From dfa6488c21ff791f941f13f81c71b0650e0f5540 Mon Sep 17 00:00:00 2001 From: Victoria Hall Date: Wed, 4 Dec 2024 16:12:30 -0600 Subject: [PATCH 1/2] codeql exclusion + skip scan for 3.7 --- eng/ci/official-build.yml | 3 +++ eng/ci/public-build.yml | 1 + pack/templates/macos_64_env_gen.yml | 1 + pack/templates/nix_env_gen.yml | 1 + pack/templates/win_env_gen.yml | 1 + 5 files changed, 7 insertions(+) diff --git a/eng/ci/official-build.yml b/eng/ci/official-build.yml index ab2dc802..1ef7c052 100644 --- a/eng/ci/official-build.yml +++ b/eng/ci/official-build.yml @@ -31,6 +31,7 @@ variables: - template: /eng/templates/utils/variables.yml@self - template: /eng/templates/utils/official-variables.yml@self + extends: template: v1/1ES.Official.PipelineTemplate.yml@1es parameters: @@ -39,6 +40,8 @@ extends: image: 1es-windows-2022 os: windows sdl: + codeql: + excludePathPatterns: '/deps' codeSignValidation: enabled: true break: true diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml index 67559744..618b3a5b 100644 --- a/eng/ci/public-build.yml +++ b/eng/ci/public-build.yml @@ -41,6 +41,7 @@ extends: compiled: enabled: true # still only runs for default branch runSourceLanguagesInSourceAnalysis: true + excludePathPatterns: '/deps' settings: skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }} stages: diff --git a/pack/templates/macos_64_env_gen.yml b/pack/templates/macos_64_env_gen.yml index 9bf2027a..90a3578d 100644 --- a/pack/templates/macos_64_env_gen.yml +++ b/pack/templates/macos_64_env_gen.yml @@ -16,6 +16,7 @@ steps: pip install pip-audit pip-audit -r requirements.txt displayName: 'Run vulnerability scan' + condition: ne(variables['pythonVersion'], '3.7') - task: CopyFiles@2 inputs: contents: | diff --git a/pack/templates/nix_env_gen.yml b/pack/templates/nix_env_gen.yml index b89d4813..ae3cf433 100644 --- a/pack/templates/nix_env_gen.yml +++ b/pack/templates/nix_env_gen.yml @@ -16,6 +16,7 @@ steps: pip install pip-audit pip-audit -r requirements.txt displayName: 'Run vulnerability scan' + condition: ne(variables['pythonVersion'], '3.7') - task: CopyFiles@2 inputs: contents: | diff --git a/pack/templates/win_env_gen.yml b/pack/templates/win_env_gen.yml index 8e9b0321..2eee3411 100644 --- a/pack/templates/win_env_gen.yml +++ b/pack/templates/win_env_gen.yml @@ -16,6 +16,7 @@ steps: pip install pip-audit pip-audit -r requirements.txt displayName: 'Run vulnerability scan' + condition: ne(variables['pythonVersion'], '3.7') - task: CopyFiles@2 inputs: contents: | From 630b55f259114ced9c4a0d34ff9f029fcae3b629 Mon Sep 17 00:00:00 2001 From: Victoria Hall Date: Wed, 4 Dec 2024 16:14:52 -0600 Subject: [PATCH 2/2] formatting --- eng/ci/official-build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/eng/ci/official-build.yml b/eng/ci/official-build.yml index 1ef7c052..52562bc1 100644 --- a/eng/ci/official-build.yml +++ b/eng/ci/official-build.yml @@ -31,7 +31,6 @@ variables: - template: /eng/templates/utils/variables.yml@self - template: /eng/templates/utils/official-variables.yml@self - extends: template: v1/1ES.Official.PipelineTemplate.yml@1es parameters: