Docs: Simplify getting started docs #7618
Conversation
It is no longer necessary to check out a version of `github/codeql` as a sibling directory to the distribution. Instead, users can download the required packs as needed. using the `pack download` command or the `--download` option for `codeql database analyze`.
Add more information about running packs. Include the `--download` flag.
We are no longer including information about how to check out github/codeql, so this paragraph doesn't fit any more.
aeisenberg
force-pushed
the
aeisenberg/getting-started-docs
branch
from
abb3219 to
01b5881
Compare
aeisenberg
requested review from
jf205,
felicitymay,
adityasharad and
dbartol
|
Hey @aeisenberg. Thanks for making these changes. I've had a very quick glance and it's great to see how simple the set up process now becomes when using CodeQL packages rather than checking out I think we need to be careful about totally removing the section about checking out |
There was a problem hiding this comment.
Thank you for opening this pull request 💖
It seems like a great idea to simplify the documentation if we can do so without removing information that some users still need. Possibly we need an article for people who just want to get set up to run CodeQL CLI to generate results and another article for people who want to get set up for more complex purposes?
Having suffered various branch problems recently, I'm wondering whether this belongs in main or whether it should be merged into a branch to ensure that the changes are included in the docs updates for the correct release of the CLI.
I'm also wondering if we need to update the closely related articles Installing CodeQL CLI in your CI system and Configuring CodeQL CLI in your CI system. If these articles need to be updated, please open a docs-content issue.
I've made a couple of suggestions for formatting fixes but have not tested these changes.
| - a path to a query file | ||
| - a path to a directory containing query files | ||
| - a path to a query suite file | ||
| - the name of a CodeQL query pack |
There was a problem hiding this comment.
The formatting seems to be off here (at least in the docs generated by the checks on the PR). You may need an empty line before and after these nested bullets.
| converted to ``.md`` before running the analysis. For further information, | ||
| - ``--sarif-add-query-help``: (supported in version 2.7.1 onwards) adds any custom query help written | ||
| in markdown to SARIF files (v2.1.0 or later) generated by the analysis. Query help stored in ``.qhelp`` files must be | ||
| converted to ``.md`` before running the analysis. For further information, |
There was a problem hiding this comment.
While we're editing this file. The spacing on lines 70/71 is giving a weird result in the live output: https://codeql.github.com/docs/codeql-cli/analyzing-databases-with-the-codeql-cli/#running-codeql-database-analyze
| - ``--download``: a boolean flag that will allow the CLI to download any referenced CodeQL packages that are not available locally. | ||
| If this flag is missing and a referenced CodeQL package is not available locally, the command will fail. |
There was a problem hiding this comment.
This suffers from the same problem as lines 70/71 in the original article.
There was a problem hiding this comment.
Looks like there's an extra space at the start of the line. Fixing.
|
|
||
| Afterwards, you can run the pack on a specific database:: | ||
| codeql database analyze --download <database> microsoft/coding-standards@1.0.0 github/secutiry-queries --format=sarifv2.1.0 --output=query-results.sarif |
There was a problem hiding this comment.
I'd tend to put the download flag later in the command to reduce the tendency for people to see it as connected in anyway to <database> but maybe this is something that no developer would think 🤔
| it. Legacy packs ensure that custom queries and libraries created using older | ||
| products are compatible with your version of CodeQL. | ||
| default in your CodeQL CLI package. | ||
| - (Optional) You can download some ":ref"`CodeQL packs <about-codeql-packs>` containing pre-compiled queries you would like to run. |
There was a problem hiding this comment.
Typo in the link here, probably should be:
| - (Optional) You can download some ":ref"`CodeQL packs <about-codeql-packs>` containing pre-compiled queries you would like to run. | |
| - (Optional) You can download some ":ref:`CodeQL packs <about-codeql-packs>`" containing pre-compiled queries you want to run. |
|
|
||
| Alternatively, you can download query packs during the analysis by using the `--download` flag of the `codeql database analyze` |
There was a problem hiding this comment.
| Alternatively, you can download query packs during the analysis by using the `--download` flag of the `codeql database analyze` | |
| Alternatively, you can download query packs during the analysis by using the ``--download`` flag of the ``codeql database analyze`` |
Yes, I think it's best to add that information back somewhere.
Perhaps retargeting to 2.8.0 is best.
Thanks for pointing out the two linked articles. I think the only section that could use some tidying up is analyzing-a-codeql-database. It's not exactly wrong bug could be cleared up in two ways:
I'll create an issue for this. |
|
@jf205 That makes sense that we don't want to remove the old way of doing things. I can add back the old steps and make it clear that this is an optional, alternative approach. It is useful when you want to interact with the codeql query sources directly. @felicitymay The precise timing of the next release is still being discussed and so no release branches have been created yet. I'll keep this PR targeted towards main. If a release branch is opened before this is merged, I will re-target. |
Adds a second getting started, specifically for checking out the codeql repo as a way to get the core queries. This ensures that people wanting to work in the traditional way still have the old docs available.
Co-authored-by: Felicity Chapman <felicitymay@github.com>
|
Thanks for the review @felicitymay. @jf205, would you be able to take another look at this and see if this is sufficient from your perspective? |
There was a problem hiding this comment.
This looks good to merge, pending a couple of small fixes 👍🏻
Thanks for adding the packaging information to the documentation @aeisenberg. It'll definitely be helpful for our users. I think @felicitymay's suggestion of perhaps separating out the different setup procedures for the different use cases is sensible and is something we should think about doing in the future, but no need to rush through it now.
docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst
Outdated
Show resolved
Hide resolved
docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst
Outdated
Show resolved
Hide resolved
docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst
Outdated
Show resolved
Hide resolved
|
Thanks for spotting those issues James 🙈 |
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
|
Thanks, James. Suggestions applied. |
|
I need one more final review, and then I will merge. |
|
v2.7.6 is now released. Can I get another review so I can merge this? |
|
This seems to have picked up some conflicts that would be good to fix before you get the final 👍🏻, otherwise fixing them will dismiss the 👍🏻 |
|
Merge conflicts addressed. |
It is no longer necessary to check out a version of
github/codeqlasa sibling directory to the distribution. Instead, users can download
the required packs as needed. using the
pack downloadcommand orchangethe
--downloadoption forcodeql database analyze.Fixes https://github.com/github/codeql-core/issues/1957
Note that this change removes a few paragraphs on how to check out the codeql repository. For most external uses cases, this is not directly necessary.
Though, maybe we need something on local checkouts for how to contribute queries back. Suggestions welcome.