This repository was archived by the owner on Jan 5, 2023. It is now read-only.
This repository was archived by the owner on Jan 5, 2023. It is now read-only.
Relocation announcement: github/codeql-go moving into github/codeql #741
Description
The CodeQL Go extractor and libraries are moving to a new home!
Summary
- Old location: The
github/codeql-gorepository - New location: The
github/codeqlrepository, specifically https://github.com/github/codeql/tree/main/go.
The github/codeql-go repository currently contains the open-source CodeQL queries, libraries, and extractor for analyzing codebases written in the Go programming language with GitHub's CodeQL code analysis tools. These contents will be moved to the github/codeql repository, to live alongside similar libraries for all other programming languages supported by CodeQL.
CodeQL support of the Go programming language will stay the same, except that the code and the development will continue in github/codeql.
Once the move completes, GitHub will stop using the github/codeql-go repository and replace its contents with a placeholder announcement.
When will this change take place?
This change is scheduled for 23 May 2022.
What do I need to change as a user of CodeQL or code scanning?
For users of non-default CodeQL query suites
- When this applies: If you’re using the
queryorqueriesconfiguration directives in a CodeQL query suite. - What you need to do:
- Please make sure to refer to individual CodeQL queries for Go by their canonical query ID (rather than an absolute path). The query ID can be found after
@idin the metadata section at the top of the query file. - Alternatively, please use relative paths to queries and directories within the enclosing CodeQL pack
codeql/go-queries, rather than absolute paths. - See the CodeQL CLI docs for more information on the query suite syntax.
- Please make sure to refer to individual CodeQL queries for Go by their canonical query ID (rather than an absolute path). The query ID can be found after
Examples:
| Before | After |
|---|---|
- query: path/to/checkout/of/codeql-go/ql/src/Security/CWE-079/ReflectedXss.ql |
- queries: . OR - query: Security/CWE-079/ReflectedXss.ql |
- queries: path/to/checkout/of/codeql-go/ql/src/path/to/subdirectory |
- queries: path/to/subdirectory |
- queries: path/to/subdirectory |
No change needed. |
- queries: path/to/subdirectory |
No change needed. |
- qlpack: codeql-go |
No change needed. |
- qlpack: codeql/go-queries |
No change needed. |
For users of the queries field in a code scanning YAML configuration
- When this applies: If the
queriesfield in your code scanning YAML configuration file directly references a query or directory of queries in thegithub/codeql-gorepository. - What you need to do: Please change these references to use the
packs:field and the corresponding path within thecodeql/go-queriesquery pack.- We do not recommend running queries from the CodeQL standard libraries at a specific GitHub ref, since this may not be compatible with the latest released version of CodeQL running on GitHub Actions.
- Example before:
name: "My CodeQL config" queries: - uses: github/codeql-go/ql/src/experimental/CWE-327@<ref>
- Example after:
name: "My CodeQL config" packs: - 'codeql/go-queries:experimental/CWE-327'
For users of the queries field in the github/codeql-action/init step of a GitHub Actions workflow
- When this applies: If the
queriesfield in your workflow file directly references queries in thegithub/codeql-gorepository. - What you need to do: Please change these references to use the
packs:field and the corresponding path within thecodeql/go-queriesquery pack.- We do not recommend running queries from the CodeQL standard libraries at a specific GitHub ref, since this may not be compatible with the latest released version of CodeQL running on GitHub Actions.
- Example before:
- name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: go queries: github/codeql-go/ql/src/experimental/CWE-327@<ref>
- Example after:
- name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: go packs: 'codeql/go-queries:experimental/CWE-327'
For users of the github/vscode-codeql-starter repository
- When this applies: If you are using a local Git checkout of the
github/vscode-codeql-starterrepository or one of its forks, which contain thegithub/codeqlandgithub/codeql-gorepositories as submodules. - What you need to do: Please ensure your checkout is kept up to date, and use
git submodule update --remoteto keep the submodules up to date. - What will change: GitHub will move Go-related contents into the
qlsubmodule and workspace folder, and delete thecodeql-gosubmodule and workspace folder. Up-to-date checkouts and VS Code workspaces will continue to work.
For users of local Git checkouts of the github/codeql and github/codeql-go repositories
- When this applies: If you have local Git checkouts of the
github/codeqlandgithub/codeql-gorepositories in sibling directories for use with the CodeQL CLI, as recommended in the CodeQL CLI documentation. - What you need to do: Please ensure both checkouts are kept up to date. If you are working on local Git branches in your checkout of
github/codeql-go, please update and rebase them ongithub/codeqlinstead. - What will change: GitHub will move Go-related contents into the
github/codeqlrepository, and leave only placeholder data in thecodeql-gorepository. Up-to-date checkouts will reflect this change. After this point you are free to delete the checkout of thegithub/codeql-gorepository.
If none of the above apply to you
We expect no change to be required to your CodeQL or code scanning setup.
Where do I go for help?
Please open an issue in github/codeql or file an issue with GitHub support if you encounter any difficulties with this change, and we will be happy to help.