SSA: Create a new codeql/shared-ssa library pack and move implementation there
#10216
Conversation
58a9d41
to
88bddb3
Compare
3760d99
to
b127561
Compare
b57f7b1
to
b354ad3
Compare
b354ad3
to
c6807f5
Compare
910e607
to
6b728ac
Compare
shared library pack and move implementation therecodeql/shared-ssa library pack and move implementation there
| @@ -95,6 +95,7 @@ jobs: | |||
| uses: ./.github/actions/fetch-codeql | |||
| - name: Build Query Pack | |||
| run: | | |||
| codeql pack create ../shared/ssa --output target/packs | |||
There was a problem hiding this comment.
Is this line necessary? I think the right thing would be to run run codeql pack install ql/lib instead. Although that probably requires codeql/ssa to be published previously, so there might be a bootstrapping problem.
@aeisenberg what do you think?
There was a problem hiding this comment.
The job fails if I don't add the line.
There was a problem hiding this comment.
Let's leave it in for now. I guess things go wrong at the codeql test run step later in the workflow, right?
There was a problem hiding this comment.
Hmm, perhaps we should actually update the qlpack.lock.yml so it includes the new dependency. Perhaps as a follow-up once the shared pack has been published:
codeql pack install ql/lib --mode=update
A fatal error occurred: Package version failure. No compatible version found: codeql/ssa@>=0.0.1 <=0.0.1.
| @@ -1,4 +1,4 @@ | |||
| name: codeql/shared-ssa | |||
| name: codeql/ssa | |||
| version: 0.0.1-dev | |||
There was a problem hiding this comment.
This will have to be manually changed to 0.0.1 before releasing and then manually bumped to 0.0.2 (or whatever) after releasing. We can implement automation for this in a similar way to how we automate the core libraries.
For now, the steps should be:
- remove the
-devsuffix - commit the change
codeql pack publish- bump the version and add the
-devback - bump all dependencies in the libraries as well
- commit the change
This simulates the automation will do. It's important that the git SHA at the time of publishing reflects exactly what is in the package since this SHA is included as metadata in the package and can be used to determine the sources of that package.
This PR creates a new QL pack for shared, language-agnostic code. I called itcodeql/shared-allto be aligned with the names of library packs for our languages, but TBH I don't know why it is called-alland e.g. not-lib.Update: We decided to use separate packs for separate libraries, so this PR adds a new
codeql/shared-ssapack for the shared SSA library.The new pack initially consists of the shared SSA implementation, which means that we now only have one (!) copy of that library, as opposed to one per language that uses it.
Commit-by-commit review is suggested.