Add HTTPS proxy functionality

[fhopfensperger]

According to the Octokit documentation it's necessary to add ProxyAgent to the request to be able to connect to GitHub using a corporate HTTP proxy.

I tested it successfully in our restricted environment using the following snippet

      - name: Create changelog
        id: changelog
        if: ${{ github.ref == 'refs/heads/main' }}
        uses: mikepenz/release-changelog-builder-action@<new-test-version>
        with:
          baseUrl: https://github-enterprise.corp.net/api/v3
        env:
          HTTPS_PROXY: http://proxy.corp.net:8888

PS: Please bare with me, it's my first PR to a npm/node based project.

Signed-off-by: Florian Hopfensperger florian.hopfensperger@allianz.de

[mikepenz]

Thank you so much for your PR @fhopfensperger

Definitely a great addition to the action.
And all node / ts related aspects look good. Just had a few comments on some aspects.

Happy to assist with adjusting any of these.

---

For working on actions - I love to use GitHub code spaces - started super quick - and then gives me a full set-up Visual Code environment - including debug support.

[mikepenz]

Can you please link to the docs from octokit here - so people can read up on this environment variable.

[mikepenz]

It would be great if we only set-up the ProxyAgent() in case it is configured to be used - can have a look into this.

[mikepenz]

I understand that the used dependency is suggested by the octokit docs - but the latest version has some unpatched issues open - TooTallNate/node-proxy-agent#74

Need to see if there are alternatives.

[mikepenz]

Looked into it, all search results in this one 🤔 seems that there is really no real alternative than using that package.

GitHub uses it themself for a wrapper package which is meant to handle this for GitHub actions. https://github.com/octokit/action.js#proxy-servers

[mikepenz]

Had a look into the above noted comments.

Seems the node-proxy-agent is really one of the only packages doing that, but it adds a ton of other sub-packages including dependencies which seem to require updates due to security fixes.

As such I'd propose to limit the scope to HTTPS proxies only for now: f7a5ecd

Also only setting it up if the specific ENV variable is provided.

[fhopfensperger]

Thanks for looking into it! Honestly, I'm a bit confused now, where did you point the commit to? What should I do :-)

We can also leave this PR open until the proxy agent issues are fixed and then come back and merge it?

[mikepenz]

Thanks for looking into it! Honestly, I'm a bit confused now, where did you point the commit to? What should I do :-)

We can also leave this PR open until the proxy agent issues are fixed and then come back and merge it?

The commit was on a new branch, as I can't push to your branch, but instead of just merging - I figured to give you the opportunity to look into it first.

Currently it seems there has not been a lot of movement on the dependency recently. At least lowering the scope to only the HTTPS module seems to significantly reduce the code introduced too.

[fhopfensperger]

I merged your changes into my branch, did a rebase, lint, build, packaged and pushed the latest changes to the branch :-)

Thank you very much for your review. If there are other things you would like to change, please let me know. I will be happy to make the changes.

[mikepenz]

Thank you very much @fhopfensperger - Will check to get it reviewed and in as soon as possible

[mikepenz]

The checks failed because of the token not offering the required permissions -> also there was another change required, which I included in the final merge

[mikepenz]

It's released as v3.3.0 (haven't yet moved the v3 tag to monitor things first)

[fhopfensperger]

Thank you!