Updating QL pack files to use dependencies key

.github/workflows/build.yml

@@ -19,17 +19,28 @@ jobs:
         with:
           submodules: true
 
+      - name: Debug Checkout
+        run: |
+          echo "codeql/${{ matrix.language }}-queries:"
+          find ./codeql -type f -name "qlpack.yml" -exec grep -l "name: codeql/${{ matrix.language }}-queries" {} \;
+          echo "codeql/${{ matrix.language }}-all:"
+          find ./codeql -type f -name "qlpack.yml" -exec grep -l "name: codeql/${{ matrix.language }}-all" {} \;
+          echo "codeql/suite-helpers:"
+          find ./codeql -type f -name "qlpack.yml" -exec grep -l "name: codeql/suite-helpers" {} \;
+
       - name: Install CodeQL
         env:
           GITHUB_TOKEN: ${{ github.token }}
         run: |
           gh extension install github/gh-codeql
           # gh codeql set-channel nightly
           gh codeql version
+          # Install the CodeQL Pack
+          gh codeql pack download "codeql/${{ matrix.language }}-queries"
 
       - name: Compile Queries
         run: |
-          gh codeql query compile --warnings=error --search-path=./codeql:./codeql-go ./${{ matrix.language }}/
+          gh codeql query compile --warnings=error --search-path=./codeql --additional-packs=./codeql/ ./${{ matrix.language }}/
 
       - name: Test Queries
         run: |

CODEOWNERS

@@ -1,16 +1,16 @@
 # CodeQL Queries
 
-config/* @geekmasher
-cpp/* @geekmasher
-csharp/* @geekmasher
-java/* @geekmasher
-javascript/* @geekmasher
-python/* @geekmasher
-ruby/* @geekmasher
+config/* @geekmasher @aegilops @nickliffen
+cpp/* @geekmasher @aegilops @nickliffen
+csharp/* @geekmasher @aegilops @nickliffen
+java/* @geekmasher @aegilops @nickliffen
+javascript/* @geekmasher @aegilops @nickliffen
+python/* @geekmasher @aegilops @nickliffen
+ruby/* @geekmasher @aegilops @nickliffen
 
 # CI / Scripts
-.github/workflows/* @geekmasher
-.github/scripts/* @geekmasher
+.github/workflows/* @geekmasher @aegilops @nickliffen
+.github/scripts/* @geekmasher @aegilops @nickliffen
 
 # Misc
-* @geekmasher
+* @geekmasher @aegilops @nickliffen

cpp/qlpack.yml

@@ -1,3 +1,4 @@
 name: github-queries-cpp
 version: 0.0.0
-libraryPathDependencies: codeql-cpp
+dependencies:
+  codeql/cpp-queries: "*"

csharp/qlpack.yml

@@ -1,3 +1,4 @@
 name: github-queries-csharp
 version: 0.0.0
-libraryPathDependencies: codeql-csharp
+dependencies:
+  codeql/csharp-queries: "*"

go/qlpack.yml

@@ -1,3 +1,4 @@
 name: github-queries-go
 version: 0.1.0
-libraryPathDependencies: codeql-go
+dependencies:
+  codeql/go-queries: "*"

java/qlpack.yml

@@ -1,3 +1,4 @@
 name: github-queries-java
 version: 0.0.0
-libraryPathDependencies: codeql-java
+dependencies:
+  codeql/java-queries: "*"

javascript/qlpack.yml

@@ -1,3 +1,4 @@
 name: github-queries-javascript
 version: 0.0.0
-libraryPathDependencies: codeql-javascript
+dependencies:
+  codeql/javascript-queries: "*"

python/qlpack.yml

@@ -1,3 +1,4 @@
 name: github-queries-python
 version: 0.1.0
-libraryPathDependencies: codeql-python
+dependencies:
+  codeql/python-queries: "*"

python/suites/python-security-experimental.qls

@@ -0,0 +1,47 @@
+# Use with caution ⚠️ experimental queries are not assured for performance or false positives
+
+# Use in a CodeQL workflow, e.g. copy to `./.github/codeql/python-experimental-security.qls`
+# then alter the workflow to look like:
+#
+#    # Initializes the CodeQL tools for scanning.
+#    - name: Initialize CodeQL
+#      uses: github/codeql-action/init@v2
+#      with:
+#        languages: ${{ matrix.language }}
+#        queries: security-extended,./.github/codeql/python-experimental-security.qls # <-- add this bit here after the comma
+
+- description: "Python experimental security queries"
+- qlpack: codeql/python-queries
+
+- queries: '.'
+  from: codeql/python-queries
+
+- include:
+    kind:
+    - problem
+    - path-problem
+    - alert
+    - path-alert
+    tags contain:
+    - security
+    query path:
+      - /experimental\/.*/
+
+- include:
+    kind:
+    - diagnostic
+- include:
+    kind:
+    - metric
+    tags contain:
+    - summary
+
+- exclude:
+    deprecated: //
+- exclude:
+    query path:
+      - Metrics/Summaries/FrameworkCoverage.ql
+      - /Diagnostics/Internal/.*/
+- exclude:
+    tags contain:
+      - model-generator

ruby/qlpack.yml

@@ -1,3 +1,4 @@
 name: github-queries-ruby
 version: 0.1.0
-libraryPathDependencies: codeql-ruby
+dependencies:
+  codeql/ruby-queries: "*"