Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/advanced-security/grab_ql

Grab some/all of CodeQL CLI binary, QL library, VSCode starter workspace, VSCode and VSCode QL extension
https://github.com/advanced-security/grab_ql

Last synced: 3 months ago
JSON representation

Grab some/all of CodeQL CLI binary, QL library, VSCode starter workspace, VSCode and VSCode QL extension

Awesome Lists containing this project

README

        

# Grab CodeQL

`grab_codeql` lets you get [CodeQL](https://codeql.github.com/) for the command-line and in VSCode using one downloader.

It grabs some or all of the [CodeQL CLI binary](https://github.com/github/codeql-cli-binaries), [the CodeQL libraries](https://github.com/github/codeql), [the VSCode IDE](https://code.visualstudio.com/) and the [VSCode CodeQL extension](https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-codeql).

You can get the latest version, or a specific version of each one.

This is in active development as of July 2022.

## Motivation

Finding and installing [CodeQL](https://codeql.github.com/) and getting it working with [VSCode](https://code.visualstudio.com/) can sometimes be a little laborious and error prone. This project automates the process of finding the right installer for each part you need.

This is useful for getting started quickly with CodeQL (perhaps during training), or for getting the right installers for use on an "airgapped" network that cannot download the packages directly.

## Getting started

With no switches, `grab-codeql` will attempt to get the latest versions of the packages listed above, all for the current platform.

Get full usage with `grab-codeql --help`, after installation,
or try `python3 -mpydoc grab_codeql.grab_codeql` if you installed the Python module.

Some typical examples of usage are:

``` bash
# Get tag 'v2.9.4' of the CLI release binary, and also get the equivalent tag for the library.
# Gets whichever is the latest version of VSCode and the CodeQL VSCode extension.
# Matches downloads to the current platform.
grab-codeql --tag v2.9.4

# Get tag 'v2.9.4' of the CLI release binary.
# Only get the CLI binary, not the library, VSCode, or the extension.
# Match the download to the current platform.
grab-codeql --tag v2.9.4 --no-lib --no-vscode --no-vscode-ext

# Get the latest versions of all of the downloads.
# Match the downloads to Windows 64-bit with Intel.
grab-codeql --os windows --bits 64 --machine intel

# List the available tags/versions for the downloads.
grab-codeql --list-tags

# Do a dry-run of the downloads - select the package and stop before downloading
grab-codeql --dry-run

# Put the downloads in a given directory
grab-codeql --download-path /a/download/path

# Provide a GitHub token to authenticate to the GitHub API (not usually necessary)
export GH_TOKEN=
grab_codeql
# or
grab_codeql --github-token
```

## Installation

You have a few options for installation: a Python wheel; OR from source; OR a MacOS M-series binary.

### Install from Python wheel

This option needs Python 3.8+ and pip.

This will install the Python module and a CLI shortcut, both named `grab_codeql`.

Get the Python wheel from the releases for this repository, then install it:

``` bash
python3 -m pip install grab_codeql-*-py3-none-any.whl
```

OR

### Clone and install from source

This option needs Python 3.8+ and pip and GNU Make.

It installs the Python module and a CLI shortcut, both named `grab_codeql`.

Clone this repository and install from source:

``` bash
git clone
cd grab_ql
make && make install
```

If you don't have GNU Make, you can instead use:

``` bash
git clone
cd grab_ql
python3 -m pip install build
python3 -m build
python3 -m pip install ./dist/grab_codeql-*.whl
```

OR

### Use the MacOS 12.0 ARM binary release

This option runs on MacOS 12+ on the M-series chip.

Get the release named `grab_codeql.bin` from this repository, then run it:

``` bash
chmod +x grab_codeql.bin
./grab_codeql.bin
```

## Dependencies

Running `grab_codeql` relies on:

* Python 3.8+
* you can also use a standalone binary distributable on MacOS (see above)
* web connection
* to use the [GitHub API](https://docs.github.com/en/rest/guides/getting-started-with-the-rest-api), the [Visual Studio MarketPlace](https://marketplace.visualstudio.com/) API, and to download installer files from GitHub, the MarketPlace and the VSCode website
* Optionally: HomeBrew (on MacOS, Linux or WSL)

## Troubleshooting

Having problems using or installing? Check these steps. If all else fails, raise an issue on the issue tracker on the GitHub repository.

### Install problems

1. Make sure you are using Python 3.8+ (Python 2.7 or below is not supported, and neither is 3.7 and below)
2. Check your [pip configuration](https://pip.pypa.io/en/stable/user_guide/) to make sure the installer can reach PyPi
3. Try upgrading `pip` using `python3 -mpip install pip --upgrade`
4. Try the release wheel or release binary (for MacOS 12+ M-series only) if installing from source is failing

### Usage problems

1. Try using `grab-codeql --debug` to get debug output
2. Check that you installed the module, or that the release binary is in your `PATH`
3. Read `grab-codeql --help` to understand the available flags
4. Review the "Getting started" section to see typical usage

## Building

You can use `make` to build both the wheel and the release binary for your platform.

### Wheel

* Python 3.8+
* Pip and PyPi
* Python dependencies via PyPi (see `requirements.txt` and `dev-requirements.txt`)
* GNU Make (or run commands manually)

Run `make build` to build just the wheel.

### binary

* `nuitka` python module from PyPi, and dependencies (`orderedset zstandard` from PyPi)
* Cython Python 3.8+
* Pip and PyPi
* GNU Make (or run commands manually)
* Python dependencies via PyPi (see `requirements.txt` and `dev-requirements.txt`)
* a supported compiler for your platform

Run `make bin` to build the release binary for the platform you are on.

## Development dependencies

* Python dependencies via PyPi (see `dev-requirements.txt`)

## Contributing

See [CONTRIBUTING](CONTRIBUTING.md)

## License

This project is licensed under the terms of the MIT open source license. Please refer to [LICENSE](LICENSE) for the full terms.

## Maintainers

See [CODEOWNERS](CODEOWNERS)

## Acknowledgments and notes

Knowledge of the Microsoft Visual Studio Marketplace API derived from the [VSCode source code](https://github.com/microsoft/vscode/blob/main/src/vs/platform/extensionManagement/common/extensionGalleryService.ts).

This project is not officially supported by GitHub.