codeql-action
codeql-action copied to clipboard
Published
20 hours ago •
github
github
CodeQL breaks iOS builds
Hi,
I'm trying to roll out CodeQL scanning to some of our iOS (swift) repositories and I have issues with CodeQL breaking the build steps. The same steps that succeed by themselves will fail when CodeQL init is added before them.
If I run this workflow with CodeQL step commented out, it succeeds:
name: CodeQL
on:
push:
branches: [ master, main ]
pull_request:
branches: [ master, main ]
schedule:
- cron: 30 12 * * 3
jobs:
analyze:
strategy:
matrix:
language: [ 'swift' ]
runs-on: ['self-hosted', 'arm64', 'macOS', 'xcode-15.3']
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Checkout vend actions
uses: actions/checkout@v4
with:
repository: vend/github-actions
ref: 'master'
token: ${{ <redacted> }}
path: xs-actions
# - name: Initialize CodeQL
# uses: github/codeql-action/init@v3
# with:
# languages: ${{ matrix.language }}
- name: Setup Git and iOS dependencies
uses: './xs-actions/.github/actions/ios_setup'
with:
install-gemfile-deps: "true"
install-rbenv: "true"
install-rosetta: "true"
skip-xcode-macro-validation: 'true'
ssh-private-key: ${{ <redacted> }}
- name: Run fastlane test command
uses: './xs-actions/.github/actions/ios_fastlane-run'
with:
fastlane-lane: 'test'
However once CodeQL init portion is uncommented I get this error in the "Setup Git and iOS dependencies" step:
Run /usr/sbin/softwareupdate --install-rosetta --agree-to-license
/usr/sbin/softwareupdate --install-rosetta --agree-to-license
shell: /bin/bash --noprofile --norc -e -o pipefail {0}
env:
CODEQL_ACTION_FEATURE_MULTI_LANGUAGE: false
CODEQL_ACTION_FEATURE_SANDWICH: false
CODEQL_ACTION_FEATURE_SARIF_COMBINE: true
CODEQL_ACTION_FEATURE_WILL_UPLOAD: true
CODEQL_ACTION_VERSION: 3.25.10
JOB_RUN_UUID: 9ffea00d-6649-4691-8625-ddbf1bf0db6b
CODEQL_ACTION_INIT_HAS_RUN: true
CODEQL_ACTION_ANALYSIS_KEY: .github/workflows/codeql-analysis-swift.yml:analyze
CODEQL_WORKFLOW_STARTED_AT: 2024-06-18T02:34:54.572Z
CODEQL_RAM: 14950
CODEQL_THREADS: 8
CODEQL_SCRATCH_DIR: /Users/admin/actions-runner/_work/_temp/codeql_databases/working
CODEQL_VERBOSITY: warnings
CODEQL_DIST: /Users/admin/actions-runner/_work/_tool/CodeQL/2.17.5/arm64/codeql
CODEQL_PLATFORM: osx64
CODEQL_PLATFORM_DLL_EXTENSION: .dylib
CODEQL_JAVA_HOME: /Users/admin/actions-runner/_work/_tool/CodeQL/2.17.5/arm64/codeql/tools/osx64/java-aarch64
CODEQL_EXTRACTOR_SWIFT_ROOT: /Users/admin/actions-runner/_work/_tool/CodeQL/2.17.5/arm64/codeql/swift
CODEQL_EXTRACTOR_SWIFT_WIP_DATABASE: /Users/admin/actions-runner/_work/_temp/codeql_databases/swift
CODEQL_EXTRACTOR_SWIFT_DIAGNOSTIC_DIR: /Users/admin/actions-runner/_work/_temp/codeql_databases/swift/diagnostic/extractors/swift
CODEQL_EXTRACTOR_SWIFT_LOG_DIR: /Users/admin/actions-runner/_work/_temp/codeql_databases/swift/log
CODEQL_EXTRACTOR_SWIFT_SCRATCH_DIR: /Users/admin/actions-runner/_work/_temp/codeql_databases/swift/working
CODEQL_EXTRACTOR_SWIFT_TRAP_DIR: /Users/admin/actions-runner/_work/_temp/codeql_databases/swift/trap/swift
CODEQL_EXTRACTOR_SWIFT_SOURCE_ARCHIVE_DIR: /Users/admin/actions-runner/_work/_temp/codeql_databases/swift/src
CODEQL_EXTRACTOR_SWIFT_THREADS: 8
CODEQL_EXTRACTOR_SWIFT_RAM: 14950
CODEQL_TRACER_LOG: /Users/admin/actions-runner/_work/_temp/codeql_databases/log/build-tracer.log
CODEQL_TRACER_DIAGNOSTICS_DIR: /Users/admin/actions-runner/_work/_temp/codeql_databases/diagnostic/tracer
SEMMLE_COPY_EXECUTABLES_ROOT: /Users/admin/actions-runner/_work/_temp/codeql_databases/working/copy-root
CODEQL_TOOL_PATH: /Users/admin/flutter:/Users/admin/flutter/bin/:/Users/admin/flutter/bin/cache/dart-sdk/bin:/Users/admin/.rbenv/shims:/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Library/Apple/usr/bin:/Users/admin/android-sdk/cmdline-tools/latest/bin:/Users/admin/android-sdk/platform-tools:/Users/admin/android-sdk/emulator
CODEQL_TRACER_LANGUAGES: swift
SEMMLE_PRELOAD_libtrace: /Users/admin/actions-runner/_work/_tool/CodeQL/2.17.5/arm64/codeql/tools/osx64/libtrace.dylib
CODEQL_RUNNER: /Users/admin/actions-runner/_work/_tool/CodeQL/2.17.5/arm64/codeql/tools/osx64/runner
DYLD_INSERT_LIBRARIES: /Users/admin/actions-runner/_work/_tool/CodeQL/2.17.5/arm64/codeql/tools/osx64/libtrace.dylib
SSH_AUTH_SOCK: /var/folders/zt/b4_8gf3n2wn8ylvm8wy7svc00000gn/T//ssh-sx7Xfm7bN6Bu/agent.1708
SSH_AGENT_PID: 1711
Installing Rosetta 2 on this system is not supported.
Error: Process completed with exit code 1.
If I try to move CodeQL init after the "Setup Git and iOS dependencies" step, then the next step breaks - there are too many log lines to post here, but this is the error that occurs at fastlane step when CodeQL init is included just before it:
/Users/admin/actions-runner/_work/iOS.MobileSelling/iOS.MobileSelling/<redacted>/<redacted>:16:16: external macro implementation type 'DependenciesMacrosPlugin.DependencyClientMacro' could not be found for macro 'DependencyClient()'
public let startAuthSession: @Sendable (_ domain: String) async throws -> AuthenticatedSession
It looks like CodeQL init is doing something that is making Rosetta 2 installation and subsequent fastlane compilation fail.
