Can we use the github token as a parameter for reporting

[10000-ki]

when i use this action in enterprise github, Reporting is failing due to issue of access repository and 403 error returns

�so how about improving it by receiving github token as below

Jacoco Report Action

      - name: Kover Test Report
        uses: actions/jacoco-report@v1.3
        with:
          title: "Koverage"
          paths: ${{ github.workspace }}/build/kover/result.xml
          token: ${{ secrets.GITHUB_TOKEN }}
          min-coverage-overall: 40
          min-coverage-changed-files: 60

[mbg]

Hi @10000-ki 👋

I think what you are asking for is already possible. The CodeQL Actions all have a token input that is set to github.token by default, but can be set to something else if needed.

That being said, you should not normally need to change it from the default. Make sure there isn't a different underlying problem, such as incorrectly configured permissions for the workflow/job or missing GitHub Advanced Security access.

[mgunawardhana]

HI 👋🏻
How can I securely integrate a GitHub token as a parameter for reporting in GitHub issues within a CI/CD pipeline, ensuring both the confidentiality of the token and seamless automation of the reporting process? Are there specific authentication mechanisms, encryption practices, or GitHub API features recommended for such advanced use cases?
if you can reply me immediatly it will be very useful to me ❤️

[10000-ki]

data: {
      message: 'Advanced Security must be enabled for this repository to use code scanning.',
      documentation_url: 'https://docs.github.com/enterprise-server@3.8/rest'
    }

oh i think this issue related to https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled#about-this-error

[adityasharad]

HI 👋🏻 How can I securely integrate a GitHub token as a parameter for reporting in GitHub issues within a CI/CD pipeline, ensuring both the confidentiality of the token and seamless automation of the reporting process? Are there specific authentication mechanisms, encryption practices, or GitHub API features recommended for such advanced use cases? if you can reply me immediatly it will be very useful to me ❤️

Hi. I think this question is very broad, and not limited to just the CodeQL analysis tool, which is our focus in this repo. I suggest looking at the following resources for practices around authenticating to the GitHub API, and using secrets within GitHub Actions workflows:

• https://docs.github.com/en/rest/overview/authenticating-to-the-rest-api?apiVersion=2022-11-28
• https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions

If you have further questions after that, please ask in https://github.com/orgs/community/discussions (for questions about general GitHub usage), or open a fresh issue in this repo (for questions about CodeQL) with your specific question.