Output path to preload_tracer in env file

[robertbrignull]

When building code on macos with SIP enabled it's necessary to prefix your build command with preload_tracer, so to make that easy we output a path to that executable in the env that you need to source. This means you should be able to run $CODEQL_PRELOAD_TRACER ./my-build-command.sh.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Confirm the readme has been updated if necessary.

[robertbrignull]

@p0, thanks for your suggestion to use ${CODEQL_DIST}/tools/${CODEQL_ARCH}/preload_tracer.
I've used CODEQL_DIST in this but I'm not sure CODEQL_ARCH is available so I've hardcoded the path as ${CODEQL_DIST}/tools/osx64/preload_tracer. Is this ok? The code path is only executed on osx.

[p0]

Yes, that would be safe enough.

[aibaars]

@p0, thanks for your suggestion to use ${CODEQL_DIST}/tools/${CODEQL_ARCH}/preload_tracer.
I've used CODEQL_DIST in this but I'm not sure CODEQL_ARCH is available so I've hardcoded the path as ${CODEQL_DIST}/tools/osx64/preload_tracer. Is this ok? The code path is only executed on osx.

The variable is called CODEQL_PLATFORM and should be available.

Why do we need to prefix things with the preload_tracer; wouldn't the codeql/tools/osx64/runner be enough?

[robertbrignull]

The variable is called CODEQL_PLATFORM and should be available.

Thanks. You're right. I've changed it to use that value.

[aibaars]

@p0 Wouldn't it be better to use the runner instead. It is available for all platforms including windows so we simply populate an env variable like CODEQL_RUNNER for all platforms. The advantage is that things keep on working in case a user tries to run the CI job on various platforms (or copy pastes the "$CODEQL_PRELOAD_TRACER" ./build-command.sh command line into a linux job). This could lead to unexpected problems due to undefined or empty environment variables.

[robertbrignull]

I've switched over to using the runner and outputting the env var on all platforms. I'm going to write some tests for this.

[aibaars]

On windows the binary is called runner.exe. I think it is fine to leave off the .exe extension on Windows, but you might want to add it just in case.

[robertbrignull]

Thanks. I was just looking at this. May as well add on the extension.

I also note there are runner-linux, runner-win.exe, and runner-osx. They appear to maybe be duplicates of the non-suffixed versions. Should these be ignored?

[aibaars]

I think these are left-overs of the legacy tools.

[robertbrignull]

I've added the CODEQL_RUNNER var to the unit tests, and added usages of it to some of the integration tests. Unfortunately the unit tests don't run on windows (I only just discovered this) and they don't pass either so enabling them will be a bit of work. So for windows we're relying on the integration tests to show that things are working, but that's probably fine.

[robertbrignull]

@aibaars or @adityasharad do you mind having another quick look over this and make sure I haven't done anything stupid since it was last reviewed?

[aibaars]

Looks good to me.