diff options
author | Mitchell Hwang <16830051+mdh1418@users.noreply.github.com> | 2022-11-12 01:45:10 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-12 01:45:10 +0300 |
commit | 5ef1cd5aa1a44efc93b31e56113f11c30d75c44f (patch) | |
tree | 8ff14a0de039bd399b843e42994c95c82b31da3d | |
parent | cefdac233d03164ece8b8bbf414458c4dce0fc82 (diff) | |
parent | e6c86291df231f568ff81ea6d2161d307b7e684e (diff) |
Merge pull request #314 from mdh1418/enable_codeqldotnet/main
Enable codeql with TSA in separate pipeline
-rw-r--r-- | .config/tsaoptions.json | 10 | ||||
-rw-r--r-- | .github/PULL_REQUEST_TEMPLATE.md | 5 | ||||
-rw-r--r-- | eng/azure-pipelines-codeql.yml | 102 |
3 files changed, 112 insertions, 5 deletions
diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json new file mode 100644 index 000000000000..179942118a9e --- /dev/null +++ b/.config/tsaoptions.json @@ -0,0 +1,10 @@ +{ + "instanceUrl": "https://devdiv.visualstudio.com/", + "template": "TFSDEVDIV", + "projectName": "DEVDIV", + "areaPath": "DevDiv\\mono", + "iterationPath": "DevDiv", + "notificationAliases": [ "runtimerepo-infra@microsoft.com" ], + "repositoryName": "llvm-project", + "codebaseName": "llvm-project" +}
\ No newline at end of file diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index a3d33bdb4d43..000000000000 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,5 +0,0 @@ -# **DO NOT FILE A PULL REQUEST** - -This repository does not accept pull requests. Please follow http://llvm.org/docs/Contributing.html#how-to-submit-a-patch for contribution to LLVM. - -# **DO NOT FILE A PULL REQUEST** diff --git a/eng/azure-pipelines-codeql.yml b/eng/azure-pipelines-codeql.yml new file mode 100644 index 000000000000..c27782483bf1 --- /dev/null +++ b/eng/azure-pipelines-codeql.yml @@ -0,0 +1,102 @@ +trigger: + none + +schedules: + - cron: 0 12 * * 1 + displayName: Weekly Monday CodeQL/Semmle run + branches: + include: + - dotnet/main + - objwriter/12.x + always: true + +variables: + - template: /eng/common-variables.yml + - name: Codeql.Enabled + value: True + - name: Codeql.Cadence + value: 0 + - name: Codeql.TSAEnabled + value: True + - name: Codeql.BuildIdentifier + value: $(System.JobDisplayName) + +stages: +- stage: Build + jobs: + - template: /eng/common/templates/jobs/jobs.yml + parameters: + jobs: + + ############ LINUX BUILD ############ + - job: Build_Linux + displayName: Linux + timeoutInMinutes: 480 + variables: + - _BuildConfig: Release + strategy: + matrix: + x64: + imagename: mcr.microsoft.com/dotnet-buildtools/prereqs:centos-7-20220716123527-d0bc8ed + archflag: --arch x64 + Devtoolset7Arg: /p:ForceDevtoolset7=true + pool: + ${{ if eq(variables['System.TeamProject'], 'public') }}: + vmImage: ubuntu-20.04 + ${{ if eq(variables['System.TeamProject'], 'internal') }}: + name: NetCore1ESPool-Internal + demands: ImageOverride -equals Build.Ubuntu.1804.Amd64 + container: + image: $(imagename) + steps: + - bash: | + set -ex + git clean -ffdx + git reset --hard HEAD + displayName: 'Clean up working directory' + + - task: CodeQL3000Init@0 + displayName: Initialize CodeQL (manually-injected) + + - bash: | + ./build.sh --ci --restore --build $(archflag) --configuration $(_BuildConfig) $(_InternalBuildArgs) $(Devtoolset7Arg) + displayName: 'Build' + + - task: CodeQL3000Finalize@0 + displayName: Finalize CodeQL (manually-injected) + + ############ WINDOWS BUILD ############ + - job: Build_Windows + displayName: Windows + timeoutInMinutes: 600 + strategy: + matrix: + # Release + x64_release: + _BuildConfig: Release + archflag: -arch x64 + pool: + ${{ if eq(variables['System.TeamProject'], 'public') }}: + name: NetCore-Public + demands: windows.vs2022.amd64.open + ${{ if eq(variables['System.TeamProject'], 'internal') }}: + name: NetCore1ESPool-Internal + demands: windows.vs2022.amd64 + steps: + - checkout: self + clean: true + fetchDepth: 2 + + - script: | + git clean -ffdx + git reset --hard HEAD + displayName: 'Clean up working directory' + + - task: CodeQL3000Init@0 + displayName: Initialize CodeQL (manually-injected) + + - powershell: eng\build.ps1 -ci -restore -build $(archflag) -configuration $(_BuildConfig) $(_InternalBuildArgs) + displayName: 'Build' + + - task: CodeQL3000Finalize@0 + displayName: Finalize CodeQL (manually-injected) |