From 73a2d499109e2c87441af287a69d066d2cefd600 Mon Sep 17 00:00:00 2001
From: Conner Dunn <connerdunn7399@gmail.com>
Date: Tue, 30 Jul 2024 12:58:01 -0600
Subject: [PATCH] feat: adds support for x-vercel-protection-bypass

The header is used to allow automation to bypass Vercel Authentication, Password Protection, and Trusted IPs
---
 README.md  | 4 ++++
 action.js  | 9 +++++++++
 action.yml | 3 +++
 3 files changed, 16 insertions(+)

diff --git a/README.md b/README.md
index 5847d722..2ee94438 100644
--- a/README.md
+++ b/README.md
@@ -31,6 +31,10 @@ Optional - How often (in seconds) should we make the HTTP request checking to se
 
 Optional - The [password](https://vercel.com/docs/concepts/projects/overview#password-protection) for the deployment
 
+### `vercel_protection_bypass_header`
+
+Optional - The [header](https://vercel.com/docs/security/deployment-protection/methods-to-bypass-deployment-protection/protection-bypass-automation) to bypass protection for automation
+
 ### `path`
 
 Optional - The URL that tests should run against (eg. `path: "https://vercel.com"`).
diff --git a/action.js b/action.js
index b5b0502f..15a1e676 100644
--- a/action.js
+++ b/action.js
@@ -15,6 +15,7 @@ const waitForUrl = async ({
   maxTimeout,
   checkIntervalInMilliseconds,
   vercelPassword,
+  protectionBypassHeader,
   path,
 }) => {
   const iterations = calculateIterations(
@@ -39,6 +40,12 @@ const waitForUrl = async ({
         core.setOutput('vercel_jwt', jwt);
       }
 
+      if (protectionBypassHeader) {
+        headers = {
+          'x-vercel-protection-bypass': protectionBypassHeader
+        };
+      }
+
       let checkUri = new URL(path, url);
 
       await axios.get(checkUri.toString(), {
@@ -280,6 +287,7 @@ const run = async () => {
     // Inputs
     const GITHUB_TOKEN = core.getInput('token', { required: true });
     const VERCEL_PASSWORD = core.getInput('vercel_password');
+    const VERCEL_PROTECTION_BYPASS_HEADER = core.getInput('vercel_protection_bypass_header');
     const ENVIRONMENT = core.getInput('environment');
     const MAX_TIMEOUT = Number(core.getInput('max_timeout')) || 60;
     const ALLOW_INACTIVE = Boolean(core.getInput('allow_inactive')) || false;
@@ -367,6 +375,7 @@ const run = async () => {
       maxTimeout: MAX_TIMEOUT,
       checkIntervalInMilliseconds: CHECK_INTERVAL_IN_MS,
       vercelPassword: VERCEL_PASSWORD,
+      protectionBypassHeader: VERCEL_PROTECTION_BYPASS_HEADER,
       path: PATH,
     });
   } catch (error) {
diff --git a/action.yml b/action.yml
index cf94e674..290c9cca 100644
--- a/action.yml
+++ b/action.yml
@@ -23,6 +23,9 @@ inputs:
   vercel_password:
     description: 'Vercel password protection secret'
     required: false
+  vercel_protection_bypass_header:
+    description: 'Vercel protection bypass for automation'
+    required: false
   path:
     description: 'The path to check. Defaults to the index of the domain'
     default: '/'