Autobuild: Prefix invocations with CODEQL_RUNNER

Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
github · Dec 8, 2021 · 8fd6eec · 8fd6eec
1 parent 0a1efd7
commit 8fd6eec
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/src/codeql.ts b/src/codeql.ts
@@ -732,7 +732,17 @@ async function getCodeQLForCmd(
         "-Dmaven.wagon.http.pool=false",
       ].join(" ");
 
-      await runTool(autobuildCmd);
+      const runnerExecutable = process.env["CODEQL_RUNNER"] || "";
+      // On Mac, prefixing with the runner executable is required to handle System Integrity Protection.
+      if (runnerExecutable) {
+        // Earlier steps (init) are expected to have written the runner executable path
+        // to the tracing environment, and the current step is expected to have
+        // correctly loaded that environment.
+        await runTool(runnerExecutable, [autobuildCmd]);
+      } else {
+        // Fallback in case CODEQL_RUNNER wasn't correctly set or loaded.
+        await runTool(autobuildCmd);
+      }
     },
     async extractScannedLanguage(databasePath: string, language: Language) {
       // Get extractor location