github · tgrall · Mar 18, 2023 · Mar 18, 2023 · Mar 18, 2023 · Mar 18, 2023
@@ -2,7 +2,7 @@
 
 ## [UNRELEASED]
 
-No user facing changes.
+- Add `config` parameter to the `init` action https://github.com/github/codeql-action/pull/1590
 
 ## 2.2.9 - 27 Mar 2023
 

@@ -135,6 +135,62 @@ By default, this will override any queries specified in a config file. If you wi
     queries: +<local-or-remote-query>,<another-query>
 ```
 
+### Configuration 
+
+
+Use the `config` parameter of the `init` action to enable a workflow based configuration. The value of `configuration` should be compliant with the configuration file format documented at [Using a custom configuration file](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration-file)."
+
+
+- **Complete Configuration**
+
+    ```yaml
+    - uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        config: |
+          disable-default-queries: true
+          queries:
+            - uses: security-extended
+            - uses: security-and-quality
+          query-filters:
+            - include:
+          tags: /cwe-020/
+    ```
+
+
+- **Actions Variables**
+
+  You can use actions or environment variables to use dynamic configuration.
+
+  ```yaml
+  - uses: github/codeql-action/init@v2
+    with:
+      languages: ${{ matrix.language }}
+      config: |
+            ${{vars.CODEQL_CONF}}    
+  ```
+
+
+  where `vars.CODEQL_CONF` references a [Action Variables](https://docs.github.com/en/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows) with the following content, that will only execute the queries related to the [CWE-020](https://cwe.mitre.org/data/definitions/20.html).
+
+- **Input Parameters**
+
+  Use workflow input parameter:
+
+  ```yaml
+    - uses: github/codeql-action/init@v2
+    with:
+      languages: ${{ matrix.language }}
+      config: |
+        disable-default-queries: true
+        queries:
+          - uses: security-extended
+          - uses: security-and-quality
+        query-filters:
+          - include:
+              tags: /${{ github.event.inputs.codeql-include-tags }}/ 
+  ```
+
 ## Troubleshooting
 
 Read about [troubleshooting code scanning](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning).

@@ -44,6 +44,9 @@ inputs:
   db-location:
     description: Path where CodeQL databases should be created. If not specified, a temporary directory will be used.
     required: false
+  config:    
+    description: Configuration passed as YAML object using the same format as the config-file. This takes precedence over the config-file parameter.
+    required: false
   queries:
     description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
     required: false