codeql-action icon indicating copy to clipboard operation
codeql-action copied to clipboard
verified publisher icon github

Fetching SPM from private repository when including CodeQL init step

Open einar-notland opened this issue 9 months ago • 9 comments

Not sure what causes this. But our Xcode build job just gets stuck at SPM trying to fetch a framework from a private repository when having the CodeQL initialisation step in our workflow.

The SPM fetching works fine for workflows where we do not initialise CodeQL.

The workflow does not fail, it just gets stuck at the place where it is trying to fetch the private repository package. To allow it to fetch this private repo, I use this action to add the credentials: akiojin/store-git-credential-github-action@v1. And this credentials stuff works fine for our normal builds. But in our CodeQL workflow it fails the way I have described, just being stuck at the fetching step.

Anybody have any idea here?

einar-notland avatar Mar 17 '25 13:03 einar-notland

Hi @einar-notland,

Thanks for your question. Is it possible to share the database creation and build tracer logs so we can diagnose what may cause the slowdown?

If this is a private project we may need to find a way to securely share these logs to ensure we do not disclose information.

rvermeulen avatar Mar 19 '25 23:03 rvermeulen

Yeah, I could also try to just find the part you're interested in and try to anonymise it.

But how do I extract what you are interested in. Currently the logs for the workflow just show the SPM fetching logs, like this: Fetching from https://github.com/[ORG]/[REPO]

einar-notland avatar Mar 20 '25 06:03 einar-notland

Hi @einar-notland, let me inquire if we can provide you with interesting parts to look for in the logs and get back to you.

rvermeulen avatar Mar 20 '25 21:03 rvermeulen

@rvermeulen Did you get the time to investigate this? As stated above, our workflow just gets stuck. And the final line in the log is: Fetching from https://github.com/[ORG]/[REPO]

Then the job just continues to run until it is force-quitted or time-out after 6 hours.

einar-notland avatar Apr 08 '25 08:04 einar-notland

Could you upload the database directory in its partially-created state? If there's confidential information you wouldn't want visible on this public issue tracker, perhaps you could use Google Drive and share to [email protected]?

smowton avatar Apr 08 '25 15:04 smowton

Hey @einar-notland we noticed that you are using fastlane. Fastlane is not officially supported right now. While scanning when using fastlane does work sometimes, it is known to cause issues. Is it possible to try running a build without fastlane?

coadaflorin avatar Apr 21 '25 18:04 coadaflorin

Tried building directly using xcodebuild, same issue. Screenshot (redacted details)

einar-notland avatar May 08 '25 11:05 einar-notland

Can you ask them to share the information @smowton asked for, please?

coadaflorin avatar May 15 '25 09:05 coadaflorin

I did share the information with @smowton If you give me a google account email, I can share it with you as well.

einar-notland avatar May 16 '25 05:05 einar-notland

Hi @einar-notland sorry for coming back to this so late.

If this is still affecting you, can you try setting CODEQL_TRACER_RELOCATION_EXCLUDE=".*/git" in the environment, to see if that helps?

redsun82 avatar Jul 08 '25 13:07 redsun82

Hi @einar-notland sorry for coming back to this so late.

If this is still affecting you, can you try setting CODEQL_TRACER_RELOCATION_EXCLUDE=".*/git" in the environment, to see if that helps?

@redsun82 Thx for reaching out. The fix you proposed works. We can now finally run CodeQL on our code again.

einar-notland avatar Jul 09 '25 06:07 einar-notland