Error 126: execute permission of setup.py about codeql-container HOT 9 OPEN

Thank you! I was running into the same. I added below line near the bottom right before the USER command. Then rebuild the image.

RUN ["chmod", "+x", "usr/local/startup_scripts/setup.py"]
...

from codeql-container.

still not resolved in the public image/registry

from codeql-container.

As a heads up, I believe the technique used in this repository to download the CODEQL Binaries and precompile the queries is outdated in the sense that GitHub now offers pre-compiled queries you can just download.

For example, instead of this: https://github.com/microsoft/codeql-container/blob/main/Dockerfile#L70 which downloads from https://github.com/github/codeql-cli-binaries/releases/download/${CODEQL_VERSION}/codeql-linux64.zip you can instead download the bundle from the CodeQL GitHub Action (even though you may not care about GHA, we can still use the same CLI/Queries at the following URL: https://github.com/github/codeql-action/releases/download/${CODEQL_VERSION}/codeql-bundle-linux64.tar.gz .

We used this image from MCR as a base for a while and had it overwriting permissions for the setup.py file. Eventually, we realized there are quite a few inefficiencies in this workflow that have changed over time. Much appreciated to have this repository as a base starting example, but now we build our own container in minutes and have simplified the scripts in it, the primary change being we get queries from the mentioned new location, which is nice to pair the CLI version with the query version as there can be coupling there based on new features.

Example installing latest CLI and Precompiled queries:

# install latest CodeQL CLI 
ENV CODEQL_HOME=/usr/local/codeql-home
RUN mkdir ${CODEQL_HOME}
RUN python3 /usr/local/startup/codeql-version.py > /tmp/codeql_version
RUN echo $(cat /tmp/codeql_version)
RUN CODEQL_VERSION=$(cat /tmp/codeql_version) && \
    wget -q https://github.com/github/codeql-action/releases/download/${CODEQL_VERSION}/codeql-bundle-linux64.tar.gz -O /tmp/codeql_linux.tar.gz
RUN tar -xvf /tmp/codeql_linux.tar.gz --directory ${CODEQL_HOME} && \
    rm /tmp/codeql_linux.tar.gz
ENV PATH="${CODEQL_HOME}/codeql:${PATH}"

from codeql-container.

Look like the project is no longer active. I suggest you clone the repo, make modifications and build the Docker image yourself.
If you work primarily with only a few programming languages then just precompile the queries for the languages you use.
You don't need to precompile all the CodeQL queries (it took more than 4 hours on my poor laptop).
For example, I did a clone and build an image for Go language here: https://github.com/btnguyen2k/codeql-container

from codeql-container.

@travisgosselin, great insights!

I started a new repo to build new Docker image following travisgosselin's approach.
If anyone needs, feel free to build the image from the Dockerfile on my repo, or use my prebuilt image.

Cheers,

from codeql-container.

still not resolved in the public image/registry

from codeql-container.

+1 same error for me today with the public image.

from codeql-container.

+1 same, running some pipelines

Using docker image sha256:dde08fbe633123bf7e41bb6ecb53661bc4c99edeb997daf54f042db2ffa34e94 for mcr.microsoft.com/cstsectools/codeql-container with digest mcr.microsoft.com/cstsectools/codeql-container@sha256:f435d38885c23e8cd77125963d61adf4c49db12efc85bb58881fa69a539359b2 ...
/bin/sh: 1: /usr/local/startup_scripts/setup.py: Permission denied

from codeql-container.

@travisgosselin, great insights!

I started a new repo to build new Docker image following travisgosselin's approach. If anyone needs, feel free to build the image from the Dockerfile on my repo, or use my prebuilt image.

Cheers,

This is fantastic! Thanks for setting that up easily for more to use!

from codeql-container.