codeql-action icon indicating copy to clipboard operation
codeql-action copied to clipboard

Published 20 hours ago verified publisher icon github

CodeQL 0.0.0-20210308 fails to detect C++ code built with MSBuild

Open blu3mania opened this issue 3 years ago • 7 comments

I have a repository (https://github.com/blu3mania/npp-papyrus) with pure C++ code. For CodeQL scan it uses its own build step since autobuild doesn't work. A recent scheduled build failed with error "No code found during the build" (https://github.com/blu3mania/npp-papyrus/actions/runs/656273848). However, the exact same code passed scan one day ago (https://github.com/blu3mania/npp-papyrus/actions/runs/652445123). I checked the 2 runs and the only difference is that the early successful run was scanned by CodeQL 0.0.0-20210127 and the new scan that failed was with 0.0.0-20210308.

The workflow file can be found here: https://github.com/blu3mania/npp-papyrus/blob/main/.github/workflows/codeql-analysis.yml

blu3mania avatar Mar 16 '21 04:03 blu3mania

Hi @blu3mania,

Apologize for the inconvenience. This might be related to https://www.githubstatus.com/incidents/s654n76c1bwr. Could you please let us know if this happens again?

MathiasVP avatar Mar 16 '21 08:03 MathiasVP

But just to sure: Would you mind enabling debug logging to help us dig into this? See https://docs.github.com/en/actions/managing-workflow-runs/enabling-debug-logging#enabling-step-debug-logging:

To enable step debug logging, you must set the following secret in the repository that contains the workflow: ACTIONS_STEP_DEBUG to true.

MathiasVP avatar Mar 16 '21 08:03 MathiasVP

I enabled step debug and triggered a new run, which still failed: https://github.com/blu3mania/npp-papyrus/actions/runs/657712158

blu3mania avatar Mar 16 '21 13:03 blu3mania

Not sure if the compiler pattern matching is case sensitive or not, as the searched pattern for VC++ is "**/cl.exe", while MSBuild calls "CL.exe" for compilation.

blu3mania avatar Mar 16 '21 13:03 blu3mania

Thanks for adding the debug logging! We are working on diagnosing the issue :)

Not sure if the compiler pattern matching is case sensitive or not, as the searched pattern for VC++ is "**/cl.exe", while MSBuild calls "CL.exe" for compilation.

The pattern matching is case insensitive on Windows so that should not be an issue.

MathiasVP avatar Mar 16 '21 17:03 MathiasVP

Hi @blu3mania

We're still working on this issue. We're not yet supporting C++20, and this issue may be related to that. As CodeQL worked in https://github.com/blu3mania/npp-papyrus/actions/runs/652445123 you can pin that specific version in your workflow with the tools property:

uses: github/codeql-action/init@v1
with:
  languages: cpp
  tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-20210304/codeql-bundle-win64.tar.gz

Thank you for your patience with this issue!

MathiasVP avatar Mar 18 '21 08:03 MathiasVP

Using CodeQL release 20210304 indeed works. I will keep an eye on future CodeQL releases and test them when available. Thanks Mathias.

blu3mania avatar Mar 18 '21 13:03 blu3mania