The github/codeql-go repository currently contains the open-source CodeQL queries, libraries, and extractor for analyzing codebases written in the Go programming language with GitHub's CodeQL code analysis tools. These contents will be moved to the github/codeql repository, to live alongside similar libraries for all other programming languages supported by CodeQL.
CodeQL support of the Go programming language will stay the same, except that the code and the development will continue in github/codeql.
Once the move completes, GitHub will stop using the github/codeql-go repository and replace its contents with a placeholder announcement.
When will this change take place?
This change is scheduled for 23 May 2022.
What do I need to change as a user of CodeQL or code scanning?
For users of non-default CodeQL query suites
When this applies: If you’re using the query or queries configuration directives in a CodeQL query suite.
What you need to do:
Please make sure to refer to individual CodeQL queries for Go by their canonical query ID (rather than an absolute path). The query ID can be found after @id in the metadata section at the top of the query file.
Alternatively, please use relative paths to queries and directories within the enclosing CodeQL pack codeql/go-queries, rather than absolute paths.
For users of the queries field in a code scanning YAML configuration
When this applies: If the queries field in your code scanning YAML configuration file directly references a query or directory of queries in the github/codeql-go repository.
What you need to do: Please change these references to use the packs: field and the corresponding path within the codeql/go-queries query pack.
We do not recommend running queries from the CodeQL standard libraries at a specific GitHub ref, since this may not be compatible with the latest released version of CodeQL running on GitHub Actions.
Example before:
name: "My CodeQL config"
queries:
- uses: github/codeql-go/ql/src/experimental/CWE-327@<ref>
Example after:
name: "My CodeQL config"
packs:
- 'codeql/go-queries:experimental/CWE-327'
For users of the queries field in the github/codeql-action/init step of a GitHub Actions workflow
When this applies: If the queries field in your workflow file directly references queries in the github/codeql-go repository.
What you need to do: Please change these references to use the packs: field and the corresponding path within the codeql/go-queries query pack.
We do not recommend running queries from the CodeQL standard libraries at a specific GitHub ref, since this may not be compatible with the latest released version of CodeQL running on GitHub Actions.
For users of the github/vscode-codeql-starter repository
When this applies: If you are using a local Git checkout of the github/vscode-codeql-starter repository or one of its forks, which contain the github/codeql and github/codeql-go repositories as submodules.
What you need to do: Please ensure your checkout is kept up to date, and use git submodule update --remote to keep the submodules up to date.
What will change: GitHub will move Go-related contents into the ql submodule and workspace folder, and delete the codeql-go submodule and workspace folder. Up-to-date checkouts and VS Code workspaces will continue to work.
For users of local Git checkouts of the github/codeql and github/codeql-go repositories
When this applies: If you have local Git checkouts of the github/codeql and github/codeql-go repositories in sibling directories for use with the CodeQL CLI, as recommended in the CodeQL CLI documentation.
What you need to do: Please ensure both checkouts are kept up to date. If you are working on local Git branches in your checkout of github/codeql-go, please update and rebase them on github/codeql instead.
What will change: GitHub will move Go-related contents into the github/codeql repository, and leave only placeholder data in the codeql-go repository. Up-to-date checkouts will reflect this change. After this point you are free to delete the checkout of the github/codeql-go repository.
If none of the above apply to you
We expect no change to be required to your CodeQL or code scanning setup.
Where do I go for help?
Please open an issue in github/codeql or file an issue with GitHub support if you encounter any difficulties with this change, and we will be happy to help.
The CodeQL Go extractor and libraries are moving to a new home!
Summary
github/codeql-gorepositorygithub/codeqlrepository, specifically https://github.com/github/codeql/tree/main/go.The
github/codeql-gorepository currently contains the open-source CodeQL queries, libraries, and extractor for analyzing codebases written in the Go programming language with GitHub's CodeQL code analysis tools. These contents will be moved to thegithub/codeqlrepository, to live alongside similar libraries for all other programming languages supported by CodeQL.CodeQL support of the Go programming language will stay the same, except that the code and the development will continue in
github/codeql.Once the move completes, GitHub will stop using the
github/codeql-gorepository and replace its contents with a placeholder announcement.When will this change take place?
This change is scheduled for 23 May 2022.
What do I need to change as a user of CodeQL or code scanning?
For users of non-default CodeQL query suites
queryorqueriesconfiguration directives in a CodeQL query suite.@idin the metadata section at the top of the query file.codeql/go-queries, rather than absolute paths.Examples:
OR
For users of the
queriesfield in a code scanning YAML configurationqueriesfield in your code scanning YAML configuration file directly references a query or directory of queries in thegithub/codeql-gorepository.packs:field and the corresponding path within thecodeql/go-queriesquery pack.For users of the
queriesfield in thegithub/codeql-action/initstep of a GitHub Actions workflowqueriesfield in your workflow file directly references queries in thegithub/codeql-gorepository.packs:field and the corresponding path within thecodeql/go-queriesquery pack.For users of the github/vscode-codeql-starter repository
github/vscode-codeql-starterrepository or one of its forks, which contain thegithub/codeqlandgithub/codeql-gorepositories as submodules.git submodule update --remoteto keep the submodules up to date.qlsubmodule and workspace folder, and delete thecodeql-gosubmodule and workspace folder. Up-to-date checkouts and VS Code workspaces will continue to work.For users of local Git checkouts of the
github/codeqlandgithub/codeql-gorepositoriesgithub/codeqlandgithub/codeql-gorepositories in sibling directories for use with the CodeQL CLI, as recommended in the CodeQL CLI documentation.github/codeql-go, please update and rebase them ongithub/codeqlinstead.github/codeqlrepository, and leave only placeholder data in thecodeql-gorepository. Up-to-date checkouts will reflect this change. After this point you are free to delete the checkout of thegithub/codeql-gorepository.If none of the above apply to you
We expect no change to be required to your CodeQL or code scanning setup.
Where do I go for help?
Please open an issue in github/codeql or file an issue with GitHub support if you encounter any difficulties with this change, and we will be happy to help.