feat: add configurable custom HTTP headers to API requests #9
Conversation
appleboy
commented
Dec 9, 2025
appleboy
commented
- Add support for custom HTTP headers in API requests, configurable via workflow and environment variables
- Inject version and commit information into the Docker build and application binary
- Document default and custom HTTP header usage in all README files, including examples for single-line and multiline formats
- Update action metadata and input definitions to include custom headers
- Refactor HTTP client creation to always include default headers, and allow merging with user-supplied headers
- Implement and test header parsing logic supporting both comma-separated and multiline formats, with error handling for invalid formats
- Add comprehensive unit tests for header parsing and merging behavior
- Ensure default headers are present in all API requests, and allow user headers to override them if needed
- Add support for custom HTTP headers in API requests, configurable via workflow and environment variables - Inject version and commit information into the Docker build and application binary - Document default and custom HTTP header usage in all README files, including examples for single-line and multiline formats - Update action metadata and input definitions to include custom headers - Refactor HTTP client creation to always include default headers, and allow merging with user-supplied headers - Implement and test header parsing logic supporting both comma-separated and multiline formats, with error handling for invalid formats - Add comprehensive unit tests for header parsing and merging behavior - Ensure default headers are present in all API requests, and allow user headers to override them if needed Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
There was a problem hiding this comment.
Pull request overview
This PR adds comprehensive support for custom HTTP headers in API requests to the LLM GitHub Action, along with version information injection and extensive documentation.
Key Changes:
- Implemented custom HTTP header support with flexible parsing (comma-separated and multiline formats)
- Added version and commit information injection into Docker builds and application binaries
- Enhanced HTTP client to always include default headers (User-Agent, X-Action-Name, X-Action-Version) with optional user header overrides
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 21 comments.
Show a summary per file
| File | Description |
|---|---|
| version.go | New file defining version variables and functions for User-Agent generation |
| config.go | Added Headers field and parseHeaders method to parse custom headers from input |
| config_test.go | Comprehensive test coverage for header parsing including edge cases and format validation |
| client.go | Refactored HTTP client creation to use headerTransport wrapper for injecting default and custom headers |
| client_test.go | Updated tests for new createHTTPClient signature and added tests for header merging |
| action.yml | Added headers input parameter definition with format documentation |
| Dockerfile | Added VERSION and COMMIT build arguments for binary injection via ldflags |
| .github/workflows/docker.yml | Added version extraction logic and build-args passing to Docker builds |
| README.md | Added Custom HTTP Headers documentation section with usage examples |
| README.zh-CN.md | Added Chinese (Simplified) translation of Custom HTTP Headers documentation |
| README.zh-TW.md | Added Chinese (Traditional) translation of Custom HTTP Headers documentation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| run: | | ||
| echo "${{ steps.review.outputs.response }}" | ||
| ``` | ||
| ```` |
There was a problem hiding this comment.
Code fence markers should use triple backticks (```) instead of quadruple backticks (````). Quadruple backticks are non-standard and may not render correctly in Markdown.
| #### Code Review with Structured Output | ||
|
|
||
| ```yaml | ||
| ````yaml |
There was a problem hiding this comment.
Code fence markers should use triple backticks (```) instead of quadruple backticks (````). Quadruple backticks are non-standard and may not render correctly in Markdown.
| echo "Issues: $ISSUES" | ||
| echo "Suggestions: $SUGGESTIONS" | ||
| ``` | ||
| ```` |
There was a problem hiding this comment.
Code fence markers should use triple backticks (```) instead of quadruple backticks (````). Quadruple backticks are non-standard and may not render correctly in Markdown.
| ### 使用系统提示词 | ||
|
|
||
| ```yaml | ||
| ````yaml |
There was a problem hiding this comment.
Code fence markers should use triple backticks (```) instead of quadruple backticks (````). Quadruple backticks are non-standard and may not render correctly in Markdown.
| return x / y | ||
| ``` | ||
| ``` | ||
| ```` |
There was a problem hiding this comment.
Code fence markers should use triple backticks (```) instead of quadruple backticks (````). Quadruple backticks are non-standard and may not render correctly in Markdown.
| 不需要在 YAML 中嵌入冗長的提示詞,可以從檔案載入: | ||
|
|
||
| ```yaml | ||
| ````yaml |
There was a problem hiding this comment.
Code fence markers should use triple backticks (```) instead of quadruple backticks (````). Quadruple backticks are non-standard and may not render correctly in Markdown.
| #### 結構化程式碼審查 | ||
|
|
||
| ```yaml | ||
| ````yaml |
There was a problem hiding this comment.
Code fence markers should use triple backticks (```) instead of quadruple backticks (````). Quadruple backticks are non-standard and may not render correctly in Markdown.
| ```yaml | ||
| - name: Call Custom LLM Service | ||
| uses: appleboy/LLM-action@v1 | ||
| with: | ||
| base_url: "https://your-llm-service.com/v1" | ||
| api_key: ${{ secrets.LLM_API_KEY }} | ||
| input_prompt: "Generate a summary" | ||
| headers: | | ||
| X-Custom-Auth:${{ secrets.CUSTOM_AUTH_TOKEN }} | ||
| X-Tenant-ID:my-tenant | ||
| ``` |
There was a problem hiding this comment.
This example shows putting a secret token into headers via X-Custom-Auth:${{ secrets.CUSTOM_AUTH_TOKEN }}, but the implementation’s debug mode dumps the entire Config (including Headers) with godump.Dump and only masks api_key. If a workflow follows this pattern and enables debug: true, the custom auth token will be written in cleartext to GitHub Actions logs, exposing credentials to anyone with log access. Consider redacting header values in debug output (or clearly documenting that headers should not contain secrets when debug is enabled), similar to how api_key is masked.
| ```yaml | ||
| - name: Call Custom LLM Service | ||
| uses: appleboy/LLM-action@v1 | ||
| with: | ||
| base_url: "https://your-llm-service.com/v1" | ||
| api_key: ${{ secrets.LLM_API_KEY }} | ||
| input_prompt: "產生摘要" | ||
| headers: | | ||
| X-Custom-Auth:${{ secrets.CUSTOM_AUTH_TOKEN }} | ||
| X-Tenant-ID:my-tenant | ||
| ``` |
There was a problem hiding this comment.
此示例將機密權杖放入 headers(如 X-Custom-Auth:${{ secrets.CUSTOM_AUTH_TOKEN }}),但實作中的偵錯模式會使用 godump.Dump 輸出整個 Config(包含 Headers),且只遮罩 api_key。如果依照此範例同時啟用 debug: true,自訂認證標頭中的權杖將以明文出現在 GitHub Actions 日誌中,任何能存取日誌的人都可取得這些憑證。建議在偵錯輸出中對標頭值進行遮罩(或明確文件化:啟用偵錯時 headers 不應包含機密),類似目前對 api_key 所做的處理。
| ```yaml | ||
| - name: Call Custom LLM Service | ||
| uses: appleboy/LLM-action@v1 | ||
| with: | ||
| base_url: "https://your-llm-service.com/v1" | ||
| api_key: ${{ secrets.LLM_API_KEY }} | ||
| input_prompt: "生成摘要" | ||
| headers: | | ||
| X-Custom-Auth:${{ secrets.CUSTOM_AUTH_TOKEN }} | ||
| X-Tenant-ID:my-tenant | ||
| ``` |
There was a problem hiding this comment.
此示例將机密令牌放入 headers(如 X-Custom-Auth:${{ secrets.CUSTOM_AUTH_TOKEN }}),但实现中的调试模式会使用 godump.Dump 输出整个 Config(包含 Headers),且只屏蔽 api_key。如果按此示例同时启用 debug: true,自定义认证头中的令牌会以明文出现在 GitHub Actions 日志中,任何能访问日志的人都可以获得这些凭证。建议在调试输出中对头部值进行遮罩(或在文档中明确说明:启用调试时 headers 不应包含机密),类似当前对 api_key 的处理方式。
