jamulus icon indicating copy to clipboard operation
jamulus copied to clipboard
verified publisher icon jamulussoftware

Mac: Try re-enabling CodeQL on non-legacy build again

Open hoffie opened this issue 3 years ago • 7 comments

What is the current behaviour and why should it be changed? In #2564 we've moved the CodeQL logic to the legacy build target. The reason was that enabling CodeQL got the build stuck during release signing. The legacy build is not signed, therefore, the problem didn't appear there. I'm suspecting that it might be the same cause as #2925. In other words: It might just be that CodeQL builds are slower (they are!) and therefore hit the keychain re-lock timeout, which can be worked around.

Describe possible approaches When #2925 is fixed, we could just re-enable CodeQL for the main build (and disable for legacy).

Has this feature been discussed and generally agreed? No, but if it works, it should be good to go as it was a workaround only.

hoffie avatar Oct 19 '22 21:10 hoffie

Well, no, it doesn't seem like #2925 is sufficient to avoid this issue, see https://github.com/emlynmac/jamulus/actions/runs/3357222609/jobs/5562884622#step:10:1838

hoffie avatar Oct 30 '22 22:10 hoffie

Maybe it's still something related. I remember @danryu changing some timeout to 6h.

ann0see avatar Nov 06 '22 07:11 ann0see

Maybe it's still something related. I remember @danryu changing some timeout to 6h.

I think you're probably referring to the keychain settings timeout in this PR: https://github.com/jamulussoftware/jamulus/pull/2624 Which is still not merged ;) That timeout was taken from example Github docs on XCode: https://docs.github.com/en/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development It simply keeps the keychain unlocked for the specified period (up to 6 hours). This is done to ease the various CI jobs that require keychain access in the same build run.

Btw I just added signed package validation and upload to the App Store to that PR - the code is working for us.

danryu avatar Nov 06 '22 07:11 danryu

I've just commented in #2624: I think that 6h timeout is redundant now that #2927 has been merged (it drops exactly that timeout, AFAIU). That was the initial reason for this PR. :)

The best way forward would probably to try to get GUI access. Github shows some hacks to do that, but I haven't got around to try them.

hoffie avatar Nov 07 '22 21:11 hoffie

See https://github.com/jamulussoftware/jamulus/issues/3049 - same thing for Linux now?

pljones avatar Apr 19 '23 16:04 pljones

Dropping from 3.10.0.

pljones avatar Jun 25 '23 09:06 pljones

Now that the sudo workaround has been merged in #3223, I have done a build with CodeQL on the main MacOS instead of on the legacy MacOS, and it worked fine.

I could raise a PR to make the change if generally agreed.

softins avatar Feb 10 '24 16:02 softins