You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/codeql/codeql-for-visual-studio-code/customizing-settings.rst
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -71,7 +71,7 @@ Configuring settings for variant analysis
71
71
72
72
You can define or edit lists of GitHub repositories for variant analysis, and change to a different controller repository using the **Variant analysis** settings.
73
73
74
-
For information on the purpose and requirements for a controller repository, see ":ref:`About the controller repository <controller-repository>`."
74
+
For information on the purpose and requirements for a controller repository, see ":ref:`Setting up a controller repository for variant analysis<controller-repository>`."
75
75
76
76
You can also edit the items shown in the Variant analysis repositories panel by editing a file in your Visual Studio Code workspace called ``databases.json``. This file contains a JSON representation of all the items displayed in the panel. To open your ``databases.json`` file in an editor window, click the **{ }** icon in the top right of the variant analysis repositories panel. You can then see a structured representation of the repos, orgs and lists in your panel. For example:
Copy file name to clipboardExpand all lines: docs/codeql/codeql-for-visual-studio-code/running-codeql-queries-at-scale-with-mrva.rst
+11-23Lines changed: 11 additions & 23 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,39 +18,27 @@ When you run variant analysis against a list of repositories, your query is run
18
18
19
19
.. _controller-repository:
20
20
21
-
About the controller repository
22
-
-------------------------------
21
+
Setting a controller repository for variant analysis
22
+
-------------------------------------------------
23
23
24
-
When you run variant analysis, the analysis is run entirely using dynamic workflows for GitHub Actions. You don't need to create any workflows, but you must specify which GitHub repository the CodeQL extension should use as the "controller repository."
24
+
When you run variant analysis, the analysis is run entirely using GitHub Actions. You don't need to create any workflows, but you must specify which GitHub repository the CodeQL extension should use as the "controller repository." Controller repositories can be empty, but they must have at least one commit and the ``GITHUB_TOKEN`` must have "Read and write permissions" when running workflows. For more information, see "`Managing GitHub Actions settings for a repository <https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository>`__."
25
25
26
-
Functions of the controller repository
27
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
28
-
29
-
- **Workflow management:** the workflow runs that are triggered when you run variant analysis are shown on the **Actions** tab for the repository in much the same as other workflow runs.
30
-
- **Billing:** when you analyze private repositories, the actions minutes used by CodeQL analysis are billed to the owner of the controller repository.
31
-
32
-
Requirements of the controller repository
33
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
26
+
.. pull-quote::
27
+
28
+
Note
34
29
35
-
- The repository must have at least one commit.
36
-
- The ``GITHUB_TOKEN`` must have "Read and write permissions" when running workflows in this repository. For more information, see "`Managing GitHub Actions settings for a repository <https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository>`__."
37
-
- The repository visibility must be "public" if you plan to analyze public repositories. The variant analysis will be free.
38
-
- The repository visibility must be "private" or "internal" if you need to analyze private and internal repositories. Any actions minutes used by variant analysis, above the free limit, will be charged to the repository owner. For more information about free minutes and billing, see "`About billing for GitHub Actions <https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions>`__."
30
+
- The controller repository visibility can be "public" if you plan to analyze public repositories. The variant analysis will be free.
31
+
- The controller repository visibility must be "private" if you need to analyze any private repositories. Any actions minutes used by variant analysis, above the free limit, will be charged to the repository owner. For more information about free minutes and billing, see "`About billing for GitHub Actions <https://docs.github.com/en/billing/managing-billing-for-github-actions/about-billing-for-github-actions>`__."
39
32
40
33
TODO: Check on "internal" repositories.
41
34
42
-
.. pull-quote::
43
-
44
-
Note
45
-
46
-
You can update your settings to use a different controller repository when you want to run variant analysis on a different group of repositories. For example, if you have finished testing the query on open source code and now want to test it on your private code. However, you must wait until any previous analysis is complete before you change the controller repository.
47
35
48
36
TODO: check that the guess in the note above is accurate.
49
37
50
38
Setting up variant analysis
51
39
---------------------------
52
40
53
-
You can configure the CodeQL extension to run variant analysis by defining a controller repository.
41
+
You can define a controller repository before running your first variant analysis.
@@ -84,7 +72,7 @@ Running a query at scale using variant analysis
84
72
85
73
#. Open the query you want to run, right-click in the query file, and select **CodeQL: Run Variant Analysis** to start variant analysis.
86
74
87
-
The CodeQL extension builds a CodeQL pack with your library and any library dependencies. The CodeQL pack and your selected repository list are posted to an API endpoint on GitHub.com which triggers a GitHub Actions dynamic workflow in your controller repository. The workflow spins up multiple parallel jobs to execute the CodeQL query against the repositories in the list, optimizing query execution. As each workflow run finishes, the results are processed and displayed in a variant analysis results view in Visual Studio Code.
75
+
The CodeQL extension builds a CodeQL pack with your library and any library dependencies. The CodeQL pack and your selected repository list are posted to an API endpoint on GitHub.com which triggers a GitHub Actions dynamic workflow in your controller repository. The workflow spins up multiple parallel jobs to execute the CodeQL query against the repositories in the list, optimizing query execution. As each repository is analyzed, the results are processed and displayed in a variant analysis results view in Visual Studio Code.
88
76
89
77
.. pull-quote::
90
78
@@ -122,7 +110,7 @@ To see the results for a repository:
122
110
Exporting your results
123
111
----------------------
124
112
125
-
You can export your results for further analysis or to discuss them with collaborators. In the results view, click **Export results** to export the results to a gist on GitHub.com or to a markdown file.
113
+
You can export your results for further analysis or to discuss them with collaborators. In the results view, click **Export results** to export the results to a secret gist on GitHub.com or to a markdown file.
0 commit comments