├── .gitattributes ├── .gitignore ├── Dockerfile ├── README.md ├── build_database.cmd ├── build_database.sh ├── docker_scripts └── create_database.sh └── jdk-versions ├── README.md ├── jdk-11-linux.cmd ├── jdk-11-linux.sh ├── jdk-17-linux.cmd ├── jdk-17-linux.sh ├── jdk-21-linux.cmd ├── jdk-21-linux.sh ├── jdk-8-linux.cmd └── jdk-8-linux.sh /.gitattributes: -------------------------------------------------------------------------------- 1 | # Normalize line endings for text files 2 | * text=auto 3 | 4 | # Use LF for Linux shell scripts 5 | *.sh text eol=lf 6 | 7 | # Use CRLF for Windows scripts 8 | *.cmd text eol=crlf 9 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore generated databases directories 2 | /databases 3 | /jdk-versions/databases 4 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:focal 2 | 3 | WORKDIR /codeql-jdk 4 | 5 | # See https://github.com/openjdk/jdk/blob/master/doc/building.md 6 | 7 | # Install required tools 8 | RUN apt-get update && export DEBIAN_FRONTEND=noninteractive && apt-get -y install --no-install-recommends \ 9 | build-essential autoconf make zip unzip file \ 10 | # Not used by the JDK build, but needed for building CodeQL database 11 | wget git 12 | 13 | # Install required libraries 14 | RUN apt-get update && export DEBIAN_FRONTEND=noninteractive && apt-get -y install --no-install-recommends \ 15 | libfreetype6-dev \ 16 | libcups2-dev \ 17 | libx11-dev libxext-dev libxrender-dev libxrandr-dev libxtst-dev libxt-dev \ 18 | libasound2-dev \ 19 | libffi-dev \ 20 | libfontconfig1-dev 21 | 22 | # Install boot JDK 23 | ARG BOOT_JDK_URL="https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.1+12/OpenJDK21U-jdk_x64_linux_hotspot_21.0.1_12.tar.gz" 24 | RUN apt-get -y install ca-certificates \ 25 | && wget --no-verbose "${BOOT_JDK_URL}" --output-document=boot-jdk.tar.gz \ 26 | && mkdir boot-jdk \ 27 | # --strip-components because all JDK files are nested inside a directory in the archive 28 | && tar -xzf boot-jdk.tar.gz -C boot-jdk --strip-components=1 \ 29 | && rm boot-jdk.tar.gz 30 | 31 | # Set up CodeQL CLI 32 | ARG CODEQL_CLI_VERSION=2.15.5 33 | RUN apt-get -y install ca-certificates \ 34 | && wget --no-verbose "https://github.com/github/codeql-cli-binaries/releases/download/v${CODEQL_CLI_VERSION}/codeql-linux64.zip" --output-document=codeql-linux64.zip \ 35 | && unzip -q -d codeql-cli codeql-linux64.zip \ 36 | && rm codeql-linux64.zip 37 | 38 | # Copy scripts 39 | # Do this last to allow modifying scripts without having to rebuild all other layers 40 | COPY ./docker_scripts/* ./docker_scripts/ 41 | 42 | ENTRYPOINT ["./docker_scripts/create_database.sh"] 43 | CMD ["--jdk-git-repo", "https://github.com/openjdk/jdk21u"] 44 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # codeql-jdk-docker 2 | 3 | Unofficial scripts and Docker configuration for building [CodeQL](https://codeql.github.com/docs/) databases for the OpenJDK. 4 | The created databases can then for example be loaded and analyzed using the [Visual Studio Code CodeQL extension](https://codeql.github.com/docs/codeql-for-visual-studio-code/analyzing-your-projects/). 5 | 6 | :warning: Your usage of CodeQL and the created databases has to adhere to the [GitHub CodeQL Terms and Conditions](https://securitylab.github.com/tools/codeql/license/). 7 | 8 | ## Requirements 9 | 10 | - OS: Windows 10, Linux (not tested) 11 | - CPU architecture: 64-bit 12 | - Docker ([Docker Desktop](https://www.docker.com/products/docker-desktop)) 13 | - RAM: 8GB or more 14 | 15 | See also [OpenJDK Build Hardware Requirements](https://github.com/openjdk/jdk/blob/master/doc/building.md#build-hardware-requirements). 16 | 17 | ## Usage 18 | 19 | This project provides convenience scripts for creating a CodeQL database for the Java code of the OpenJDK: 20 | 21 | - Windows: [`build_database.cmd`](./build_database.cmd) 22 | - Linux: [`build_database.sh`](./build_database.sh) 23 | 24 | At the moment they use CodeQL CLI 2.15.5 and build a Java database for the latest commit. 25 | 26 | The scripts only build the Linux variant of the JDK, building the Windows variant is currently not supported. 27 | 28 | These scripts can be executed as is (assuming that Docker has already been started). They perform the following tasks: 29 | 30 | 1. Build the Docker image (named `codeql-jdk`) 31 | 2. Clone the JDK source code 32 | 3. Build the CodeQL database and copy it to the `databases` folder of the current directory 33 | 34 | The [`jdk-versions` folder](./jdk-versions) contains scripts for building databases for specific JDK versions. 35 | 36 | Note: Building the Docker image, the JDK and the CodeQL database are all resource and time intensive tasks. In total they might take up to an hour (depends on your network connection and hardware). 37 | 38 | :information_source: 3 to 4GB of memory might suffice for the Docker container, however a memory limit should be specified for the JDK build using `--memory-limit` (see ["Build configuration" section](#build-configuration)), otherwise the build can get stuck and fail. 39 | 40 | ### Docker image configuration 41 | 42 | The Dockerfile uses [build-time variables](https://docs.docker.com/engine/reference/commandline/build/#set-build-time-variables---build-arg) for configuration. 43 | 44 | - `BOOT_JDK_URL`: URL of the JDK to be used as [boot JDK](https://github.com/openjdk/jdk/blob/master/doc/building.md#boot-jdk-requirements). The URL should be a download link for a `.tar.gz` file containing all JDK files nested in an extra directory. For example the [Eclipse Adoptium](https://adoptium.net) download URLs of the GitHub releases can be used. 45 | - `CODEQL_CLI_VERSION`: Version of [CodeQL CLI](https://github.com/github/codeql-cli-binaries/releases) to use for building the database, e.g. `2.5.7` 46 | 47 | ### Build configuration 48 | 49 | The Docker image has a build script as entry point which allows customizing how the JDK and the CodeQL database is built. 50 | The arguments are passed as additional arguments to [`docker container run`](https://docs.docker.com/engine/reference/commandline/container_run/). 51 | Additionally the arguments can be used with the convenience scripts mentioned in the ["Usage" section](#usage). 52 | 53 | Arguments have the format --param value 54 | 55 | - `--jdk-git-repo` (required) 56 | URI of the Git repository from which the JDK source code should be cloned. When choosing the JDK version to build, the following has to be considered: 57 | - A matching boot JDK has to be choosen (see ["Docker image configuration" section](#docker-image-configuration)) 58 | - CodeQL CLI has to support the Java version, see the [CodeQL documentation](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/#languages-and-compilers) for supported versions. The CodeQL CLI version might have to be adjusted (see ["Docker image configuration" section](#docker-image-configuration)). 59 | CodeQL CLI might not support building the latest (unreleased) JDK version yet, prefer JDK update releases of older versions such as [jdk16u](https://github.com/openjdk/jdk16u). 60 | - The Dockerfile is currently configured for the default JDK built by the convenience scripts of this project. Other JDKs might have different dependencies, consult the [JDK build instructions](https://github.com/openjdk/jdk/blob/master/doc/building.md) and adjust the Dockerfile if problems occur. 61 | - Since the JDK build tools are part of the JDK repository, the choice of the JDK version affects which of the other build arguments are supported and how they behave. 62 | - `--jdk-commit-sha` 63 | Git commit hash (or branch name) of the JDK commit to build. If not specified, the latest commit of the active branch of the remote Git repository is built. 64 | See also the considerations for picking the JDK version described above for the `--jdk-git-repo` parameter. When using a commit hash, the full commit hash (40 characters) should be specified to allow performing a shallow fetch. 65 | - `--memory-limit` 66 | Specifies the memory limit in MB for the JDK build within the container. The JDK build tools will use the maximum memory available to the container if not specified. 67 | It is recommended to specify a custom limit because the JDK build tools do not account for CodeQL CLI running during the build, causing the JDK build to slow down or even fail. 68 | Creating a container with ~4GB, and setting a memory limit of ~2GB for the JDK build seems to work fine. 69 | Also have a look at the JDK [Build Hardware Requirements](https://github.com/openjdk/jdk/blob/master/doc/building.md#build-hardware-requirements) and [Build Performance guide](https://github.com/openjdk/jdk/blob/master/doc/building.md#build-performance). When using WSL2 on Windows, tuning the [WSL 2 Settings](https://docs.microsoft.com/en-us/windows/wsl/wsl-config#wsl-2-settings) might help as well. 70 | - `--cpu-cores` 71 | Specifies the number of CPU cores the JDK build is allowed to use. The JDK build tools will use all cores dedicated to the container by default. 72 | Also have a look at the JDK [Build Performance guide](https://github.com/openjdk/jdk/blob/master/doc/building.md#build-performance). When using WSL2 on Windows, tuning the [WSL 2 Settings](https://docs.microsoft.com/en-us/windows/wsl/wsl-config#wsl-2-settings) might help as well. 73 | - `--make-target` 74 | Specifies the [`make` target](https://github.com/openjdk/jdk/blob/master/doc/building.md#running-make) for the JDK build. By default the `java` target is executed, compiling all Java code of the JDK. 75 | - `--codeql-db-lang` 76 | Specifies the programming language for which CodeQL CLI shoud create the database, have a look at the [CodeQL CLI documentation](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#running-codeql-database-create) for a list of supported programming languages. By default the database is created for Java source code. 77 | When choosing a different programming language it might be necessary to specify a different `--make-target`. 78 | Note: The chosen database language influences the name of the created database folder. 79 | - `--jdk-version-name` 80 | Specifies the JDK version name to be included in the name of the created database folder. This has no effect on the cloned Git repository or the build commands. By default no JDK version name is included in the name of the database folder because it is often not easily possible to obtain the version name only from the specified JDK Git repository. 81 | -------------------------------------------------------------------------------- /build_database.cmd: -------------------------------------------------------------------------------- 1 | @REM Create output directory; abort if directory cannot be created (e.g. when file with this name exists) 2 | IF NOT EXIST "databases/" mkdir databases || EXIT 1 3 | 4 | @REM Build image, then start container (with `--rm` to remove it once finished) 5 | docker build . -t codeql-jdk && docker container run --rm --name "codeql-jdk-db-build" --mount type=bind,source="%cd%/databases",target=/codeql-jdk/codeql-jdk-databases codeql-jdk %* 6 | -------------------------------------------------------------------------------- /build_database.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # Create output directory 5 | mkdir -p databases 6 | # Build image, then start container (with `--rm` to remove it once finished) 7 | docker build . -t codeql-jdk 8 | docker container run --rm --name "codeql-jdk-db-build" --mount type=bind,source="$(pwd)/databases",target=/codeql-jdk/codeql-jdk-databases codeql-jdk "$@" 9 | -------------------------------------------------------------------------------- /docker_scripts/create_database.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | DB_PARENT_DIR="codeql-jdk-databases" 5 | if [ ! -d "${DB_PARENT_DIR}" ]; then 6 | echo "Database output directory '${DB_PARENT_DIR}' is not specified as Docker volume" 7 | exit 1 8 | fi 9 | 10 | # Parse arguments (see https://stackoverflow.com/a/14203146) 11 | # Checking if variable is set uses https://stackoverflow.com/a/13864829 12 | while [[ $# -gt 0 ]]; do 13 | key="$1" 14 | 15 | case "$key" in 16 | --jdk-git-repo) 17 | if [ -z "${REPO_URL+x}" ]; then 18 | REPO_URL="$2" 19 | else 20 | echo "Duplicate 'jdk-git-repo' argument" 21 | exit 1 22 | fi 23 | shift # past parameter 24 | shift # past value 25 | ;; 26 | --jdk-commit-sha) 27 | if [ -z "${COMMIT_SHA+x}" ]; then 28 | COMMIT_SHA="$2" 29 | else 30 | echo "Duplicate 'jdk-commit-sha' argument" 31 | exit 1 32 | fi 33 | shift # past parameter 34 | shift # past value 35 | ;; 36 | --memory-limit) 37 | if [ -z "${MEMORY_LIMIT+x}" ]; then 38 | MEMORY_LIMIT="$2" 39 | else 40 | echo "Duplicate 'memory-limit' argument" 41 | exit 1 42 | fi 43 | shift # past parameter 44 | shift # past value 45 | ;; 46 | --cpu-cores) 47 | if [ -z "${CPU_CORES+x}" ]; then 48 | CPU_CORES="$2" 49 | else 50 | echo "Duplicate 'cpu-cores' argument" 51 | exit 1 52 | fi 53 | shift # past parameter 54 | shift # past value 55 | ;; 56 | --make-target) 57 | if [ -z "${MAKE_TARGET+x}" ]; then 58 | MAKE_TARGET="$2" 59 | else 60 | echo "Duplicate 'make-target' argument" 61 | exit 1 62 | fi 63 | shift # past parameter 64 | shift # past value 65 | ;; 66 | --codeql-db-lang) 67 | if [ -z "${DB_LANG+x}" ]; then 68 | DB_LANG="$2" 69 | else 70 | echo "Duplicate 'codeql-db-lang' argument" 71 | exit 1 72 | fi 73 | shift # past parameter 74 | shift # past value 75 | ;; 76 | --jdk-version-name) 77 | if [ -z "${JDK_VERSION_NAME+x}" ]; then 78 | JDK_VERSION_NAME="$2" 79 | else 80 | echo "Duplicate 'jdk-version-name' argument" 81 | exit 1 82 | fi 83 | shift # past parameter 84 | shift # past value 85 | ;; 86 | *) 87 | echo "Unknown parameter '$key'" 88 | exit 1 89 | ;; 90 | esac 91 | done 92 | 93 | if [ -z "${REPO_URL+x}" ]; then 94 | echo "Missing 'jdk-git-repo' argument" 95 | exit 1 96 | fi 97 | 98 | echo "Using CodeQL CLI $(./codeql-cli/codeql/codeql version --format=terse)" 99 | if [ -z "${DB_LANG+x}" ]; then 100 | echo "No CodeQL database language set; using Java" 101 | DB_LANG="java" 102 | fi 103 | 104 | mkdir jdk 105 | cd jdk 106 | 107 | echo "Cloning JDK repository ${REPO_URL}" 108 | if [ -z "${COMMIT_SHA+x}" ]; then 109 | git clone --depth 1 "$REPO_URL" . 110 | else 111 | # Try shallow fetch of specific commit (might not be supported by remote repository) 112 | # See https://stackoverflow.com/a/43136160 113 | git init 114 | git remote add origin "${REPO_URL}" 115 | 116 | EXIT_CODE=0 117 | git fetch --depth 1 origin "${COMMIT_SHA}" || EXIT_CODE=$? 118 | 119 | if [[ $EXIT_CODE -eq 0 ]]; then 120 | git checkout FETCH_HEAD 121 | else 122 | echo "Failed performing shallow fetch; trying full fetch instead" 123 | git fetch origin 124 | git checkout "$COMMIT_SHA" 125 | fi 126 | fi 127 | 128 | # Get the actual commit SHA because COMMIT_SHA might either not be 129 | # specified or be a branch name 130 | ACTUAL_COMMIT_SHA="$(git rev-parse --short=10 HEAD)" 131 | 132 | if [ -z "${JDK_VERSION_NAME+x}" ]; then 133 | DB_DIR_NAME="codeql-jdk-${DB_LANG}-db-${ACTUAL_COMMIT_SHA}" 134 | else 135 | DB_DIR_NAME="codeql-jdk-${JDK_VERSION_NAME}-${DB_LANG}-db-${ACTUAL_COMMIT_SHA}" 136 | fi 137 | 138 | DB_PATH="${DB_PARENT_DIR}/${DB_DIR_NAME}" 139 | # Use `..` because current directory is "jdk" 140 | if [ -e "../${DB_PATH}" ]; then 141 | echo "Database '${DB_DIR_NAME}' already exists" 142 | exit 1 143 | fi 144 | 145 | echo "Building JDK commit ${ACTUAL_COMMIT_SHA}" 146 | 147 | # Specify build and host OS to avoid detection of WSL as Windows 148 | # Boot JDK is prepared by Dockerfile 149 | CONF_COMMAND="configure --build=x86_64-unknown-linux-gnu --host=x86_64-unknown-linux-gnu --with-boot-jdk=../boot-jdk" 150 | 151 | # Build performance customization 152 | # https://github.com/openjdk/jdk/blob/master/doc/building.md#build-performance 153 | # Memory limit in MB 154 | if [ -n "${MEMORY_LIMIT+x}" ]; then 155 | echo "Using custom memory limit ${MEMORY_LIMIT}" 156 | CONF_COMMAND="${CONF_COMMAND} --with-memory-size=${MEMORY_LIMIT}" 157 | fi 158 | 159 | if [ -n "${CPU_CORES+x}" ]; then 160 | # Note: Currently JDK "Build performance summary" shows number of parallel 161 | # jobs as "Cores to use"; its value is based on cores count and memory 162 | # See https://bugs.openjdk.java.net/browse/JDK-8270438 163 | echo "Using custom CPU cores count ${CPU_CORES}" 164 | CONF_COMMAND="${CONF_COMMAND} --with-num-cores=${CPU_CORES}" 165 | fi 166 | 167 | echo "" 168 | echo "----- Creating JDK build configuration -----" 169 | 170 | # Create JDK build configuration 171 | bash ${CONF_COMMAND} 172 | 173 | # See https://github.com/openjdk/jdk/blob/master/doc/building.md#running-make 174 | if [ -z "${MAKE_TARGET+x}" ]; then 175 | # 'java' target compiles all Java code 176 | echo "No make target set; using 'java'" 177 | MAKE_TARGET="java" 178 | fi 179 | 180 | echo "" 181 | echo "----- Building JDK -----" 182 | 183 | # Build database in temp directory and afterwards copy result to mounted dir 184 | # to reduce IO in mounted dir for better performance on WSL 185 | mkdir ../db-build-temp 186 | ../codeql-cli/codeql/codeql database create "--language=${DB_LANG}" --source-root=. "--command=make ${MAKE_TARGET}" "../db-build-temp" 187 | cp --recursive ../db-build-temp "../${DB_PATH}" 188 | 189 | echo "" 190 | echo "Finished creating database '${DB_DIR_NAME}'" 191 | -------------------------------------------------------------------------------- /jdk-versions/README.md: -------------------------------------------------------------------------------- 1 | # JDK version build scripts 2 | 3 | This directory contains convenience build scripts for creating databases for the Java code of the latest commits of specific JDK release versions. Currently supported are: 4 | 5 | - `jdk8u`: Cloned from [adoptium/jdk8u](https://github.com/adoptium/jdk8u) 6 | - `jdk11u`: Cloned from [openjdk/jdk11u](https://github.com/openjdk/jdk11u) 7 | - `jdk17u`: Cloned from [openjdk/jdk17u](https://github.com/openjdk/jdk17u) 8 | - `jdk21u`: Cloned from [openjdk/jdk21u](https://github.com/openjdk/jdk21u) 9 | 12 | 13 | The build scripts support the command line arguments for tweaking build performance, as [specified by the README](/README.md#build-configuration). 14 | 15 | At the moment only the Linux variant of the JDK can be build, building the Windows variant is not supported. 16 | -------------------------------------------------------------------------------- /jdk-versions/jdk-11-linux.cmd: -------------------------------------------------------------------------------- 1 | @REM Create output directory; abort if directory cannot be created (e.g. when file with this name exists) 2 | IF NOT EXIST "databases/" mkdir databases || EXIT 1 3 | 4 | @REM Build image, then start container (with `--rm` to remove it once finished) 5 | docker build .. -t codeql-jdk:11-linux --build-arg BOOT_JDK_URL=https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.16.1+1/OpenJDK11U-jdk_x64_linux_hotspot_11.0.16.1_1.tar.gz && docker container run --rm --name "codeql-jdk-11-linux-db-build" --mount type=bind,source="%cd%/databases",target=/codeql-jdk/codeql-jdk-databases codeql-jdk:11-linux --jdk-git-repo https://github.com/openjdk/jdk11u --jdk-version-name 11-linux %* 6 | -------------------------------------------------------------------------------- /jdk-versions/jdk-11-linux.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # Create output directory 5 | mkdir -p databases 6 | # Build image, then start container (with `--rm` to remove it once finished) 7 | docker build .. -t codeql-jdk:11-linux --build-arg BOOT_JDK_URL=https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.16.1+1/OpenJDK11U-jdk_x64_linux_hotspot_11.0.16.1_1.tar.gz 8 | docker container run --rm --name "codeql-jdk-11-linux-db-build" --mount type=bind,source="$(pwd)/databases",target=/codeql-jdk/codeql-jdk-databases codeql-jdk:11-linux --jdk-git-repo https://github.com/openjdk/jdk11u --jdk-version-name 11-linux "$@" 9 | -------------------------------------------------------------------------------- /jdk-versions/jdk-17-linux.cmd: -------------------------------------------------------------------------------- 1 | @REM Create output directory; abort if directory cannot be created (e.g. when file with this name exists) 2 | IF NOT EXIST "databases/" mkdir databases || EXIT 1 3 | 4 | @REM Build image, then start container (with `--rm` to remove it once finished) 5 | docker build .. -t codeql-jdk:17-linux --build-arg BOOT_JDK_URL=https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.4.1+1/OpenJDK17U-jdk_x64_linux_hotspot_17.0.4.1_1.tar.gz && docker container run --rm --name "codeql-jdk-17-linux-db-build" --mount type=bind,source="%cd%/databases",target=/codeql-jdk/codeql-jdk-databases codeql-jdk:17-linux --jdk-git-repo https://github.com/openjdk/jdk17u --jdk-version-name 17-linux %* 6 | -------------------------------------------------------------------------------- /jdk-versions/jdk-17-linux.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # Create output directory 5 | mkdir -p databases 6 | # Build image, then start container (with `--rm` to remove it once finished) 7 | docker build .. -t codeql-jdk:17-linux --build-arg BOOT_JDK_URL=https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.4.1+1/OpenJDK17U-jdk_x64_linux_hotspot_17.0.4.1_1.tar.gz 8 | docker container run --rm --name "codeql-jdk-17-linux-db-build" --mount type=bind,source="$(pwd)/databases",target=/codeql-jdk/codeql-jdk-databases codeql-jdk:17-linux --jdk-git-repo https://github.com/openjdk/jdk17u --jdk-version-name 17-linux "$@" 9 | -------------------------------------------------------------------------------- /jdk-versions/jdk-21-linux.cmd: -------------------------------------------------------------------------------- 1 | @REM Create output directory; abort if directory cannot be created (e.g. when file with this name exists) 2 | IF NOT EXIST "databases/" mkdir databases || EXIT 1 3 | 4 | @REM Build image, then start container (with `--rm` to remove it once finished) 5 | docker build .. -t codeql-jdk:21-linux --build-arg BOOT_JDK_URL=https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.1+12/OpenJDK21U-jdk_x64_linux_hotspot_21.0.1_12.tar.gz && docker container run --rm --name "codeql-jdk-21-linux-db-build" --mount type=bind,source="%cd%/databases",target=/codeql-jdk/codeql-jdk-databases codeql-jdk:21-linux --jdk-git-repo https://github.com/openjdk/jdk21u --jdk-version-name 21-linux %* 6 | -------------------------------------------------------------------------------- /jdk-versions/jdk-21-linux.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # Create output directory 5 | mkdir -p databases 6 | # Build image, then start container (with `--rm` to remove it once finished) 7 | docker build .. -t codeql-jdk:21-linux --build-arg BOOT_JDK_URL=https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.1+12/OpenJDK21U-jdk_x64_linux_hotspot_21.0.1_12.tar.gz 8 | docker container run --rm --name "codeql-jdk-21-linux-db-build" --mount type=bind,source="$(pwd)/databases",target=/codeql-jdk/codeql-jdk-databases codeql-jdk:21-linux --jdk-git-repo https://github.com/openjdk/jdk21u --jdk-version-name 21-linux "$@" 9 | -------------------------------------------------------------------------------- /jdk-versions/jdk-8-linux.cmd: -------------------------------------------------------------------------------- 1 | @REM Create output directory; abort if directory cannot be created (e.g. when file with this name exists) 2 | IF NOT EXIST "databases/" mkdir databases || EXIT 1 3 | 4 | @REM Build image, then start container (with `--rm` to remove it once finished) 5 | @REM Note: https://hg.openjdk.java.net/jdk8/jdk8/raw-file/tip/README-builds.html#bootjdk says JDK 7 should 6 | @REM be used as boot JDK, but using JDK 8 seems to work as well 7 | @REM Uses Adoptium repository because https://github.com/openjdk/jdk8u is not updated anymore 8 | @REM EDIT: Apparently openjdk/jdk8u is updated again? 9 | docker build .. -t codeql-jdk:8-linux --build-arg BOOT_JDK_URL=https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u345-b01/OpenJDK8U-jdk_x64_linux_hotspot_8u345b01.tar.gz && docker container run --rm --name "codeql-jdk-8-linux-db-build" --mount type=bind,source="%cd%/databases",target=/codeql-jdk/codeql-jdk-databases codeql-jdk:8-linux --jdk-git-repo https://github.com/adoptium/jdk8u --make-target all --jdk-version-name 8-linux %* 10 | -------------------------------------------------------------------------------- /jdk-versions/jdk-8-linux.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | # Create output directory 5 | mkdir -p databases 6 | # Build image, then start container (with `--rm` to remove it once finished) 7 | # Note: https://hg.openjdk.java.net/jdk8/jdk8/raw-file/tip/README-builds.html#bootjdk says JDK 7 should 8 | # be used as boot JDK, but using JDK 8 seems to work as well 9 | docker build .. -t codeql-jdk:8-linux --build-arg BOOT_JDK_URL=https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u345-b01/OpenJDK8U-jdk_x64_linux_hotspot_8u345b01.tar.gz 10 | # Uses Adoptium repository because https://github.com/openjdk/jdk8u is not updated anymore 11 | # EDIT: Apparently openjdk/jdk8u is updated again? 12 | docker container run --rm --name "codeql-jdk-8-linux-db-build" --mount type=bind,source="$(pwd)/databases",target=/codeql-jdk/codeql-jdk-databases codeql-jdk:8-linux --jdk-git-repo https://github.com/adoptium/jdk8u --make-target all --jdk-version-name 8-linux "$@" 13 | --------------------------------------------------------------------------------