Use externalRepoAuth when getting a remote config

This allows users to specify a different token for retrieving the codeql config from a different repository. Fixes https://github.com/github/advanced-security-field/issues/185
2021-04-09 14:17:46 -07:00 · 2021-04-09 14:17:46 -07:00 · 534192fa05
commit 534192fa05
parent 7f9fb10a74
9 changed files with 194 additions and 19 deletions
--- a/src/config-utils.ts
+++ b/src/config-utils.ts
@ -601,7 +601,7 @@ async function getLanguagesInRepo(
 ): Promise<Language[]> {
  logger.debug(`GitHub repo ${repository.owner} ${repository.repo}`);
  const response = await api
-    .getApiClient(apiDetails, true)
+    .getApiClient(apiDetails, { allowLocalRun: true })
    .repos.listLanguages({
      owner: repository.owner,
      repo: repository.repo,
@ -1013,7 +1013,7 @@ function getLocalConfig(configFile: string, checkoutPath: string): UserConfig {

 async function getRemoteConfig(
  configFile: string,
-  apiDetails: api.GitHubApiDetails
+  apiDetails: api.GitHubApiCombinedDetails
 ): Promise<UserConfig> {
  // retrieve the various parts of the config location, and ensure they're present
  const format = new RegExp(
@ -1025,12 +1025,14 @@ async function getRemoteConfig(
    throw new Error(getConfigFileRepoFormatInvalidMessage(configFile));
  }

-  const response = await api.getApiClient(apiDetails, true).repos.getContent({
-    owner: pieces.groups.owner,
-    repo: pieces.groups.repo,
-    path: pieces.groups.path,
-    ref: pieces.groups.ref,
-  });
+  const response = await api
+    .getApiClient(apiDetails, { allowLocalRun: true, allowExternal: true })
+    .repos.getContent({
+      owner: pieces.groups.owner,
+      repo: pieces.groups.repo,
+      path: pieces.groups.path,
+      ref: pieces.groups.ref,
+    });

  let fileContents: string;
  if ("content" in response.data && response.data.content !== undefined) {