devActivitydevActivity Logo

CodeQL Java Fails on Non-Java PRs: A Deep Dive into CI/CD Efficiency and Software Developer Performance Metrics

In the fast-paced world of software development, ensuring code quality through automated tools like CodeQL is paramount. However, even robust CI/CD pipelines can encounter unexpected hurdles. A recent GitHub Community discussion highlighted a peculiar CodeQL failure that offers valuable insights into maintaining efficient development workflows and positively impacting software developer performance metrics.

Developer monitoring a successful CI/CD pipeline with green checkmarks, symbolizing code quality and efficiency.
Developer monitoring a successful CI/CD pipeline with green checkmarks, symbolizing code quality and efficiency.

CodeQL Java Fails on Non-Java PRs: A CI/CD Efficiency Deep Dive

AndreyZendesk initiated a discussion about a "strange issue" where a CodeQL run for Java failed in the "Finalizing java" step. The peculiar aspect? The pull request (PR) in question contained only markdown file changes, with no modifications to Java files. This unexpected error occurred despite a seemingly correct CodeQL workflow using build-mode: manual and gradlew assemble.

The error message was explicit:

Error: Encountered a fatal error while running "/opt/hostedtoolcache/CodeQL/2.25.1/x64/codeql/codeql database finalize --finalize-dataset --threads=4 --ram=14306 /home/runner/_work/_temp/codeql_databases/java". Exit code was 32 and last log line was: CodeQL detected code written in Java/Kotlin but this run didn't build any of it, or CodeQL could not process any of it. Ensure that you have provided manual build steps [...] For more information, review our troubleshooting guide at https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build . See the logs for more details.

This situation underscores a critical point for teams: even minor changes can expose underlying CI/CD configuration sensitivities. Ensuring code scanning tools reliably process the codebase, regardless of the PR's scope, is vital for accurate quality assessments and maintaining high software developer performance metrics.

The Original CodeQL Workflow Snippet

AndreyZendesk's workflow included these relevant steps for Java:

strategy:
  fail-fast: false
  matrix:
    include:
      - language: java
        build-mode: manual
      - language: actions
        build-mode: none
steps:
  - name: Checkout repository
    uses: actions/checkout@v5
    with:
      fetch-depth: 0
  - name: Initialize CodeQL
    uses: github/codeql-action/init@v4
    with:
      languages: ${{ matrix.language }}
      build-mode: ${{ matrix.build-mode }}
  - name: Set up JDK
    if: ${{ matrix.build-mode == 'manual' }}
    uses: actions/setup-java@v5.0.0
    with:
      distribution: 'zulu'
      java-version-file: .java-version
      cache: 'gradle'
  - name: Optimize Gradle properties for CI build
    if: ${{ matrix.build-mode == 'manual' }}
    run: |
      mkdir -p ~/.gradle
      cp gradle.properties ~/.gradle/gradle.properties
  - name: Build all modules
    if: ${{ matrix.build-mode == 'manual' }}
    run: ./gradlew assemble -x test --no-daemon
  - name: Perform CodeQL Analysis
    uses: github/codeql-action/analyze@v4
    with:
      category: "/language:${{matrix.language}}"
Developers collaborating to debug a CI/CD issue, pointing at a flowchart on a whiteboard.
Developers collaborating to debug a CI/CD issue, pointing at a flowchart on a whiteboard.

The Solution: A More Robust Build Step for CodeQL

The key insight came from SoftDeveloperSahil, who pointed out that the existing build step, ./gradlew assemble -x test --no-daemon, might not be sufficient for CodeQL to properly detect and compile all necessary Java classes. CodeQL requires a comprehensive build to create its database, even if the current PR doesn't directly modify Java source files. The suggested fix was to replace or augment the build command with a more thorough clean and build process.

The recommended build command to ensure CodeQL can detect compiled Java classes is:

./gradlew clean build -x test

This command performs a clean build, ensuring all Java sources are recompiled, which is crucial for CodeQL's analysis phase. While assemble might build artifacts, clean build guarantees a fresh compilation that CodeQL can fully process. SoftDeveloperSahil also suggested verifying GitHub Action versions, though the build step was the primary issue.

Key Takeaways for Developer Productivity

This discussion highlights several important lessons for maintaining a healthy CI/CD pipeline and contributing to strong software developer performance metrics:

  • Comprehensive Build Steps: For compiled languages like Java, ensure your CodeQL setup includes a build step that thoroughly compiles all source code. A clean build is often more reliable than a partial build.
  • Understanding Tool Requirements: CodeQL's "no source code seen" error indicates its build-tracer couldn't intercept compilation events. Understanding these underlying requirements is crucial for effective troubleshooting.
  • Impact on Productivity: Unexplained CI/CD failures, even for minor PRs, can significantly slow down development cycles. Proactive configuration and clear error resolution paths are essential for maximizing developer efficiency.

By implementing robust build steps for code scanning, teams can ensure consistent code quality checks, prevent unexpected pipeline failures, and ultimately contribute to a more productive development environment, reflecting positively on overall engineering statistics examples and team performance.

See Also

Gamification

Performance Review

Contributions Analytics

Work Quality Analytics

Actionable Alerts

Retrospective Insights

Track, Analyze and Optimize Your Software DeveEx!

Effortlessly implement gamification, pre-generated performance reviews and retrospective, work quality analytics, alerts on top of your code repository activity

 Install GitHub App to Start
devActivity Screenshot