Closed pritidesai closed 2 years ago
The codeQL action is also running the tests in "Perform CodeQL Analysis" > "Extracting Go" (output below)
So I'm wondering why we would want to run that stuff twice. But one reason is definitely that the CodeQL build was (I think) not reporting errors in that step. It'd be nice if it was not redundant.
[2022-10-04 20:58:49] [build-stderr] 2022/10/04 20:58:49 Makefile found. [2022-10-04 20:58:49] [build-stderr] 2022/10/04 20:58:49 Trying build command make [] [2022-10-04 20:58:49] [build-stdout] ============================= [2022-10-04 20:58:49] [build-stdout] ==== Running Unit Tests ===== [2022-10-04 20:58:49] [build-stdout] ============================= [2022-10-04 20:58:49] [build-stdout] go test ./... -tags=unit -count=1 [2022-10-04 20:59:00] [build-stdout] ? github.com/IBM/license-scanner [no test files] [2022-10-04 20:59:03] [build-stdout] ok github.com/IBM/license-scanner/api/scanner 0.711s [2022-10-04 20:59:03] [build-stdout] ok github.com/IBM/license-scanner/cmd 0.239s [2022-10-04 20:59:03] [build-stdout] ? github.com/IBM/license-scanner/configurer [no test files] [2022-10-04 20:59:03] [build-stdout] ? github.com/IBM/license-scanner/debugger [no test files] [2022-10-04 20:59:42] [build-stdout] ok github.com/IBM/license-scanner/identifier 38.676s [2022-10-04 20:59:42] [build-stdout] ? github.com/IBM/license-scanner/importer [no test files] [2022-10-04 20:59:42] [build-stdout] ok github.com/IBM/license-scanner/licenses 0.193s [2022-10-04 20:59:42] [build-stdout] ok github.com/IBM/license-scanner/normalizer 0.019s [2022-10-04 20:59:42] [build-stdout] ok github.com/IBM/license-scanner/resources 0.017s
yeah I agree, it will be great to avoid such redundancy. But I was under the impression that CodeQL is mainly reporting any security issues. Is it running go test
to discover such issues? 🤔
yeah I agree, it will be great to avoid such redundancy. But I was under the impression that CodeQL is mainly reporting any security issues. Is it running
go test
to discover such issues? 🤔
You're right. It's good to do the test the way you did. CodeQL is just trying to build before its analysis (with make). It probably should not be running tests.
@markstur this is ready for another look, thanks 🙏