ci(codeql): manual c-cpp build replaces autobuild#50
Closed
CryptoJones wants to merge 2 commits into
Closed
Conversation
CodeQL's autobuilder has been failing on every PR (including doc-only ones — see #44, #47, #48) with: cpp/autobuilder: Incompatible operating system (expected Windows). cpp/autobuilder: No supported build system detected. The autobuilder scans the repo root for a recognized build file (Makefile, CMakeLists.txt, etc.); the decompiler's Makefile lives at Ghidra/Features/Decompiler/src/decompile/cpp/, so the scan fails and the c-cpp matrix leg goes red even when no C++ source is touched. The actual Java/Kotlin, Actions, and Python legs have always been fine; only c-cpp was affected. Fix: replace the `github/codeql-action/autobuild@v3` step with an explicit `make libdecomp_dbg.a` invocation that cd's into the decompiler tree. libdecomp_dbg.a is the static-archive target that compiles every LIBDECOMP_NAMES source into com_dbg/*.o then `ar qc`s them; it does NOT need BFD at link time (no -lbfd dependency), so binutils-dev / libiberty-dev drop out of the apt-get list too. CodeQL's tracer picks up the .o compile commands during the make invocation, which is exactly the input static analysis needs. The autobuild step stays for the `actions` and `python` matrix legs (it works fine for both — actions is just YAML, python doesn't need a build at all). Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/ Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
PR #50 first attempt removed `binutils-dev libiberty-dev` from the apt-get install on the theory that libdecomp_dbg.a is a static archive with no link step. That was wrong: In file included from analyzesigs.cc:17: loadimage_bfd.hh:37:10: fatal error: bfd.h: No such file or directory 37 | #include <bfd.h> | ^~~~~~~ `analyzesigs.cc` and `loadimage_bfd.cc` `#include <bfd.h>` at the top of the file, so the header is needed at compile time even when we never link against `-lbfd`. Restoring the original deps install. The autobuild replacement (`make libdecomp_dbg.a`) stays as the right approach — the failure was a stale assumption about which headers the archive's component .o files need, not about the overall strategy. Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/ Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
CryptoJones
added a commit
that referenced
this pull request
May 26, 2026
…n work (#72) CHANGELOG.md's [Unreleased] section wasn't updated as PRs landed throughout the day. Adding a single dated section (2026-05-26) that records the 28 PRs merged this session, grouped by Rec: - Rec 28: ignoreAudit Stage 2 strict, 17 author-declared-not-a- regression-test deletions, tracking-issue re-file, inventory honesty refresh. - Rec 31: cppRaiiAudit per-file gate (Stage 1), marshal RAII Stage 2A, Stage 2C design doc. - Rec 13/14: OSS-Fuzz primary_contact fill-in + in-tree/upstream sync + upstream PR (google/oss-fuzz#15545) submitted. - CI / housekeeping: sync-labels live mode, 26-branch sweep. - Doc sync: SprintPlanning marshalshipped + std::span deviation. Also noted the three in-flight PRs (#50/#51/#52) that landed-as-CI but didn't merge yet, so they appear as "queued" rather than as shipped work. Also fixes a stale "Work toward v26.1.10" header — v26.1.10 already shipped (per the Released section); [Unreleased] is now toward v26.1.11. Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/ Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Owner
Author
|
Superseded by #74. PR #51's squash-merge accidentally included PR #50's first commit (the wrong-binutils-dev attempt), so PR #50 in current form would re-apply that already-landed commit AND the second one — hence the unresolvable conflict. PR #74 cherry-picks only the second-commit fix (binutils-dev added back) onto current master. |
CryptoJones
added a commit
that referenced
this pull request
May 26, 2026
PR #51's branch was inadvertently based on the in-flight PR #50 CodeQL-fix branch (not master), so PR #51's squash-merge included PR #50's broken first commit alongside the intended lvalue RAII change. Master at f41d8fc ended up with the broken CodeQL config; PR #50 couldn't merge as-is; PR #52 (xml global_scan, stacked on PR #51) also auto-closed when its base disappeared. Mitigation: - PR #74 cherry-picks PR #50's second commit (binutils-dev fix) onto current master cleanly. - PR #73 cherry-picks PR #52's global_scan commit onto current master cleanly. Adds an entry to Apologies.md at the top (per the log policy) recording cause + downstream damage + mitigation. Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/ Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
CryptoJones
added a commit
that referenced
this pull request
May 26, 2026
PR #50 first attempt removed `binutils-dev libiberty-dev` from the apt-get install on the theory that libdecomp_dbg.a is a static archive with no link step. That was wrong: In file included from analyzesigs.cc:17: loadimage_bfd.hh:37:10: fatal error: bfd.h: No such file or directory 37 | #include <bfd.h> | ^~~~~~~ `analyzesigs.cc` and `loadimage_bfd.cc` `#include <bfd.h>` at the top of the file, so the header is needed at compile time even when we never link against `-lbfd`. Restoring the original deps install. The autobuild replacement (`make libdecomp_dbg.a`) stays as the right approach — the failure was a stale assumption about which headers the archive's component .o files need, not about the overall strategy. Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/ Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
CryptoJones
added a commit
that referenced
this pull request
May 26, 2026
…leased] (#76) The catch-up changelog PR (#72) listed #50, #51, #52 as in-flight. Now resolved: - #51 (lvalue) — merged (was the lone in-flight item that landed cleanly). - #50 (CodeQL fix) — superseded by #74 after the stacking mistake. #74 landed and Analyze (c-cpp) now passes on master. - #52 (global_scan) — superseded by #73 after the same stacking mistake. #73 landed. - #75 (Apologies) — landed alongside, recording the chain. Removes the "in flight" footnote and replaces with a paragraph explaining the chain of events so readers understand why #50 / #52 are absent from the merged ledger and #73 / #74 are present covering the same scope. Aaron's per-PR changelog feedback (feedback_changelog_per_pr.md) applied: this PR ships its own changelog touch alongside the actual state change, not as a catch-up. Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/ Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CodeQL's autobuilder has been failing on every PR (including doc-only ones — see #44, #47, #48) with:
The autobuilder scans the repo root for a recognized build file (Makefile, CMakeLists.txt, etc.); the decompiler's Makefile lives at
Ghidra/Features/Decompiler/src/decompile/cpp/, so the scan fails and the c-cpp matrix leg goes red even when no C++ source is touched. The actual Java/Kotlin, Actions, and Python legs have always been fine; only c-cpp was affected.Fix: replace the
github/codeql-action/autobuild@v3step with an explicitmake libdecomp_dbg.ainvocation thatcds into the decompiler tree.libdecomp_dbg.ais the static-archive target that compiles everyLIBDECOMP_NAMESsource intocom_dbg/*.othenar qcs them; it does NOT need BFD at link time (no-lbfddependency), sobinutils-dev/libiberty-devdrop out of theapt-getlist too. CodeQL's tracer picks up the.ocompile commands during the make invocation, which is exactly the input static analysis needs.The autobuild step stays for the
actionsandpythonmatrix legs (it works fine for both — actions is just YAML, python doesn't need a build at all).Proudly Made in Nebraska. Go Big Red! 🌽 https://xkcd.com/2347/