Better explain how to exclude paths for compiled languages

[rlsf]

the current explanation in github's FAQ says:

For compiled languages, if you want to limit code scanning to specific directories in your project, you must specify appropriate build steps in the workflow. The commands you need to use to exclude a directory from the build will depend on your build system. For more information, see "Configuring the CodeQL workflow for compiled languages."

however, there's no example or explanation how to actually do it.
inside codeql's runner there is an exclude configuration for java code:

$ ./codeql resolve extractor --language=java --format=betterjson
{
  "extractor_root" : "/Users/me/codeql/codeql/java",
  "extractor_options" : {
    "exclude" : {
      "title" : "A glob excluding files from analysis.",
      "description" : "A glob indicating what files to exclude from the analysis.\n",
      "type" : "string"
    }
  }
}

however, i couldn't find a way to send this configuration to codeql workflow.

[smowton]

Thanks for the suggestion; I have passed this to the docs team to look at improving that documentation.

[zach2good]

@rlsf while the docs team is working on that, this appears to be a usable (but clunky) workaround: https://josh-ops.com/posts/github-codeql-ignore-files/

[sschaer]

Has the documentation been improved?
I am also struggling to understand how to really exclude paths for compiled languages.
The codeql CLI documentation suggests that there are various "plumbing" commands and options (like the -- source-root parameter for the database create command or the database index-files command with an exclude option, but a more comprehensive example would be really useful.

[smowton]

The relevant code scanning documentation is at https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#configuring-code-scanning-for-compiled-languages -- in short, for a compiled language, use a custom build command that only builds the files you're interested in analysing. For the CLI, that corresponds to using the -c argument to database create in order to supply a build command and suppress the default auto-build behavour.

[Kiemes]

I am also struggling with the documentation on how to exclude files from being scanned by CodeQL. Seems the documentation is not properly updated yet.
Some pieces of the doc even suggest there is a simple CLI argument called --paths-ignore which I can't get to work.
Example reference here or here.

Having such a simple argument --paths-ignore in whatever form would actually be great. I would not mind to use a comma-separated list of paths as one string value or specifying the same argument multiple times rather as --path-ignore always with one path only.

[pasabanov]

for a compiled language, use a custom build command that only builds the files you're interested in analysing

This looks like a flaw.

For example, I am currently facing an issue where CodeQL reports problems in submodules. Obviously, I can't avoid using submodules for building the code (in my case), but I don't want to receive analysis for them.

There should be a way to disable warnings for specific files and folders. If this feature is not implemented, then it is a flaw.