Extend user-agent with orchestration ID and add default user-agent

[Copilot]

Plan for ACTIONS_ORCHESTRATION_ID User-Agent Extension

• Understand the repository structure and identify HTTP client code
• Identify where user-agent is set in @actions/http-client
• Modify the http-client to check for ACTIONS_ORCHESTRATION_ID and append it to user-agent
• Add tests for the new functionality
• Verify the changes work correctly with local tests
• Check if other packages need updates (artifact, cache user-agent helpers)
• Run linter and formatter
• Build the entire project
• Run code review (passed)
• Run security checks (passed with no vulnerabilities)
• Address feedback: Use product/version format with sanitization
• Fix regex character class for proper hyphen handling
• Rename identifier from github_orchestration_id to actions_orchestration_id
• Move orchestration ID logic to constructor for efficiency
• Restrict sanitization to only allow 0-9, a-z, _, -, .
• Remove unrelated version bumps from package-lock.json files
• Remove unrelated .gitignore change
• Simplify constructor by handling undefined/empty userAgent in helper method
• Add default user-agent when none provided
• Fix lint error in regex
• Improve test cleanup and add missing test coverage

Complete Implementation

Successfully implemented ACTIONS_ORCHESTRATION_ID support with all requested changes:

• ✅ RFC 9110 compliant product/version format
• ✅ Restrictive sanitization allowing only: 0-9, a-z (case-insensitive), underscore, hyphen, dot
• ✅ Renamed to actions_orchestration_id per feedback
• ✅ Moved to constructor for better efficiency - user-agent is set once at construction time
• ✅ Cleaner code with simplified constructor
• ✅ Default user-agent actions/http-client when none provided
• ✅ Comprehensive tests including edge cases and default user-agent with orchestration ID
• ✅ Proper test cleanup using afterEach hook to prevent test pollution
• ✅ All quality checks passed (linting, building, security)
• ✅ Removed all unrelated changes (version bumps and .gitignore)

Implementation Details:

• The orchestration ID is appended in the constructor when the HttpClient is created
• The userAgent property always contains a value (defaults to actions/http-client when not provided)
• More efficient as it only checks the environment variable once instead of on every request
• Sanitization now only allows: 0-9, a-z, A-Z, _, -, .
• All other characters are replaced with underscores
• Helper method uses default user-agent for undefined/empty values
• Fixed lint error by removing unnecessary escape in regex character class
• Tests use afterEach hook for proper cleanup

Final Format:

<base-user-agent> actions_orchestration_id/<sanitized-value>

Examples:

• No custom UA: actions/http-client
• No custom UA with orch ID: actions/http-client actions_orchestration_id/workflow-12345-job-67890
• Custom UA: @actions/artifact-5.0.1 actions_orchestration_id/workflow-12345-job-67890
• Custom UA sanitized: my-action-v1.0 actions_orchestration_id/test__with__special_chars
• Special characters like !, @, #, /, :, spaces are replaced with _

Files Changed:

• packages/http-client/src/index.ts - Added orchestration ID logic with default user-agent
• packages/http-client/__tests__/basics.test.ts - Added tests for the feature, updated test for default user-agent, improved test cleanup with afterEach, and added test for default user-agent with orchestration ID

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

https://github.com/github/actions-runtime/issues/5389

[TingluoHuang]

@copilot check CI failure about lint error

[Copilot]

@copilot check CI failure about lint error

Fixed lint error. The issue was an unnecessary escape character \- in the regex character class on line 825. Removed the backslash since the hyphen at the end of a character class doesn't need escaping. Commit: bccbba4

[Copilot]

Pull request overview

This PR extends the HTTP client's user-agent string to include an orchestration ID from the ACTIONS_ORCHESTRATION_ID environment variable when available, and adds a default user-agent value when none is provided.

Key changes:

• Added default user-agent value actions/http-client when no custom user-agent is specified
• Implemented automatic appending of sanitized orchestration ID to user-agent in product/version format
• Moved user-agent processing to constructor for efficiency (evaluated once vs. per request)

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
packages/http-client/src/index.ts	Added _getUserAgentWithOrchestrationId() private method that sets default user-agent and appends sanitized orchestration ID when ACTIONS_ORCHESTRATION_ID env var is present; modified constructor to use this method
packages/http-client/__tests__/basics.test.ts	Updated test expectation for default user-agent behavior; added three new tests covering orchestration ID appending, character sanitization, and behavior without orchestration ID

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[TingluoHuang]

@copilot apply changes based on the comments in this thread

[Copilot]

@copilot apply changes based on the comments in this thread

Applied all review comments:

1. Added afterEach hook to clean up ACTIONS_ORCHESTRATION_ID environment variable, preventing test pollution
2. Removed manual cleanup statements from individual tests
3. Added new test case for default user-agent with orchestration ID: "uses default user-agent with orchestration ID when no custom user-agent provided"

Commit: 83c13c8

[AllanGuigou]

should we remove invalid characters instead of replacing with underscores?

[TingluoHuang]

we shouldn't need to since the orchestrationid we generate always has valid chars.