From e71d901c19f1e687597a138482b528c17b03f61a Mon Sep 17 00:00:00 2001
From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Date: Thu, 24 Oct 2024 11:30:53 +0600
Subject: [PATCH] feat: add `token` input and pin `github-server-url` (#12)

* feat: add `token` input and pin `github-server-url`

* fix: use `${{ github.token }}` as default value for token

* docs: add info about token in README.md

* docs: bump Trivy version
---
 README.md   | 23 ++++++++++++++++++++---
 action.yaml | 16 ++++++++++++++++
 2 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index fec8178..6a7cf72 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ steps:
   - name: Install Trivy
     uses: aquasecurity/setup-trivy@v0.2.0
     with:
-      version: v0.56.1
+      version: v0.56.2
 ```
 
 ## Caching
@@ -36,7 +36,7 @@ steps:
   - name: Install Trivy
     uses: aquasecurity/setup-trivy@v0.2.0
     with:
-      version: v0.56.1
+      version: v0.56.2
       cache: true
 ```
 
@@ -52,7 +52,24 @@ steps:
   - name: Install Trivy
     uses: aquasecurity/setup-trivy@v0.2.0
     with:
-      version: v0.56.1
+      version: v0.56.2
       cache: true
       path: "./bins"
+```
+
+## Install Trivy with non-default token
+There are cases when `github.token` (default value for `actions/checkout`) contains an invalid token for `http://github.com`.
+One of example for this when using GitHub Enterprise Server (GHES).
+See more info in https://github.com/aquasecurity/setup-trivy/issues/10
+
+To properly install Trivy, you need to populate `token` from a secret or another step (e.g. from https://github.com/actions/create-github-app-token)
+
+```yaml
+steps:
+  - name: Install Trivy
+    uses: aquasecurity/setup-trivy@v0.2.0
+    with:
+      version: v0.56.2
+      cache: true
+      token: ${{ secrets.GITHUB_PAT }}
 ```
\ No newline at end of file
diff --git a/action.yaml b/action.yaml
index 65125d2..f0ba865 100644
--- a/action.yaml
+++ b/action.yaml
@@ -15,6 +15,17 @@ inputs:
     description: 'Used to specify whether caching is needed. Set to false, if you would like to disable caching.'
     required: false
     default: 'false'
+  token:
+    description: >
+      Access token used to check out the Trivy repository.
+      The token is required when using GitHub Enterprise Server (GHES).
+      https://github.com/actions/create-github-app-token can be used to obtain such a token.
+      The token should be limited to read access only for public repositories.
+      See more details in https://github.com/aquasecurity/setup-trivy/issues/10
+    required: false
+    ## ${{ github.token }} is default value for actions/checkout
+    ## cf. https://github.com/actions/checkout/blob/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871/action.yml#L24
+    default: ${{ github.token }}
 
 runs:
   using: 'composite'
@@ -49,6 +60,11 @@ runs:
           contrib
         path: trivy
         fetch-depth: 1
+        ## We have to explicitly set GitHub server to avoid it being overwritten for GHES
+        ## cf. https://github.com/aquasecurity/setup-trivy/issues/10
+        github-server-url: 'https://github.com'
+        token: ${{ inputs.token }}
+
 
       ## Install Trivy using install script,
       ## Copy the `contrib` directory to the directory with the binary