зеркало из https://github.com/github/docs.git
Update beta versioning for Java GA of `build-mode: none` (#51786)
Co-authored-by: Chris Smowton <smowton@github.com> Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
This commit is contained in:
Felicity Chapman
GitHub
Родитель
4717c897b3
Коммит
0d530ce01a
|
|
@ -54,11 +54,9 @@ The basic {% data variables.code-scanning.codeql_workflow %} uses the `autobuild
|
|||
|
||||
## {% data variables.product.prodname_codeql %} build modes
|
||||
|
||||
{% data reusables.code-scanning.beta-no-build %}
|
||||
|
||||
The {% data variables.product.prodname_codeql %} action supports three different build modes for compiled languages:
|
||||
|
||||
* `none` - the {% data variables.product.prodname_codeql %} database is created directly from the codebase without building the codebase (supported for all interpreted languages, and additionally supported in beta for {% data variables.code-scanning.no_build_support %}).
|
||||
* `none` - the {% data variables.product.prodname_codeql %} database is created directly from the codebase without building the codebase (supported for all interpreted languages, and additionally supported for {% data variables.code-scanning.no_build_support %}).
|
||||
* `autobuild` - {% data variables.product.prodname_codeql %} detects the most likely build method and uses this to attempt to build the codebase and create a database for analysis (supported for all compiled languages).
|
||||
* `manual` - you define the build steps to use for the codebase in the workflow (supported for all compiled languages).
|
||||
|
||||
|
|
@ -143,7 +141,7 @@ To use `autobuild` or manual build steps, you can use advanced setup.
|
|||
|
||||
The {% data variables.product.prodname_codeql %} action uses `autobuild` to analyze compiled languages in the following cases.
|
||||
|
||||
* Default setup is enabled{% ifversion codeql-no-build %} and the language does not support `none` build (beta release supported for {% data variables.code-scanning.no_build_support %}).
|
||||
* Default setup is enabled{% ifversion codeql-no-build %} and the language does not support `none` build (supported for {% data variables.code-scanning.no_build_support %}).
|
||||
* Advanced setup is enabled and the workflow specifies `build-mode: autobuild`{% endif %}.
|
||||
* Advanced setup is enabled and the workflow has an Autobuild step for the language using the `autobuild` action (`{% data reusables.actions.action-codeql-action-autobuild %}`).
|
||||
|
||||
|
|
@ -454,6 +452,13 @@ Creating a {% data variables.product.prodname_codeql %} Java database without a
|
|||
* Gradle or Maven build scripts cannot be queried for dependency information, and dependency guesses (based on Java package names) are inaccurate.
|
||||
* The repository normally generates code during the build process. This would be analyzed if you created the {% data variables.product.prodname_codeql %} database using a different mode.
|
||||
|
||||
You can ensure a more accurate analysis by taking the following steps:
|
||||
|
||||
* Provide access to the public internet or ensure that access to a private artifact repository is available.
|
||||
* Check whether the repository requires multiple versions of the same dependency. {% data variables.product.prodname_codeql %} can use only one version and usually chooses the newer version where there are multiple versions. This approach may not work for all repositories.
|
||||
* Check whether more than one version of the JDK API is required by different source Java files. When multiple versions are seen, {% data variables.product.prodname_codeql %} will use the highest version required by any build script. This may mean that some files that require a lower version of the JDK will be partially analyzed. For example, if some files require JDK 8 but a JDK 17 requirement is found in one or more build scripts, {% data variables.product.prodname_codeql %} will use JDK 17. Any files that require JDK 8 and could not be built using JDK 17 will be partially analyzed.
|
||||
* Avoid colliding class names (for example, multiple files defining `org.myproject.Test`), otherwise this may cause missing method call targets, which has an impact on dataflow analysis.
|
||||
|
||||
### Autobuild summary for Java{% endif %}
|
||||
|
||||
| Supported system type | System name |
|
||||
|
|
|
|||
|
|
@ -2,13 +2,11 @@
|
|||
title: 'Warning: Detected X Kotlin files in your project that could not be processed without a build'
|
||||
shortTitle: Kotlin detected in no build
|
||||
allowTitleToDifferFromFilename: true
|
||||
intro: '{% data variables.product.prodname_codeql %} databases can be created for {% data variables.code-scanning.no_build_support %} without building the code, but Kotlin files are excluded unless the code is built.'
|
||||
intro: '{% data variables.product.prodname_codeql %} databases can be created for Java without building the code, but Kotlin files are excluded unless the code is built.'
|
||||
versions:
|
||||
feature: codeql-no-build
|
||||
---
|
||||
|
||||
{% data reusables.code-scanning.beta-no-build %}
|
||||
|
||||
## About this warning
|
||||
|
||||
```text
|
||||
|
|
@ -21,7 +19,7 @@ This warning is reported when Kotlin files are detected in a repository that ran
|
|||
|
||||
This warning is only displayed when the build mode of `none` is used for a repository with both Java and Kotlin files.
|
||||
|
||||
The {% data variables.product.prodname_codeql %} action and {% data variables.product.prodname_codeql_cli %} support a build mode of `none` for {% data variables.code-scanning.no_build_support %}. This provides an easy way to enable analysis for Java code without building the codebase. However, Kotlin files are not included in the resulting {% data variables.product.prodname_codeql %} database.
|
||||
The {% data variables.product.prodname_codeql %} action and {% data variables.product.prodname_codeql_cli %} support a build mode of `none` for Java. This provides an easy way to enable analysis for Java code without building the codebase. However, Kotlin files are not included in the resulting {% data variables.product.prodname_codeql %} database.
|
||||
|
||||
You can verify the presence of Kotlin files by looking at the repository or pull request that triggered the warning. The `none` build mode is used only in the following circumstances:
|
||||
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ You can specify additional options depending on the location of your source file
|
|||
| {% endif %} |
|
||||
| <code><span style="white-space: nowrap;">--command</span></code> | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use to specify the build command or script that invokes the build process for the codebase. Commands are run from the current folder or, where it is defined, from <code><span style="white-space: nowrap;">--source-root</span></code>. Not needed for Python and JavaScript/TypeScript analysis. |
|
||||
| {% ifversion codeql-no-build %} |
|
||||
| <code><span style="white-space: nowrap;">--build-mode</span></code> | {% octicon "x" aria-label="Optional" %} | **Beta.** Use for {% data variables.code-scanning.no_build_support %} when not providing a `--command` to specify whether to create a CodeQL database without a build (`none`) or by attempting to automatically detect a build command (`autobuild`). By default, autobuild detection is used. For a comparison of build modes, see "[CodeQL build modes](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes)." |
|
||||
| <code><span style="white-space: nowrap;">--build-mode</span></code> | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use for {% data variables.code-scanning.no_build_support %} when not providing a `--command` to specify whether to create a CodeQL database without a build (`none`) or by attempting to automatically detect a build command (`autobuild`). By default, autobuild detection is used. For a comparison of build modes, see "[CodeQL build modes](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes)." |
|
||||
| {% endif %} |
|
||||
| <code><span style="white-space: nowrap;">--db-cluster</span></code> | {% octicon "x" aria-label="Optional" %} | Use in multi-language codebases to generate one database for each language specified by <code><span style="white-space: nowrap;">--language</span></code>. |
|
||||
| <code><span style="white-space: nowrap;">--no-run-unnecessary-builds</span></code> | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use to suppress the build command for languages where the {% data variables.product.prodname_codeql_cli %} does not need to monitor the build (for example, Python and JavaScript/TypeScript). |
|
||||
|
|
@ -195,8 +195,6 @@ Here, we have specified a `--source-root` path, which is the location where data
|
|||
|
||||
## Creating databases for compiled languages
|
||||
|
||||
{% data reusables.code-scanning.beta-no-build-cli %}
|
||||
|
||||
For {% ifversion codeql-no-build %}most{% endif %} compiled languages, {% data variables.product.prodname_codeql %} needs to invoke the required build system to generate a database, therefore the build method must be available to the CLI. This approach creates databases that include generated code. {% data variables.product.prodname_codeql %} has two methods for building codebases:
|
||||
|
||||
* "[Automatic build detection (autobuild)](#automatically-detecting-the-build-system)"
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
# Reference: #14183 (Add C# to existing Java support)
|
||||
# Note: This feature is currently in beta and will move to GA for all versions at the same time (see #14184)
|
||||
|
||||
versions:
|
||||
fpt: '*'
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
# Reference: #12924 (Java)
|
||||
# Reference: #12924 (Java beta)
|
||||
# Reference: #14184 (Java GA)
|
||||
|
||||
versions:
|
||||
fpt: '*'
|
||||
|
|
|
|||
|
|
@ -1,9 +0,0 @@
|
|||
{% ifversion codeql-no-build %}
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** The option to create a {% data variables.product.prodname_codeql %} database for a compiled language without building it is currently in beta and subject to change. During the beta, this option is supported only for {% data variables.code-scanning.no_build_support %} codebases.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
{% endif %}
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
{% ifversion codeql-no-build %}
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** The option to analyze a compiled language without building it using {% data variables.product.prodname_codeql %} is currently in beta and subject to change. During the beta, this option is supported only for {% data variables.code-scanning.no_build_support %} codebases.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
{% endif %}
|
||||
|
|
@ -7,7 +7,7 @@ codeql_workflow: 'CodeQL analysis workflow'
|
|||
tool_status_page: 'tool status page'
|
||||
|
||||
# List of compiled languages supported for `no-build` extraction
|
||||
no_build_support: 'Java{% ifversion codeql-no-build-csharp %} and C#{% endif %}'
|
||||
no_build_support: '{% ifversion codeql-no-build-csharp %}C# (beta) and{% endif %} Java'
|
||||
|
||||
# List of compiled languages
|
||||
compiled_languages: 'C/C++, C#, {% ifversion codeql-go-autobuild %} Go,{% endif %} Java, and Swift'
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче