Details
-
Task
-
Resolution: Unresolved
-
Major - P3
-
None
-
None
-
None
-
None
-
Developer Tools
-
5
-
Iteration Scutellosaurus, Iteration Triceratops, Iteration Triceratops 1
Description
This was split from https://jira.mongodb.org/browse/COMPASS-7482, since the analysis for ccp in boxednode requires the template to be built seemingly in a different way as what boxednode is doing: CodeQL needs to trace the compilation of the template before analyzing it. Unfortunalely it doesn't seem to be happy with just instrumenting one execution of boxednode, which compiles node.js with the main template.
The action fails without further output and the job is reported as skipped: https://github.com/mongodb-js/boxednode/actions/runs/7198182160/job/19607029983?pr=52
NOTES:
- I've not investigated further, but a simple explanation could be that we are not compiling directly the template but one of its instances in a different path, so nothing would trace back to any of the paths present in the repo, hence there is nothing to report back in the analysis.
- While more complex than anticipated, scanning the main template is still useful since a modified version is used as main entry for mongosh.