Rename directory for base docker image and add release instructions

Author: s0

.github/workflows/publish.yml

@@ -6,18 +6,18 @@ on:
       master
 
 jobs:
-  publish-check-queries-image:
+  publish-codeql-learninglab-check:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
       uses: actions/checkout@v1
 
     - name: Build and Publish Query Checking Docker Image
-      run: cd check-queries && ./publish.sh
+      run: cd codeql-learninglab-check && ./publish.sh
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   publish-courses-cpp-ctf-segv:
-    needs: publish-check-queries-image
+    needs: publish-codeql-learninglab-check
     runs-on: ubuntu-latest
     steps:
     - name: Checkout

CONTRIBUTING.md

@@ -31,4 +31,35 @@ Here are a few things you can do that will increase the likelihood of your pull
 
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
 - [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
-- [GitHub Help](https://help.github.com)
+- [GitHub Help](https://help.github.com)
+
+## Updating and Releasing
+
+### :whale: `codeql-learninglab-check` docker image
+
+The top-level dependency is the
+[`codeql-learninglab-check`](codeql-learninglab-check) docker image.
+To update its dependencies,
+or release a new version of it,
+please see [the README for that docker image](codeql-learninglab-check).
+
+### Courses included in the `courses/` directory
+
+Following changes to the [`codeql-learninglab-check`](codeql-learninglab-check)
+base docker image,
+you'll likely want to update each of the individual courses to use the latest
+version.
+(This will be neccesary for users to take advantage of the latest changes to
+the CodeQL libraries or tools).
+You can do this by updating the `FROM` line in the respective `Dockerfile`.
+
+Changes to the courses,
+including changes to the `Dockerfile`,
+the configuration,
+or any of the expected results `.csv` files are automatically published when
+pushes are made to `master`.
+This is done by the respective `publish.sh` file for each course.
+
+We generally want to ensure that we always push the version `latest` so that
+changes can immediately be used by all course participants,
+and we don't need to update any references to versions elsewhere.

check-queries/Dockerfile codeql-learninglab-check/Dockerfilecheck-queries/Dockerfile renamed to codeql-learninglab-check/Dockerfile

@@ -0,0 +1,63 @@
+# :whale: `codeql-learninglab-check`
+
+This is the docker image used as the base for query-checking actions used by
+CodeQL Learning Lab courses,
+and it is [published to GitHub
+Packages](https://github.com/github/codeql-learninglab-actions/packages/95228).
+
+## Usage
+
+For instructions on how to use this docker image, please see
+[Creating your own course](../README.md#creating-your-own-course)
+in the main README.
+
+## Architecture / Components
+
+This docker image bundles a number of elements:
+
+* **Dependency:** Some debian packages, importantly including Node v12.
+* **Dependency:** The CodeQL CLI binaries from
+  [`codeql-cli-binaries`](https://github.com/github/codeql-cli-binaries/releases)
+* **Dependency:** A checkout of the [`Semmle/ql`](https://github.com/Semmle/ql)
+  repository, pinned to a specific version.
+* The core action JavaScript/TypeScript code from [`package/`](package),
+  and all its NPM dependencies.
+
+## Updating the CodeQL dependencies
+
+You will want to make sure that the versions of the CodeQL CLI and `Semmle/ql`
+are compatible.
+
+* **Updating the CodeQL CLI**: Modify the URL for the CLI in
+  [`Dockerfile`](Dockerfile).
+* **Updating the `Semmle/ql` repo**: Update the `RUN git checkout <ref>` line in
+  [`Dockerfile`](Dockerfile) to a git sha / reference that is compatible with
+  the version of the CodeQL CLI that is in use.
+
+## Releasing
+
+After making changes to any of the elements of this docker image,
+including the source code in `package/`,
+for courses to make use of these changes you need to make a release.
+
+This repository has a GitHub Actions workflow configured on pushes to `master`
+to automatically publish the image
+using the script [`publish.sh`](publish.sh).
+It will check to see if an image has already been published for the current
+version,
+and if not it will build and publish the image automatically.
+So to publish a new version,
+simply change the `IMAGE_VERSION` variable in [`publish.sh`](publish.sh),
+and push to `master`.
+
+**Note: it's probably best to avoid publishing to `latest` so that courses have
+to specify an explicit as their base images,
+so that courses won't break unexpectedly with breaking changes to this image**
+
+### Updating downstream dependencies
+
+Once you have updated this base image,
+you probably want to also update a number of the courses to use this updated
+image.
+
+See the main [CONTRIBUTING.md](../CONTRIBUTING.md) file for more info.