I am learning CodeQL and I now have several custom CodeQL queries for a Java library that we use. The queries run in VSCode, if I run them one by one. I would like to be able to use them duing the Github Workflow.
My understanding is that I need to create a query pack for this, or perhaps a query suite. I am not sure what the difference between the two is.
Based on the CodeQL CLI documentation, I can't tell how one can run such query packs from the command-line. From what I have seen in the github/codeql-action, you need to list these queries one by one. Surely there must be a better way.
I want to try it out locally before pushing it to a Github repository.
I have the following directory structure:
my-codeql-queries/
+ query1.ql
+ query2.ql
+ query3.ql
+ queries.xml
+ qlpack.yml
These are the contents of the:
queries.xml:
<queries language="java"/>
qlpack.ql:
name: my-codeql-queries
version: 1.0.0
dependencies:
codeql/java-all: "*"
suites: my-codeql-queries
So, my questions are how can I create a CodeQL query pack and:
- Use the CodeQL CLI to run this from the command-line
- Use the github/codeql-action to run it in a Github Workflow
- What should be the directory structure of the Git repository, in order for them to be able to be re-usable and imported from other repositories and Github Workflows?
- Do these queries need to be compiled? (And, if so, how?).
