-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CodeQL with custom build run autobuild in analyze step #14373
Comments
Hi @JGiola! 👋🏻 Thank you for reporting this problem. There's a bug with tracing custom Go 1.21 builds on Linux that we are aware of and have a fix in progress that should get released soon. In the meantime, you should be able to get your custom build to work by implementing the fix manually, e.g. by changing your "Run Build" step like this: - name: Run Build
run: |
mkdir -p ./.temp-go-fix/
echo "#!/bin/bash\n\nexec $(which go) \"$@\"" > ./.temp-go-fix/go
chmod +x ./.temp-go-fix/go
export PATH=./.temp-go-fix:$PATH
make build Alternatively, you could temporarily run your CodeQL workflow on Windows or macOS, or downgrade to Go 1.20. |
Unfortunately, I cannot downgrade go, but if the fix is poised to be released soon I can wait or move to macOS in case. I was worried that I was doing something wrong 😅 Thank you for your response |
Hi @JGiola 👋🏻 Just to let you know, we have just released the new version of the CodeQL Action which should fix this problem. If you have pinned Let me know if this has fixed the problem for you! |
No, it not seems to have been fixed for me, you can see here https://github.com/mia-platform/miactl/actions/runs/6456636776/job/17526523110 with the 1.22.1 version of the action inside the analyze step an autobuild is triggered. |
Thank you for giving that a shot and I am sorry it still doesn't work for you. We have done some testing and discussed this internally. Our new version of the Action does indeed fix the problem we were aware of, but your particular configuration has brought a different issue to our attention where tracing of custom builds is broken and our fix does not work. The previous problem we addressed is that The problem in your case is that We are looking into ways of fixing this as well as more permanent improvements to our ability to trace statically-linked binaries, but I can't promise that this will be a quick fix. Unsatisfactorily, your options are mostly as before until we have a proper fix:
|
For various reasons I can only try the first road to run the workflow on macOS instead of the linux worker. It can be reasonable to open an issue on the actions repository to ask to add a configuration where we can provide a custom make command for the auto builder? Even if is not so "auto" if I have to say what command to launch instead of make without options... |
I'm running into this same issue but on GHE 3.10.3 with codeql-action mkdir -p ./.temp-go-fix/
echo "#!/bin/bash\n\nexec $(which go) \"\$@\"" > ./.temp-go-fix/go
chmod +x ./.temp-go-fix/go
export PATH=./.temp-go-fix:$PATH
go build ./some-path/ |
One possible cause is if |
Ah, or, if I try something similar locally I see |
That seems to have fixed it. Thank you. |
I'm running CodeQL against a golang project that use the 1.21.1 version.
I've noticed that in the latest iteration the custom build step seems to be ignored during the analyze step and the autobuild script is launched even if I've already build it.
I can't understand if I'm doing something wrong, but when I was using the default golang version the autobuild script was not running...
The problem for me is that the default
make
command that the autobuild script is launching is not building anything but is the command for running the linter and the test suites, so is waisting time downloading things and running tests that are not inherent to the code quality step.You can see the script launched here. And the workflow for codeql is the following:
The text was updated successfully, but these errors were encountered: