From 01c45bf08adee305146b14af562d69cc5d70340a Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Tue, 30 Aug 2022 10:16:49 -0700
Subject: [PATCH] Avoid making an API call in test

This call fails since we are explicitly using an invalid token.
---
 .github/workflows/__init-with-registries.yml |  7 ++-----
 pr-checks/checks/init-with-registries.yml    | 12 +++++++-----
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml
index 421de335e2..78077f958c 100644
--- a/.github/workflows/__init-with-registries.yml
+++ b/.github/workflows/__init-with-registries.yml
@@ -63,14 +63,11 @@ jobs:
       with:
         db-location: ${{ runner.temp }}/customDbLocation
         tools: ${{ steps.prepare-test.outputs.tools-url }}
-        config-file: ./.github/codeql/codeql-config-query-filters1.yml
+        config-file: ./.github/codeql/codeql-config-registries.yml
+        languages: javascript
         registries-auth-tokens: https://ghcr.io/v2=${{ secrets.GITHUB_TOKEN }}
-      # ensure test will fail if registries block is not used
-        token: i-am-not-a-token
       env:
         TEST_MODE: true
-      # ensure test will fail if registries block is not used
-        GITHUB_TOKEN: i-am-not-a-token
     - name: Verify packages installed
       run: |
         PRIVATE_PACK="$HOME/.codeql/packages/dsp-testing/private-pack"
diff --git a/pr-checks/checks/init-with-registries.yml b/pr-checks/checks/init-with-registries.yml
index 0e00e09d5a..97b552028f 100644
--- a/pr-checks/checks/init-with-registries.yml
+++ b/pr-checks/checks/init-with-registries.yml
@@ -6,20 +6,22 @@ name: "Packaging: Download using registries"
 description: "Checks that specifying a registries block and associated auth works as expected"
 versions: ["latest", "cached", "nightly-latest"] # This feature is not compatible with old CLIs
 
+permissions:
+  # ensure the default token cannot be used to download packs
+  actions: read
+  packages: none
+
 steps:
   - name: Init with registries-auth-tokens
     uses: ./../action/init
     with:
       db-location: "${{ runner.temp }}/customDbLocation"
       tools: ${{ steps.prepare-test.outputs.tools-url }}
-      config-file: ./.github/codeql/codeql-config-query-filters1.yml
+      config-file: ./.github/codeql/codeql-config-registries.yml
+      languages: javascript
       registries-auth-tokens: https://ghcr.io/v2=${{ secrets.GITHUB_TOKEN }}
-      # ensure test will fail if registries block is not used
-      token: i-am-not-a-token
     env:
       TEST_MODE: true
-      # ensure test will fail if registries block is not used
-      GITHUB_TOKEN: i-am-not-a-token
   - name: Verify packages installed
     run: |
       PRIVATE_PACK="$HOME/.codeql/packages/dsp-testing/private-pack"