Skip to content

Commit

Permalink
[ci] Disable CodeQL on macOS, Linux, non-main jobs (#9111)
Browse files Browse the repository at this point in the history
Attempt to save some build time on macOS and Linux by disabling CodeQL.
This step will still run during the Windows build job in CI, as well as
the macOS nightly build job.

An explicit branch check has also been added to ensure CodeQL only runs
against the main branch.
  • Loading branch information
pjcollins authored Jul 15, 2024
1 parent 000759c commit bacac2c
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 1 deletion.
5 changes: 4 additions & 1 deletion build-tools/automation/azure-pipelines.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,10 @@ extends:
binskim:
scanOutputDirectoryOnly: true
codeql:
runSourceLanguagesInSourceAnalysis: true
${{ if ne(variables['Build.SourceBranch'], 'refs/heads/main') }}:
compiled:
enabled: false
justificationForDisabling: CodeQL disabled for non-main branch builds
policheck:
enabled: false
justification: Built in task does not support multi-language scanning
Expand Down
5 changes: 5 additions & 0 deletions build-tools/automation/yaml-templates/build-linux.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,11 @@ stages:
CC: gcc-10
${{ if eq(parameters.use1ESTemplate, true) }}:
templateContext:
sdl:
codeql:
compiled:
enabled: false
justificationForDisabling: CodeQL runs against the Windows build and nightly macOS build
outputs:
- output: pipelineArtifact
displayName: upload linux sdk
Expand Down
5 changes: 5 additions & 0 deletions build-tools/automation/yaml-templates/build-macos.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@ stages:
clean: all
${{ if eq(parameters.use1ESTemplate, true) }}:
templateContext:
sdl:
codeql:
compiled:
enabled: false
justificationForDisabling: CodeQL runs against the Windows build and nightly macOS build
outputParentDirectory: ${{ parameters.xaSourcePath }}/bin
outputs:
- output: pipelineArtifact
Expand Down

0 comments on commit bacac2c

Please sign in to comment.