Skip to content
CodeQL (daily)

build fix #1083

Sign in to view logs

build fix

build fix #1083

Workflow file for this run

.github/workflows/codeql-daily.yml at 09e1740
name: CodeQL (daily)
on:
schedule:
- cron: '30 1 * * *' # run daily at 1:30 AM UTC
workflow_dispatch:
push:
branches:
- '**'
jobs:
# ===== Java Analysis Job =====
analyze-java:
name: "Analyze Java Code"
permissions:
actions: read
security-events: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Java 17
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: java
- name: Build Java code
run: ./gradlew assemble --no-build-cache
# Skip build cache for full code analysis
- name: Perform CodeQL analysis
uses: github/codeql-action/analyze@v3
with:
category: java
# ===== C++ Analysis Job =====
analyze-cpp:
name: "Analyze C++ Code"
permissions:
actions: read
security-events: write
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- name: Set up Java 17 (required for JNI compilation)
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 17
- name: Setup Visual Studio Build Tools
uses: microsoft/setup-msbuild@v1
# This step uses Microsoft's vswhere tool to verify that the official Windows 10 SDK (version 19041) is installed.
# vswhere is a Microsoft-provided command-line utility that locates Visual Studio installations and their components.
- name: Verify Windows SDK installation
run: |
& "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -products * -requires Microsoft.VisualStudio.Component.Windows10SDK.19041 -property installationPath
shell: pwsh
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: cpp
debug: true
- name: Build C++ code
shell: pwsh
id: build-cpp
run: |
# Use vswhere to find the path to the latest installed Visual Studio Build Tools
$vsPath = & "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe" -latest -products * -requires Microsoft.VisualStudio.Component.VC.Tools.x86.x64 -property installationPath
if (-not $vsPath) {
Write-Host "Could not find Visual Studio Build Tools installation."
exit 1
}
$vcvarsPath = Join-Path $vsPath 'VC\Auxiliary\Build\vcvars64.bat'
if (-not (Test-Path $vcvarsPath)) {
Write-Host "Could not find vcvars64.bat at $vcvarsPath"
exit 1
}
# Prepare the build script as a string
$buildScript = @'
# Set required environment variables
set APPINSIGHTS_WIN10_SDK_PATH="C:\Program Files (x86)\Windows Kits\10"
set APPINSIGHTS_VS_PATH=%VsInstallRoot%
set JAVA_HOME=%JAVA_HOME_17_X64%
set sourceDir=etw/native/src/main/cpp
set headerDir=etw/native/src/main/headers
set cppFile=%sourceDir%/etw_provider.cpp
echo Analyzing C++ file: %cppFile%
REM Create compile_commands.json for CodeQL to use
echo [ > compile_commands.json
echo { >> compile_commands.json
echo "directory": "%CD%/%sourceDir%", >> compile_commands.json
echo "command": "cl.exe /W4 /EHsc /sdl /std:c++14 /I\"%APPINSIGHTS_WIN10_SDK_PATH%/include/10.0.22621.0/um\" /I\"%JAVA_HOME%/include\" /I\"%JAVA_HOME%/include/win32\" /I\"%CD%/%headerDir%\" /c %cppFile%", >> compile_commands.json
echo "file": "%cppFile%" >> compile_commands.json
echo } >> compile_commands.json
echo ] >> compile_commands.json
REM Create a simple C++ file in the same directory to ensure the compiler is called
echo // Simple file to ensure compiler is run > codeql_trigger.cpp
echo #include <windows.h> >> codeql_trigger.cpp
echo #include <jni.h> >> codeql_trigger.cpp
echo #include "etw_provider.h" >> codeql_trigger.cpp
echo int main() { return 0; } >> codeql_trigger.cpp
REM Use a try/catch block to handle errors without failing the job
REM (not available in batch, so use errorlevel)
REM List files for debugging
echo C++ files that will be analyzed:
dir %sourceDir% /s /b *.cpp
dir %headerDir% /s /b *.h
REM Try a minimal compile to help CodeQL recognize the files
echo Running minimal compile...
echo Using JAVA_HOME: %JAVA_HOME%
if exist %JAVA_HOME%/include (
echo JNI include path exists: %JAVA_HOME%/include
) else (
echo WARNING: JNI include path doesn't exist: %JAVA_HOME%/include
)
REM Compile with explicit include paths
cl.exe /c codeql_trigger.cpp /I"%headerDir%" /I"%sourceDir%" /I"%JAVA_HOME%/include" /I"%JAVA_HOME%/include/win32" /EHsc
if %errorlevel%==0 (
echo C++ preparation completed successfully
echo CPP_BUILD_SUCCEEDED=true>>%GITHUB_ENV%
) else (
echo Warning: C++ build step encountered an error
echo Proceeding with CodeQL analysis anyway
echo CPP_BUILD_SUCCEEDED=false>>%GITHUB_ENV%
)
'@
# Write the batch script to a file
$batchFile = 'run-cpp-build.bat'
Set-Content -Path $batchFile -Value $buildScript -NoNewline
# Call vcvars64.bat and then the batch file (fix quoting for spaces)
& cmd /c "`"$vcvarsPath`" && $batchFile"
- name: Perform CodeQL analysis
uses: github/codeql-action/analyze@v3
with:
category: cpp
- name: Report C++ build status
if: env.CPP_BUILD_SUCCEEDED == 'false'
run: |
echo "::warning::C++ build failed but CodeQL scan was attempted anyway. Some C++ issues may not be detected."
scheduled-job-notification:
permissions:
issues: write
needs:
- analyze-java
- analyze-cpp
if: always()
uses: ./.github/workflows/reusable-scheduled-job-notification.yml
with:
success: ${{ needs.analyze-java.result == 'success' && needs.analyze-cpp.result == 'success' }}