[COMPASS-7540] Setup CodeQL for cpp in boxednode Created: 17/Dec/23  Updated: 31/Jan/24

Status: Ready for Work
Project: Compass
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Maurizio Casimirri Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Developer Tools
Epic Link: COMPASS-7052
Story Points: 5
Sprint: Iteration Scutellosaurus, Iteration Triceratops, Iteration Triceratops 1

 Description   

This was split from https://jira.mongodb.org/browse/COMPASS-7482, since the analysis for ccp in boxednode requires the template to be built seemingly in a different way as what boxednode is doing: CodeQL needs to trace the compilation of the template before analyzing it. Unfortunalely it doesn't seem to be happy with just instrumenting one execution of boxednode, which compiles node.js with the main template.

The action fails without further output and the job is reported as skipped: https://github.com/mongodb-js/boxednode/actions/runs/7198182160/job/19607029983?pr=52

NOTES:

  • I've not investigated further, but a simple explanation could be that we are not compiling directly the template but one of its instances in a different path, so nothing would trace back to any of the paths present in the repo, hence there is nothing to report back in the analysis.
  • While more complex than anticipated, scanning the main template is still useful since a modified version is used as main entry for mongosh.

Generated at Wed Feb 07 22:46:52 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.