Open ls-valentinas-bakaitis opened 4 weeks ago
Hi @ls-valentinas-bakaitis 👋
Thanks for opening this issue. We rely on Rosetta 2 being installed on an arm-based macOS runners for CodeQL to work correctly. CodeQL should only be initialised as late as possible in your workflow (i.e. after all setup steps, but before the actual build starts), so putting it after your "Setup Git and iOS dependencies" step makes sense.
If I understand correctly, with that ordering, Rosetta 2 gets installed successfully?
We would probably need to see more of the logs to understand what's causing the issue in the fastlane step later on. If you can share more publicly here, then that would be great. Otherwise, you can open a support ticket referencing this issue and we can pick things up from there.
@mbg Thank you, it might be easier via a support ticket - I have opened one (ID 2847745), however I was unable to provide complete logs with it as they were too big and the ticket form wouldn't accept them. Please let me know on that ticket what is the best way forward.
If you don't mind, please share whatever solution you came up with in the support ticket publicly here as well if possible. I have very similar issues and have been following #2043 for a long time.
@mbg do you think I'd be better off opening my own support ticket?
Please let me know if you do not think my issue is related and I'll happily delete my comment to keep the issue clean and clear.
Cross-posting my message from that ticket here for convenience:
I am running into a similar issue when building with fastlane where my action gets stuck on the codesigning step only when CodeQL is initialized prior to building.
The failing command is the following:
set -o pipefail && xcodebuild -workspace ./REDACTED.xcodeproj/project.xcworkspace -scheme REDACTED -configuration QA-Release -destination 'generic/platform=iOS' -archivePath ./build.xcarchive archive | tee /Users/runner/Library/Logs/gym/REDACTED\ QA.log | xcbeautify
In my case, the action gets stuck indefinitely with the last readable output being the following:
[13:03:49]: ▸ Signing REDACTED.framework (in target 'REDACTED' from project 'REDACTED')
This step usually completes in seconds but will get stuck until the action times out or is cancelled. This does not happen for the exact same pipeline without CodeQL.
The initialization, build, and analysis steps looks as follows:
- name: Initialize CodeQL
uses: github/codeql-action/init@v3.22.12
with:
languages: swift
queries: security-and-quality
tools: https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.15.5/codeql-bundle-osx64.tar.gz
- name: Build QA
REDACTED fastlane step
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3.22.12
with:
category: "/language:swift"
Runner: macos-13 Xcode-version: 15.0.1
And later these logs were attached:
First match is unique:
[T 13:21:58 9563] Attempting to switch stdout/stderr to 6...
/Users/runner/work/_temp/codeql_databases/working/copy-root/000001F5/usr/bin/codesign.semmle.000023CF.0A82CBC0.slice.x86_64: replacing existing signature
/Users/runner/work/_temp/codeql_databases/working/copy-root/000001F5/Applications/Xcode_15.0.1.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang-stat-cache.semmle.000023CF.09925910.slice.x86_64: replacing existing signature
/Users/runner/work/_temp/codeql_databases/working/copy-root/000001F5/usr/bin/codesign.semmle.000023CF.0B6BD7E8.slice.x86_64: replacing existing signature
/Users/runner/work/_temp/codeql_databases/working/copy-root/000001F5/usr/bin/codesign.semmle.000023CF.0BE22128.slice.x86_64: replacing existing signature
Rest looks as follows with slight variations:
[T 13:21:58 9570] Initializing tracer.
[T 13:21:58 9570] Initialising tags...
[T 13:21:58 9570] ID set to 0000000000002562_0000000000000001 (parent 00000000000023CF_0000000000000001)
[T 13:21:58 9570] ==== Candidate to intercept: /usr/bin/codesign (canonical: /usr/bin/codesign) ====
[T 13:21:58 9570] Lua: === Intercepted call to /usr/bin/codesign ===
[T 13:21:58 9570] Lua: Disabling tracing for language swift.
[T 13:21:58 9570] Executing the following tracer actions:
[T 13:21:58 9570] Tracer actions:
[T 13:21:58 9570] pre_invocations(0)
[T 13:21:58 9570] post_invocations(0)
[T 13:21:58 9570] trace_languages(0): []
[T 13:21:58 9570] Disabling tracing for this command.
/Applications/Xcode_15.0.1.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/install_name_tool: warning: changes being made to the file will invalidate the code signature in: /Users/runner/work/_temp/codeql_databases/working/copy-root/000001F5/Applications/Xcode_15.0.1.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang-stat-cache.semmle.000023CF.09925910.slice.arm64
[T 13:21:58 9573] Initializing tracer.
[T 13:21:58 9573] Initialising tags...
[T 13:21:58 9573] ID set to 0000000000002565_0000000000000001 (parent 00000000000023CF_0000000000000001)
[T 13:21:58 9573] ==== Candidate to intercept: /usr/bin/codesign (canonical: /usr/bin/codesign) ====
[T 13:21:58 9573] Lua: === Intercepted call to /usr/bin/codesign ===
[T 13:21:58 9573] Lua: Disabling tracing for language swift.
[T 13:21:58 9573] Executing the following tracer actions:
[T 13:21:58 9573] Tracer actions:
[T 13:21:58 9573] pre_invocations(0)
[T 13:21:58 9573] post_invocations(0)
[T 13:21:58 9573] trace_languages(0): []
[T 13:21:58 9573] Disabling tracing for this command.
/Users/runner/work/_temp/codeql_databases/working/copy-root/000001F5/Applications/Xcode_15.0.1.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang-stat-cache.semmle.000023CF.09925910.slice.arm64: replacing existing signature
@jakobholmgrenhiq: 👋 No worries for asking here -- since you have been able to share your logs already, I don't currently see any reason for you to open a support ticket. I have read through the discussion in #2043 as well. Currently, it's unclear what the issue that @ls-valentinas-bakaitis
is facing is, so I can't say whether you have the same issue or not. I will post an update once that one is resolved.
In the meantime, a few suggestions:
@mbg Hi, I have attached the logs to the support ticket (ID 2847745). Thanks!
Hi,
I'm trying to roll out CodeQL scanning to some of our iOS (swift) repositories and I have issues with CodeQL breaking the build steps. The same steps that succeed by themselves will fail when CodeQL init is added before them.
If I run this workflow with CodeQL step commented out, it succeeds:
However once CodeQL init portion is uncommented I get this error in the "Setup Git and iOS dependencies" step:
If I try to move CodeQL init after the "Setup Git and iOS dependencies" step, then the next step breaks - there are too many log lines to post here, but this is the error that occurs at fastlane step when CodeQL init is included just before it:
It looks like CodeQL init is doing something that is making
Rosetta 2
installation and subsequentfastlane
compilation fail.