Add support for downloading packs from GHES

This change adds: - new `registries` block allowed in code scanning config file - new `registries-auth-tokens` input in init action - Change the downloadPacks function so that it accepts new parameters: - registries block - api auth - Generate a qlconfig.yml file with the registries block if one is supplied. Use this file when downloading packs. - temporarily set the `GITHUB_TOKEN` and `CODEQL_REGISTRIES_AUTH` based on api auth TODO: 1. integration test 2. handle pack downloads when the config is generated by the CLI
github · Aug 29, 2022 · 8eba848 · 8eba848
1 parent 2074e84
commit 8eba848
Show file tree

Hide file tree

Showing 37 changed files with 417 additions and 92 deletions.
diff --git a/init/action.yml b/init/action.yml
@@ -10,9 +10,19 @@ inputs:
     description: The languages to be analysed
     required: false
   token:
+    description: GitHub token to use for authenticating with this instance of GitHub. To download custom packs from multiple registries, use registries-auth-tokens.
     default: ${{ github.token }}
+    required: false
+  registries-auth-tokens:
+    description: |
+      Authenticate to GitHub Enterprise Server Container registries by passing a comma-separated list of <registry_url>=<token> pairs.
+
+      For example, you can pass `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`` to authenticate to two GitHub Enterprise Server instances.
+      This overrides the `token` input for pack downloads.
+    required: false
   matrix:
     default: ${{ toJson(matrix) }}
+    required: false
   config-file:
     description: Path of the config file to use
     required: false
@@ -32,7 +42,7 @@ inputs:
       analyses, you must specify packs in the codeql-config.yml file.
     required: false
   external-repository-token:
-    description: A token for fetching external config files and queries if they reside in a private repository.
+    description: A token for fetching external config files and queries if they reside in a private repository in the same GitHub instance that is running this action.
     required: false
   setup-python-dependencies:
     description: Try to auto-install your python dependencies
@@ -82,4 +92,4 @@ outputs:
 runs:
   using: 'node16'
   main: '../lib/init-action.js'
-  post: '../lib/init-action-post.js'
+  post: '../lib/init-action-post.js'
diff --git a/lib/analyze-action.js b/lib/analyze-action.js
diff --git a/lib/analyze-action.js.map b/lib/analyze-action.js.map
diff --git a/lib/api-client.js b/lib/api-client.js
diff --git a/lib/api-client.js.map b/lib/api-client.js.map