-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdemo.yaml
More file actions
77 lines (72 loc) · 3.81 KB
/
demo.yaml
File metadata and controls
77 lines (72 loc) · 3.81 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
logRoot: logs
repoRoot: repos # repoRoot stores all repositories
dbRoot: codeql-db # dbRoot stores all databases created by codeql indexed by repository name
# clone
sources:
- prefix: https://github.com/ # clone url prefix
fullnames:
- rclone/rclone 28c187b # you can specify branch/commit hash here with only spaces in between org/repo and branch. If repository eixsts, git checkout will be used to switch branch
- cloudwego/kitex
- Lslightly/dolt heapvar_should_move
- Lslightly/kitex-examples heapvar_should_move
# build database
language: go # language to analyze
buildTimeout: 3600 # timeout for building repository
buildGrps:
- buildRepos: # "*" means all repositories. "-" means repositories defined in "sources" attribute. You can also specify fullname of repositories to force re-build. Note that repositories with same fullname in different source will be re-built also.
- rclone/rclone
- Lslightly/dolt
# buildCmd will be executed in the root directory of buildRepos. The behavior is decided by codeql. If a custom build script is specified, then the absolute path will be used.
#
# There are 3 types of buildCmd:
# 1. default: buildCmd lets codeql figure out the build command.
# 2. custom script path: relative path from the project root to the build script.
# 3. build command: the build command to execute in the root directory of buildRepos.
#
# If you use custom script, then 4 environment variables will be set:
# - REPO_DIR: the root directory of repository(This is used often in build phase)
# - PROJROOT: the root directory of the project
buildCmd: default
- buildRepos:
- Lslightly/kitex-examples
buildCmd: yaml-examples/build/kitex-examples.sh
- buildRepos:
- cloudwego/kitex
buildCmd: go build -a ./...
# generate external predicates predicate
# For repositories in each group, same genScript will be applied in the root directory of repositories
# There are 2 types of genScript:
#
# 1. goescape: it means `go build -a -gcflags=-m=2 ./...`. The stderr will be redirected to $logRoot/path/to/repo/m2.log. Then escape_adapter is used to generate databases. The external predicate database is generated in $dbRoot/path/to/repo/ext/$external.csv.
# 2. custom script path: relative path from the project root to the genScript script.
#
# If you use custom genScript, then 4 environment variables will be set:
# - PROJROOT: the root directory of the project
# - REPO_DIR: the root directory of repository
# - OUTPUT_DIR: the directory to store intermediate results/log to generate external predicate database
# - DB_EXT_DIR: the directory to store external predicate database
externalGenGrps:
- genRepos:
- rclone/rclone
- cloudwego/kitex
genScript: goescape
- genRepos:
- Lslightly/dolt
genScript: yaml-examples/extgens/dolt.sh
- genRepos:
- Lslightly/kitex-examples
genScript: yaml-examples/extgens/kitex-examples.sh
# query
queryconfig:
resultRoot: codeqlResult # resultRoot stores all query results. Example: <resultRoot>/<path/to/query>/<repo>.csv
queryRoot: qlsrc # query root. There should be codeql-pack.yaml in queryRoot directory
parallelCore: 20 # parallel cores to run query
queryGrps:
- queryRepos: # "*" means all repositories. "-" means repositories defined in "sources" attribute. Otherwise, use fullnames. Note that repositories with same fullname in different source will be queried.
- rclone/rclone
- Lslightly/dolt
- cloudwego/kitex
- Lslightly/kitex-examples
queries: # queries
- escape_ext/heapvar_should_move.ql
externals: [movedToHeap] # names for external predicates. For each predicate $pred, the external database(csv file) is stored in $dbRoot/path/to/repo/ext/$pred.csv. Currently only "movedToHeap" is supported.