115 строки
5.1 KiB
YAML
115 строки
5.1 KiB
YAML
name: 'CodeQL: Init'
|
|
description: 'Set up CodeQL'
|
|
author: 'GitHub'
|
|
inputs:
|
|
tools:
|
|
description: URL of CodeQL tools
|
|
required: false
|
|
# If not specified the Action will check in several places until it finds the CodeQL tools.
|
|
languages:
|
|
description: |
|
|
A comma-separated value of the languages to be analysed e.g. python,javascript
|
|
required: false
|
|
token:
|
|
description: GitHub token to use for authenticating with this instance of GitHub. To download custom packs from multiple registries, use the registries input.
|
|
default: ${{ github.token }}
|
|
required: false
|
|
registries:
|
|
description: |
|
|
Use this input only when you need to download CodeQL packages from another instance of GitHub. If you only need to download packages from this GitHub instance, use the token input instead.
|
|
|
|
A YAML string that defines the list of GitHub container registries to use for downloading packs. The string is in the following form (the | is required on the first line):
|
|
|
|
registries: |
|
|
- url: https://containers.GHEHOSTNAME1/v2/
|
|
packages:
|
|
- my-company/*
|
|
- my-company2/*
|
|
token: \$\{{ secrets.GHEHOSTNAME1_TOKEN }}
|
|
|
|
- url: https://ghcr.io/v2/
|
|
packages: */*
|
|
token: \$\{{ secrets.GHCR_TOKEN }}
|
|
|
|
The `url` property contains the URL to the container registry you want to connect to.
|
|
|
|
The `packages` property contains a single glob string or a list of glob strings, specifying which packages should be retrieved from this particular container registry. Order is important. Earlier entries will match before later entries.
|
|
|
|
The `token` property contains a connection token for this registry. required: false
|
|
matrix:
|
|
default: ${{ toJson(matrix) }}
|
|
required: false
|
|
config-file:
|
|
description: Path of the config file to use
|
|
required: false
|
|
db-location:
|
|
description: Path where CodeQL databases should be created. If not specified, a temporary directory will be used.
|
|
required: false
|
|
config:
|
|
description: Configuration passed as a YAML string in the same format as the config-file input. This takes precedence over the config-file input.
|
|
required: false
|
|
queries:
|
|
description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
|
|
required: false
|
|
packs:
|
|
description: >-
|
|
[Experimental] Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not
|
|
specified, then the latest version of the pack is used. By default, this overrides the same setting in a
|
|
configuration file; prefix with "+" to use both sets of packs.
|
|
|
|
This input is only available in single-language analyses. To use packs in multi-language
|
|
analyses, you must specify packs in the codeql-config.yml file.
|
|
required: false
|
|
external-repository-token:
|
|
description: A token for fetching external config files and queries if they reside in a private repository in the same GitHub instance that is running this action.
|
|
required: false
|
|
setup-python-dependencies:
|
|
description: Try to auto-install your python dependencies
|
|
required: true
|
|
default: 'true'
|
|
source-root:
|
|
description: Path of the root source code directory, relative to $GITHUB_WORKSPACE.
|
|
required: false
|
|
ram:
|
|
description: >-
|
|
The amount of memory in MB that can be used by CodeQL extractors.
|
|
By default, CodeQL extractors will use most of the memory available in the system
|
|
(which for GitHub-hosted runners is 6GB for Linux, 5.5GB for Windows, and 13GB for macOS).
|
|
This input also sets the amount of memory that can later be used by the "analyze" action.
|
|
required: false
|
|
threads:
|
|
description: >-
|
|
The number of threads that can be used by CodeQL extractors.
|
|
By default, CodeQL extractors will use all the hardware threads available in the system
|
|
(which for GitHub-hosted runners is 2 for Linux and Windows and 3 for macOS).
|
|
This input also sets the number of threads that can later be used by the "analyze" action.
|
|
required: false
|
|
debug:
|
|
description: >-
|
|
Enable debugging mode.
|
|
This will result in more output being produced which may be useful when debugging certain issues.
|
|
Debugging mode is enabled automatically when step debug logging is turned on.
|
|
required: false
|
|
default: 'false'
|
|
debug-artifact-name:
|
|
description: >-
|
|
The name of the artifact to store debugging information in.
|
|
This is only used when debug mode is enabled.
|
|
required: false
|
|
debug-database-name:
|
|
description: >-
|
|
The name of the database uploaded to the debugging artifact.
|
|
This is only used when debug mode is enabled.
|
|
required: false
|
|
trap-caching:
|
|
description: >-
|
|
Explicitly enable or disable TRAP caching rather than respecting the feature flag for it.
|
|
required: false
|
|
outputs:
|
|
codeql-path:
|
|
description: The path of the CodeQL binary used for analysis
|
|
runs:
|
|
using: 'node20'
|
|
main: '../lib/init-action.js'
|
|
post: '../lib/init-action-post.js'
|