Swift: Xcode 16.2 - could not build module

[stefanrenne]

ADO pipelines using codeql bundle 2.21.0 with Xcode 16.2 and the following task configuration block me to compile a swift project. It fails on could not build module related errors.

Pipeline:

 - task: AdvancedSecurity-Codeql-Init@1
  inputs:
    enableAutomaticCodeQLInstall: true
    languages: swift
    querysuite: security-and-quality
- task: Xcode@5
  displayName: 'Build and archive'
  inputs:
    configuration: 'ANONYMISED'
    sdk: iphoneos
    xcWorkspacePath: ANONYMISED.xcodeproj
    scheme: 'ANONYMISED'
    xcodeVersion: specifyPath
    xcodeDeveloperDir: '/Applications/Xcode_$(xcodeVersion).app/Contents/Developer'
    packageApp: true
    archivePath: 'output/release'
    exportPath: 'output/release'
    exportOptions: plist
    exportOptionsPlist: 'Signing/$(buildType)/exportOptions.plist'
    signingOption: default

Output:
logging.txt

[aibaars]

This line in the logs looks worrying:

2025-04-07T09:45:08.3797660Z   fatalError
2025-04-07T09:45:08.3798290Z   Cyclic dependency in module 'DarwinFoundation': DarwinFoundation -> _stddef -> DarwinFoundation

Have you tried running the same build commands in ADO, but without CodeQL? If the same build command runs fine without CodeQL then CodeQL's analyzer is somehow interfering and causing a failure.

[stefanrenne]

@aibaars of course, without the AdvancedSecurity-Codeql-Init@1 task everything works fine :)

[aibaars]

@aibaars of course, without the AdvancedSecurity-Codeql-Init@1 task everything works fine :)

Thanks for confirming.

[aibaars]

It would be very helpful if you could attach the detailed CodeQL log file, in particular the build-tracer.log file. I'm afraid I'm not familiar with ADO pipelines, and do not know how to obtain such log file from an ADO run. For GitHub Actions the github/codeql-action/init step has a debug: true property to enable debug mode, which uploads a debug artifact with logs and much more. I'm not sure if the ADO task has a similar feature.

I could not find many other reports of Cyclic dependency in module 'DarwinFoundation': DarwinFoundation -> _stddef -> DarwinFoundation. I found the following, but no suggestions on how to fix the problem other than running a clean build:
https://www.reddit.com/r/flutterhelp/comments/1i7h270/vs_code_template_flutter_project_cycling/

[aibaars]

Here are some instructions to obtain debug artifacts. Note that the debug artifacts contain sensitive information such as the contents of analyzed files. If your repository is private then it is probably best to create an enterprise support ticket and move this conversation there.

[stefanrenne]

@aibaars I have been trying this but I keep on getting a error

Artifact name input: codeql-artifact
##[error]Path does not exist: /Users/runner/work/_temp\advancedsecurity.codeql\d\swift

Which is probably because the whole compiling is broken?

[aibaars]

##[error]Path does not exist: /Users/runner/work/_temp\advancedsecurity.codeql\d\swift

That looks really strange indeed. It looks like a mixup of Windows and Unix paths. Do you have any idea where the \advancedsecurity.codeql\d\ part comes from?

[stefanrenne]

@aibaars oke my bad, used the slash in the wrong direction. Attached the build tracer log, I will provide all other logging to our GitHub person of contact.

build-tracer.log

[redsun82]

The Error: Environment variable SEMMLE_PRELOAD_libtrace is not set (or empty), but it should be set messages indeed look quite suspicious. However in the worst case that should impede analysis, not the build itself.

By the way, on Github actions that environment variable is set by github/codeql-action/init in case of a traced language. Shouldn't that variable be set by AdvancedSecurity-Codeql-Init@1 then?