fix(scripts): BSD head portability and restore billing and Entra ID features#23
Merged
Merged
Conversation
added 2 commits
June 26, 2026 13:53
GNU head supports negative line counts (head -n -1 = all but last line) but BSD head on macOS does not, producing 'illegal line count' errors. Replace with sed '$d' which deletes the last line portably on both BSD and GNU sed. Affected: gh_api and _graphql_enterprise_orgs in lib/github-common.sh.
…actor Three regressions introduced by the d45fe33 dual-auth refactor are fixed: Billing API (credits used per user): - _copilot_api used head -n -1 which fails on macOS BSD head; now uses sed '$d' (fixed at lib level, copied to _copilot_api in this script). - HTTP 404 and 422 responses from the billing endpoint are valid — they mean no usage data this month — treat them as 0 credits instead of marking the user as a failure. - Remove _billing_api() gh-CLI wrapper: now that lib syncs GH_TOKEN from GITHUB_TOKEN automatically, both curl and gh api use the same token, so the wrapper adds complexity without benefit. Entra ID department enrichment: - Auto-resolve the Azure AD tenant GUID from UPN_DOMAIN via OIDC discovery (GET login.microsoftonline.com/{domain}/.well-known/ openid-configuration) so --entra-tenant is rarely needed. - Switch graph_user_info from az rest to curl with the explicit GRAPH_TOKEN so the correct tenant's token is always used. - Add --entra-tenant flag and $ENTRA_TENANT env var as an override when OIDC discovery resolves to the wrong tenant. action.yml: update entra-tenant description to reflect auto-resolution.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces several improvements and fixes to the GitHub Copilot reporting scripts, focusing on better Azure Entra ID (Azure AD) tenant handling, improved API reliability, and more robust error reporting. The main enhancements include automatic and overrideable Entra tenant resolution, better handling of GitHub and Microsoft Graph API responses, and improved diagnostics for billing failures.
Azure Entra ID (Azure AD) Tenant Handling:
entra-tenantinput/option to override the Azure AD tenant ID for Microsoft Graph API lookups, with auto-resolution from the UPN domain using OIDC discovery when not explicitly set. This is reflected in both the GitHub Action and the reporting script, and is documented in the help text. [1] [2] [3] [4] [5] [6]API Reliability and Consistency:
head -n -1withsed '$d'for stripping the HTTP status code from API responses, ensuring more reliable handling in all relevant functions (gh_api,_graphql_enterprise_orgs,_copilot_api). [1] [2] [3]az resttocurlwith explicit bearer token and URL encoding for more robust authentication and compatibility.GitHub Token Handling:
GH_TOKENis automatically set fromGITHUB_TOKENwhen using the GitHub CLI, improving compatibility with scripts that callgh apidirectly.Billing API and Error Reporting:
These changes collectively improve the reliability, usability, and diagnostics of the Copilot reporting workflow, especially in enterprise and multi-tenant Azure environments.## Description
Changes
<domain>/github-<name>/github-<name>.shlib/github-common.shHow to test
Checklist
set -euo pipefailis the first executable line after the# ===headerlib/github-common.shviaSCRIPT_DIRrequire_env_varvalidate_github_token(orvalidate_tokenfor secondary tokens)validate_slugsleepadded between repo-level operations to respect rate limitsshellcheck --severity=warning --exclude=SC2034,SC1091 --shell=bash <script>)