From 7ae6e9a1cb05a8adbb9b2a6796f7d71ea9353cff Mon Sep 17 00:00:00 2001
From: Michael Hohn <hohn@github.com>
Date: Thu, 26 Sep 2024 12:50:20 -0700
Subject: [PATCH] Add codeql to gh-mrva container

---
 client/containers/ghmrva/Dockerfile | 41 +++++++++++++++++++++++++++--
 client/containers/ghmrva/README.org |  5 ++++
 2 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/client/containers/ghmrva/Dockerfile b/client/containers/ghmrva/Dockerfile
index c32e924..a91df9a 100644
--- a/client/containers/ghmrva/Dockerfile
+++ b/client/containers/ghmrva/Dockerfile
@@ -1,3 +1,4 @@
+# ######################
 # Use an official Golang image as the base image
 FROM golang:1.22 AS builder
 
@@ -14,8 +15,41 @@ RUN go mod download
 # Build the Go binary
 RUN go build .
 
-# Use a minimal base image for the final container
-FROM debian:bookworm
+# ######################
+# Provide codeql and java
+# 
+FROM ubuntu:24.10 as runner
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Build argument for CodeQL version, defaulting to the latest release
+ARG CODEQL_VERSION=latest
+
+# Install packages
+RUN apt-get update && apt-get install --no-install-recommends --assume-yes \
+    unzip \
+    curl \
+    ca-certificates \
+    default-jdk
+
+# If the version is 'latest', get the latest release version from GitHub, unzip
+# the bundle into /opt, and delete the archive
+RUN if [ "$CODEQL_VERSION" = "latest" ]; then \
+    CODEQL_VERSION=$(curl -s https://api.github.com/repos/github/codeql-cli-binaries/releases/latest | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/'); \
+    fi && \
+    echo "Using CodeQL version $CODEQL_VERSION" && \
+    curl -L "https://github.com/github/codeql-cli-binaries/releases/download/$CODEQL_VERSION/codeql-linux64.zip" -o /tmp/codeql.zip && \
+    unzip /tmp/codeql.zip -d /opt && \
+    rm /tmp/codeql.zip && \
+    chmod -R +x /opt/codeql
+
+# Set environment variables for CodeQL
+ENV CODEQL_CLI_PATH=/opt/codeql/codeql
+
+# Set environment variable for CodeQL for `codeql database analyze` support on ARM
+# This env var has no functional effect on CodeQL when running on x86_64 linux
+ENV CODEQL_JAVA_HOME=/usr
+
+# ######################
 
 # Set the working directory inside the final image
 WORKDIR /app
@@ -23,5 +57,8 @@ WORKDIR /app
 # Copy the binary from the builder stage
 COPY --from=builder /work-gh/mrva/gh-mrva/gh-mrva /usr/local/bin/gh-mrva
 
+# Put CodeQL on the PATH
+ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/codeql
+
 # Run forever
 CMD ["tail", "-f", "/dev/null"]
diff --git a/client/containers/ghmrva/README.org b/client/containers/ghmrva/README.org
index eac84bf..da30cd3 100644
--- a/client/containers/ghmrva/README.org
+++ b/client/containers/ghmrva/README.org
@@ -6,6 +6,11 @@
     make ghm
     # Run
     docker run -ti  client-ghmrva-container:0.1.24 /bin/bash
+
+    # In the container
+    gh-mrva -h
+    codeql -h
+
     # Push
     make ghm-push
   #+END_SRC