-
Notifications
You must be signed in to change notification settings - Fork 333
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Log warning if SIP is disabled and CLI version is < 2.15.1 #2261
Conversation
Prior to CLI v2.15.1, ARM runners were not supported by the build tracer. "macos-latest" is now an ARM runner, so we run these tests on the old CLIs on Intel runners instead.
645450c
to
db8b7f5
Compare
Just so we can see all CLI versions that are failing on `macos-12`
e0223de
to
b6e9f31
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks - generally looks good but a couple of minor suggestions.
!(await isSipEnabled(logger)) | ||
) { | ||
logger.warning( | ||
"CodeQL versions 2.15.0 and lower are not supported on MacOS ARM machines with System Integrity Protection (SIP) disabled.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The warning mentions ARM, but you're not checking process.arch
.
Either we can change the warning to say macOS in general with SIP disabled is not supported on <=2.15.0 (not strictly true, but I don't know if we fixed other relocation issues that would affect Intel),
or change the code above to check process.arch
being arm
or arm64
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah yes, good point 👍 will change it to process.arch
as I believe that's more accurate to the problem we were looking at in 2.15.1.
src/init-action.ts
Outdated
// For CLI versions <2.15.1, build tracing caused errors in MacOS ARM machines with | ||
// System Integrity Protection (SIP) disabled. | ||
if ( | ||
!(await codeQlVersionAbove(codeql, "2.15.1")) && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor, separate: I had to go look at the definition to remind myself whether this was >
or >=
. Perhaps we should rename it codeQlVersionAtLeast
or similar.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, I always double check that it's using gte
too. I've made the change
pr-checks/sync.py
Outdated
(matrix.os == 'macos-latest' || | ||
matrix.os == 'macos-12') && ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we simplify this to just runner.os == 'macOS'
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, done!
ee744db
to
492f7d6
Compare
src/init-action.ts
Outdated
@@ -477,7 +477,7 @@ async function run() { | |||
// System Integrity Protection (SIP) disabled. | |||
if ( | |||
!(await codeQlVersionAbove(codeql, "2.15.1")) && | |||
process.platform === "darwin" && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line needs to remain!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh yes, Linux exists 😆
The
macos-latest
image is now ARM rather than Intel, so we need to change some of our PR Checks. The build tracer on CLI versions before v2.15.1 did not support the ARM machines where System Integrity Protection was disabled, which now includesmacos-latest
.This change:
macos-12
Intel runners for any checks where the CLI version is below v2.15.1Separately, the
macos-latest
image no longer supports Go on the path by default, so this PR addssetup-go
to all PR checks analyzing Go.I've updated the
Required
PR checks onmain
to include the new ones, but have not updatedv2
orv3
yet.Merge / deployment checklist