The following message was returned by the CodeQL CLI (version 2.19.0) when attempting to run a scan for a Maven-based Kotlin repository.
CodeQL detected code written in Java/Kotlin but could not process any of it. For more information, review our troubleshooting guide at https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.
After some trial and error, the cause was the Kotlin version referenced in the pom.xml. Simply put, the version specified was not supported by CodeQL.
So, how exactly did I fall into the trap? This blog post describes through the process for reproducing the error along with the edits applied in order to achieve a successful scan.
Reproducing the Issue
Create Maven | Kotlin Project
Some context before we begin, the JDK version that I’m using is:
[~]-> java -version
openjdk version "1.8.0_432"
...- Start by generating a quickstart Kotlin project at path
$HOME/maven-kotlin-eg, using an archetype:
$ cd $HOME
$ mvn archetype:generate \
-DarchetypeArtifactId=kotlin-archetype-jvm \
-DarchetypeGroupId=org.jetbrains.kotlin \
-DgroupId=com.techtoaster \
-DartifactId=maven-kotlin-eg \
-DarchetypeVersion=1.4.21 \
-DoutputDirectory=.- Run
git init:
cd $HOME/maven-kotlin-eg
git init- This should produce a project in our local
gitrepository with the following contents:
[~]-> tree $HOME/maven-kotlin-eg
$HOME/maven-kotlin-eg
├── pom.xml
└── src
├── main
│ └── kotlin
│ └── com
│ └── techtoaster
│ └── Hello.kt
└── test
└── kotlin
└── com
└── techtoaster
└── HelloTest.kt- Ensure the project compiles successfully
$ mvn clean compileCreate CodeQL Database
Create a CodeQL database at /tmp/db-kotlin:
$ cd $HOME/maven-kotlin-eg
$ codeql database create \
--language=java-kotlin \
--source-root=./ \
--command="mvn clean compile" \
/tmp/db-kotlin --overwriteThe message from the command’s output should confirm we’ve reproduced the issue.
[INFO] BUILD SUCCESS
…
[build-stdout] [INFO] ————————————————————————
Finalizing database at /tmp/db-kotlin.
CodeQL detected code written in Java/Kotlin but could not process any of it. For more information, review our troubleshooting guide at https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.
What Caused the Issue?
When the project was generated using mvn archetype:generate, the archetype version specified was:
-DarchetypeVersion=1.4.21
The properties section in our net pom.xml was populated with the following Kotlin version:
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<kotlin.version>1.4.21</kotlin.version>
<kotlin.code.style>official</kotlin.code.style>
<junit.version>4.12</junit.version>
</properties>Version 1.4.21 is outside of the Kotlin version range supported by CodeQL (1.5.0 to 2.1.0x).
Quick Workaround
If the project was very Kotlin-version centric, we would likely run into deprecation errors if we “fast-forward” the Kotlin version within the pom.xml. However, since the sample project is basic, our first approach could be to bump up the version to 1.5.0, i.e.,
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<kotlin.version>1.5.0</kotlin.version>
<kotlin.code.style>official</kotlin.code.style>
<junit.version>4.12</junit.version>
</properties>Test the compile still works:
$ cd $HOME/maven-kotlin-eg
$ mvn clean compile
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESSAttempt to recreate the CodeQL database:
$ codeql database create \
--language=java-kotlin \
--source-root=./ \
--command="mvn clean compile" \
/tmp/db-kotlin --overwriteOur log should look better this time:
[build-stdout] [INFO] BUILD SUCCESS
[build-stdout] [INFO] ————————————————————————
Finalizing database at /tmp/db-kotlin.
…
Running TRAP import for CodeQL database at /tmp/db-kotlin…
Importing TRAP files
Merging relations
Finished writing database (relations: 1.15 MiB; string pool: 2.22 MiB).
TRAP import complete (826ms).
Finished zipping source archive (1.08 KiB).
Successfully created database at /tmp/db-kotlin.