From 8a4bc2af67790e0281813901a980a38b81b47124 Mon Sep 17 00:00:00 2001 From: Manvir Kaur <67894494+manvkaur@users.noreply.github.com> Date: Wed, 18 Dec 2024 22:28:54 +0000 Subject: [PATCH 1/4] codeql.compiled.enabled - true --- eng/ci/public-build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index 67bce6b..507a488 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -30,7 +30,9 @@ variables: - name: codeql.buildIdentifier value: java_library_public - name: codeql.excludePathPatterns - value: '/extract,/azure-maven-archetypes,/azure-maven-plugins,/azure-functions-java-worker' + value: '/extract,/azure-maven-archetypes,/azure-maven-plugins,/azure-functions-java-worker' + - name: codeql.compiled.enabled + value: true extends: template: v1/1ES.Unofficial.PipelineTemplate.yml@1es From 124a38cf081eec44bf3104e91ab0336d7cb0285c Mon Sep 17 00:00:00 2001 From: Manvir Kaur <67894494+manvkaur@users.noreply.github.com> Date: Wed, 18 Dec 2024 22:30:42 +0000 Subject: [PATCH 2/4] format file --- eng/ci/public-build.yml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index 507a488..734241a 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -1,28 +1,28 @@ schedules: -- cron: "0 0 * * *" - displayName: Nightly Build - branches: - include: - - dev - always: true + - cron: '0 0 * * *' + displayName: Nightly Build + branches: + include: + - dev + always: true trigger: batch: true branches: include: - - dev + - dev pr: branches: include: - - dev + - dev resources: repositories: - - repository: 1es - type: git - name: 1ESPipelineTemplates/1ESPipelineTemplates - ref: refs/tags/release + - repository: 1es + type: git + name: 1ESPipelineTemplates/1ESPipelineTemplates + ref: refs/tags/release variables: - name: codeql.language @@ -30,7 +30,7 @@ variables: - name: codeql.buildIdentifier value: java_library_public - name: codeql.excludePathPatterns - value: '/extract,/azure-maven-archetypes,/azure-maven-plugins,/azure-functions-java-worker' + value: '/extract,/azure-maven-archetypes,/azure-maven-plugins,/azure-functions-java-worker' - name: codeql.compiled.enabled value: true @@ -47,7 +47,7 @@ extends: skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }} stages: - - stage: Build + - stage: Build - jobs: - - template: /eng/ci/templates/jobs/build.yml@self \ No newline at end of file + jobs: + - template: /eng/ci/templates/jobs/build.yml@self From d899545a7df6652278ff8eabd460449078a38019 Mon Sep 17 00:00:00 2001 From: Manvir Kaur <67894494+manvkaur@users.noreply.github.com> Date: Wed, 18 Dec 2024 22:31:35 +0000 Subject: [PATCH 3/4] keep newline --- eng/ci/public-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index 734241a..f9b9e2b 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -51,3 +51,4 @@ extends: jobs: - template: /eng/ci/templates/jobs/build.yml@self + From 6ec4f579902a50e72de986cd4bad1d3107fb3b25 Mon Sep 17 00:00:00 2001 From: Manvir Kaur <67894494+manvkaur@users.noreply.github.com> Date: Thu, 19 Dec 2024 19:31:49 +0000 Subject: [PATCH 4/4] move codeql to sdl section of 1espt --- eng/ci/public-build.yml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index f9b9e2b..4e9e0c4 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -24,16 +24,6 @@ resources: name: 1ESPipelineTemplates/1ESPipelineTemplates ref: refs/tags/release -variables: - - name: codeql.language - value: java,powershell - - name: codeql.buildIdentifier - value: java_library_public - - name: codeql.excludePathPatterns - value: '/extract,/azure-maven-archetypes,/azure-maven-plugins,/azure-functions-java-worker' - - name: codeql.compiled.enabled - value: true - extends: template: v1/1ES.Unofficial.PipelineTemplate.yml@1es parameters: @@ -42,6 +32,14 @@ extends: image: 1es-windows-2022 os: windows + sdl: + codeql: + compiled: + enabled: true # still only runs for default branch + language: java,powershell + buildIdentifier: java_library_public + excludePathPatterns: '/extract,/azure-maven-archetypes,/azure-maven-plugins,/azure-functions-java-worker' + settings: # PR's from forks do not have sufficient permissions to set tags. skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }}