Skip to content

Ensure non-customization library packs can be bundled #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 27, 2025
Merged

Ensure non-customization library packs can be bundled #15

merged 1 commit into from
Mar 27, 2025

Conversation

lcartey
Copy link
Contributor

@lcartey lcartey commented Mar 27, 2025

For workspaces with a mix of customization and non-customization library packs, bundling fails when trying to copy over the non-customization library packs with something similar to this error:

ERROR: Pack 'my-js-customization-pack' has a cyclic dependency on pack 'codeql/javascript-all'.
A fatal error occurred: A 'codeql resolve extensions-by-pack' operation failed with error code 2

The reason for this is because:

  • In the original workspace (containing the custom packs), the customization packs depend on the standard library pack.
  • When we copy the customization packs over, we invert the dependency - so that in the output bundle, the standard library pack depend on the customization packs for that language.
    • We implement this by copying each of the customization and standard library packs to a temp directory to modify the dependencies before packing them into the output bundle.
  • Library packs that are not customization packs are not copied into a temporary directory (because they don't require a modification of dependencies.
  • However, this means that the CodeQL CLI will validate the original workspace as a whole, but against the output bundle. This leads it to discovering the original customization packs, but trying to match them with the standard library packs in the output bundle. This creates a circular dependency.

We solve this by also copying non-customization library packs to a temporary directory, which then prevents the CodeQL CLI from scanning the original workspace and erroneously reporting a circular dependency.

@lcartey
Ensure non-customization library packs can be bundled
ba8fae0 
In the case of a mix of library customization and non
customization packs, circular dependencies could occur.

Copying the library pack to a new directory avoids the
dependency on the source workspace, and ensures only the
packs from the target distributions are used.
@lcartey lcartey requested a review from a team as a code owner March 27, 2025 13:00
@nicolaswill nicolaswill merged commit a83be8a into main Mar 27, 2025
2 checks passed
@nicolaswill nicolaswill deleted the lcartey/fix-non-customization-library-issue branch March 27, 2025 13:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolaswill nicolaswill nicolaswill approved these changes

@jeongsoolee09 jeongsoolee09 Awaiting requested review from jeongsoolee09

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lcartey @nicolaswill