Add Cloudflare Worker backend for secure GitHub App authentication (#21)

Author: yaito3014

.github/workflows/test.yml

@@ -28,7 +28,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - name: configure
-        run: cmake -S. -Bbuild
+        run: cmake -Stest -Bbuild
       - name: build-${{ matrix.os.name }}
         run: |
           echo "CPPWARNINGNOTIFIER_LOG_MARKER"
@@ -38,13 +38,15 @@ jobs:
     needs:
       - compile
     runs-on: ubuntu-latest
-    environment:
-      name: CppWarningNotifier
+    permissions:
+      id-token: write
+      pull-requests: write
+      actions: read
     steps:
       - uses: actions/checkout@v6
       - uses: ./
         with:
-          PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
+          WORKER_URL: https://cpp-warning-notifier.iris-cpp.org
           RUN_ID: ${{ github.run_id }}
           JOB_ID: ${{ job.check_run_id }}
           STEP_REGEX: build-.*

.gitignore

@@ -1,3 +1,2 @@
-node_modules
-
-build/*
+node_modules/
+build/

action.yml

@@ -6,10 +6,12 @@ inputs:
   IGNORE_NO_MARKER:
     default: false
   RUN_ID:
-    requird: true
+    required: true
   JOB_ID:
     required: true
-  PRIVATE_KEY:
+  # Cloudflare Worker URL to exchange a GitHub OIDC token for an installation
+  # access token (requires id-token: write permission on the job)
+  WORKER_URL:
     required: true
   JOB_REGEX:
     required: true
@@ -21,5 +23,5 @@ inputs:
     required: true
 
 runs:
-  using: "node20"
-  main: "dist/index.js"
+  using: "node24"
+  main: "action/dist/index.js"