database trace-command
[Plumbing] Run a single command as part of a traced build.
Who can use this feature?
CodeQL is available for the following repository types:
- Public repositories on GitHub.com, seeGitHub CodeQL Terms and Conditions
- Organization-owned repositories on GitHub Team withGitHub Code Security enabled
In this article
Note
This content describes the most recent release of the CodeQL CLI. For more information about this release, seehttps://github.com/github/codeql-cli-binaries/releases.
To see details of the options available for this command in an earlier release, run the command with the--help option in your terminal.
Synopsis
codeql database trace-command [--threads=<num>] [--ram=<MB>] [--extractor-option=<extractor-option-name=value>] <options>... -- <database> <command>...
codeql database trace-command [--threads=<num>] [--ram=<MB>] [--extractor-option=<extractor-option-name=value>] <options>... -- <database> <command>...Description
[Plumbing] Run a single command as part of a traced build.
This runs a single given command line under a tracer, thus possiblyperforming some extraction, but does not finalize the resulting CodeQLdatabase.
Options
Primary Options
<database>
[Mandatory] Path to the CodeQL database under construction. This musthave been prepared for extraction withcodeql database init.
If the--db-cluster option is given, this is not a database itself,but a directory thatcontains databases, and all of those databaseswill be processed together.
<command>...
The command to run. This may consist of one or more arguments, which areused to create the process. It is recommended to pass the '--'argument before listing the command's arguments, in order to avoidconfusion between its arguments and ours.
The command is expected to exit with a status code of 0. Any other exitcode is interpreted as a failure.
The command may be omitted when--index-traceless-dbs is given.
-j, --threads=<num>
Ask the extractor to use this many threads. This option is passed to theextractor as a suggestion. If the CODEQL_THREADS environment variable isset, the environment variable value takes precedence over this option.
You can pass 0 to use one thread per core on the machine, or -N toleaveN cores unused (except still use at least one thread).
-M, --ram=<MB>
Ask the extractor to use this much memory. This option is passed to theextractor as a suggestion. If the CODEQL_RAM environment variable isset, the environment variable value takes precedence over this option.
--[no-]db-cluster
Indicates that the directory given on the command line is not a databaseitself, but a directory thatcontains one or more databases underconstruction. Those databases will be processed together.
--no-tracing
[Advanced] Do not trace the specified command, instead rely on it toproduce all necessary data directly.
--extra-tracing-config=<tracing-config.lua>
[Advanced] The path to a tracer configuration file. It may be used tomodify the behavior of the build tracer. It may be used to pick outcompiler processes that run as part of the build command, and triggerthe execution of other tools. The extractors will provide default tracerconfiguration files that should work in most situations.
--[no-]index-traceless-dbs
In addition to the specified command, run the main script for extractorsthat don't depend on tracing a build process. If you're constructingdatabases for several languages with--db-cluster, this option shouldbe given to exactly one invocation ofcodeql database trace-command.
--[no-]use-build-mode
Determine what to run based on the database's build mode. This optioncannot be used in conjunction with--index-traceless-dbs.
--working-dir=<dir>
[Advanced] The directory in which the specified command should beexecuted. If this argument is not provided, the command is executed inthe value of--source-root passed tocodeql database create, if one exists. If no--source-root argument is provided, the command is executed in thecurrent working directory.
--no-run-unnecessary-builds
[Advanced] Only run the specified build command(s) if a database underconstruction uses an extractor that depends on tracing a build process.If this option is not given, the command will be executed even whenCodeQL doesn't need it, on the assumption that you need its sideeffects for other reasons.
Options to control extractor behavior
-O, --extractor-option=<extractor-option-name=value>
Set options for CodeQL extractors.extractor-option-name should be ofthe form extractor_name.group1.group2.option_name orgroup1.group2.option_name. Ifextractor_option_name starts with anextractor name, the indicated extractor must declare the optiongroup1.group2.option_name. Otherwise, any extractor that declares theoption group1.group2.option_name will have the option set.value canbe any string that does not contain a newline.
You can use this command-line option repeatedly to set multipleextractor options. If you provide multiple values for the same extractoroption, the behavior depends on the type that the extractor optionexpects. String options will use the last value provided. Array optionswill use all the values provided, in order. Extractor options specifiedusing this command-line option are processed after extractor optionsgiven via--extractor-options-file.
When passed tocodeql database init orcodeql database begin-tracing, the options will only beapplied to the indirect tracing environment. If your workflow also makescalls tocodeql database trace-command then the options also need to be passed there if desired.
Seehttps://codeql.github.com/docs/codeql-cli/extractor-options formore information on CodeQL extractor options, including how to list theoptions declared by each extractor.
--extractor-options-file=<extractor-options-bundle-file>
Specify extractor option bundle files. An extractor option bundle fileis a JSON file (extension.json) or YAML file (extension.yaml or.yml) that sets extractor options. The file must have the top-levelmap key 'extractor' and, under it, extractor names as second-level mapkeys. Further levels of maps represent nested extractor groups, andstring and array options are map entries with string and array values.
Extractor option bundle files are read in the order they are specified.If different extractor option bundle files specify the same extractoroption, the behavior depends on the type that the extractor optionexpects. String options will use the last value provided. Array optionswill use all the values provided, in order. Extractor options specifiedusing this command-line option are processed before extractor optionsgiven via--extractor-option.
When passed tocodeql database init orcodeql database begin-tracing, the options will only beapplied to the indirect tracing environment. If your workflow also makescalls tocodeql database trace-command then the options also need to be passed there if desired.
Seehttps://codeql.github.com/docs/codeql-cli/extractor-options formore information on CodeQL extractor options, including how to list theoptions declared by each extractor.
Common options
-h, --help
Show this help text.
-J=<opt>
[Advanced] Give option to the JVM running the command.
(Beware that options containing spaces will not be handled correctly.)
-v, --verbose
Incrementally increase the number of progress messages printed.
-q, --quiet
Incrementally decrease the number of progress messages printed.
--verbosity=<level>
[Advanced] Explicitly set the verbosity level to one of errors,warnings, progress, progress+, progress++, progress+++. Overrides-vand-q.
--logdir=<dir>
[Advanced] Write detailed logs to one or more files in the givendirectory, with generated names that include timestamps and the name ofthe running subcommand.
(To write a log file with a name you have full control over, insteadgive--log-to-stderr and redirect stderr as desired.)
--common-caches=<dir>
[Advanced] Controls the location of cached data on disk that willpersist between several runs of the CLI, such as downloaded QL packs andcompiled query plans. If not set explicitly, this defaults to adirectory named.codeql in the user's home directory; it will becreated if it doesn't already exist.
Available sincev2.15.2.