Even more CommonMark fixes (#42177)
This commit is contained in:
Laura Coursen
@@ -31,8 +31,8 @@ Before you generate a {% data variables.product.prodname_codeql %} database, you
|
||||
|
||||
1. Install and set up the {% data variables.product.prodname_codeql_cli %}. For more information, see "[AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/setting-up-the-codeql-cli)."
|
||||
1. Check out the code that you want to analyze:
|
||||
- For a branch, check out the head of the branch that you want to analyze.
|
||||
- For a pull request, check out either the head commit of the pull request, or check out a {% data variables.product.prodname_dotcom %}-generated merge commit of the pull request.
|
||||
- For a branch, check out the head of the branch that you want to analyze.
|
||||
- For a pull request, check out either the head commit of the pull request, or check out a {% data variables.product.prodname_dotcom %}-generated merge commit of the pull request.
|
||||
1. Set up the environment for the codebase, making sure that any dependencies are available. For more information, see "[Creating databases for non-compiled languages](/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis#creating-databases-for-non-compiled-languages)" and "[Creating databases for compiled languages](/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis#creating-databases-for-compiled-languages)" in "Preparing your code for {% data variables.product.prodname_codeql %} analysis".
|
||||
1. Find the build command, if any, for the codebase. Typically this is available in a configuration file in the CI system.
|
||||
|
||||
@@ -143,11 +143,11 @@ When the database is successfully created, you’ll find a new directory at the
|
||||
|
||||
The {% data variables.product.prodname_codeql_cli %} includes extractors to create databases for non-compiled languages—specifically, JavaScript (and TypeScript), Python, and Ruby. These extractors are automatically invoked when you specify JavaScript, Python, or Ruby as the `--language` option when executing `database create`. When creating databases for these languages you must ensure that all additional dependencies are available.
|
||||
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Note:** When you run `database create` for JavaScript, TypeScript, Python, and Ruby, you should not specify a `--command` option. Otherwise this overrides the normal extractor invocation, which will create an empty database. If you create databases for multiple languages and one of them is a compiled language, use the `--no-run-unnecessary-builds` option to skip the command for the languages that don’t need to be compiled.
|
||||
**Note:** When you run `database create` for JavaScript, TypeScript, Python, and Ruby, you should not specify a `--command` option. Otherwise this overrides the normal extractor invocation, which will create an empty database. If you create databases for multiple languages and one of them is a compiled language, use the `--no-run-unnecessary-builds` option to skip the command for the languages that don’t need to be compiled.
|
||||
|
||||
{% endnote %}
|
||||
{% endnote %}
|
||||
|
||||
### JavaScript and TypeScript
|
||||
|
||||
@@ -207,129 +207,129 @@ codeql database create --language=java <output-folder>/java-database
|
||||
|
||||
If a codebase uses a standard build system, relying on an autobuilder is often the simplest way to create a database. For sources that require non-standard build steps, you may need to explicitly define each step in the command line.
|
||||
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Notes:**
|
||||
**Notes:**
|
||||
|
||||
- If you are building a Go database, install the Go toolchain (version 1.11 or later) and, if there are dependencies, the appropriate dependency manager (such as [dep](https://golang.github.io/dep/)).
|
||||
- The Go autobuilder attempts to automatically detect code written in Go in a repository, and only runs build scripts in an attempt to fetch dependencies. To force {% data variables.product.prodname_codeql %} to limit extraction to the files compiled by your build script, set the environment variable `CODEQL_EXTRACTOR_GO_BUILD_TRACING=on` or use the `--command` option to specify a build command.
|
||||
|
||||
{% endnote %}
|
||||
{% endnote %}
|
||||
|
||||
### Specifying build commands
|
||||
|
||||
The following examples are designed to give you an idea of some of the build commands that you can specify for compiled languages.
|
||||
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Note:** The `--command` option accepts a single argument—if you need to use more than one command, specify `--command` multiple times. If you need to pass subcommands and options, the whole argument needs to be quoted to be interpreted correctly.
|
||||
**Note:** The `--command` option accepts a single argument—if you need to use more than one command, specify `--command` multiple times. If you need to pass subcommands and options, the whole argument needs to be quoted to be interpreted correctly.
|
||||
|
||||
{% endnote %}
|
||||
{% endnote %}
|
||||
|
||||
- C/C++ project built using `make`:
|
||||
|
||||
```shell
|
||||
codeql database create cpp-database --language=cpp --command=make
|
||||
```
|
||||
```shell
|
||||
codeql database create cpp-database --language=cpp --command=make
|
||||
```
|
||||
|
||||
- C# project built using `dotnet build`:
|
||||
|
||||
It is a good idea to add `/t:rebuild` to ensure that all code will be built, or do a prior `dotnet clean` (code that is not built will not be included in the {% data variables.product.prodname_codeql %} database):
|
||||
It is a good idea to add `/t:rebuild` to ensure that all code will be built, or do a prior `dotnet clean` (code that is not built will not be included in the {% data variables.product.prodname_codeql %} database):
|
||||
|
||||
```shell
|
||||
codeql database create csharp-database --language=csharp --command='dotnet build /t:rebuild'
|
||||
```
|
||||
```shell
|
||||
codeql database create csharp-database --language=csharp --command='dotnet build /t:rebuild'
|
||||
```
|
||||
|
||||
- Go project built using the `CODEQL_EXTRACTOR_GO_BUILD_TRACING=on` environment variable:
|
||||
|
||||
```shell
|
||||
CODEQL_EXTRACTOR_GO_BUILD_TRACING=on codeql database create go-database --language=go
|
||||
```
|
||||
```shell
|
||||
CODEQL_EXTRACTOR_GO_BUILD_TRACING=on codeql database create go-database --language=go
|
||||
```
|
||||
|
||||
- Go project built using a custom build script:
|
||||
|
||||
```shell
|
||||
codeql database create go-database --language=go --command='./scripts/build.sh'
|
||||
```
|
||||
```shell
|
||||
codeql database create go-database --language=go --command='./scripts/build.sh'
|
||||
```
|
||||
|
||||
- Java project built using Gradle:
|
||||
|
||||
```shell
|
||||
# Use `--no-daemon` because a build delegated to an existing daemon cannot be detected by CodeQL:
|
||||
codeql database create java-database --language=java --command='gradle --no-daemon clean test'
|
||||
```
|
||||
```shell
|
||||
# Use `--no-daemon` because a build delegated to an existing daemon cannot be detected by CodeQL:
|
||||
codeql database create java-database --language=java --command='gradle --no-daemon clean test'
|
||||
```
|
||||
|
||||
- Java project built using Maven:
|
||||
|
||||
```shell
|
||||
codeql database create java-database --language=java --command='mvn clean install'
|
||||
```
|
||||
```shell
|
||||
codeql database create java-database --language=java --command='mvn clean install'
|
||||
```
|
||||
|
||||
- Java project built using Ant:
|
||||
|
||||
```shell
|
||||
codeql database create java-database --language=java --command='ant -f build.xml'
|
||||
```
|
||||
```shell
|
||||
codeql database create java-database --language=java --command='ant -f build.xml'
|
||||
```
|
||||
|
||||
{% ifversion codeql-swift-beta %}
|
||||
- Swift project built from an Xcode project or workspace. By default, the largest Swift target is built:
|
||||
|
||||
It's a good idea to ensure that the project is in a clean state and that there are no build artefacts available.
|
||||
It's a good idea to ensure that the project is in a clean state and that there are no build artefacts available.
|
||||
|
||||
```shell
|
||||
xcodebuild clean -all
|
||||
codeql database create -l swift swift-database
|
||||
```
|
||||
```shell
|
||||
xcodebuild clean -all
|
||||
codeql database create -l swift swift-database
|
||||
```
|
||||
|
||||
- Swift project built with `swift build`:
|
||||
|
||||
```shell
|
||||
codeql database create -l swift -c "swift build" swift-database
|
||||
```
|
||||
```shell
|
||||
codeql database create -l swift -c "swift build" swift-database
|
||||
```
|
||||
|
||||
- Swift project built with `xcodebuild`:
|
||||
|
||||
```shell
|
||||
codeql database create -l swift -c "xcodebuild build -target your-target" swift-database
|
||||
```
|
||||
```shell
|
||||
codeql database create -l swift -c "xcodebuild build -target your-target" swift-database
|
||||
```
|
||||
|
||||
You can pass the `archive` and `test` options to `xcodebuild`. However, the standard `xcodebuild` command is recommended as it should be the fastest, and should be all that {% data variables.product.prodname_codeql %} requires for a successful scan.
|
||||
You can pass the `archive` and `test` options to `xcodebuild`. However, the standard `xcodebuild` command is recommended as it should be the fastest, and should be all that {% data variables.product.prodname_codeql %} requires for a successful scan.
|
||||
|
||||
- Swift project built using a custom build script:
|
||||
|
||||
```shell
|
||||
codeql database create -l swift -c "./scripts/build.sh" swift-database
|
||||
```
|
||||
```shell
|
||||
codeql database create -l swift -c "./scripts/build.sh" swift-database
|
||||
```
|
||||
|
||||
{% endif %}
|
||||
|
||||
- Project built using Bazel:
|
||||
|
||||
```shell
|
||||
# Navigate to the Bazel workspace.
|
||||
```shell
|
||||
# Navigate to the Bazel workspace.
|
||||
|
||||
# Before building, remove cached objects
|
||||
# and stop all running Bazel server processes.
|
||||
bazel clean --expunge
|
||||
# Before building, remove cached objects
|
||||
# and stop all running Bazel server processes.
|
||||
bazel clean --expunge
|
||||
|
||||
# Build using the following Bazel flags, to help {% data variables.product.prodname_codeql %} detect the build:
|
||||
# `--spawn_strategy=local`: build locally, instead of using a distributed build
|
||||
# `--nouse_action_cache`: turn off build caching, which might prevent recompilation of source code
|
||||
# `--noremote_accept_cached`, `--noremote_upload_local_results`: avoid using a remote cache
|
||||
codeql database create new-database --language=<language> \
|
||||
--command='bazel build --spawn_strategy=local --nouse_action_cache --noremote_accept_cached --noremote_upload_local_results //path/to/package:target'
|
||||
# Build using the following Bazel flags, to help {% data variables.product.prodname_codeql %} detect the build:
|
||||
# `--spawn_strategy=local`: build locally, instead of using a distributed build
|
||||
# `--nouse_action_cache`: turn off build caching, which might prevent recompilation of source code
|
||||
# `--noremote_accept_cached`, `--noremote_upload_local_results`: avoid using a remote cache
|
||||
codeql database create new-database --language=<language> \
|
||||
--command='bazel build --spawn_strategy=local --nouse_action_cache --noremote_accept_cached --noremote_upload_local_results //path/to/package:target'
|
||||
|
||||
# After building, stop all running Bazel server processes.
|
||||
# This ensures future build commands start in a clean Bazel server process
|
||||
# without {% data variables.product.prodname_codeql %} attached.
|
||||
bazel shutdown
|
||||
```
|
||||
# After building, stop all running Bazel server processes.
|
||||
# This ensures future build commands start in a clean Bazel server process
|
||||
# without {% data variables.product.prodname_codeql %} attached.
|
||||
bazel shutdown
|
||||
```
|
||||
|
||||
- Project built using a custom build script:
|
||||
|
||||
```shell
|
||||
codeql database create new-database --language=<language> --command='./scripts/build.sh'
|
||||
```
|
||||
```shell
|
||||
codeql database create new-database --language=<language> --command='./scripts/build.sh'
|
||||
```
|
||||
|
||||
This command runs a custom script that contains all of the commands required to build the project.
|
||||
|
||||
@@ -354,11 +354,11 @@ You must specify:
|
||||
|
||||
You may specify other options for the `codeql database init` command as normal.
|
||||
|
||||
{% note %}
|
||||
{% note %}
|
||||
|
||||
**Note:** If the build runs on Windows, you must set either `--trace-process-level <number>` or `--trace-process-name <parent process name>` so that the option points to a parent CI process that will observe all build steps for the code being analyzed.
|
||||
**Note:** If the build runs on Windows, you must set either `--trace-process-level <number>` or `--trace-process-name <parent process name>` so that the option points to a parent CI process that will observe all build steps for the code being analyzed.
|
||||
|
||||
{% endnote %}
|
||||
{% endnote %}
|
||||
|
||||
The `codeql database init` command will output a message:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user