From 84ebcb47e4d4f9712cfe64e6a3400392ae4fc8b6 Mon Sep 17 00:00:00 2001 From: tmat Date: Fri, 28 Oct 2022 10:11:14 -0700 Subject: [PATCH 1/2] Add CodeQL pipeline --- azure-pipelines-codeql.yml | 64 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 azure-pipelines-codeql.yml diff --git a/azure-pipelines-codeql.yml b/azure-pipelines-codeql.yml new file mode 100644 index 000000000..9ad5f37c7 --- /dev/null +++ b/azure-pipelines-codeql.yml @@ -0,0 +1,64 @@ +parameters: + # Optionally do not publish to TSA. Useful for e.g. verifying fixes before PR. +- name: TSAEnabled + displayName: Publish results to TSA + type: boolean + default: true + +variables: +- template: eng/common-variables.yml +- template: eng/common/templates/variables/pool-providers.yml + # CG is handled in the primary CI pipeline +- name: skipComponentGovernanceDetection + value: true + # Force CodeQL enabled so it may be run on any branch +- name: Codeql.Enabled + value: true + # Do not let CodeQL 3000 Extension gate scan frequency +- name: Codeql.Cadence + value: 0 + # CodeQL needs this plumbed along as a variable to enable TSA +- name: Codeql.TSAEnabled + value: ${{ parameters.TSAEnabled }} + + # Build variables +- name: _BuildConfig + value: Release + +trigger: none + +schedules: + - cron: 0 12 * * 1 + displayName: Weekly Monday CodeQL run + branches: + include: + - main + - release/6.0 + - release/7.0 + always: true + +jobs: +- job: codeql + displayName: CodeQL + pool: + name: $(DncEngInternalBuildPool) + demands: ImageOverride -equals 1es-windows-2022 + timeoutInMinutes: 90 + + steps: + + - task: UseDotNet@2 + inputs: + useGlobalJson: true + + - task: CodeQL3000Init@0 + displayName: CodeQL Initialize + + - script: eng\common\cibuild.cmd + -configuration $(_BuildConfig) + -prepareMachine + /p:Test=false + displayName: Windows Build + + - task: CodeQL3000Finalize@0 + displayName: CodeQL Finalize From 417c93a1c9d5c334e4b027b061c9b42fb2f1a9e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Matou=C5=A1ek?= Date: Fri, 28 Oct 2022 10:12:26 -0700 Subject: [PATCH 2/2] Update azure-pipelines-codeql.yml --- azure-pipelines-codeql.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/azure-pipelines-codeql.yml b/azure-pipelines-codeql.yml index 9ad5f37c7..57df4ab3b 100644 --- a/azure-pipelines-codeql.yml +++ b/azure-pipelines-codeql.yml @@ -33,8 +33,6 @@ schedules: branches: include: - main - - release/6.0 - - release/7.0 always: true jobs: