8f964ea2cb
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com> Co-authored-by: Grace Park <gracepark@github.com> Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com> Co-authored-by: Robert Sese <sese@github.com> Co-authored-by: Peter Bengtsson <peterbe@github.com> Co-authored-by: Rachael Sewell <rachmari@github.com>
5.5 KiB
title, shortTitle, intro, product, redirect_from, versions, type, topics
| title | shortTitle | intro | product | redirect_from | versions | type | topics | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Running CodeQL code scanning in a container | {% data variables.product.prodname_code_scanning_capc %} in a container | You can run {% data variables.product.prodname_code_scanning %} in a container by ensuring that all processes run in the same container. | {% data reusables.gated-features.code-scanning %} |
|
|
how_to |
|
{% data reusables.code-scanning.beta %} {% data reusables.code-scanning.deprecation-codeql-runner %}
About {% data variables.product.prodname_code_scanning %} with a containerized build
If you're setting up {% data variables.product.prodname_code_scanning %} for a compiled language, and you're building the code in a containerized environment, the analysis may fail with the error message "No source code was seen during the build." This indicates that {% data variables.product.prodname_codeql %} was unable to monitor your code as it was compiled.
{% ifversion fpt or ghes > 3.0 or ghae-next or ghec %} You must run {% data variables.product.prodname_codeql %} inside the container in which you build your code. This applies whether you are using the {% data variables.product.prodname_codeql_cli %}, the {% data variables.product.prodname_codeql_runner %}, or {% data variables.product.prodname_actions %}. For the {% data variables.product.prodname_codeql_cli %} or the {% data variables.product.prodname_codeql_runner %}, see "Installing {% data variables.product.prodname_codeql_cli %} in your CI system" or "Running {% data variables.product.prodname_codeql_runner %} in your CI system" for more information. If you're using {% data variables.product.prodname_actions %}, configure your workflow to run all the actions in the same container. For more information, see "Example workflow." {% else %} You must run {% data variables.product.prodname_codeql %} inside the container in which you build your code. This applies whether you are using the {% data variables.product.prodname_codeql_runner %} or {% data variables.product.prodname_actions %}. For the {% data variables.product.prodname_codeql_runner %}, see "Running {% data variables.product.prodname_codeql_runner %} in your CI system" for more information. If you're using {% data variables.product.prodname_actions %}, configure your workflow to run all the actions in the same container. For more information, see "Example workflow." {% endif %}
Dependencies
You may have difficulty running {% data variables.product.prodname_code_scanning %} if the container you're using is missing certain dependencies (for example, Git must be installed and added to the PATH variable). If you encounter dependency issues, review the list of software typically included on {% data variables.product.prodname_dotcom %}'s virtual environments. For more information, see the version-specific readme files in these locations:
- Linux: https://github.com/actions/virtual-environments/tree/main/images/linux
- macOS: https://github.com/actions/virtual-environments/tree/main/images/macos
- Windows: https://github.com/actions/virtual-environments/tree/main/images/win
Example workflow
This sample workflow uses {% data variables.product.prodname_actions %} to run {% data variables.product.prodname_codeql %} analysis in a containerized environment. The value of container.image identifies the container to use. In this example the image is named codeql-container, with a tag of f0f91db. For more information, see "Workflow syntax for {% data variables.product.prodname_actions %}."
name: "{% data variables.product.prodname_codeql %}"
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: '15 5 * * 3'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest{% ifversion fpt or ghes > 3.1 or ghae-next or ghec %}
permissions:
security-events: write
actions: read{% endif %}
strategy:
fail-fast: false
matrix:
language: [java]
# Specify the container in which actions will run
container:
image: codeql-container:f0f91db
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Initialize {% data variables.product.prodname_codeql %}
uses: github/codeql-action/init@v1
with:
languages: {% raw %}${{ matrix.language }}{% endraw %}
- name: Build
run: |
./configure
make
- name: Perform {% data variables.product.prodname_codeql %} Analysis
uses: github/codeql-action/analyze@v1