From: Juan Hoyos Date: Sat, 19 Nov 2022 15:59:04 +0000 (-0500) Subject: Add CodeQL pipeline (#3513) X-Git-Tag: accepted/tizen/unified/riscv/20231226.055542~45^2^2~16 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=193334de2c8e44baadbf35a1f40b683185c38bd5;p=platform%2Fcore%2Fdotnet%2Fdiagnostics.git Add CodeQL pipeline (#3513) --- diff --git a/.config/tsaoptions.json b/.config/tsaoptions.json new file mode 100644 index 000000000..ac0f7012d --- /dev/null +++ b/.config/tsaoptions.json @@ -0,0 +1,10 @@ +{ + "instanceUrl": "https://devdiv.visualstudio.com/", + "template": "TFSDEVDIV", + "projectName": "DEVDIV", + "areaPath": "DevDiv\\NET Runtime\\Diagnostics\\SDL", + "iterationPath": "DevDiv", + "notificationAliases": [ "clrdiag-sdl@microsoft.com" ], + "repositoryName": "diagnostics", + "codebaseName": "diagnostics" + } \ No newline at end of file diff --git a/diagnostics-codeql.yml b/diagnostics-codeql.yml new file mode 100644 index 000000000..ee506ce6d --- /dev/null +++ b/diagnostics-codeql.yml @@ -0,0 +1,152 @@ +parameters: +- name: runtimeFeed + displayName: Feed for runtime installation + type: string + default: default + values: + - default +- name: runtimeFeedToken + displayName: Base 64 SAS Token for runtime installation + type: string + default: default + values: + - default + +trigger: + none + +schedules: + - cron: 0 3 * * SUN + displayName: Weekly Sunday CodeQL run + branches: + include: + - main + always: true + +variables: + # CG is handled in the primary CI pipeline + - name: skipComponentGovernanceDetection + value: true + +stages: +- stage: build + displayName: Build and Test Diagnostics + jobs: + - template: /eng/build.yml + parameters: + name: Windows + osGroup: Windows_NT + isCodeQLRun: true + strategy: + matrix: + Build_Release: + _BuildConfig: Release + _BuildArch: x64 + Build_Release_x86: + _BuildConfig: Release + _BuildArch: x86 + Build_Release_arm: + _BuildConfig: Release + _BuildArch: arm + Build_Release_arm64: + _BuildConfig: Release + _BuildArch: arm64 + + - template: /eng/build.yml + parameters: + name: CentOS_7 + osGroup: Linux + dockerImage: mcr.microsoft.com/dotnet-buildtools/prereqs:centos-7-3e800f1-20190501005343 + isCodeQLRun: true + strategy: + matrix: + Build_Release: + _BuildConfig: Release + _BuildArch: x64 + + - template: /eng/build.yml + parameters: + name: Alpine3_13 + osGroup: Linux + dockerImage: mcr.microsoft.com/dotnet-buildtools/prereqs:alpine-3.13-WithNode-20210910135845-c401c85 + isCodeQLRun: true + strategy: + matrix: + Build_Release: + _BuildConfig: Release + _BuildArch: x64 + + - template: /eng/build.yml + parameters: + name: MacOS + osGroup: MacOS + isCodeQLRun: true + strategy: + matrix: + Build_Release: + _BuildConfig: Release + _BuildArch: x64 + + - template: /eng/build.yml + parameters: + name: MacOS_arm64 + osGroup: MacOS_cross + crossbuild: true + isCodeQLRun: true + strategy: + matrix: + Build_Release: + _BuildConfig: Release + _BuildArch: arm64 + + - template: /eng/build.yml + parameters: + name: Linux_arm + osGroup: Linux + dockerImage: mcr.microsoft.com/dotnet-buildtools/prereqs:ubuntu-16.04-cross-20210719121212-8a8d3be + crossrootfsDir: '/crossrootfs/arm' + isCodeQLRun: true + strategy: + matrix: + Build_Release: + _BuildConfig: Release + _BuildArch: arm + + - template: /eng/build.yml + parameters: + name: Linux_arm64 + osGroup: Linux + dockerImage: mcr.microsoft.com/dotnet-buildtools/prereqs:ubuntu-16.04-cross-arm64-20210719121212-8a8d3be + crossrootfsDir: '/crossrootfs/arm64' + isCodeQLRun: true + strategy: + matrix: + Build_Release: + _BuildConfig: Release + _BuildArch: arm64 + + - template: /eng/build.yml + parameters: + name: Linux_musl_arm + osGroup: Linux + dockerImage: mcr.microsoft.com/dotnet-buildtools/prereqs:ubuntu-16.04-cross-arm-alpine-20210923140502-78f7860 + crossrootfsDir: '/crossrootfs/arm' + isCodeQLRun: true + strategy: + matrix: + Build_Release: + _BuildConfig: Release + _BuildArch: arm + + - template: /eng/build.yml + parameters: + name: Linux_musl_arm64 + osGroup: Linux + dockerImage: mcr.microsoft.com/dotnet-buildtools/prereqs:ubuntu-16.04-cross-arm64-alpine-20210923140502-78f7860 + crossrootfsDir: '/crossrootfs/arm64' + isCodeQLRun: true + strategy: + matrix: + Build_Release: + _BuildConfig: Release + _BuildArch: arm64 \ No newline at end of file diff --git a/eng/build.yml b/eng/build.yml index 430636ea7..8c3263593 100644 --- a/eng/build.yml +++ b/eng/build.yml @@ -21,6 +21,7 @@ parameters: dependsOn: '' artifactsTargetPath: '' requiresCapPtraceContainer: false + isCodeQLRun: false jobs: - template: /eng/common/templates/job/job.yml @@ -95,13 +96,24 @@ jobs: --docker-image $(_DockerImageName) --source-directory $(Build.SourcesDirectory) --container-name diagnostics-$(Build.BuildId) - - - ${{ if eq(parameters.buildAndSkipTest, 'true') }}: + - ${{ if eq(parameters.isCodeQLRun, 'true') }}: + - name: Codeql.Enabled + value: True + - name: Codeql.Cadence + value: 0 + - name: Codeql.TSAEnabled + value: True + - name: Codeql.BuildIdentifier + value: $(System.JobDisplayName) + - name: Codeql.Language + value: csharp,cpp + + - ${{ if or(eq(parameters.buildAndSkipTest, 'true'), eq(parameters.isCodeQLRun, 'true')) }}: - _TestArgs: '' - _InternalInstallArgs: '' # For testing msrc's and service releases. The RuntimeSourceVersion is either "default" or the service release version to test - - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest')) }}: + - ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), eq(parameters.isCodeQLRun, 'false')) }}: - _InternalInstallArgs: -dotnetruntimeversion '$(DotnetRuntimeVersion)' -dotnetruntimedownloadversion '$(DotnetRuntimeDownloadVersion)' @@ -137,6 +149,10 @@ jobs: sourceFolder: $(Build.ArtifactStagingDirectory)/__download__/Build_$(_BuildConfig)/bin/Linux.$(_BuildArch).$(_BuildConfig) targetFolder: '$(Build.SourcesDirectory)/artifacts/bin/Linux.$(_BuildArch).$(_BuildConfig)' + - ${{ if eq(parameters.isCodeQLRun, 'true') }}: + - task: CodeQL3000Init@0 + displayName: CodeQL Initialize + - script: $(_dockerEnv) $(_buildScript) -configuration $(_BuildConfig) -architecture $(_BuildArch) @@ -149,6 +165,10 @@ jobs: env: ROOTFS_DIR: ${{ parameters.crossrootfsDir }} + - ${{ if eq(parameters.isCodeQLRun, 'true') }}: + - task: CodeQL3000Finalize@0 + displayName: CodeQL Finalize + - ${{ if ne(variables['System.TeamProject'], 'public') }}: - task: CopyFiles@2 displayName: Gather binaries for publish to artifacts @@ -209,7 +229,7 @@ jobs: continueOnError: true condition: always() - - ${{ if eq(parameters.buildAndSkipTest, 'false') }}: + - ${{ if and(eq(parameters.buildAndSkipTest, 'false'), eq(parameters.isCodeQLRun, 'false')) }}: # Publish test results to Azure Pipelines - task: PublishTestResults@2 inputs: