search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.67k stars 1.54k forks source link

No code found during the build for a small C# project. #8867

Closed blowdart closed 2 years ago

blowdart commented 2 years ago

After enabling codeql for a larger project I decided to push it onto another small, single class nuget library

I have to customise the build process to exclude a couple of things, but the build itself works, I can see this in

Run dotnet build -c CodeQL
Microsoft (R) Build Engine version 17.1.0+ae57d105c for .NET
Copyright (C) Microsoft Corporation. All rights reserved.

  Determining projects to restore...
  Restored /home/runner/work/idunno.PasswordGenerator/idunno.PasswordGenerator/src/idunno.Password/idunno.Password.Generator.csproj (in 123 ms).
  idunno.Password.Generator -> /home/runner/work/idunno.PasswordGenerator/idunno.PasswordGenerator/src/idunno.Password/bin/CodeQL/netstandard2.1/idunno.Password.Generator.dll

Build succeeded.
    0 Warning(s)
    0 Error(s)

Time Elapsed 00:00:10.[48](https://github.com/blowdart/idunno.PasswordGenerator/runs/6165886574?check_suite_focus=true#step:4:48)

However when it gets to trying to analyze

Finalizing csharp
  /opt/hostedtoolcache/CodeQL/0.0.0-20220401/x64/codeql/codeql database finalize --finalize-dataset --threads=2 /home/runner/work/_temp/codeql_databases/csharp --ram=[59](https://github.com/blowdart/idunno.PasswordGenerator/runs/6165886574?check_suite_focus=true#step:5:59)22
  No source code was seen and extracted to /home/runner/work/_temp/codeql_databases/csharp.
  This can occur if the specified build commands failed to compile or process any code.
   - Confirm that there is some source code for the specified language in the project.
   - For codebases written in Go, JavaScript, TypeScript, and Python, do not specify 
     an explicit --command.
   - For other languages, the --command must specify a "clean" build which compiles 
     all the source code files without reusing existing build artef

Is this simply because it's too small for codeql to care about? It is just a single static class :)

Last run attempt is at https://github.com/blowdart/idunno.PasswordGenerator/runs/6165886574?check_suite_focus=true

hvitved commented 2 years ago

Hi

Try adding /p:UseSharedCompilation=false to your build command, as documented here.

blowdart commented 2 years ago

Aha, doh. Weirdly that wasn't needed in the larger project at all, hence I missed it. Apologies for that.