Merge pull request #1221 from github/aeisenberg/ghes-pack-download

Add support for downloading packs from GHES

Author: aeisenberg

.github/workflows/__init-with-registries.yml

@@ -2,7 +2,7 @@
 
 ## [UNRELEASED]
 
-No user facing changes.
+- Allow CodeQL packs to be downloaded from GitHub Enterprise Server instances, using the new `registries` input for the `init` action.  [#1221](https://github.com/github/codeql-action/pull/1221)
 
 ## 2.1.22 - 01 Sep 2022
 
@@ -42,7 +42,7 @@ No user facing changes.
 ## 2.1.15 - 28 Jun 2022
 
 - CodeQL query packs listed in the `packs` configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. [#1116](https://github.com/github/codeql-action/pull/1116)
-- The combination of python2 and poetry is no longer supported. See https://github.com/actions/setup-python/issues/374 for more details. [#1124](https://github.com/github/codeql-action/pull/1124)
+- The combination of python2 and poetry is no longer supported. See <https://github.com/actions/setup-python/issues/374> for more details. [#1124](https://github.com/github/codeql-action/pull/1124)
 - Update default CodeQL bundle version to 2.10.0. [#1123](https://github.com/github/codeql-action/pull/1123)
 
 ## 2.1.14 - 22 Jun 2022

CHANGELOG.md

@@ -10,9 +10,34 @@ inputs:
     description: The languages to be analysed
     required: false
   token:
+    description: GitHub token to use for authenticating with this instance of GitHub. To download custom packs from multiple registries, use the registries input.
     default: ${{ github.token }}
+    required: false
+  registries:
+    description: |
+      Use this input only when you need to download CodeQL packages from another instance of GitHub. If you only need to download packages from this GitHub instance, use the token input instead.
+
+      A YAML string that defines the list of GitHub container registries to use for downloading packs. The string is in the following form (the | is required on the first line):
+
+      registries: |
+          - url: https://containers.GHEHOSTNAME1/v2/
+            packages:
+              - my-company/*
+              - my-company2/*
+            token: \$\{{ secrets.GHEHOSTNAME1_TOKEN }}
+
+          - url: https://ghcr.io/v2/
+            packages: */*
+            token: \$\{{ secrets.GHCR_TOKEN }}
+
+      The `url` property contains the URL to the container registry you want to connect to.
+
+      The `packages` property contains a single glob string or a list of glob strings, specifying which packages should be retrieved from this particular container registry. Order is important. Earlier entries will match before later entries.
+
+      The `token` property contains a connection token for this registry.    required: false
   matrix:
     default: ${{ toJson(matrix) }}
+    required: false
   config-file:
     description: Path of the config file to use
     required: false
@@ -32,7 +57,7 @@ inputs:
       analyses, you must specify packs in the codeql-config.yml file.
     required: false
   external-repository-token:
-    description: A token for fetching external config files and queries if they reside in a private repository.
+    description: A token for fetching external config files and queries if they reside in a private repository in the same GitHub instance that is running this action.
     required: false
   setup-python-dependencies:
     description: Try to auto-install your python dependencies
@@ -82,4 +107,4 @@ outputs:
 runs:
   using: 'node16'
   main: '../lib/init-action.js'
-  post: '../lib/init-action-post.js'
+  post: '../lib/init-action-post.js'