Home

Awesome

CodeQL extension for the GitHub CLI

This CLI extension exposes the CodeQL CLI as a subcommand of the GitHub CLI, with some additional niceties such as version management. Like other extensions to the GitHub CLI, it is written in Bash.

Installation

Once you have installed the GitHub CLI (version 2.0 or higher), run:

gh extensions install github/gh-codeql

Usage

$ gh codeql
GitHub command-line wrapper for the CodeQL CLI.

Usage:
    gh codeql set-channel [release|nightly]     # default: release
    gh codeql set-version [version]             # default: latest
    gh codeql set-local-version [version]       # set the version for the current working directory, default: latest
    gh codeql unset-local-version               # switch back to the global version
    gh codeql list-versions                     # list all available versions for current channel
    gh codeql list-installed                    # list installed versions for current channel
    gh codeql cleanup <version>                 # delete a specific downloaded version
    gh codeql cleanup-all                       # delete all installed versions for all channels
    gh codeql download [version]                # download a specific version (default: latest)
    gh codeql debug [on|off]                    # enable/disable debug output for gh extension
    gh codeql install-stub [dir]                # default: /usr/local/bin/
    gh codeql <anything else>                   # pass arguments to CodeQL CLI

Current channel: release.
Current version: not specified.

You should be able to prefix any codeql command you run with gh to automatically download the selected version (by default: the latest release version at the time you first run it) and delegate to it.

Support

This extension is owned by the CodeQL team. If you have any problems or feature requests, please raise them in the CodeQL repository.

Channels

There are two channels: "release" and "nightly". You are on the release channel by default, and switching channels unpins the selected version (meaning that, unless you run gh codeql set-version, the latest version of the current channel will be selected the next time you run a command).

You can list the versions available on the current channel with gh codeql list-versions.

You can list the installed versions from the current channel with gh codeql list-installed, and reclaim disk space with gh codeql cleanup <version>. There is no automatic cleanup.

Versions

The gh codeql command always works relative to a pinned version on the current channel. You can manually specify the pinned version using gh codeql set-version. To pin a version to a working directory you can use the command gh codeql set-local-version and gh codeql will always use that version when running in that working directory. To remove a pin from a working directory run gh codeql unset-local-version in that working directory.

You can download additional versions without pinning them (perhaps to prepare for local comparisons) using gh codeql download.

To upgrade, run gh codeql set-version latest, which will pin you to the current latest version.

CodeQL stub

If you want to use the GitHub CLI managed CodeQL version directly in a terminal or use it with the Visual Studio Code CodeQL extension then you can install a stub using the command gh codeql install-stub that will install a Bash script called codeql that invokes the GitHub CLI. The default install directory is /usr/local/bin/, but you can change this by passing an existing directory.

Development

This extension is newly released and under active development. Contributions are very welcome, for more information about how you can contribute, please check our CONTRIBUTING.md file. For a list of outstanding issues, please take a look at our backlog. If you encounter a problem that does not already have an open issue associated with it, please open one there.

Licensing

This extension is released by GitHub under the MIT License. For the full text of this, please consult our LICENSE.md file.

Note that this license applies only to the extension in this repository, for more information on the license governing use of the CodeQL CLI that it uses, please consult the GitHub CodeQL Terms and Conditions. In particular, note that there are restrictions on how you may use the the CodeQL CLI on code that is not released under an OSI-approved open source software license.