Skip to content

Commit

Permalink
Add support for downloading packs from GHES
Browse files Browse the repository at this point in the history
This change adds:

- new `registries` block allowed in code scanning config file
- new `registries-auth-tokens` input in init action
- Change the downloadPacks function so that it accepts new parameters:
    - registries block
    - api auth
- Generate a qlconfig.yml file with the registries block if one is
  supplied. Use this file when downloading packs.
- temporarily set the `GITHUB_TOKEN` and `CODEQL_REGISTRIES_AUTH` based
  on api auth

TODO:

1. integration test
2. handle pack downloads when the config is generated by the CLI
  • Loading branch information
aeisenberg committed Aug 30, 2022
1 parent c7bb894 commit 0e98efa
Show file tree
Hide file tree
Showing 37 changed files with 424 additions and 99 deletions.
14 changes: 12 additions & 2 deletions init/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,19 @@ inputs:
description: The languages to be analysed
required: false
token:
description: GitHub token to use for authenticating with this instance of GitHub. To download custom packs from multiple registries, use registries-auth-tokens.
default: ${{ github.token }}
required: false
registries-auth-tokens:
description: |
Authenticate to GitHub Enterprise Server Container registries by passing a comma-separated list of <registry_url>=<token> pairs.
For example, you can pass `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`` to authenticate to two GitHub Enterprise Server instances.
This overrides the `token` input for pack downloads.
required: false
matrix:
default: ${{ toJson(matrix) }}
required: false
config-file:
description: Path of the config file to use
required: false
Expand All @@ -32,7 +42,7 @@ inputs:
analyses, you must specify packs in the codeql-config.yml file.
required: false
external-repository-token:
description: A token for fetching external config files and queries if they reside in a private repository.
description: A token for fetching external config files and queries if they reside in a private repository in the same GitHub instance that is running this action.
required: false
setup-python-dependencies:
description: Try to auto-install your python dependencies
Expand Down Expand Up @@ -82,4 +92,4 @@ outputs:
runs:
using: 'node16'
main: '../lib/init-action.js'
post: '../lib/init-action-post.js'
post: '../lib/init-action-post.js'
2 changes: 2 additions & 0 deletions lib/analyze-action.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/analyze-action.js.map

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions lib/api-client.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/api-client.js.map

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 0e98efa

Please sign in to comment.