Skip to content

Commit

Permalink
Merge pull request #1149 from github/criemen/runner-autobuilders
Browse files Browse the repository at this point in the history
autobuild: Update tests for C# on macOS
  • Loading branch information
adityasharad committed Jul 27, 2022
2 parents 8171514 + caa2a0d commit bbc2e70
Show file tree
Hide file tree
Showing 6 changed files with 132 additions and 2 deletions.
72 changes: 72 additions & 0 deletions .github/workflows/__autobuild-action.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion .github/workflows/pr-checks.yml
Expand Up @@ -414,7 +414,10 @@ jobs:
- name: Build code
shell: bash
run: |
../action/runner/dist/codeql-runner-macos autobuild
. codeql-runner/codeql-env.sh
CODEQL_RUNNER="$(cat codeql-runner/codeql-env.json | jq -r '.CODEQL_RUNNER')"
echo "$CODEQL_RUNNER"
$CODEQL_RUNNER ../action/runner/dist/codeql-runner-macos autobuild
- name: Run analyze
run: |
Expand Down
13 changes: 13 additions & 0 deletions lib/codeql.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/codeql.js.map

Large diffs are not rendered by default.

28 changes: 28 additions & 0 deletions pr-checks/checks/autobuild-action.yml
@@ -0,0 +1,28 @@
name: "autobuild-action"
description: "Tests that the C# autobuild action works"
versions: ["latest"]
steps:
- uses: ./../action/init
with:
languages: csharp
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/autobuild
env:
# Explicitly disable the CLR tracer.
COR_ENABLE_PROFILING: ""
COR_PROFILER: ""
COR_PROFILER_PATH_64: ""
CORECLR_ENABLE_PROFILING: ""
CORECLR_PROFILER: ""
CORECLR_PROFILER_PATH_64: ""
- uses: ./../action/analyze
env:
TEST_MODE: true
- name: Check database
shell: bash
run: |
cd "$RUNNER_TEMP/codeql_databases"
if [[ ! -d csharp ]]; then
echo "Did not find a C# database"
exit 1
fi
14 changes: 14 additions & 0 deletions src/codeql.ts
Expand Up @@ -780,6 +780,20 @@ async function getCodeQLForCmd(
"-Dmaven.wagon.http.pool=false",
].join(" ");

// On macOS, System Integrity Protection (SIP) typically interferes with
// CodeQL build tracing of protected binaries.
// The usual workaround is to prefix `$CODEQL_RUNNER` to build commands:
// `$CODEQL_RUNNER` (not to be confused with the deprecated CodeQL Runner tool)
// points to a simple wrapper binary included with the CLI, and the extra layer of
// process indirection helps the tracer bypass SIP.

// The above SIP workaround is *not* needed here.
// At the `autobuild` step in the Actions workflow, we assume the `init` step
// has successfully run, and will have exported `DYLD_INSERT_LIBRARIES`
// into the environment of subsequent steps, to activate the tracer.
// When `DYLD_INSERT_LIBRARIES` is set in the environment for a step,
// the Actions runtime introduces its own workaround for SIP
// (https://github.com/actions/runner/pull/416).
await runTool(autobuildCmd);
},
async extractScannedLanguage(
Expand Down

0 comments on commit bbc2e70

Please sign in to comment.