Relocation announcement: `github/codeql-go` moving into `github/codeql`

[adityasharad]

The CodeQL Go extractor and libraries are moving to a new home!

Summary

• Old location: The github/codeql-go repository
• New location: The github/codeql repository, specifically https://github.com/github/codeql/tree/main/go.

The github/codeql-go repository currently contains the open-source CodeQL queries, libraries, and extractor for analyzing codebases written in the Go programming language with GitHub's CodeQL code analysis tools. These contents will be moved to the github/codeql repository, to live alongside similar libraries for all other programming languages supported by CodeQL.

CodeQL support of the Go programming language will stay the same, except that the code and the development will continue in github/codeql.

Once the move completes, GitHub will stop using the github/codeql-go repository and replace its contents with a placeholder announcement.

When will this change take place?

This change is scheduled for 23 May 2022.

What do I need to change as a user of CodeQL or code scanning?

For users of non-default CodeQL query suites

• When this applies: If you’re using the query or queries configuration directives in a CodeQL query suite.
• What you need to do:
  • Please make sure to refer to individual CodeQL queries for Go by their canonical query ID (rather than an absolute path). The query ID can be found after @id in the metadata section at the top of the query file.
  • Alternatively, please use relative paths to queries and directories within the enclosing CodeQL pack codeql/go-queries, rather than absolute paths.
  • See the CodeQL CLI docs for more information on the query suite syntax.

Examples:

Before	After
- query: path/to/checkout/of/codeql-go/ql/src/Security/CWE-079/ReflectedXss.ql	- queries: . from: codeql/go-queries - include: id: go/reflected-xss OR - query: Security/CWE-079/ReflectedXss.ql from: codeql/go-queries
- queries: path/to/checkout/of/codeql-go/ql/src/path/to/subdirectory	- queries: path/to/subdirectory from: codeql/go-queries ...
- queries: path/to/subdirectory from: codeql-go ...	No change needed.
- queries: path/to/subdirectory from: codeql/go-queries ...	No change needed.
- qlpack: codeql-go ...	No change needed.
- qlpack: codeql/go-queries ...	No change needed.

For users of the queries field in a code scanning YAML configuration

• When this applies: If the queries field in your code scanning YAML configuration file directly references a query or directory of queries in the github/codeql-go repository.
• What you need to do: Please change these references to use the packs: field and the corresponding path within the codeql/go-queries query pack.
  • We do not recommend running queries from the CodeQL standard libraries at a specific GitHub ref, since this may not be compatible with the latest released version of CodeQL running on GitHub Actions.
• Example before:

  name: "My CodeQL config"
  queries:
    - uses: github/codeql-go/ql/src/experimental/CWE-327@<ref>

• Example after:

  name: "My CodeQL config"
  packs:
    - 'codeql/go-queries:experimental/CWE-327'

For users of the queries field in the github/codeql-action/init step of a GitHub Actions workflow

• When this applies: If the queries field in your workflow file directly references queries in the github/codeql-go repository.
• What you need to do: Please change these references to use the packs: field and the corresponding path within the codeql/go-queries query pack.
  • We do not recommend running queries from the CodeQL standard libraries at a specific GitHub ref, since this may not be compatible with the latest released version of CodeQL running on GitHub Actions.
• Example before:

  - name: Initialize CodeQL
    uses: github/codeql-action/init@v2
    with:
      languages: go
      queries: github/codeql-go/ql/src/experimental/CWE-327@<ref>

• Example after:

  - name: Initialize CodeQL
    uses: github/codeql-action/init@v2
    with:
      languages: go
      packs: 'codeql/go-queries:experimental/CWE-327'

For users of the github/vscode-codeql-starter repository

• When this applies: If you are using a local Git checkout of the github/vscode-codeql-starter repository or one of its forks, which contain the github/codeql and github/codeql-go repositories as submodules.
• What you need to do: Please ensure your checkout is kept up to date, and use git submodule update --remote to keep the submodules up to date.
• What will change: GitHub will move Go-related contents into the ql submodule and workspace folder, and delete the codeql-go submodule and workspace folder. Up-to-date checkouts and VS Code workspaces will continue to work.

For users of local Git checkouts of the github/codeql and github/codeql-go repositories

• When this applies: If you have local Git checkouts of the github/codeql and github/codeql-go repositories in sibling directories for use with the CodeQL CLI, as recommended in the CodeQL CLI documentation.
• What you need to do: Please ensure both checkouts are kept up to date. If you are working on local Git branches in your checkout of github/codeql-go, please update and rebase them on github/codeql instead.
• What will change: GitHub will move Go-related contents into the github/codeql repository, and leave only placeholder data in the codeql-go repository. Up-to-date checkouts will reflect this change. After this point you are free to delete the checkout of the github/codeql-go repository.

If none of the above apply to you

We expect no change to be required to your CodeQL or code scanning setup.

Where do I go for help?

Please open an issue in github/codeql or file an issue with GitHub support if you encounter any difficulties with this change, and we will be happy to help.