You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now the Action pulls from the github/codeql-action repository. It would be great to be able to point to an external CodeQL bundle created by the community so that if a user wants to build on another bundle, you could specify it.
Solution
The values in the bundle.ts should come from the action.yml (default value is github/codeql-action).
- name: CodeQL bundleid: codeql-bundleuses: advanced-security/codeql-bundle-action@mainwith:
packs: "geekmasher/python"bundle: advanced-security/codeql-queries# or a link?bundle: https://s3.amazonaws.com/<bucket>/<object>
This also helps if users store a version on CodeQL Bundle already in GitHub Packages, S3 bucket, Artifactory, etc.
Suggestions for other solutions are welcome too.
The text was updated successfully, but these errors were encountered:
After giving this some thought I think we should have the bundle either be a public url or a local path.
Then all the various authentication schemes can be excluded from this action which provides the most flexibility. That is, before this action add a step to download the bundle through any means (e.g., S3, Azure Blob, ...) and make it available to this action.
Right now the Action pulls from the
github/codeql-action
repository. It would be great to be able to point to an external CodeQL bundle created by the community so that if a user wants to build on another bundle, you could specify it.Solution
The values in the
bundle.ts
should come from theaction.yml
(default value isgithub/codeql-action
).This also helps if users store a version on CodeQL Bundle already in GitHub Packages, S3 bucket, Artifactory, etc.
Suggestions for other solutions are welcome too.
The text was updated successfully, but these errors were encountered: