CodeQL documentation
CodeQL resources

pack resolve-dependencies

Synopsis

codeql pack resolve-dependencies <options>... -- <dir>

Description

[Experimental] [Plumbing] Compute the set of required dependencies for this QL pack.

This command searches the configured registries for required dependencies and returns the list of resolved dependencies.

Options

<dir>

The root directory of the package.

--format=<fmt>

Select output format, either text (default) or json.

--mode=<mode>

Specifies how to resolve dependencies:

use-lock (default): Use the existing codeql-pack.lock.yml file to resolve dependencies, or create the lock file if it does not exist.

verify: Verify that the existing codeql-pack.lock.yml is still valid with respect to the dependencies specified in the qlpack.yml file, or fail the lock file if it does not exist.

update: Update or create the codeql-pack.lock.yml based on the existing contents of the qlpack.yml file. Any existing codeql-pack.lock.yml will be recreated.

no-lock: Ignore the existing codeql-pack.lock.yml and perform resolution based on qlpack.yml file. Does not create or update the lock file.

--[no-]allow-prerelease

Allow packs with pre-release version qualifiers (e.g., X.Y.Z-qualifier) to be used. Without this flag, pre-release packs will be ignored.

Options for configuring the CodeQL package manager

--github-auth-stdin

Authenticate to the github.com Container registry by passing a github.com GitHub Apps token or personal access token via standard input.

To authenticate to GitHub Enterprise Server Container registries, pass --registries-auth-stdin or use the CODEQL_REGISTRIES_AUTH environment variable.

This overrides the GITHUB_TOKEN environment variable.

--registries-auth-stdin

Authenticate to GitHub Enterprise Server Container registries by passing a comma-separated list of <registry_url>=<token> pairs.

For example, you can pass “https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2” to authenticate to two GitHub Enterprise Server instances.

This overrides the CODEQL_REGISTRIES_AUTH and GITHUB_TOKEN environment variables. If you only need to authenticate to the github.com Container registry, you can instead authenticate using the simpler --github-auth-stdin option.

Common options

-h, --help

Show this help text.

-J=<opt>

[Advanced] Give option to the JVM running the command.

(Beware that options containing spaces will not be handled correctly.)

-v, --verbose

Incrementally increase the number of progress messages printed.

-q, --quiet

Incrementally decrease the number of progress messages printed.

--verbosity=<level>

[Advanced] Explicitly set the verbosity level to one of errors, warnings, progress, progress+, progress++, progress+++. Overrides -v and -q.

--logdir=<dir>

[Advanced] Write detailed logs to one or more files in the given directory, with generated names that include timestamps and the name of the running subcommand.

(To write a log file with a name you have full control over, instead give --log-to-stderr and redirect stderr as desired.)

  • © GitHub, Inc.
  • Terms
  • Privacy