https://jspm.dev/xlsx)'
         ~~~~~~~
      at [deno.land/x/[email protected]/src/xlsx.ts:1:8](https://deno.land/x/[email protected]/src/xlsx.ts:1:8)

Please advice how to fix.

Deno should be run with colored terminal logging output turned off

Logging of Deno errors on Github Actions tabs currenty logs Deno output with messy colored terminal output that can't be rendered in the github log tailing UI.

https://share.getcloudapp.com/GGuWQrnk

The deno command should be run with color disabled as described in the docs here:

https://deno.land/manual/getting_started/setup_your_environment#environmental-variables

Render GeoJSON or Geographic coordinatedata as a map

Could be possible render GeoJSON or geographic coordinate data as a map (eg.: leaflet)?

preview failed

Update dependencies and security vulnerabilities

In addition to #91 flat dependencies are growing long in the tooth.

As of 2024-02-17, there are 32 vulnerabilities (15 moderate, 12 high, 5 critical).

Outdated Modules

Package                              Current    Wanted    Latest  Location                                    Depended by
@actions/core                          1.2.6    1.10.1    1.10.1  node_modules/@actions/core                  flat
@actions/exec                          1.0.4     1.1.1     1.1.1  node_modules/@actions/exec                  flat
@actions/github                        4.0.0     4.0.0     6.0.0  node_modules/@actions/github                flat
@tinyhttp/content-disposition          1.2.0     1.3.0     2.2.0  node_modules/@tinyhttp/content-disposition  flat
@types/jest                          26.0.20   26.0.24   29.5.12  node_modules/@types/jest                    flat
@types/node                         14.14.37  14.18.63  20.11.19  node_modules/@types/node                    flat
@vercel/ncc                           0.27.0    0.27.0    0.38.1  node_modules/@vercel/ncc                    flat
axios                                 0.21.1    0.21.4     1.6.7  node_modules/axios                          flat
connection-string                      4.3.2     4.4.0     4.4.0  node_modules/connection-string              flat
csv-stringify                          5.6.2     5.6.5     6.4.5  node_modules/csv-stringify                  flat
es-mime-types                         0.0.16    0.0.16     0.1.4  node_modules/es-mime-types                  flat
husky                                  6.0.0     6.0.0    9.0.11  node_modules/husky                          flat
jest                                  26.6.3    26.6.3    29.7.0  node_modules/jest                           flat
jest-circus                           26.6.3    26.6.3    29.7.0  node_modules/jest-circus                    flat
mssql                                  6.3.1     6.4.1    10.0.2  node_modules/mssql                          flat
pg                                     8.5.1    8.11.3    8.11.3  node_modules/pg                             flat
prettier                               2.2.1     2.8.8     3.2.5  node_modules/prettier                       flat
reflect-metadata                      0.1.13    0.1.14     0.2.1  node_modules/reflect-metadata               flat
sqlite3                                5.1.6     5.1.7     5.1.7  node_modules/sqlite3                        flat
ts-jest                               26.5.3    26.5.6    29.1.2  node_modules/ts-jest                        flat
typeorm                               0.2.31    0.2.45    0.3.20  node_modules/typeorm                        flat
typescript                             4.2.3     4.9.5     5.3.3  node_modules/typescript                     flat
zod                            3.0.0-alpha.4    3.22.4    3.22.4  node_modules/zod                            flat

Audit Summary

@actions/core  <=1.9.0
Severity: moderate
@actions/core has Delimiter Injection Vulnerability in exportVariable - https://github.com/advisories/GHSA-7r3h-m5j6-3q42
fix available via `npm audit fix`
node_modules/@actions/core

@azure/ms-rest-nodeauth  <=3.0.9
Severity: high
Depends on vulnerable versions of @azure/ms-rest-js
Improper Privilege Management in Azure ms-rest-nodeauth - https://github.com/advisories/GHSA-qpfw-4m9x-rxx8
Depends on vulnerable versions of adal-node
fix available via `npm audit fix`
node_modules/@azure/ms-rest-nodeauth
  tedious  6.3.0 - 6.7.0 || 7.0.0 - 9.2.1
  Depends on vulnerable versions of @azure/ms-rest-nodeauth
  node_modules/tedious

@babel/traverse  <7.23.2
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix`
node_modules/@babel/traverse

async  3.0.0 - 3.2.1
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async

axios  <=1.5.1
Severity: high
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
fix available via `npm audit fix`
node_modules/axios

browserslist  4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix`
node_modules/browserslist

decode-uri-component  <0.2.1
Severity: high
decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq
fix available via `npm audit fix`
node_modules/decode-uri-component

follow-redirects  <=1.15.3
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
fix available via `npm audit fix`
node_modules/follow-redirects

ip  *
Severity: high
NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks - https://github.com/advisories/GHSA-78xj-cgh5-2h22
fix available via `npm audit fix`
node_modules/ip
  socks  1.0.0 - 2.7.1
  Depends on vulnerable versions of ip
  node_modules/socks

json-schema  <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
  jsprim  0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
  Depends on vulnerable versions of json-schema
  node_modules/jsprim

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

minimist  1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist

path-parse  <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/path-parse

qs  6.5.0 - 6.5.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/qs

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix`
node_modules/request
  adal-node  <=0.2.2 || >=2.0.0-pre
  Depends on vulnerable versions of request
  Depends on vulnerable versions of xmldom
  node_modules/adal-node
  jsdom  0.1.20 || 0.2.0 - 16.5.3
  Depends on vulnerable versions of request
  Depends on vulnerable versions of request-promise-native
  node_modules/jsdom
  request-promise-core  *
  Depends on vulnerable versions of request
  node_modules/request-promise-core
    request-promise-native  >=1.0.0
    Depends on vulnerable versions of request
    Depends on vulnerable versions of request-promise-core
    Depends on vulnerable versions of tough-cookie
    node_modules/request-promise-native

semver  <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@mapbox/node-pre-gyp/node_modules/semver
node_modules/@npmcli/fs/node_modules/semver
node_modules/jest-snapshot/node_modules/semver
node_modules/node-gyp/node_modules/semver
node_modules/node-notifier/node_modules/semver
node_modules/normalize-package-data/node_modules/semver
node_modules/sane/node_modules/semver
node_modules/semver
node_modules/ts-jest/node_modules/semver

tmpl  <1.0.5
Severity: high
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion - https://github.com/advisories/GHSA-jgrx-mgxx-jf9v
fix available via `npm audit fix`
node_modules/tmpl

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix`
node_modules/@azure/ms-rest-js/node_modules/tough-cookie
node_modules/request-promise-native/node_modules/tough-cookie
node_modules/request/node_modules/tough-cookie
node_modules/tough-cookie
  @azure/ms-rest-js  <=2.6.6
  Depends on vulnerable versions of tough-cookie
  Depends on vulnerable versions of xml2js
  node_modules/@azure/ms-rest-js

word-wrap  <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap

ws  7.0.0 - 7.4.5
Severity: moderate
ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693
fix available via `npm audit fix`
node_modules/ws

xml2js  <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/xml2js
  typeorm  0.1.0-alpha.1 - 0.3.14-dev.daf1b47 || >=0.3.21-dev.28a8383
  Depends on vulnerable versions of xml2js
  node_modules/typeorm

xmldom  *
Severity: critical
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q
xmldom allows multiple root nodes in a DOM - https://github.com/advisories/GHSA-crh6-fp67-6883
fix available via `npm audit fix`
node_modules/xmldom

Only run post-processing if the original data file has changed

My post-processing script is a fairly intensive process and uses around 20-50 of Action minutes per run. It would help me save on compute minutes if Flat first checked to see whether the original data had changed before kicking off the post-processing script.

Restrict unnecessary Deno permissions

Looking at the action script I found:

flat/src/main.ts

Line 44 in 1c5bd95

`deno run -q -A --unstable ${config.postprocess} ${filename}`

Deno is run with -A flag which enables all permissions; it's probably not a big deal, but it seems that permissions could be restricted a bit to --allow-read, --allow-write, --allow-net and --allow-env; ie. disable ability to load native plugins, HR timing and spawning subprocesses.

Performing HTTP Requests w/ Authorization

Overview

I wanted to create a repo that would use the flat action to store some data from the Twitter API. The problem is the Twitter API requires authorization in order to get any data. With the current version of the flat action (v2.0.2) there's no way to do this.

I created a fork of this repo that can do just that and published it to the marketplace. I wanted to submit a PR but wasn't sure if y'all would actually want to add it the way I did it so I figured I'd share what I did and leave it up to y'all.

Below is an explanation of my solution, and here is a link to my repo where I use the action I created:

4lch4/flat-bot

My Solution

What I did to enable authorization was add a field to the actions with field called Authorization. The value of this field is then passed in as an Authorization header.

The following code snippets are the changes I made to the existing code, there's only three files I changed (aside from the README):

const response = await axios.get(config.http_url, {
  method: 'get',
  responseType: 'stream',
  headers: {
    Authorization: config.Authorization,
  },
})

const HTTPConfigSchema = z
  .object({
    http_url: z.string(),
    Authorization: z.string().optional(),
  })
  .merge(CommonConfigSchema)
// ...
const keys = [
  'downloaded_filename',
  'http_url',
  'Authorization',
  'sql_connstring',
  'sql_queryfile',
  'postprocess',
]

Authorization:
  description: 'A string to send as a header for authorizing API requests.'
  required: false

	connection = await createConnection({
	type: protocol,
	url: config.sql_connstring,
	})