github
/
codeql-learninglab-actions
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Actions and Images for use in Learning Lab courses for CodeQL
23 коммитов 4 Ветки 0 Теги 347 KiB
TypeScript 41.2%
CodeQL 25%
JavaScript 19.5%
Shell 8.1%
Dockerfile 6.2%
Перейти к файлу
Sam Lanning 6357e8a278 Remove uneeded line 2020-01-10 11:06:14 -08:00
.github/workflows Rename directory for base docker image and add release instructions 2020-01-08 11:48:27 -08:00
codeql-learninglab-check Remove uneeded line 2020-01-10 11:06:14 -08:00
courses/cpp/ctf-segv Change user that we run script with 2020-01-10 10:57:15 -08:00
docs Add screenshot of comment 2020-01-07 15:46:06 -08:00
CODE_OF_CONDUCT.md Add Code of Conduct and Contributing 2019-12-30 16:31:29 +00:00
CONTRIBUTING.md Rename directory for base docker image and add release instructions 2020-01-08 11:48:27 -08:00
LICENSE.md Change LICENSE to MIT 2020-01-07 14:43:49 -08:00
README.md Flesh out READMEs 2020-01-07 16:49:21 -08:00

README.md

Actions for Learning Lab CodeQL Courses

This repository provides Docker images and GitHub Actions for use in CodeQL courses on Learning Lab.

These actions allow you to specify workflows that can check that course participants' queries are correct, by running their queries against a well-known CodeQL database, and checking the results are as expected. Whatever the outcome, the action will post a comment on the commit which was pushed to add the queries.

When a user's results are incorrect, the comment will include details of which results are missing, and which are superfluous, including links to the lines of source code on GitHub when possible:

Screenshot:

Creating your own course

There are two main components to any Learning Lab course for CodeQL that uses the components in this repository:

  • Query Checking Action:

    Each course has its own GitHub Action that is designed to be used in workflows that run when a course participant pushes new commits to their repo. The action will check which queries have changed in the push, and run the queries that it recognizes as part of the course (based on the filename).

    After running the queries, the action will check the results against a CSV file of expected results. It will then post a comment on the commit, detailing whether each query produced the correct results or not. And if not, it will include details of which results are missing, and which results are unexpected.

    These actions are bundled using Docker, and made available using GitHub Packages.

  • Learning Lab Course:

    This is the course itself. It creates the initial repository the participant will use for their course, posts instructions as GitHub issues, and listens for comments posted by the GitHub action to know when the user has completed the current task correctly, and is ready to advance to the next one.

Creating a GitHub Action

TODO

Contributing your GitHub Action to this repository

TODO

Example Courses

Feel free to add your own courses to this list! See CONTRIBUTING.md.

License

The code in this repository is licensed under MIT (see LICENSE.md), however as it makes use of the CodeQL CLI, usage of this repository is subject to the GitHub CodeQL Terms and Conditions, (whenever your usage involves the CodeQL CLI).

In particular, you are not permitted to use these docker images or actions to interact with the CodeQL CLI in CI/CD, as per the terms & conditions:

the Software cannot be used ... For automated analysis, continuous integration or continuous delivery, whether as part of normal software engineering processes or otherwise.