Skip to content

Specify default queries in codeql-extractor.yml #20320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Specify default queries in codeql-extractor.yml #20320

wants to merge 1 commit into from
+16 −0

Conversation

henrymercer
Copy link
Contributor

The current CodeQL Action relies on a hard-coded list of supported languages. This PR specifies default queries for each CodeQL language, allowing us to remove that list and instead detect languages dynamically:

We now select languages whose extractors are present in the CodeQL search path and provide default queries.

Reasoning:

  • We choose to start providing default queries information since we only want to select extractors which have first-class support e.g. JavaScript, but not .properties. What differentiates these extractors is whether they have queries associated with them.
  • Makes it easier for third-parties to develop and test extractors: they don't need to fork the Action, and don't get stuck on the current hard-coded codeql/<lang>-queries default queries in the CLI.
  • Makes it easier for us to develop new extractors since we no longer need to change the Action to start using a new extractor.

@Copilot Copilot AI review requested due to automatic review settings August 29, 2025 16:46
@henrymercer henrymercer requested review from a team as code owners August 29, 2025 16:46
@github-actions github-actions bot added C# JS Python Go Ruby Rust Pull requests that update Rust code Swift Actions Analysis of GitHub Actions labels Aug 29, 2025
Copilot
Copilot AI reviewed Aug 29, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds default query specifications to CodeQL extractor configuration files to enable dynamic language detection. The change moves away from hard-coded language lists in the CodeQL Action to a system where languages are automatically detected based on the presence of extractors with default queries.

  • Adds default_queries field to all CodeQL language extractor configuration files
  • Each language specifies its corresponding query pack (e.g., codeql/swift-queries, codeql/rust-queries)
  • Enables third-party extractor development without requiring Action modifications

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

Show a summary per file
File Description
swift/codeql-extractor.yml Adds default_queries pointing to codeql/swift-queries
rust/codeql-extractor.yml Adds default_queries pointing to codeql/rust-queries
ruby/codeql-extractor.yml Adds default_queries pointing to codeql/ruby-queries
python/codeql-extractor.yml Adds default_queries pointing to codeql/python-queries
javascript/resources/codeql-extractor.yml Adds default_queries pointing to codeql/javascript-queries
go/codeql-extractor.yml Adds default_queries pointing to codeql/go-queries
csharp/codeql-extractor.yml Adds default_queries pointing to codeql/csharp-queries
actions/extractor/codeql-extractor.yml Adds default_queries pointing to codeql/actions-queries

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Actions Analysis of GitHub Actions C# Go JS Python Ruby Rust Pull requests that update Rust code Swift
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@henrymercer