0

I am trying to configure CodeQL scanning on my repo. For that purpose I am using the template provided by GitHub:

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: CodeQL
run-name: CodeQL
env:
  virtualMachine: ubuntu-latest
on:
  push:
    branches:
      - master
      - development
      - release/*
  pull_request:
    # The branches below must be a subset of the branches above
    branches:
      - master
      - development
  schedule:
    - cron: '0 9 * * *'
jobs:
  analyze:
    name: Analyze
    runs-on: ${{ env.virtualMachine }}
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language:
          - csharp
          - javascript
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
        # Use only 'java' to analyze code written in Java, Kotlin or both
        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
        # By default, queries listed here will override any specified in a config file.
        # Prefix the list here with "+" to use these queries and those in the config file.

        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
        # queries: security-extended,security-and-quality

    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
      uses: github/codeql-action/autobuild@v2

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

    #   If the Autobuild fails above, remove it and uncomment the following three lines.
    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

    # - run: |
    #     echo "Run, Build Application using script"
    #     ./location_of_script_within_repo/buildscript.sh

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2
      with:
        category: "/language:${{matrix.language}}"

When I am trying to run it locally on my machine using nektos/act I get the following error:

[CodeQL/Analyze-1] 🚀 Start image=catthehacker/ubuntu:full-latest
[CodeQL/Analyze-1] 🐳 docker pull image=catthehacker/ubuntu:full-latest platform= username=*** forcePull=true
[CodeQL/Analyze-1] 🐳 docker create image=catthehacker/ubuntu:full-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[]
[CodeQL/Analyze-1] 🐳 docker run image=catthehacker/ubuntu:full-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[]
[CodeQL/Analyze-1] ☁ git clone 'https://github.com/github/codeql-action' # ref=v2
[CodeQL/Analyze-1] ☁ git clone 'https://github.com/github/codeql-action' # ref=v2
[CodeQL/Analyze-1] ☁ git clone 'https://github.com/github/codeql-action' # ref=v2
[CodeQL/Analyze-1] 🧪 Matrix: map[language:csharp]
[CodeQL/Analyze-1] ⭐ Run Main Checkout repository
[CodeQL/Analyze-1] 🐳 docker cp src=C:\Users\ezequiel.de-luca\NoBackUp\Cobani\Repos\cobani-content. dst=/mnt/c/Users/ezequiel.de-luca/NoBackUp/Cobani/Repos/cobani-content
[CodeQL/Analyze-1] ✅ Success - Main Checkout repository
[CodeQL/Analyze-1] ⭐ Run Main Initialize CodeQL
[CodeQL/Analyze-1] 🐳 docker cp src=C:\Users\ezequiel.de-luca.cache\act/github-codeql-action-init@v2/ dst=/var/run/act/actions/github-codeql-action-init@v2/
[CodeQL/Analyze-1] 🐳 docker exec cmd=[node /var/run/act/actions/github-codeql-action-init@v2/lib/init-action.js] user= workdir=
[CodeQL/Analyze-1] ❗ ::error::Not Found
[CodeQL/Analyze-1] ❗ ::error::init action failed: Not Found
[CodeQL/Analyze-1] ❌ Failure - Main Initialize CodeQL
[CodeQL/Analyze-1] ⚙ ::set-env:: CODEQL_ACTION_FEATURE_SARIF_COMBINE=true
[CodeQL/Analyze-1] ⚙ ::set-env:: CODEQL_ACTION_FEATURE_WILL_UPLOAD=true
[CodeQL/Analyze-1] ⚙ ::set-env:: CODEQL_ACTION_VERSION=2.2.11
[CodeQL/Analyze-1] exitcode '1': failure
[CodeQL/Analyze-1] ⭐ Run Post Initialize CodeQL
[CodeQL/Analyze-1] 🐳 docker exec cmd=[node /var/run/act/actions/github-codeql-action-init@v2/lib/init-action-post.js] user= workdir=
[CodeQL/Analyze-1] 🚧 ::warning::Debugging artifacts are unavailable since the 'init' Action failed before it could produce any.
[CodeQL/Analyze-1] ✅ Success - Post Initialize CodeQL
| (node:36) UnhandledPromiseRejectionWarning: HttpError: Not Found
| at /run/act/actions/github-codeql-action-init@v2/node_modules/@octokit/request/dist-node/index.js:66:23
| at processTicksAndRejections (internal/process/task_queues.js:95:5)
| at async Job.doExecute (/run/act/actions/github-codeql-action-init@v2/node_modules/bottleneck/light.js:405:18)
| (Use node --trace-warnings ... to show where the warning was created)
| (node:36) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag --unhandled-rejections=strict (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)
| (node:36) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
[CodeQL/Analyze-1] 🏁 Job failed
Error: Job 'Analyze' failed

My understanding is that it is not finding the action github/codeql-action/init in the repo, but I do not see any error during

[CodeQL/Analyze-1] ☁ git clone 'https://github.com/github/codeql-action' # ref=v2

Do you know if I should configure the init differently?

Improve this question
2
  • The action looks cloned (see the path in the error message), this looks like a different HTTP error to me: HttpError: Not Found | at /run/act/actions/github-codeql-action-init@v2/node_modules/@octokit/request/dist-node/index.js:66:23 --- it does not tell which URL thought. Makes more sense? Commented Apr 12, 2023 at 20:23
  • Relevant GitHub issue: github.com/github/codeql-action/issues/967 Commented Apr 13, 2023 at 6:19

1 Answer 1

Reset to default
0

According to this relevant GitHub issue (https://github.com/github/codeql-action/issues/967)'s comment:

... The codeql-action will not work as a local action through act. The failure is because the workflow is making a request to determine what its run_id is and since this is being run through act, there is no workflow run.

I tried this suggestion about passing GITHUB_RUN_ID with a recent workflow run ID:

act -s GITHUB_TOKEN=[PAT] --env GITHUB_RUN_ID=[RECENT_RUN_ID]

but that didn't work for me.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.