[C Sharp] Error: No source code was seen and extracted to path

[tangirala-aditya]

Hi @criemen,
I have tried adding /p:UseSharedCompilation=false to the command line of the dotnet build step.
Actually I have CSharp .NET 3.1 tried following documentation in order to publish codeql scan reports in azure devops platform but ended with
Error: No code found during the build. Please see:
https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning#no-code-found-during-the-build
Any suggestions on this!

Originally posted by @tangirala-aditya in #851 (comment)

[criemen]

Hi,
what's the platform you're building on? If it's Windows Server 2022, we're unfortunately not compatible with that yet, and there's nothing you can do about that :(

[tangirala-aditya]

Hi, The platform I am building on is Linux Platform(ubuntu-latest).Would like to know any code changes needed to be included in order to accomplish manual build in (C# .NET 3.1) runtime. So, any suggestions on this?

[adityasharad]

Could you please share your complete Azure DevOps workflow file, and the logs from the failing build?

[tangirala-aditya]

Could you please share your complete Azure DevOps workflow file, and the logs from the failing build?

The following is the yaml file for azure devops pipeline.

trigger: none
pool:
vmImage: ubuntu-latest
stages:

• stage: build
  displayName: Build
  dependsOn: []
  jobs:
  • job: codeQl
    displayName: Code Scanning using CodeQL
    steps:

    • checkout: self
      displayName: Checkout repository

    • task: PowerShell@2
      displayName: CodeQL Scan
      inputs:
      targetType: inline
      script: |-
      Write-Host "downloading Code QL analysis for windows"
      $ProgressPreference = 'SilentlyContinue'
      wget https://github.com/github/codeql-action/releases/latest/download/codeql-runner-linux
      chmod +x codeql-runner-linux
      Write-Host "Code QL analysis for linux downloaded, now we init it...."
      ./codeql-runner-linux init --github-url https://github.com --repository tangirala-aditya/azure-iot-platform-dotnet --github-auth $(GITHUB_PAT_TOKEN) --languages csharp

    • script: >-
      chmod +x ./codeql-runner/codeql-env.sh
      . ./codeql-runner/codeql-env.sh
      displayName: Export Environment Variables

    • task: PowerShell@2
      displayName: Manual Build and Analyse CodeQL
      inputs:
      targetType: inline
      script: |-
      dotnet restore
      dotnet build /p:UseSharedCompilation=false /p:OutDir=$(Build.SourcesDirectory)
      Write-Host "Analyzing with CodeQL"
      ./codeql-runner-linux analyze --github-url https://github.com --repository tangirala-aditya/azure-iot-platform-dotnet --github-auth $(GITHU{B}_{P}A{T}_{T}OKEN)--commit$(Build.SourceVersion) --ref $(Build.SourceBranch)

    • task: PublishBuildArtifacts@1
      inputs:
      PathtoPublish: '$(Build.SourcesDirectory)\src\codeql-runner\codeql-sarif'
      ArtifactName: 'CodeAnalysis'
      publishLocation: 'Container'

The following are the logs that says the following :

No source code was seen and extracted to /home/vsts/work/1/s/codeql-runner/codeql_databases/csharp.
This can occur if the specified build commands failed to compile or process any code.

• Confirm that there is some source code for the specified language in the project.
• For codebases written in Go, JavaScript, TypeScript, and Python, do not specify
  an explicit --command.
• For other languages, the --command must specify a "clean" build which compiles
  all the source code files without reusing existing build artefacts.
  No source code was seen and extracted to /home/vsts/work/1/s/codeql-runner/codeql_databases/csharp.
  This can occur if the specified build commands failed to compile or process any code.
• Confirm that there is some source code for the specified language in the project.
• For codebases written in Go, JavaScript, TypeScript, and Python, do not specify
  an explicit --command.
• For other languages, the --command must specify a "clean" build which compiles
  all the source code files without reusing existing build artefacts.
  Analyze failed
  Error: No code found during the build. Please see:
  https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning#no-code-found-during-the-build
  at toolrunnerErrorCatcher (/snapshot/dist/codeql-runner.js)
  at processTicksAndRejections (node:internal/process/task_queues:96:5)
  at async Object.finalizeDatabase (/snapshot/dist/codeql-runner.js)
  at async finalizeDatabaseCreation (/snapshot/dist/codeql-runner.js)
  at async runFinalize (/snapshot/dist/codeql-runner.js)
  at async Command. (/snapshot/dist/codeql-runner.js)
  ##[error]PowerShell exited with code '1'.

[adityasharad]

Thanks for sharing the workflow. The problem here is that . codeql-env.sh is not sufficient to export the environment variables for future build steps in Azure DevOps -- you need to use the ADO-specific mechanism for persisting environment variables.

Please follow the example at https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#example-of-creating-a-codeql-database-using-indirect-build-tracing on using the CodeQL CLI within an Azure DevOps workflow, and let us know if you need further help with it.
(That example also uses the CodeQL CLI rather than the CodeQL Runner, since the Runner is deprecated. See these docs on how to migrate.)