Contextual queries: Support running when the library pack is in the package cache#1735
Conversation
…ache If the library pack containing the AST query does not have a lock file, it is likely to be in the package cache, not a checkout of the CodeQL repo. In this case, use `codeql pack resolve-dependencies` to create a temporary lock file, and `codeql pack install` to install the dependencies of this library pack. This allows the CLI to resolve the library path and dependencies for the AST query before running it.
aeisenberg
left a comment
There was a problem hiding this comment.
You will need to do something similar for find declarations and find references, but that is probably less important.
| const packContents = await this.cli.packPacklist(query, false); | ||
| const packFilePath = packContents.find((p) => ['codeql-pack.yml', 'qlpack.yml'].includes(path.basename(p))); | ||
| if (packFilePath === undefined) { | ||
| // Should not happen; we already resolved this query. |
There was a problem hiding this comment.
Is this always true? What happens if you try to run a query in a directory that's outside of a qlpack?
There was a problem hiding this comment.
Not generally true, but I hope it is always true for our own contextual queries.
Clear the CLI server's pack cache before installing packs, to avoid race conditions where the new lock file is not detected during query running. Adjust some helper methods.
Shared by the AST viewer, jump to def, and find references contextual queries. This allows contextual queries to have their dependencies resolved and be run whether the library pack is in the workspace or in the package cache.
|
Thanks! Addressed comments and refactored to cover AST viewer, find references, and jump to definition. |
| const tempLockFilePath = path.resolve(packPath, 'codeql-pack.lock.yml'); | ||
| void logger.log(`Deleting temporary package lock file at ${tempLockFilePath}`); | ||
| // It's fine if the file doesn't exist. | ||
| await fs.promises.rm(path.resolve(packPath, 'codeql-pack.lock.yml'), { force: true }); |
There was a problem hiding this comment.
Minor: this should work.
| await fs.promises.rm(path.resolve(packPath, 'codeql-pack.lock.yml'), { force: true }); | |
| await fs.rm(path.resolve(packPath, 'codeql-pack.lock.yml'), { force: true }); |
There was a problem hiding this comment.
The compiler is not happy with this, and for some reason I don't see an async version of rm in the installed type definitions. Going to keep it for now but happy to replace later if we get it working.
If the library pack containing the AST query does not have a lock file, it is likely to be in the package cache, not
a checkout of the CodeQL repo.
In this case, use
codeql pack resolve-dependenciesto create a temporary lock file, andcodeql pack installto install the dependencies of this library pack.
This allows the CLI to resolve the library path and dependencies for the AST query before running it, in the use case where the standard library packs are installed in the package cache rather than present in the workspace. Otherwise, in the absence of a lock file,
codeql resolve library-pathfinds the standard library pack that contains the AST query, but not thecodeql/ssashared pack that this library pack depends on.Reviewer notes
codeqlrepo is present as a workspace folder, containing library packs with lockfiles, and the AST queries are obtained from there.Checklist
ready-for-doc-reviewlabel there.