- Add new configuration Parameter

- Write test to check it is read from configuration - Update documentation
2023-03-18 06:37:28 +00:00 · 2023-03-18 06:37:28 +00:00 · ee44252240
commit ee44252240
parent fb75ebd750
16 changed files with 1644 additions and 31 deletions
--- a/README.md
+++ b/README.md
@ -135,6 +135,62 @@ By default, this will override any queries specified in a config file. If you wi
    queries: +<local-or-remote-query>,<another-query>
 ```

+### Configuration 
+
+
+Use the `configuration` parameter of the `init` action to enable a workflow based configuration. The value of `configuration` should be compliant with the configuration file format documented at [Using a custom configuration file](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration-file)."
+
+
+- **Complete Configuration**
+
+    ```yaml
+    - uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        configuration: |
+          disable-default-queries: true
+          queries:
+            - uses: security-extended
+            - uses: security-and-quality
+          query-filters:
+            - include:
+          tags: /cwe-020/
+    ```
+
+
+- **Actions Variables**
+  
+  You can use actions or environment variables to use dynamic configuration.
+
+  ```yaml
+  - uses: github/codeql-action/init@v2
+    with:
+      languages: ${{ matrix.language }}
+      configuration: |
+            ${{vars.CODEQL_CONF}}    
+  ```
+
+
+  where `vars.CODEQL_CONF` references a [Action Variables](https://docs.github.com/en/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) with the following content, that will only execute the queries related to the [CWE-020](https://cwe.mitre.org/data/definitions/20.html).
+
+- **Input Parameters**
+
+  Use workflow input parameter:
+
+  ```yaml
+    - uses: tgrall/codeql-action/init@query-filter
+    with:
+      languages: ${{ matrix.language }}
+      configuration: |
+        disable-default-queries: true
+        queries:
+          - uses: security-extended
+          - uses: security-and-quality
+        query-filters:
+          - include:
+              tags: /${{ github.event.inputs.codeql-include-tags }}/ 
+  ``
+
 ## Troubleshooting

 Read about [troubleshooting code scanning](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning).