github
Problem installing local package
I'm having trouble with what I want to do.
How do I install a queries package where all the others are so I don't have to specify the folder I want to analyze them from when I run an analysis?
I use
RUN codeql pack install -v --allow-prerelease packagePath
But seems that are not used later when I use
codeql database analyze ...
I want to install a package for a specific language, without having to specify the path every time I use analyze.
codeql pack download [name] will download the pack to the default location. Generally speaking there are two scenarios:
- You install a CLI bundle, which ships with all the default packs in a location relative to the CLI, and will find the packs automatically.
- You install the CLI on its own, which does not ship with any packs, and you must install the ones you want. You then need to install packs with
codeql pack download. They get installed to a location where the CLI can find them.
codeql pack install is used to install the dependencies of a pack you're creating yourself.
See the documentation at:
No. Generally, the intent is that you publish your pack and then install it with codeql pack download. If you only have the pack locally, then you should be able to either place it in ~/.codeql/packages (mirroring the structure there) or use the --search-path parameter for codeql database analyze to specify additional directories in which packs may be present.
No. Generally, the intent is that you publish your pack and then install it with
codeql pack download. If you only have the pack locally, then you should be able to either place it in~/.codeql/packages(mirroring the structure there) or use the--search-pathparameter forcodeql database analyzeto specify additional directories in which packs may be present.
I tried copying there with the same structure and it doesn't appear in codeql package resolve
I think I'm facing the same issue with unit test in particular. I'm following this guide:
https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries
It tells me to create qlpack for my test, and add the qlpack I want to test as a dependency - example from the docs:
name: <name-of-test-pack>
version: 0.0.0
dependencies:
<codeql-libraries-and-queries-to-test>: "*"
extractor: <language-of-code-to-test>
If I add the package name as a dependency I get the following error:
A fatal error occurred: Package 'my-package' cannot be used with a package registry because it does not have a scope.
My package doesn't have a scope because I don't intend to publish it , and according to codeql pack init --help (emphasis mine):
<package-name> [Mandatory] The scope and name of the pack to create. **Scope is only required if this pack is to be published.**
In contrast to this, the previous error and this comment suggests that packages should always be published to be used as dependencies.
In this case I don't want to publish this package. Even if I wanted to publish the package, I would want to test it first, but I can't do that, because the test pack refuses to accept local packages.
In the end I found a solution: I was able to perform a successful codeql pack install in my test pack with the local dependency path provided with --additional-packs and adding a scope, then also providing --additional-packs for test run. I couldn't find this documented.
I think you should not assume that people will/want/can upload their code to the Internet always. Even if the intention is to persuade people toward publishing (which wouldn't be very nice), testing workflow should not rely on publishing the yet untested code anywhere.
