Code scanning support for other programming languages about ghas-enablement HOT 13 CLOSED

Thanks @nawinto99 for your issue 💯 What do you mean extend support for projects running with Python, Java?

Do you mean provide a sample file for Python, Java, etc? Right now there is only a sample file for JavaScript, would you like one for other languages?

Just to clarify :)

from ghas-enablement.

Exactly @NickLiffen

• What if a project having multiple programming languages?
• Is there a way to automatically detect languages and replace the language matrix rather than hardcoding it?

matrix:
        language: [ 'javascript' ]
      
    steps:
    - name: Checkout repository
      uses: actions/checkout@v2

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}

from ghas-enablement.

We could look at doing this 👍 I think the workflow would be a little different per repository, which may make this hard, however, I think we could do a better job around automation.

I am happy to add this as a backlog item and I will address it once I can 👍

I appreciate the feedback and once I have something to share I will tag you on it 💯

from ghas-enablement.

You are also more then welcome to PR if you like 👍 Just an FYI 💯

from ghas-enablement.

@NickLiffen Thank you, I'll give it a shot 👍

from ghas-enablement.

100% 👍

If you would like to share your thoughts before you start coding we can align on the best approach to do this. Once we are aligned you can get coding 👨‍💻 if that works with you?

Just to make sure we both agree on how to do this 👍 Thanks for contributing though :) Would be very open to your thoughts.

from ghas-enablement.

Currently, CodeQL does not support all programming languages, and the workflow would be slightly different for compiled and interpreted languages. We will create a module that collects the languages used in the GitHub project and selects only those that CodeQL currently supports.

The above is the one that comes to mind right now. If you have any other thoughts, please let me know and we'll talk about it.

from ghas-enablement.

I was more thinking technically, how would we go about doing this? 🤔

Firstly, I think we break this task down into two steps:

** Use Case 1 - Be able to accommodate for single language repos, other then JS **

Firstly, I think we update the get-repo script and here, where we return the name and repo, we also return the language. I think that's step one. Let's get the language being returned. It will have to be an array of languages I think.

Step two is about dynamically updating the codeql-anlaysis.yml file. I think there are different ways of thinking about this. We could:

• Create a specific codeql-analysis.yml file for every language. E.G python, go javascript. (we would only pick the [0] element in the languages array, so we would only pick one language.
• We update the codeql-analysis.yml with the array of languages. (we would need to filter out any languages that are not supported by Code Scanning, but are a part of the repositories languages if that makes sense?)

I don't mind what one we go down, I'm flexible.

My only thought about the second option is how different are the codeql-analysis.yml per language? If they are different then I think what we do is create specific codeql-analysis.yml files per language, and then go with option one. If they are similar, then we can 100% multi language this 👍

I welcome your thoughts 👍

from ghas-enablement.

Create a specific codeql-analysis.yml file for every language. E.G python, go javascript. (we would only pick the [0] element in the languages array, so we would only pick one language.

• Create multiple workflows for every language is simple, however, multiple workflows that have a significant impact on billing, please check out following link more info

We update the codeql-analysis.yml with the array of languages. (we would need to filter out any languages that are not supported by Code Scanning, but are a part of the repositories languages if that makes sense?

• I'm fine with this option, my only concern is that auto build for compiled languages occasionally fails, we can handle this by using conditions in a single workflow.

more info

from ghas-enablement.

Firstly, I think we update the get-repo script and here, where we return the name and repo, we also return the language. I think that's step one. Let's get the language being returned. It will have to be an array of languages I think.

• Yes, this is great. Thank you. I considered making a separate one, but there is no longer a need for it. 👍

from ghas-enablement.

@nawinto99 just thought I would check back in and see how this is going? 👍

from ghas-enablement.

I'm getting the above error, and I'd like to discuss a few things, shall we connect once and talk?

from ghas-enablement.

Going to close this issue out, as going to track this in #13

from ghas-enablement.