I have an Azure DevOps build pipeline. In that pipeline I am trying to build a Swift codebase and scan it with CodeQL. I am using indirect tracing to separate the CodeQL and build steps into separate components.

I have the following in my pipeline:

- template: pre_build_codeql.yml
      
- task: Xcode@5
  inputs:
    actions: 'build'
    scheme: 'MyApp'
    sdk: 'iphoneos17.2'
    configuration: 'Debug'
    xcWorkspacePath: '**/MyApp.xcworkspace'
    xcodeVersion: 'default'
    useXcpretty: true
    args: "-verbose"
    
- template: post_build_codeql.yml

pre_build_codeql.yml will do the following (simplified):

codeql database init --source-root 's/MyApp' --language swift --begin-tracing codeql-db --overwrite --db-cluster
codeql-db/temp/tracingEnvironment/start-tracing.sh

This will commence the indirect tracing and set the relevant environment variables.

post_build_codeql.yml will do the following (simplified):

printenv # I can see that environment variables such as SEMMLE_PRELOAD_libtrace are set
codeql-db/temp/tracingEnvironment/end-tracing.sh    
codeql database finalize codeql-db/swift
# Other analyze steps

When finalizing the database, I get the following error:

CodeQL detected code written in Swift but could not process any of it. This can occur if the specified build commands failed to compile or process any code.
 - Confirm that there is some source code for the specified language in the project.
 - For codebases written in Go, JavaScript, TypeScript, and Python, do not specify 
   an explicit --command.
 - For other languages, the --command must specify a "clean" build which compiles 
   all the source code files without reusing existing build artefacts.

However, if I run the following, a build and codeql database are created:

codeql database create --overwrite --language swift --command "xcodebuild -sdk iphoneos17.2 -configuration Debug -workspace /s/MyApp -scheme MyApp build -verbose CODE_SIGNING_ALLOWED=NO" codeql-db/swift

So I know there is nothing wrong with the build or CodeQL, leading me to wonder about the xcode azure pipeline task.

It’s almost like the environment variables are not being passed to the Xcode task step.

Can anyone please offer some advice?