How to update build process
Question
How do I update the build process in my repository to pull in dependencies or compile the application?
This is Step #5 for configuring CodeQL scans for GitHub CI This step is performed after the updating when scans run step and before the updating where scans run step
Answer
CodeQL links against your application’s dependencies in order to identify vulnerabilities in the application’s use of those dependencies. In order to generate these links, CodeQL must download your project’s dependencies. For non-compiled languages this means using your projects package manager, such as npm
or pip
. For compiled languages this means compiling your source code.
CodeQL attempts to auto-build your code by various means. If the CodeQL enablement pull request has failed because your build process fails, you may specify your custom build steps by adding them to the codeql.yml
file. You may create this file as part of the pull request, then specify the build process in the file and committing it back to the pull request branch.
For example, if your repository contained the javascript and go languages, an example of a codeql.yml
file with custom build steps for these languages might look like this:
excluded_languages:
- name: java
reason: "Repository contains only library code and no executable code"
build_steps:
go: |
export GOPROXY=https://proxy.test
go build -o cli
javascript: |
npm config set registry https://ghcr.io
npm install --omit=dev
You do not need to specify build steps for all languages in your repository, only those languages which failed to build during the CodeQL enablement pull request, or languages for which you explicitly want to modify the build process.
Note: If you build required executing from a specific directory, you must perform a
cd
ordir
command to change to that directory before executing your build steps. The Actionsworking_directory
property is not supported in thecodeql-tools
reusable workflow.
References
The CodeQL enablement pull request contains direct links to files in the PR that are referenced in this technical note. The following links in the PR are referenced here:
- Create Custom Build Script - links to the
.github
directory where the filecodeql.yml
should be added
Return to enable CodeQL using GitHub CI to continue with the next step.