From fd026a42d52c9d4dde559ef7df5444f2b26fd5f0 Mon Sep 17 00:00:00 2001 From: Victoria Hall Date: Wed, 22 Jan 2025 13:48:30 -0600 Subject: [PATCH 1/2] move codeql to template for public build --- eng/ci/public-build.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index 26f1b6625..aa7e199d6 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -28,14 +28,6 @@ resources: variables: - template: /eng/templates/utils/variables.yml@self - - name: codeql.excludePathPatterns - value: deps/,build/ - - name: codeql.compiled.enabled - value: true - - name: codeql.runSourceLanguagesInSourceAnalysis - value: true - - name: codeql.sourceLanguages - value: python, powershell extends: template: v1/1ES.Unofficial.PipelineTemplate.yml@1es @@ -44,8 +36,18 @@ extends: name: 1es-pool-azfunc-public image: 1es-windows-2022 os: windows + + sdl: + codeql: + compiled: + enabled: true # still only runs for default branch + language: python, powershell + excludePathPatterns: deps/,build/ + runSourceLanguagesInSourceAnalysis: true + settings: skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }} + stages: - stage: Build jobs: From e6cd597b4636736f207aedca6ca8756eb6a1cf1a Mon Sep 17 00:00:00 2001 From: Victoria Hall Date: Wed, 22 Jan 2025 13:52:56 -0600 Subject: [PATCH 2/2] renamed --- eng/ci/public-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index aa7e199d6..a8456b721 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -41,7 +41,7 @@ extends: codeql: compiled: enabled: true # still only runs for default branch - language: python, powershell + sourceLanguages: python, powershell excludePathPatterns: deps/,build/ runSourceLanguagesInSourceAnalysis: true