Comments (9)
Thank you! I was running into the same. I added below line near the bottom right before the USER command. Then rebuild the image.
RUN ["chmod", "+x", "usr/local/startup_scripts/setup.py"]
...
from codeql-container.
still not resolved in the public image/registry
from codeql-container.
As a heads up, I believe the technique used in this repository to download the CODEQL Binaries and precompile the queries is outdated in the sense that GitHub now offers pre-compiled queries you can just download.
For example, instead of this: https://github.com/microsoft/codeql-container/blob/main/Dockerfile#L70 which downloads from https://github.com/github/codeql-cli-binaries/releases/download/${CODEQL_VERSION}/codeql-linux64.zip
you can instead download the bundle from the CodeQL GitHub Action (even though you may not care about GHA, we can still use the same CLI/Queries at the following URL: https://github.com/github/codeql-action/releases/download/${CODEQL_VERSION}/codeql-bundle-linux64.tar.gz
.
We used this image from MCR as a base for a while and had it overwriting permissions for the setup.py file. Eventually, we realized there are quite a few inefficiencies in this workflow that have changed over time. Much appreciated to have this repository as a base starting example, but now we build our own container in minutes and have simplified the scripts in it, the primary change being we get queries from the mentioned new location, which is nice to pair the CLI version with the query version as there can be coupling there based on new features.
Example installing latest CLI and Precompiled queries:
# install latest CodeQL CLI
ENV CODEQL_HOME=/usr/local/codeql-home
RUN mkdir ${CODEQL_HOME}
RUN python3 /usr/local/startup/codeql-version.py > /tmp/codeql_version
RUN echo $(cat /tmp/codeql_version)
RUN CODEQL_VERSION=$(cat /tmp/codeql_version) && \
wget -q https://github.com/github/codeql-action/releases/download/${CODEQL_VERSION}/codeql-bundle-linux64.tar.gz -O /tmp/codeql_linux.tar.gz
RUN tar -xvf /tmp/codeql_linux.tar.gz --directory ${CODEQL_HOME} && \
rm /tmp/codeql_linux.tar.gz
ENV PATH="${CODEQL_HOME}/codeql:${PATH}"
from codeql-container.
Look like the project is no longer active. I suggest you clone the repo, make modifications and build the Docker image yourself.
If you work primarily with only a few programming languages then just precompile the queries for the languages you use.
You don't need to precompile all the CodeQL queries (it took more than 4 hours on my poor laptop).
For example, I did a clone and build an image for Go language here: https://github.com/btnguyen2k/codeql-container
from codeql-container.
@travisgosselin, great insights!
I started a new repo to build new Docker image following travisgosselin's approach.
If anyone needs, feel free to build the image from the Dockerfile on my repo, or use my prebuilt image.
Cheers,
from codeql-container.
still not resolved in the public image/registry
from codeql-container.
+1 same error for me today with the public image.
from codeql-container.
+1 same, running some pipelines
Using docker image sha256:dde08fbe633123bf7e41bb6ecb53661bc4c99edeb997daf54f042db2ffa34e94 for mcr.microsoft.com/cstsectools/codeql-container with digest mcr.microsoft.com/cstsectools/codeql-container@sha256:f435d38885c23e8cd77125963d61adf4c49db12efc85bb58881fa69a539359b2 ...
/bin/sh: 1: /usr/local/startup_scripts/setup.py: Permission denied
from codeql-container.
@travisgosselin, great insights!
I started a new repo to build new Docker image following travisgosselin's approach. If anyone needs, feel free to build the image from the Dockerfile on my repo, or use my prebuilt image.
Cheers,
This is fantastic! Thanks for setting that up easily for more to use!
from codeql-container.
Related Issues (20)
- Get the latest commit instead of cloning everything
- Use `--build-arg` to specify versions during the build process HOT 1
- NameError: name 'ERROR_EXECUTING_CODEQL' is not defined HOT 1
- `CODEQL_GITHUB_URL` is never used HOT 3
- NameError: name 'ERROR_EXECUTING_CODEQL' is not defined HOT 1
- Docker build fails: Could not resolve library path for /usr/local/codeql-home/codeql-repo/ruby/ql/src HOT 3
- container tags by version HOT 2
- Error: Could not determine existing codeql version HOT 5
- Require signed commits on `main`
- Does this work with GHES? HOT 4
- CodeQL runs slower if the container runs as a user other than root HOT 1
- codeQL sarif Upload
- Add "nodejs" to apt install line in Dockerfile to support Typescript scanning HOT 3
- codeql-container MCR / Tag Listing HOT 2
- dotnet-sdk-3.1 fails docker build HOT 1
- Outdated scripts reference deprecated `--format=sarifv2` causing scripts to fail
- csharp database creation fails
- C# query compile failed
- CSharp and Java Queries Not Cached / Precompiled
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from codeql-container.