Encountering a code signing issue while building the .app

[valeriiatym]

Hi,

We're still experiencing an issue with code signing when building the .app with the initialized CodeQL setup:

** ARCHIVE FAILED **

The following build commands failed:
	CodeSign /Users/test/Library/Developer/Xcode/DerivedData/test-bjpcnarfduumrnaetkciiatxsspz/Build/Intermediates.noindex/ArchiveIntermediates/Test/IntermediateBuildFilesPath/UninstalledProducts/macosx/TestApplication.app (in target 'TestApplication' from project 'Products')
	Archiving workspace Test with scheme Test

We've decided to run the CodeQL analysis on targets that do not require code signing. However, it would be ideal if you could address this issue so that we can run the analysis directly on the .app build.

Please refer to the attached log file for more details.

Thanks!

build-tracer.log

[aibaars]

Could you attach the other log files as well? There do not appear to be any relevant error messages in the build-tracer.log .

[valeriiatym]

@aibaars Do you need logs from git hub actions?

[aibaars]

@aibaars Do you need logs from git hub actions?

Yes, and the ones from the debug artifact as well.

[valeriiatym]

@aibaars Hi, I created support ticket #3258270 and attached logs to it.

[aibaars]

@aibaars Hi, I created support ticket #3258270 and attached logs to it.

@valeriiatym Thanks! I found the support ticket, but noticed you only uploaded two log files. I also didn't see the original error message you reported (ARCHIVE FAILED) in any of the log files. I think there should be more log files in the debug artifact, in a (sub)folder named log. If you find more files, please attach them to support ticket #3258270.

I did see quite a lot of error like posix_spawn error: Bad executable (or shared library) (85), ["/usr/bin/sandbox-exec". I assume these messages do not occur when running a normal build without CodeQL. I suspect that CodeQL's "process tracer" is interacting badly with the sandbox-exec binary for some reason.

[valeriiatym]

@aibaars

I assume these messages do not occur when running a normal build without CodeQL.

yes, you are right.

Updated ticket with logs.

[aibaars]

@valeriiatym The timestamps in the latest log does not match the ones from the previously uploaded files. This makes me think they are from different runs. It would be great to have a set of log files (actions logs, build-tracer.log, and any other log files in the debug artefact) of the same workflow run. Having a clear picture of what happens at which time hopefully give us enough information to diagnose what is going wrong.

[valeriiatym]

@aibaars yes, logs from gha workflow can be from different run. I re-run it several times with the same logic. And I can make you sure that nothing was changed. Thanks

[redsun82]

👋 @valeriiatym

@aibaars 's point here is not about something possibly having changed in between the runs, but to have a single run as source of all different logs (build-tracer.log, debug artifacts, action logs). As we have to deal with different log kinds, if they all are from the same run we can at least track what happens in the different logs looking at the timestamps, so that we can link up events appearing on different logs. If on the other hand we deal with different log kinds coming from different runs, we lose that information, which makes the investigation quite harder. It'd be great if we could get the log and debug artifacts you provided so far, but all coming from the exact same run.