View CodeQL results for multiple languages #10711
-
|
Hi, So I have this GitHub action which runs CodeQL on my codebase which has both Python and C++ code (the C++ code are Python extensions). However, when the action runs, it executes the queries on the Python (5437 lines) and C++ (470 lines) code, but in the Security tab, it only shows that 470 lines were executed (the C++ code). The action log: https://github.com/Aspect1103/Hades/actions/runs/3192388904/jobs/5209808332 Is there a way, I can view the results for both languages or am I doing something wrong? Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 6 replies
-
|
@nickfyson can you please help out here? |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for this question, and having dug into it I can reassure you that you actually are successfully analysing both languages. Unfortunately the lines of code count in that banner is misleading in this situation. The approach in your workflow uploads results from both language scans as a single analysis with two runs, but unfortunately we are only counting one of these runs towards those statistics. Thanks for drawing this to our attention, and we'll hopefully have this fixed shortly! In the meantime, having looked at your workflow, you might want to consider more closely following the best-practices shown in the CodeQL starter workflow, which uses a matrix build. In this case you would see each language show up in that banner separately, with the correct count for lines of code (though obviously you will only ever see the most recent one to have completed). |
Beta Was this translation helpful? Give feedback.
-
|
It would show just the count for whichever language was the last to finish, but you would at least be able to confirm that both languages are being analysed (if you checked that page at the right time). I should say, there are various other reasons why a matrix build approach is preferred, not least that it should be faster since the analyses can proceed in parallel. |
Beta Was this translation helpful? Give feedback.
-
|
That's good to know, I'll adapt it now to a matrix build. Thanks. |
Beta Was this translation helpful? Give feedback.
-
|
So I've changed the action into a matrix build with Python and C++ (see https://github.com/Aspect1103/Hades/blob/master/.github/workflows/codeql.yaml), however, it still runs the C++ queries on the Python build and vice versa. Is there something I'm missing? The log: https://github.com/Aspect1103/Hades/actions/runs/3214726267 |
Beta Was this translation helpful? Give feedback.
-
|
I think what you're missing is specifying the language when initialising, as seen here... I would really recommend wholesale copying that starter workflow yml for your own use. For example, you're getting warnings about the triggers not being correctly setup, which would be fixed by following the starter workflow. 🙂 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, that fixed it. |
Beta Was this translation helpful? Give feedback.
Thanks for this question, and having dug into it I can reassure you that you actually are successfully analysing both languages. Unfortunately the lines of code count in that banner is misleading in this situation.
The approach in your workflow uploads results from both language scans as a single analysis with two runs, but unfortunately we are only counting one of these runs towards those statistics. Thanks for drawing this to our attention, and we'll hopefully have this fixed shortly!
In the meantime, having looked at your workflow, you might want to consider more closely following the best-practices shown in the CodeQL starter workflow, which uses a matrix build. In this case you would…