jamulus icon indicating copy to clipboard operation
jamulus copied to clipboard
verified publisher icon jamulussoftware

Reinstate CodeQL on Mac if not signing the build

Open softins opened this issue 3 years ago • 4 comments

Short description of changes

Moves the CodeQL from Mac Legacy back to Mac, and makes it conditional on not doing a signed build.

CHANGELOG: Mac: Make Github workflow skip CodeQL when doing a signed build, to avoid hanging.

Context: Fixes an issue?

Replaces #2564 and #2566, and solves the issues encountered when working on #2563.

Does this change need documentation? What needs to be documented and how?

Probably not

Status of this Pull Request

Ready for review

What is missing until this pull request can be merged?

Review

Checklist

  • [x] I've verified that this Pull Request follows the general code principles
  • [x] I tested my code and it does what I want
  • [x] My code follows the style guide
  • [x] I waited some time after this Pull Request was opened and all GitHub checks completed without errors.
  • [x] I've filled all the content above

softins avatar Mar 31 '22 10:03 softins

After reviews, I will squash to a single commit before merging. I have left the original commits for review, to show the process of arriving at the solution.

Before the final commit, I pushed to both emlynmac and softins, to compare the runs:

  • https://github.com/emlynmac/jamulus/actions/runs/2067750063
  • https://github.com/softins/jamulus/actions/runs/2070320595

softins avatar Mar 31 '22 10:03 softins

And similarly after the final commit:

  • https://github.com/emlynmac/jamulus/actions/runs/2070442079
  • https://github.com/softins/jamulus/actions/runs/2070443008

softins avatar Mar 31 '22 11:03 softins

Another thing to consider: @ann0see already introduced a way to run CodeQL on the legacy build (downside: we have to take care of that when removing that, but there's an appropriate comment as a reminder now). If we make CodeQL conditional on the signing, this might block us from or need another reversal if we decide to sign all non-legacy Mac builds (maybe with temporary keys). While there is no concrete PR for that, I think it should be a goal in order to make the autobuild and release code paths as similar as possible. Additionally, Mac arm64/M1 builds seem to require workarounds as long as there is no signature at all.

hoffie avatar Apr 06 '22 09:04 hoffie

Another thing to consider: @ann0see already introduced a way to run CodeQL on the legacy build (downside: we have to take care of that when removing that, but there's an appropriate comment as a reminder now).

This PR turns off the running of CodeQL on Legacy and removes the comment, as it would no longer be needed. I can't see any reason to run CodeQL on both Mac builds.

softins avatar Apr 07 '22 14:04 softins

Is this still an issue? I believe so?

I wouldn't consider this a final fix, especially if #2944 is accepted and merged.

ann0see avatar May 03 '23 20:05 ann0see

Closing this old PR, as the affected files have changed a lot since it was raised.

softins avatar Jan 12 '24 17:01 softins