Relocation announcement: github/codeql-go
moving into github/codeql
#741
Description
The CodeQL Go extractor and libraries are moving to a new home!
Summary
- Old location: The
github/codeql-go
repository - New location: The
github/codeql
repository, specifically https://github.com/github/codeql/tree/main/go.
The github/codeql-go
repository currently contains the open-source CodeQL queries, libraries, and extractor for analyzing codebases written in the Go programming language with GitHub's CodeQL code analysis tools. These contents will be moved to the github/codeql
repository, to live alongside similar libraries for all other programming languages supported by CodeQL.
CodeQL support of the Go programming language will stay the same, except that the code and the development will continue in github/codeql
.
Once the move completes, GitHub will stop using the github/codeql-go
repository and replace its contents with a placeholder announcement.
When will this change take place?
This change is scheduled for 23 May 2022.
What do I need to change as a user of CodeQL or code scanning?
For users of non-default CodeQL query suites
- When this applies: If you’re using the
query
orqueries
configuration directives in a CodeQL query suite. - What you need to do:
- Please make sure to refer to individual CodeQL queries for Go by their canonical query ID (rather than an absolute path). The query ID can be found after
@id
in the metadata section at the top of the query file. - Alternatively, please use relative paths to queries and directories within the enclosing CodeQL pack
codeql/go-queries
, rather than absolute paths. - See the CodeQL CLI docs for more information on the query suite syntax.
- Please make sure to refer to individual CodeQL queries for Go by their canonical query ID (rather than an absolute path). The query ID can be found after
Examples:
Before | After |
---|---|
- query: path/to/checkout/of/codeql-go/ql/src/Security/CWE-079/ReflectedXss.ql |
- queries: . OR - query: Security/CWE-079/ReflectedXss.ql |
- queries: path/to/checkout/of/codeql-go/ql/src/path/to/subdirectory |
- queries: path/to/subdirectory |
- queries: path/to/subdirectory |
No change needed. |
- queries: path/to/subdirectory |
No change needed. |
- qlpack: codeql-go |
No change needed. |
- qlpack: codeql/go-queries |
No change needed. |
For users of the queries
field in a code scanning YAML configuration
- When this applies: If the
queries
field in your code scanning YAML configuration file directly references a query or directory of queries in thegithub/codeql-go
repository. - What you need to do: Please change these references to use the
packs:
field and the corresponding path within thecodeql/go-queries
query pack.- We do not recommend running queries from the CodeQL standard libraries at a specific GitHub ref, since this may not be compatible with the latest released version of CodeQL running on GitHub Actions.
- Example before:
name: "My CodeQL config" queries: - uses: github/codeql-go/ql/src/experimental/CWE-327@<ref>
- Example after:
name: "My CodeQL config" packs: - 'codeql/go-queries:experimental/CWE-327'
For users of the queries
field in the github/codeql-action/init
step of a GitHub Actions workflow
- When this applies: If the
queries
field in your workflow file directly references queries in thegithub/codeql-go
repository. - What you need to do: Please change these references to use the
packs:
field and the corresponding path within thecodeql/go-queries
query pack.- We do not recommend running queries from the CodeQL standard libraries at a specific GitHub ref, since this may not be compatible with the latest released version of CodeQL running on GitHub Actions.
- Example before:
- name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: go queries: github/codeql-go/ql/src/experimental/CWE-327@<ref>
- Example after:
- name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: go packs: 'codeql/go-queries:experimental/CWE-327'
For users of the github/vscode-codeql-starter repository
- When this applies: If you are using a local Git checkout of the
github/vscode-codeql-starter
repository or one of its forks, which contain thegithub/codeql
andgithub/codeql-go
repositories as submodules. - What you need to do: Please ensure your checkout is kept up to date, and use
git submodule update --remote
to keep the submodules up to date. - What will change: GitHub will move Go-related contents into the
ql
submodule and workspace folder, and delete thecodeql-go
submodule and workspace folder. Up-to-date checkouts and VS Code workspaces will continue to work.
For users of local Git checkouts of the github/codeql
and github/codeql-go
repositories
- When this applies: If you have local Git checkouts of the
github/codeql
andgithub/codeql-go
repositories in sibling directories for use with the CodeQL CLI, as recommended in the CodeQL CLI documentation. - What you need to do: Please ensure both checkouts are kept up to date. If you are working on local Git branches in your checkout of
github/codeql-go
, please update and rebase them ongithub/codeql
instead. - What will change: GitHub will move Go-related contents into the
github/codeql
repository, and leave only placeholder data in thecodeql-go
repository. Up-to-date checkouts will reflect this change. After this point you are free to delete the checkout of thegithub/codeql-go
repository.
If none of the above apply to you
We expect no change to be required to your CodeQL or code scanning setup.
Where do I go for help?
Please open an issue in github/codeql or file an issue with GitHub support if you encounter any difficulties with this change, and we will be happy to help.