Add support for actions language
#2572
Conversation
src/config-utils.ts
Outdated
| // Kind of registry, either "github" or "docker". Default is "docker". | ||
| kind?: "github" | "docker"; |
There was a problem hiding this comment.
I wonder if folks might confuse "docker" with docker hub when I think we're talking about GHCR (or I guess any OCI container registry?). We could say something like "repository" / "container"? I'm not sure what's best.
There was a problem hiding this comment.
The docker value is already baked into the CLI. We could consider changing it there (adding ghcr or whatever as an alias), but I don't think it's worth the effort. docker is the default, so nobody ever has to actually specify it.
There was a problem hiding this comment.
Maybe just adding a comment to say that the only docker registry we support is GHCR. This is public code and I wouldn't want to give any false impressions.
| @@ -1,5 +1,6 @@ | |||
| // All the languages supported by CodeQL | |||
| export enum Language { | |||
| actions = "actions", | |||
There was a problem hiding this comment.
Thought: is it worth adding a warning in the init Action when using this language that actions isn't officially supported yet?
There was a problem hiding this comment.
They'll already have to enable the experimental language support in the CLI by setting CODEQL_ENABLE_EXPERIMENTAL_FEATURES=true, so I think they'll already know it's not officially supported yet.
src/config-utils.ts
Outdated
| // Kind of registry, either "github" or "docker". Default is "docker". | ||
| kind?: "github" | "docker"; |
There was a problem hiding this comment.
Maybe just adding a comment to say that the only docker registry we support is GHCR. This is public code and I wouldn't want to give any false impressions.
| @@ -64,6 +64,9 @@ export interface RegistryConfigNoCredentials { | |||
|
|
|||
| // List of globs that determine which packs are associated with this registry. | |||
| packages: string[] | string; | |||
|
|
|||
| // Kind of registry, either "github" or "docker". Default is "docker". | |||
There was a problem hiding this comment.
| // Kind of registry, either "github" or "docker". Default is "docker". | |
| // Kind of registry, either "github" or "docker". Default is "docker". | |
| // The only docker registry that codeql supports is the GitHub Container Registry. |
There was a problem hiding this comment.
Sorry, didn't see this suggestion until I'd already added a different comment.
There was a problem hiding this comment.
I think what you have now is fine. Thanks for updating.
This PR adds support for the new
actionsCodeQL language, which will be part of the upcoming 2.19.3 release of the CodeQL bundle. In addition to addingactionsto the list of supported languages, this PR also fixes a couple of issues I encountered while testing the new language:The
CODEQL_ACTION_EXTRA_OPTIONSenvironment variable, used for setting additional CLI options, now supports YAML, rather than just JSON. This makes it easier to specify complex options in a workflow file without complicated escaping.I added support for the
kindproperty for pack registries, to allow downloading packs from GitHub repo-based registries, in addition to the existing Docker-based registries.