From 97a70e6013beb841a16b2660ce2c5a30982128c1 Mon Sep 17 00:00:00 2001
From: Robert <robertbrignull@github.com>
Date: Tue, 12 Jan 2021 12:09:22 +0000
Subject: [PATCH] include missing changes

---
 README.md       | 11 ++++++++++-
 init/action.yml |  3 +++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6553f337a..541ee084d 100644
--- a/README.md
+++ b/README.md
@@ -96,7 +96,16 @@ Use the `config-file` parameter of the `init` action to enable the configuration
     config-file: ./.github/codeql/codeql-config.yml
 ```
 
-The configuration file must be located within the local repository. For information on how to write a configuration file, see "[Using a custom configuration file](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration-file)."
+The configuration file can be located in a different repository. This is useful if you want to share the same configuration across multiple repositories. If the configuration file is in a private repository you can also specify an `external-repository-token` option. This should be a personal access token that has read access to any repositories containing referenced config files and queries.
+
+```yaml
+- uses: github/codeql-action/init@v1
+  with:
+    config-file: owner/repo/codeql-config.yml@branch
+    external-repository-token: ${{ secrets.EXTERNAL_REPOSITORY_TOKEN }}
+```
+
+For information on how to write a configuration file, see "[Using a custom configuration file](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration-file)."
 
 If you only want to customise the queries used, you can specify them in your workflow instead of creating a config file, using the `queries` property of the `init` action:
 
diff --git a/init/action.yml b/init/action.yml
index 56581f715..feb8ec779 100644
--- a/init/action.yml
+++ b/init/action.yml
@@ -19,6 +19,9 @@ inputs:
   queries:
     description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
     required: false
+  external-repository-token:
+    description: A token for fetching external config files and queries if they reside in a private repository.
+    required: false
   setup-python-dependencies:
     description: Try to auto-install your python dependencies
     required: true