Disable default queries #7
Conversation
README.md
Outdated
| ### Configuration | ||
| You may optionally specify additional queries for CodeQL to execute by using a config file. The queries must belong to a [QL pack](https://help.semmle.com/codeql/codeql-cli/reference/qlpack-overview.html) and can be in your repository or any public repository. You can choose a single .ql file, a folder containing multiple .ql files, a .qls [query suite](https://help.semmle.com/codeql/codeql-cli/procedures/query-suites.html) file, or any combination of the above. To use queries from other repositories use the same syntax as when [using an action](https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsuses). | ||
|
|
||
| You can disable the default queries using `ignore-default-queries: true`. |
There was a problem hiding this comment.
Any reasons why "ignore" rather than other alternatives? I see it as a non-typical name. Given that the description is "You can disable ..." then it makes me feel it should be called disable-default-queries. I think exclude-default-queries would be another possibility that's slightly more clear than "ignore". We won't be able to change this so we should be happy with the name we pick.
There was a problem hiding this comment.
I agree, i like disable.
src/config-utils.ts
Outdated
| config.name = parsedYAML.name; | ||
| } | ||
|
|
||
| if (parsedYAML['ignore-default-queries'] && typeof parsedYAML['ignore-default-queries'] === "boolean") { |
There was a problem hiding this comment.
curious about this, what happens if they put a string in there?
There was a problem hiding this comment.
It would ignore the field https://github.com/github/codeql-action/runs/632416621?check_suite_focus=true
|
Thanks for taking the initiative on doing this! cc: @github/product-docs-dsp because this change will affect the configuration docs. |
|
Thanks for the ping Justin. We'll add this to the "Configuring code scanning" topic once this is merged. |
README.md
Outdated
There was a problem hiding this comment.
This needs to be updated to "disable"
src/finalize-db.ts
Outdated
There was a problem hiding this comment.
The behavious here has changed to remove the || [] default value. Some manual testing shows that this will generate an error trying to do push(...undefined).
Please change to queries.push(...(queriesPerLanguage[database] | | [])); or bring back the additionalQueries as it was before.
There was a problem hiding this comment.
As I suspected, here's what happens if a repo doesn't define any custom queries: https://github.com/Anthophila/test-electron/runs/632587165?check_suite_focus=true
There was a problem hiding this comment.
Good catch! I've fixed it and triggered a build without custom queries for testing it https://github.com/github/codeql-action/runs/632605173?check_suite_focus=true ✅
Daverlo
force-pushed
the
disable-default-queries
branch
from
3bb38db to
6997a21
Compare
There was a problem hiding this comment.
I tested as well in a couple of cases and I agree it's working now.
For example, what happens when you disable all queries. See https://github.com/Anthophila/test-electron/runs/632714499?check_suite_focus=true
The answer is that the codeql fails, which is reasonable, but it only does so after extracting all the code and it prints an error message which tries to be useful but for code scanning isn't very because the user can't call codeql directly. I'll raise an issue to improve this behaviour in the future: https://github.com/github/dsp-code-scanning/issues/1133.
However I think we also need signoff from one of @anaarmas or @krukow as per Justin's comment.
|
Looks good to me - I have no concerns. Thanks for the ping and making completing this work. |
This PR adds an option for disabling the queries we run default.
A run without the
ignore-default-queriesset, it runs all the queries: https://github.com/github/codeql-action/runs/629305743?check_suite_focus=trueA run with
ignore-default-queries: false, it runs all the queries: https://github.com/github/codeql-action/runs/629307092?check_suite_focus=trueA run with
ignore-default-queries: trueit only runs the custom queries: https://github.com/github/codeql-action/runs/629310667?check_suite_focus=trueMerge / deployment checklist