feat: add token input and pin github-server-url (#12)

* feat: add `token` input and pin `github-server-url` * fix: use `${{ github.token }}` as default value for token * docs: add info about token in README.md * docs: bump Trivy version
aquasecurity · Oct 24, 2024 · e71d901 · e71d901
1 parent 5ef739f
commit e71d901
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -17,7 +17,7 @@ steps:
   - name: Install Trivy
     uses: aquasecurity/setup-trivy@v0.2.0
     with:
-      version: v0.56.1
+      version: v0.56.2
 ```
 
 ## Caching
@@ -36,7 +36,7 @@ steps:
   - name: Install Trivy
     uses: aquasecurity/setup-trivy@v0.2.0
     with:
-      version: v0.56.1
+      version: v0.56.2
       cache: true
 ```
 
@@ -52,7 +52,24 @@ steps:
   - name: Install Trivy
     uses: aquasecurity/setup-trivy@v0.2.0
     with:
-      version: v0.56.1
+      version: v0.56.2
       cache: true
       path: "./bins"
+```
+
+## Install Trivy with non-default token
+There are cases when `github.token` (default value for `actions/checkout`) contains an invalid token for `http://github.com`.
+One of example for this when using GitHub Enterprise Server (GHES).
+See more info in https://github.com/aquasecurity/setup-trivy/issues/10
+
+To properly install Trivy, you need to populate `token` from a secret or another step (e.g. from https://github.com/actions/create-github-app-token)
+
+```yaml
+steps:
+  - name: Install Trivy
+    uses: aquasecurity/setup-trivy@v0.2.0
+    with:
+      version: v0.56.2
+      cache: true
+      token: ${{ secrets.GITHUB_PAT }}
 ```
diff --git a/action.yaml b/action.yaml
@@ -15,6 +15,17 @@ inputs:
     description: 'Used to specify whether caching is needed. Set to false, if you would like to disable caching.'
     required: false
     default: 'false'
+  token:
+    description: >
+      Access token used to check out the Trivy repository.
+      The token is required when using GitHub Enterprise Server (GHES).
+      https://github.com/actions/create-github-app-token can be used to obtain such a token.
+      The token should be limited to read access only for public repositories.
+      See more details in https://github.com/aquasecurity/setup-trivy/issues/10
+    required: false
+    ## ${{ github.token }} is default value for actions/checkout
+    ## cf. https://github.com/actions/checkout/blob/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871/action.yml#L24
+    default: ${{ github.token }}
 
 runs:
   using: 'composite'
@@ -49,6 +60,11 @@ runs:
           contrib
         path: trivy
         fetch-depth: 1
+        ## We have to explicitly set GitHub server to avoid it being overwritten for GHES
+        ## cf. https://github.com/aquasecurity/setup-trivy/issues/10
+        github-server-url: 'https://github.com'
+        token: ${{ inputs.token }}
+
 
       ## Install Trivy using install script,
       ## Copy the `contrib` directory to the directory with the binary