search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.72k stars 1.55k forks source link

Autobuild Go detects go.work files in vendored directories #17893

Open freeformz opened 2 weeks ago

freeformz commented 2 weeks ago

Description of the issue

For some reason autobuild-go is picking up go.work files in vendored directories....


 [2024-11-01 19:11:45] [build-stderr] 2024/11/01 19:11:45 Found go.work file(s) in: xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/go.work.
  [2024-11-01 19:11:45] [build-stderr] 2024/11/01 19:11:45 Loading xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/go.work...
  [2024-11-01 19:11:45] [build-stderr] 2024/11/01 19:11:45 xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/go.work uses the following Go modules:
  [2024-11-01 19:11:45] [build-stderr] xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/go.mod
  [2024-11-01 19:11:45] [build-stderr] xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/cmd/jv/go.mod
  [2024-11-01 19:11:45] [build-stderr] 2024/11/01 19:11:45 Unable to read xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/go.mod: open xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/go.mod: no such file or directory.
  [2024-11-01 19:11:45] [build-stderr] 2024/11/01 19:11:45 Unable to read xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/cmd/jv/go.mod: open xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/cmd/jv/go.mod: no such file or directory.
...
  [2024-11-01 19:14:21] [build-stderr] 2024/11/01 19:14:21 Failed to stat xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/go.sum after running `go mod tidy -e`: stat xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/go.sum: no such file or directory
  [2024-11-01 19:14:21] [build-stderr] 2024/11/01 19:14:21 Failed to stat xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/cmd/jv/go.mod before running `go mod tidy -e`
  [2024-11-01 19:14:21] [build-stderr] 2024/11/01 19:14:21 Running /home/runner/work/_temp/codeql-action-go-tracing/bin/go [go mod tidy -e] failed, continuing anyway: chdir xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/cmd/jv: no such file or directory
  [2024-11-01 19:14:21] [build-stderr] 2024/11/01 19:14:21 Failed to run `go mod tidy -e` in xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6/cmd/jv
  ...
   [2024-11-01 19:19:56] [build-stderr] 2024/11/01 19:19:56 Running extractor command '/opt/hostedtoolcache/CodeQL/2.19.2/x64/codeql/go/tools/linux64/go-extractor [-mod=readonly ./... ./cmd/jv/...]' from directory 'xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6'.
  [2024-11-01 19:19:56] [build-stderr] 2024/11/01 19:19:56 Build flags: '-mod=readonly'; patterns: './... ./cmd/jv/...'
  [2024-11-01 19:19:56] [build-stderr] 2024/11/01 19:19:56 Running packages.Load.
  [2024-11-01 19:19:56] [build-stderr] 2024/11/01 19:19:56 Error running go tooling: err: exit status 1: stderr: go: cannot load module . listed in go.work file: open go.mod: no such file or directory
  [2024-11-01 19:19:56] [build-stderr] go: cannot load module cmd/jv listed in go.work file: open cmd/jv/go.mod: no such file or directory
  [2024-11-01 19:19:56] [build-stderr] 2024/11/01 19:19:56 Extraction failed for xyz/vendor/github.com/santhosh-tekuri/jsonschema/v6: exit status 1

``

This then causes (at least IMO) extra, un-needed evaluations.
mbg commented 2 weeks ago

Hi @freeformz 👋🏻

Thanks for reporting this. The autobuilder should be excluding go.work files from vendor directories, so this does look like a bug. We will look at getting this fixed for an upcoming release.

Other than resulting in unnecessary work being done, does this cause you any other issues?