From 3147cd1b83484dbe77e63d70a93c47a0c3c41665 Mon Sep 17 00:00:00 2001 From: Gaurav Sharma Date: Thu, 25 Sep 2025 15:46:24 +0530 Subject: [PATCH 1/6] CHORE: CodeQL ADO pipeline task --- eng/pipelines/pr-validation-pipeline.yml | 44 ++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/eng/pipelines/pr-validation-pipeline.yml b/eng/pipelines/pr-validation-pipeline.yml index 6621b10d..179ec639 100644 --- a/eng/pipelines/pr-validation-pipeline.yml +++ b/eng/pipelines/pr-validation-pipeline.yml @@ -6,7 +6,51 @@ trigger: include: - main +resources: + containers: + - container: codeqlContainer + image: ubuntu:20.04 + jobs: +- job: CodeQLAnalysis + displayName: 'CodeQL Security Analysis' + container: codeqlContainer + pool: + vmImage: 'ubuntu-latest' + + steps: + - script: | + apt-get update + apt-get install -y build-essential cmake curl git python3 python3-pip python3-dev python3-venv unixodbc-dev + displayName: 'Install build dependencies for CodeQL' + + - task: UsePythonVersion@0 + inputs: + versionSpec: '3.13' + addToPath: true + displayName: 'Use Python 3.13 for CodeQL' + + - script: | + python -m pip install --upgrade pip + pip install -r requirements.txt + displayName: 'Install Python dependencies for CodeQL' + + - task: CodeQL3000Init@0 + inputs: + Enabled: true + displayName: 'Initialize CodeQL' + + # Build the C++ extension for CodeQL analysis + - script: | + cd mssql_python/pybind + chmod +x build.sh + ./build.sh + displayName: 'Build C++ extension for CodeQL analysis' + + - task: CodeQL3000Finalize@0 + condition: always() + displayName: 'Finalize CodeQL' + - job: PytestOnWindows displayName: 'Windows x64' pool: From 152453194829ccea3f39f068fdca908f5e045b5a Mon Sep 17 00:00:00 2001 From: Gaurav Sharma Date: Thu, 25 Sep 2025 15:55:28 +0530 Subject: [PATCH 2/6] sudo --- eng/pipelines/pr-validation-pipeline.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/pipelines/pr-validation-pipeline.yml b/eng/pipelines/pr-validation-pipeline.yml index 179ec639..08a1ca9c 100644 --- a/eng/pipelines/pr-validation-pipeline.yml +++ b/eng/pipelines/pr-validation-pipeline.yml @@ -20,8 +20,8 @@ jobs: steps: - script: | - apt-get update - apt-get install -y build-essential cmake curl git python3 python3-pip python3-dev python3-venv unixodbc-dev + sudo apt-get update + sudo apt-get install -y build-essential cmake curl git python3 python3-pip python3-dev python3-venv unixodbc-dev displayName: 'Install build dependencies for CodeQL' - task: UsePythonVersion@0 From ac2839262069fe6852192c9cb928a05d91492c42 Mon Sep 17 00:00:00 2001 From: Gaurav Sharma Date: Thu, 25 Sep 2025 15:58:53 +0530 Subject: [PATCH 3/6] sudo not needed apparently --- eng/pipelines/pr-validation-pipeline.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/eng/pipelines/pr-validation-pipeline.yml b/eng/pipelines/pr-validation-pipeline.yml index 08a1ca9c..66761c1e 100644 --- a/eng/pipelines/pr-validation-pipeline.yml +++ b/eng/pipelines/pr-validation-pipeline.yml @@ -20,8 +20,11 @@ jobs: steps: - script: | - sudo apt-get update - sudo apt-get install -y build-essential cmake curl git python3 python3-pip python3-dev python3-venv unixodbc-dev + export DEBIAN_FRONTEND=noninteractive + export TZ=UTC + ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + apt-get update + apt-get install -y build-essential cmake curl git python3 python3-pip python3-dev python3-venv unixodbc-dev software-properties-common displayName: 'Install build dependencies for CodeQL' - task: UsePythonVersion@0 From b0923ce3c39f5518a9a3fe769916e60145d394ce Mon Sep 17 00:00:00 2001 From: Gaurav Sharma Date: Thu, 25 Sep 2025 16:04:08 +0530 Subject: [PATCH 4/6] sudo again in a diff way --- eng/pipelines/pr-validation-pipeline.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/eng/pipelines/pr-validation-pipeline.yml b/eng/pipelines/pr-validation-pipeline.yml index 66761c1e..2516e9d0 100644 --- a/eng/pipelines/pr-validation-pipeline.yml +++ b/eng/pipelines/pr-validation-pipeline.yml @@ -20,11 +20,8 @@ jobs: steps: - script: | - export DEBIAN_FRONTEND=noninteractive - export TZ=UTC - ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone apt-get update - apt-get install -y build-essential cmake curl git python3 python3-pip python3-dev python3-venv unixodbc-dev software-properties-common + apt-get install -y build-essential cmake curl git python3 python3-pip python3-dev python3-venv unixodbc-dev displayName: 'Install build dependencies for CodeQL' - task: UsePythonVersion@0 @@ -41,6 +38,7 @@ jobs: - task: CodeQL3000Init@0 inputs: Enabled: true + target: codeqlContainer displayName: 'Initialize CodeQL' # Build the C++ extension for CodeQL analysis @@ -52,6 +50,7 @@ jobs: - task: CodeQL3000Finalize@0 condition: always() + target: codeqlContainer displayName: 'Finalize CodeQL' - job: PytestOnWindows From c36158159db52f1751f29d186af73a394bdc7518 Mon Sep 17 00:00:00 2001 From: Gaurav Sharma Date: Thu, 25 Sep 2025 16:07:22 +0530 Subject: [PATCH 5/6] sudo again in a diff way --- eng/pipelines/pr-validation-pipeline.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/eng/pipelines/pr-validation-pipeline.yml b/eng/pipelines/pr-validation-pipeline.yml index 2516e9d0..4bb242aa 100644 --- a/eng/pipelines/pr-validation-pipeline.yml +++ b/eng/pipelines/pr-validation-pipeline.yml @@ -10,6 +10,7 @@ resources: containers: - container: codeqlContainer image: ubuntu:20.04 + options: --user root jobs: - job: CodeQLAnalysis @@ -20,6 +21,7 @@ jobs: steps: - script: | + export DEBIAN_FRONTEND=noninteractive apt-get update apt-get install -y build-essential cmake curl git python3 python3-pip python3-dev python3-venv unixodbc-dev displayName: 'Install build dependencies for CodeQL' From b0a1321d7018faa7d76eec588bfb5d7bd8d20b79 Mon Sep 17 00:00:00 2001 From: Gaurav Sharma Date: Thu, 25 Sep 2025 16:11:03 +0530 Subject: [PATCH 6/6] rm container --- eng/pipelines/pr-validation-pipeline.yml | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/eng/pipelines/pr-validation-pipeline.yml b/eng/pipelines/pr-validation-pipeline.yml index 4bb242aa..51778489 100644 --- a/eng/pipelines/pr-validation-pipeline.yml +++ b/eng/pipelines/pr-validation-pipeline.yml @@ -6,24 +6,16 @@ trigger: include: - main -resources: - containers: - - container: codeqlContainer - image: ubuntu:20.04 - options: --user root - jobs: - job: CodeQLAnalysis displayName: 'CodeQL Security Analysis' - container: codeqlContainer pool: vmImage: 'ubuntu-latest' steps: - script: | - export DEBIAN_FRONTEND=noninteractive - apt-get update - apt-get install -y build-essential cmake curl git python3 python3-pip python3-dev python3-venv unixodbc-dev + sudo apt-get update + sudo apt-get install -y build-essential cmake curl git python3 python3-pip python3-dev python3-venv unixodbc-dev displayName: 'Install build dependencies for CodeQL' - task: UsePythonVersion@0 @@ -40,7 +32,6 @@ jobs: - task: CodeQL3000Init@0 inputs: Enabled: true - target: codeqlContainer displayName: 'Initialize CodeQL' # Build the C++ extension for CodeQL analysis @@ -52,7 +43,6 @@ jobs: - task: CodeQL3000Finalize@0 condition: always() - target: codeqlContainer displayName: 'Finalize CodeQL' - job: PytestOnWindows