codeql-action icon indicating copy to clipboard operation
codeql-action copied to clipboard
verified publisher icon github

[C Sharp] Error: No source code was seen and extracted to path

Open tangirala-aditya opened this issue 3 years ago • 5 comments

Hi @criemen, I have tried adding /p:UseSharedCompilation=false to the command line of the dotnet build step. Actually I have CSharp .NET 3.1 tried following documentation in order to publish codeql scan reports in azure devops platform but ended with Error: No code found during the build. Please see: https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning#no-code-found-during-the-build Any suggestions on this!

Originally posted by @tangirala-aditya in https://github.com/github/codeql-action/issues/851#issuecomment-1003437654

tangirala-aditya avatar Jan 03 '22 12:01 tangirala-aditya

Hi, what's the platform you're building on? If it's Windows Server 2022, we're unfortunately not compatible with that yet, and there's nothing you can do about that :(

criemen avatar Jan 04 '22 10:01 criemen

Hi, The platform I am building on is Linux Platform(ubuntu-latest).Would like to know any code changes needed to be included in order to accomplish manual build in (C# .NET 3.1) runtime. So, any suggestions on this?

tangirala-aditya avatar Jan 04 '22 11:01 tangirala-aditya

Could you please share your complete Azure DevOps workflow file, and the logs from the failing build?

adityasharad avatar Jan 04 '22 20:01 adityasharad

Could you please share your complete Azure DevOps workflow file, and the logs from the failing build?

The following is the yaml file for azure devops pipeline.

trigger: none pool: vmImage: ubuntu-latest stages:

  • stage: build displayName: Build dependsOn: [] jobs:
    • job: codeQl displayName: Code Scanning using CodeQL steps:

      • checkout: self displayName: Checkout repository

      • task: PowerShell@2 displayName: CodeQL Scan inputs: targetType: inline script: |- Write-Host "downloading Code QL analysis for windows" $ProgressPreference = 'SilentlyContinue' wget https://github.com/github/codeql-action/releases/latest/download/codeql-runner-linux chmod +x codeql-runner-linux Write-Host "Code QL analysis for linux downloaded, now we init it...."
        ./codeql-runner-linux init --github-url https://github.com --repository tangirala-aditya/azure-iot-platform-dotnet --github-auth $(GITHUB_PAT_TOKEN) --languages csharp

      • script: >- chmod +x ./codeql-runner/codeql-env.sh . ./codeql-runner/codeql-env.sh displayName: Export Environment Variables

      • task: PowerShell@2 displayName: Manual Build and Analyse CodeQL inputs: targetType: inline script: |- dotnet restore dotnet build /p:UseSharedCompilation=false /p:OutDir=$(Build.SourcesDirectory) Write-Host "Analyzing with CodeQL" ./codeql-runner-linux analyze --github-url https://github.com --repository tangirala-aditya/azure-iot-platform-dotnet --github-auth $(GITHUB_PAT_TOKEN) --commit $(Build.SourceVersion) --ref $(Build.SourceBranch)

      • task: PublishBuildArtifacts@1 inputs: PathtoPublish: '$(Build.SourcesDirectory)\src\codeql-runner\codeql-sarif' ArtifactName: 'CodeAnalysis' publishLocation: 'Container'

The following are the logs that says the following :

No source code was seen and extracted to /home/vsts/work/1/s/codeql-runner/codeql_databases/csharp. This can occur if the specified build commands failed to compile or process any code.

  • Confirm that there is some source code for the specified language in the project.
  • For codebases written in Go, JavaScript, TypeScript, and Python, do not specify an explicit --command.
  • For other languages, the --command must specify a "clean" build which compiles all the source code files without reusing existing build artefacts. No source code was seen and extracted to /home/vsts/work/1/s/codeql-runner/codeql_databases/csharp. This can occur if the specified build commands failed to compile or process any code.
  • Confirm that there is some source code for the specified language in the project.
  • For codebases written in Go, JavaScript, TypeScript, and Python, do not specify an explicit --command.
  • For other languages, the --command must specify a "clean" build which compiles all the source code files without reusing existing build artefacts. Analyze failed Error: No code found during the build. Please see: https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning#no-code-found-during-the-build at toolrunnerErrorCatcher (/snapshot/dist/codeql-runner.js) at processTicksAndRejections (node:internal/process/task_queues:96:5) at async Object.finalizeDatabase (/snapshot/dist/codeql-runner.js) at async finalizeDatabaseCreation (/snapshot/dist/codeql-runner.js) at async runFinalize (/snapshot/dist/codeql-runner.js) at async Command. (/snapshot/dist/codeql-runner.js) ##[error]PowerShell exited with code '1'.

tangirala-aditya avatar Jan 05 '22 10:01 tangirala-aditya

Thanks for sharing the workflow. The problem here is that . codeql-env.sh is not sufficient to export the environment variables for future build steps in Azure DevOps -- you need to use the ADO-specific mechanism for persisting environment variables.

Please follow the example at https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#example-of-creating-a-codeql-database-using-indirect-build-tracing on using the CodeQL CLI within an Azure DevOps workflow, and let us know if you need further help with it. (That example also uses the CodeQL CLI rather than the CodeQL Runner, since the Runner is deprecated. See these docs on how to migrate.)

adityasharad avatar Jan 05 '22 19:01 adityasharad