Skip to content

Refactor analyze job to reusable workflow and enable on Windows CI #26322

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TravisEz13 merged 3 commits into from
Oct 28, 2025
Merged

Refactor analyze job to reusable workflow and enable on Windows CI #26322

TravisEz13 merged 3 commits into from
Oct 28, 2025

Conversation

Copy link
Contributor

Copilot AI commented Oct 28, 2025
edited
Loading

The CodeQL analyze job was duplicated inline in linux-ci.yml and missing from windows-ci.yml, limiting security coverage to Linux only.

Changes

  • Created .github/workflows/analyze-reusable.yml

    • Extracted CodeQL analysis logic into reusable workflow with workflow_call trigger
    • Parameterized with runner_os input (defaults to ubuntu-latest)
    • Defines required permissions at workflow level (actions:read, contents:read, security-events:write)
    • Uses StaticAnalysis configuration for CodeQL builds to provide full symbols

  • Updated .github/workflows/linux-ci.yml

    • Replaced 58-line inline analyze job with reusable workflow call
    • Maintains existing behavior with runner_os: ubuntu-latest

  • Updated .github/workflows/windows-ci.yml

    • Added analyze job with runner_os: windows-latest
    • Added analyze to ready_to_merge dependencies

  • Updated tools/ci.psm1

    • Added Configuration parameter to Invoke-CIBuild function with ValidateSet for 'Debug', 'Release', 'CodeCoverage', 'StaticAnalysis'
    • Defaults to 'Release' to maintain backward compatibility with existing callers
    • Enables CodeQL workflow to use StaticAnalysis configuration without code duplication

Usage Pattern

analyze:
  name: CodeQL Analysis
  needs: changes
  if: ${{ needs.changes.outputs.source == 'true' }}
  uses: ./.github/workflows/analyze-reusable.yml
  permissions:
    actions: read
    contents: read
    security-events: write
  with:
    runner_os: ubuntu-latest  # or windows-latest

Windows CI now receives the same CodeQL security analysis as Linux CI. Future analyze job updates only require changes in one location. The StaticAnalysis configuration provides full symbols for better code analysis while avoiding duplication of build logic.

Original prompt

Make the analyze job a reusable workflow and add it to run not only in the linux-ci but also the windows-ci

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI changed the title [WIP] Make analyze job a reusable workflow for multiple CI environments Refactor analyze job to reusable workflow and enable on Windows CI Oct 28, 2025
Copilot AI requested a review from TravisEz13 October 28, 2025 19:09
@TravisEz13 TravisEz13 requested a review from Copilot October 28, 2025 19:19
@TravisEz13 TravisEz13 added the CL-Test Indicates that a PR should be marked as a test change in the Change Log label Oct 28, 2025
Copilot AI reviewed Oct 28, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR refactors the CodeQL analysis workflow by extracting the inline CodeQL job from linux-ci.yml into a new reusable workflow file (analyze-reusable.yml). This allows the same CodeQL analysis to be shared across multiple CI workflows (Linux and Windows).

Key Changes

  • Created a new reusable workflow analyze-reusable.yml containing the CodeQL analysis steps
  • Replaced the inline CodeQL job in linux-ci.yml with a call to the reusable workflow
  • Added CodeQL analysis to windows-ci.yml using the same reusable workflow

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
.github/workflows/analyze-reusable.yml New reusable workflow containing CodeQL analysis logic with configurable runner OS
.github/workflows/linux-ci.yml Replaced inline CodeQL job with a call to the reusable workflow
.github/workflows/windows-ci.yml Added CodeQL analysis job using the reusable workflow and updated ready_to_merge dependencies

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@TravisEz13 TravisEz13 added CL-Tools Indicates that a PR should be marked as a tools change in the Change Log and removed CL-Test Indicates that a PR should be marked as a test change in the Change Log labels Oct 28, 2025
@github-advanced-security
Copy link

github-advanced-security bot commented Oct 28, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

Copy link
Contributor Author

Copilot AI commented Oct 28, 2025

Pull Request Overview

This PR refactors the CodeQL analysis workflow by extracting the inline CodeQL job from linux-ci.yml into a new reusable workflow file (analyze-reusable.yml). This allows...

Implemented in commit f13b39a. Added Configuration parameter to Invoke-CIBuild (defaults to 'Release' for backward compatibility) and updated analyze workflow to use StaticAnalysis configuration. This avoids code duplication while providing the appropriate build configuration for CodeQL analysis.

@TravisEz13 TravisEz13 requested a review from Copilot October 28, 2025 19:39
Copilot AI reviewed Oct 28, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@TravisEz13 TravisEz13 marked this pull request as ready for review October 28, 2025 19:58
@TravisEz13 TravisEz13 requested review from a team and jshigetomi as code owners October 28, 2025 19:58
@TravisEz13 TravisEz13 enabled auto-merge (squash) October 28, 2025 19:58
@TravisEz13 TravisEz13 merged commit 5e5e177 into master Oct 28, 2025
58 of 76 checks passed
@microsoft-github-policy-service
Copy link
Contributor

microsoft-github-policy-service bot commented Oct 28, 2025
edited by unfurl-links bot
Loading

📣 Hey @@Copilot, how did we do? We would love to hear your feedback with the link below! 🗣️

🔗 https://aka.ms/PSRepoFeedback

@TravisEz13 TravisEz13 deleted the copilot/make-analyze-job-reusable branch October 28, 2025 20:24
pwshBot pushed a commit to pwshBot/PowerShell that referenced this pull request Oct 29, 2025
@pwshBot
Cherry-pick PR PowerShell#26322 with conflicts for manual resolution
809a2f1
@pwshBot pwshBot mentioned this pull request Oct 29, 2025
Merged
9 tasks
TravisEz13 added a commit to TravisEz13/PowerShell that referenced this pull request Nov 20, 2025
@TravisEz13
Refactor analyze job to reusable workflow and enable on Windows CI (P…
003c1b5 
…owerShell#26322)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: TravisEz13 <[email protected]>
@TravisEz13 TravisEz13 mentioned this pull request Nov 20, 2025
Merged
9 tasks
SIRMARGIN pushed a commit to SIRMARGIN/PowerShell that referenced this pull request Dec 12, 2025
@TravisEz13 @SIRMARGIN
Refactor analyze job to reusable workflow and enable on Windows CI (P…
5e5748a 
…owerShell#26322)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: TravisEz13 <[email protected]>
kilasuit pushed a commit to kilasuit/PowerShell that referenced this pull request Jan 2, 2026
@TravisEz13 @kilasuit
Refactor analyze job to reusable workflow and enable on Windows CI (P…
dc2a4a4 
…owerShell#26322)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: TravisEz13 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@daxian-dbw daxian-dbw daxian-dbw approved these changes

@SeeminglyScience SeeminglyScience SeeminglyScience approved these changes

@TravisEz13 TravisEz13 Awaiting requested review from TravisEz13

@jshigetomi jshigetomi Awaiting requested review from jshigetomi jshigetomi is a code owner

Assignees

@TravisEz13 TravisEz13

Copilot code review Copilot

Labels

Backport-7.4.x-Migrated BackPort-7.5.x-Consider Backport-7.6.x-Migrated CL-Tools Indicates that a PR should be marked as a tools change in the Change Log

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@daxian-dbw @TravisEz13 @SeeminglyScience