A tool for syncing the CodeQL Action from GitHub.com to GitHub Enterprise Server, including copying the CodeQL bundle.
Перейти к файлу
Chris Gavin 5bc50ffe49
Merge pull request #114 from github/dependabot/github_actions/golangci/golangci-lint-action-6
Bump golangci/golangci-lint-action from 3 to 6
2024-09-15 08:50:49 +01:00
.github Bump golangci/golangci-lint-action from 3 to 6 2024-09-15 07:47:47 +00:00
.licenses/go Run licensed. 2024-09-15 08:43:11 +01:00
cmd Add a hidden push option for specifying the destination Git URL. 2022-04-04 12:16:15 +01:00
docs Add a bunch more details on how to use the tool to the readme. 2020-08-24 14:29:03 +01:00
internal Split out a method for doing a single upload attempt to prevent resource leaks. 2022-06-14 14:54:49 +01:00
test Reduce the amount of content served from files in tests. 2020-08-25 14:24:52 +01:00
.gitattributes Add the initial project structure. 2020-08-17 23:16:48 +01:00
.gitignore Ignore the cache directory to make it easier to build and run the tool from the root of the repository. 2021-01-20 12:37:17 +00:00
.golangci.yml Add the initial project structure. 2020-08-17 23:16:48 +01:00
.goreleaser.yml Remove the Darwin 386 build. 2020-10-07 13:39:13 +01:00
.licensed.yml Implement the pull command. 2020-08-19 15:47:14 +01:00
CODE_OF_CONDUCT.md Add some required documents for open-sourcing the repository. 2020-08-24 23:02:10 +01:00
CONTRIBUTING.md Add some required documents for open-sourcing the repository. 2020-08-24 23:02:10 +01:00
LICENSE.md Add some required documents for open-sourcing the repository. 2020-08-24 23:02:10 +01:00
README.md Allow specifying the destination token as an environment variable. 2021-01-20 12:36:15 +00:00
SECURITY.md Add some required documents for open-sourcing the repository. 2020-08-24 23:02:10 +01:00
go.mod Bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 2024-09-14 22:40:49 +00:00
go.sum Bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 2024-09-14 22:40:49 +00:00
main.go Use Logrus for logging. 2020-08-25 15:20:23 +01:00

README.md

CodeQL Action Sync Tool

Logo

A tool for syncing the CodeQL Action from GitHub.com to GitHub Enterprise Server, including copying the CodeQL bundle. This allows the CodeQL Action to work even if your GitHub Enterprise Server or GitHub Actions runners do not have internet access.

Development Status: Ready for Production Use

Installation

The CodeQL Action sync tool can be downloaded from the releases page of this repository.

Usage

The sync tool can be used in two different ways.

If you have a machine that is able to access GitHub.com and the GitHub Enterprise Server instance then simply follow the steps under "I have a machine that can access both GitHub.com and GitHub Enterprise Server".

If your GitHub Enterprise Server instance is on a completely isolated network where no machines have access to both GitHub.com and GitHub Enterprise Server then follow the steps under "I don't have a machine that can access both GitHub.com and GitHub Enterprise Server" instead.

I have a machine that can access both GitHub.com and GitHub Enterprise Server.

From a machine with access to both GitHub.com and GitHub Enterprise Server use the ./codeql-action-sync sync command to copy the CodeQL Action and bundles.

Required Arguments:

  • --destination-url - The URL of the GitHub Enterprise Server instance to push the Action to.
  • --destination-token - A Personal Access Token for the destination GitHub Enterprise Server instance. If the destination repository is in an organization that does not yet exist or that you are not an owner of, your token will need to have the site_admin scope in order to create the organization or update the repository in it. The organization can also be created manually or an existing organization that you own can be used, in which case the repo and workflow scopes are sufficient. The token can also be provided by setting the CODEQL_ACTION_SYNC_TOOL_DESTINATION_TOKEN environment variable.

Optional Arguments:

  • --cache-dir - A temporary directory in which to store data downloaded from GitHub.com before it is uploaded to GitHub Enterprise Server. If not specified a directory next to the sync tool will be used.
  • --source-token - A token to access the API of GitHub.com. This is normally not required, but can be provided if you have issues with API rate limiting. The token does not need to have any scopes.
  • --destination-repository - The name of the repository in which to create or update the CodeQL Action. If not specified github/codeql-action will be used.
  • --actions-admin-user - The name of the Actions admin user, which will be used if you are updating the bundled CodeQL Action. If not specified actions-admin will be used.
  • --force - By default the tool will not overwrite existing repositories. Providing this flag will allow it to.
  • --push-ssh - Push Git contents over SSH rather than HTTPS. To use this option you must have SSH access to your GitHub Enterprise instance configured.

I don't have a machine that can access both GitHub.com and GitHub Enterprise Server.

From a machine with access to GitHub.com use the ./codeql-action-sync pull command to download a copy of the CodeQL Action and bundles to a local folder.

Optional Arguments:

  • --cache-dir - The directory in which to store data downloaded from GitHub.com. If not specified a directory next to the sync tool will be used.
  • --source-token - A token to access the API of GitHub.com. This is normally not required, but can be provided if you have issues with API rate limiting. The token does not need to have any scopes.

Next copy the sync tool and cache directory to another machine which has access to GitHub Enterprise Server.

Now use the ./codeql-action-sync push command to upload the CodeQL Action and bundles to GitHub Enterprise Server.

Required Arguments:

  • --destination-url - The URL of the GitHub Enterprise Server instance to push the Action to.
  • --destination-token - A Personal Access Token for the destination GitHub Enterprise Server instance. If the destination repository is in an organization that does not yet exist or that you are not an owner of, your token will need to have the site_admin scope in order to create the organization or update the repository in it. The organization can also be created manually or an existing organization that you own can be used, in which case the repo and workflow scopes are sufficient. The token can also be provided by setting the CODEQL_ACTION_SYNC_TOOL_DESTINATION_TOKEN environment variable.

Optional Arguments:

  • --cache-dir - The directory to which the Action was previously downloaded.
  • --destination-repository - The name of the repository in which to create or update the CodeQL Action. If not specified github/codeql-action will be used.
  • --actions-admin-user - The name of the Actions admin user, which will be used if you are updating the bundled CodeQL Action. If not specified actions-admin will be used.
  • --force - By default the tool will not overwrite existing repositories. Providing this flag will allow it to.
  • --push-ssh - Push Git contents over SSH rather than HTTPS. To use this option you must have SSH access to your GitHub Enterprise instance configured.

Contributing

For more details on contributing improvements to this tool, see our contributor guide.