Hi guys, I ran the Golang CodeQL checks on this repository: https://github.com/CiscoDevNet/terraform-provider-cdo and found that it is unable to resolve some references. Those references are replaced in the go.mod file to a local package like this:

replace github.com/CiscoDevnet/terraform-provider-cdo/go-client => ../client

however, it seems like the tool does not recognise this:

May I know how can I resolve this? Any help is appreciated!

Thanks for reporting this. The error message suggests that this can be fixed by using a custom build command. Have you tried that?

I'm not sure CodeQL "understands" the replace statements in your mod.go file. I'll ask the team if we support this feature, and if not, perhaps it could be implemented.

Hi, thanks for the reply! I have added my custom build command and now the warnings are gone, however, it is still not running queries for the files in the client directory. I downloaded artifact and found that the files in the client directory had been indexed:

However, when I download the language csv report from this link (not sure if you can access)
https://github.com/CiscoDevNet/terraform-provider-cdo/security/code-scanning/tools/CodeQL/status, It says that all files in the client directory are not successfully extracted

And then I went to decode the files in codeql_databases/go/results/codeql/go-queries/Diagnostics/ExtractionErrors.bqrs and I got:

~/Downloads/artifact/codeql_databases/go/results/codeql/go-queries/Diagnostics ❯ codeql bqrs decode -- ExtractionErrors.bqrs                                                                                 17:46:07
| msg | sev |
+-----+-----+
~/Downloads/artifact/codeql_databases/go/results/codeql/go-queries/Diagnostics ❯

which seems to suggest no error is found. Does it mean that the codeql has intentionally filtered out that package? How can I tell codeql to run query on that package as well? Any suggestion would be helpful! Thanks!