Open tangirala-aditya opened 2 years ago
Hi, what's the platform you're building on? If it's Windows Server 2022, we're unfortunately not compatible with that yet, and there's nothing you can do about that :(
Hi, The platform I am building on is Linux Platform(ubuntu-latest).Would like to know any code changes needed to be included in order to accomplish manual build in (C# .NET 3.1) runtime. So, any suggestions on this?
Could you please share your complete Azure DevOps workflow file, and the logs from the failing build?
Could you please share your complete Azure DevOps workflow file, and the logs from the failing build?
trigger: none pool: vmImage: ubuntu-latest stages:
stage: build displayName: Build dependsOn: [] jobs:
job: codeQl displayName: Code Scanning using CodeQL steps:
checkout: self displayName: Checkout repository
task: PowerShell@2
displayName: CodeQL Scan
inputs:
targetType: inline
script: |-
Write-Host "downloading Code QL analysis for windows"
$ProgressPreference = 'SilentlyContinue'
wget https://github.com/github/codeql-action/releases/latest/download/codeql-runner-linux
chmod +x codeql-runner-linux
Write-Host "Code QL analysis for linux downloaded, now we init it...."
./codeql-runner-linux init --github-url https://github.com --repository tangirala-aditya/azure-iot-platform-dotnet --github-auth $(GITHUB_PAT_TOKEN) --languages csharp
script: >- chmod +x ./codeql-runner/codeql-env.sh . ./codeql-runner/codeql-env.sh displayName: Export Environment Variables
task: PowerShell@2 displayName: Manual Build and Analyse CodeQL inputs: targetType: inline script: |- dotnet restore dotnet build /p:UseSharedCompilation=false /p:OutDir=$(Build.SourcesDirectory) Write-Host "Analyzing with CodeQL" ./codeql-runner-linux analyze --github-url https://github.com --repository tangirala-aditya/azure-iot-platform-dotnet --github-auth $(GITHUB_PAT_TOKEN) --commit $(Build.SourceVersion) --ref $(Build.SourceBranch)
task: PublishBuildArtifacts@1 inputs: PathtoPublish: '$(Build.SourcesDirectory)\src\codeql-runner\codeql-sarif' ArtifactName: 'CodeAnalysis' publishLocation: 'Container'
No source code was seen and extracted to /home/vsts/work/1/s/codeql-runner/codeql_databases/csharp. This can occur if the specified build commands failed to compile or process any code.
Thanks for sharing the workflow. The problem here is that . codeql-env.sh
is not sufficient to export the environment variables for future build steps in Azure DevOps -- you need to use the ADO-specific mechanism for persisting environment variables.
Please follow the example at https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#example-of-creating-a-codeql-database-using-indirect-build-tracing on using the CodeQL CLI within an Azure DevOps workflow, and let us know if you need further help with it. (That example also uses the CodeQL CLI rather than the CodeQL Runner, since the Runner is deprecated. See these docs on how to migrate.)
Hi @criemen, I have tried adding /p:UseSharedCompilation=false to the command line of the dotnet build step. Actually I have CSharp .NET 3.1 tried following documentation in order to publish codeql scan reports in azure devops platform but ended with Error: No code found during the build. Please see: https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning#no-code-found-during-the-build Any suggestions on this!
Originally posted by @tangirala-aditya in https://github.com/github/codeql-action/issues/851#issuecomment-1003437654