Skip to content

FIX: S360 CodeQL finding in PR validation to resolve stale snapshot issue #407

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gargsaumya wants to merge 1 commit into
base: main
Choose a base branch
from
Open

FIX: S360 CodeQL finding in PR validation to resolve stale snapshot issue #407

gargsaumya wants to merge 1 commit into from
+31 −13

Conversation

@gargsaumya
Copy link
Contributor

@gargsaumya gargsaumya commented Jan 20, 2026
edited by azure-boards bot
Loading

  • Disable CodeQL auto-injection globally in PR validation pipeline

  • Add one-time 'pytestonwindows' job to update the old stale CodeQL snapshot

  • This fixes the S360 CodeQL finding SM02986 that was stuck on outdated code

  • After the old snapshot is cleared, the pytestonwindows job should be removed

Resolves: User Story 39809 [S360] [CodeQL.SM02986]

Work Item / Issue Reference

AB#41680

GitHub Issue: #<ISSUE_NUMBER>

Summary

This pull request updates the PR validation pipeline configuration to address CodeQL analysis and snapshot management. The main changes are disabling automatic CodeQL analysis to prevent duplicate findings, and introducing a one-time job to update a legacy CodeQL snapshot for the pytestonwindows build. These adjustments ensure that CodeQL runs only where needed and help resolve an old issue with snapshot duplication.

CodeQL Analysis Configuration:

  • Disabled global CodeQL auto-injection in all jobs by setting the Codeql.Enabled variable to false, ensuring CodeQL analysis is not performed in this pipeline except where explicitly enabled.

One-time Snapshot Update Job:

  • Added a dedicated job named pytestonwindows to update the old CodeQL snapshot. This job is configured to run on windows-latest and temporarily enables CodeQL analysis for this specific purpose. The job is intended for one-time use and should be removed after the snapshot issue is resolved.

Build and Dependency Changes (Windows Compatibility):

  • Updated build and dependency installation steps in the new job to use Windows-specific commands (call build.bat x64 and cd mssql_python\pybind) and install additional dependencies required for building the C++ extension. [1] [2]

@gargsaumya
fix: Disable CodeQL in PR validation to resolve stale snapshot issue
12c0539 
- Disable CodeQL auto-injection globally in PR validation pipeline

- Add one-time 'pytestonwindows' job to update the old stale CodeQL snapshot

- This fixes the S360 CodeQL finding SM02986 that was stuck on outdated code

- After the old snapshot is cleared, the pytestonwindows job should be removed

Resolves: User Story 39809 [S360] [CodeQL.SM02986]
Copilot AI review requested due to automatic review settings January 20, 2026 08:03
@gargsaumya gargsaumya changed the title Fix: S360 CodeQL finding in PR validation to resolve stale snapshot issue FIX: S360 CodeQL finding in PR validation to resolve stale snapshot issue Jan 20, 2026
@github-actions github-actions bot added the pr-size: small Minimal code update label Jan 20, 2026
Copilot AI reviewed Jan 20, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modifies the PR validation pipeline to fix a CodeQL snapshot issue. The main changes include globally disabling CodeQL auto-injection and adding a temporary job to update a stale CodeQL snapshot associated with the old 'pytestonwindows' build identifier.

Changes:

  • Disabled global CodeQL auto-injection in the PR validation pipeline to prevent duplicate analysis
  • Added a one-time 'pytestonwindows' job to update the old CodeQL snapshot on Windows with CodeQL explicitly enabled
  • Updated build commands from Linux (build.sh) to Windows (build.bat) to match the platform change

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

eng/pipelines/pr-validation-pipeline.yml
# CodeQL Configuration Note:
# =========================================================================================
# CodeQL analysis is disabled in this PR validation pipeline to avoid snapshot duplication.
# CodeQL runs ONLY in the OneBranch Official Build pipeline (build-release-package-pipeline.yml)
Copy link

Copilot AI Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The referenced pipeline file 'build-release-package-pipeline.yml' does not exist in the eng/pipelines directory. The actual file appears to be 'build-whl-pipeline.yml' or 'official-release-pipeline.yml'. Please update this reference to point to the correct pipeline file name.

Suggested change
# CodeQL runs ONLY in the OneBranch Official Build pipeline (build-release-package-pipeline.yml)
# CodeQL runs ONLY in the OneBranch Official Build pipeline (official-release-pipeline.yml)

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

pr-size: small Minimal code update

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gargsaumya