Add Swift extractor to Code Scanning #16035
Conversation
|
Search for |
|
hmm the error is weird (and as you can see it's not really related to the options you removed). Might be a bug with abseil's own bazel configuration. Let me look. |
|
maybe try to update abseil to the latest version with in |
|
The build command worked once so I presumed that whatever I changed was related to those changes! |
Yeah, it probably does (although it shouldn't), I was just saying it's probably not related to those specific options but to the other ones (and a misbehaviour by abseil...). Honestly, I'd probably leave the flags aside if this proves to be too problematic. I think they are overkill, and probably very relevant for local database extraction (where you might have an already running untraced bazel server and a warm cache), but not very much so in a clean runner environment. What do you think @criemen? |
|
I could reproduce this locally with |
|
Yeah, if this causes problems, you can drop everything besides |
|
I get the same problems with |
|
hm, ok. I couldn't reproduce on a standalone |
|
There's a bazel bug/design shortcoming where one header shadows another when the sandbox is disabled, thus leading to compile errors (this requires two headers of the same name). We ran into this at a customers, too. Not sure if this is what's happening with abseil, though. |
|
as a workaround, you can build bazel build @absl//absl/strings
bazel run //swift:create-extractor-pack --spawn_strategy=local |
|
@calumgrant @criemen found a cleaner workaround, the issue is some weird interaction between a new feature of clang and bazel and local strategy. https://maskray.me/blog/2022-09-25-layering-check-with-clang adding |
|
Great find! In that case, I'd like to bring back all the options, and document why we disable the layering check here. Edit: I'll be on PTO, please proceed without my input on this task. |
|
aaand there's a bug already open: bazelbuild/bazel#21592 |
| @@ -40,7 +40,7 @@ jobs: | |||
| uses: github/codeql-action/init@main | |||
| # Override language selection by uncommenting this and choosing your languages | |||
| with: | |||
| languages: csharp | |||
| languages: csharp, cpp | |||
There was a problem hiding this comment.
Can't comment on the Bazel changes, but consider matrixing the analysis over languages (e.g. see the template here https://github.com/actions/starter-workflows/blob/main/code-scanning/codeql.yml). This is what we recommend to customers as it means the analyses can run in parallel, and if one fails it doesn't disrupt the other.
There was a problem hiding this comment.
Adding both languages un-matrixed will also break our existing analysis categories and alert matching: since currently no category is specified it will fall back to the language.
There was a problem hiding this comment.
I think when no category is specified we fall back to the workflow name, job name, and matrix parameters e.g. here .github/workflows/codeql-analysis.yml:CodeQL-Build. So actually matrixing the build would create new histories when it comes to alert matching. I think that's probably a price we're willing to pay, but it's less of a clear cut win.
There was a problem hiding this comment.
Ah my mistake, wrong way round. Specifying the category when we do that is probably worthwhile then.
There was a problem hiding this comment.
How do you feel about creating a second workflow file for C++ analysis of the Swift extractor? The build commands are completely different and independent.
There was a problem hiding this comment.
hmm, seems like a good idea to me! Then it shouldn't disrupt the current analysis state in any way
|
I created a second PR #16071 where the C++ analysis is performed in a separate workflow file. If this approach is better, we can close this one. |
|
Closed in favour of #16071 |
No description provided.