FIX: S360 CodeQL finding in PR validation to resolve stale snapshot issue

[gargsaumya]

• Disable CodeQL auto-injection globally in PR validation pipeline

• Add one-time 'pytestonwindows' job to update the old stale CodeQL snapshot

• This fixes the S360 CodeQL finding SM02986 that was stuck on outdated code

• After the old snapshot is cleared, the pytestonwindows job should be removed

Resolves: User Story 39809 [S360] [CodeQL.SM02986]

Work Item / Issue Reference

AB#41680

GitHub Issue: #<ISSUE_NUMBER>

---

Summary

This pull request updates the PR validation pipeline configuration to address CodeQL analysis and snapshot management. The main changes are disabling automatic CodeQL analysis to prevent duplicate findings, and introducing a one-time job to update a legacy CodeQL snapshot for the pytestonwindows build. These adjustments ensure that CodeQL runs only where needed and help resolve an old issue with snapshot duplication.

CodeQL Analysis Configuration:

• Disabled global CodeQL auto-injection in all jobs by setting the Codeql.Enabled variable to false, ensuring CodeQL analysis is not performed in this pipeline except where explicitly enabled.

One-time Snapshot Update Job:

• Added a dedicated job named pytestonwindows to update the old CodeQL snapshot. This job is configured to run on windows-latest and temporarily enables CodeQL analysis for this specific purpose. The job is intended for one-time use and should be removed after the snapshot issue is resolved.

Build and Dependency Changes (Windows Compatibility):

• Updated build and dependency installation steps in the new job to use Windows-specific commands (call build.bat x64 and cd mssql_python\pybind) and install additional dependencies required for building the C++ extension. [1] [2]

[Copilot]

Pull request overview

This PR modifies the PR validation pipeline to fix a CodeQL snapshot issue. The main changes include globally disabling CodeQL auto-injection and adding a temporary job to update a stale CodeQL snapshot associated with the old 'pytestonwindows' build identifier.

Changes:

• Disabled global CodeQL auto-injection in the PR validation pipeline to prevent duplicate analysis
• Added a one-time 'pytestonwindows' job to update the old CodeQL snapshot on Windows with CodeQL explicitly enabled
• Updated build commands from Linux (build.sh) to Windows (build.bat) to match the platform change

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

📊 Code Coverage Report

🔥 Diff Coverage 100%

🎯 Overall Coverage 76%

📈 Total Lines Covered: 5431 out of 7084 📁 Project: mssql-python

---

Diff Coverage

Diff: main...HEAD, staged and unstaged changes

No lines with coverage information in this diff.

---

📋 Files Needing Attention

📉 Files with overall lowest coverage (click to expand)

mssql_python.pybind.logger_bridge.hpp: 58.8%
mssql_python.pybind.logger_bridge.cpp: 59.2%
mssql_python.row.py: 66.2%
mssql_python.pybind.ddbc_bindings.cpp: 69.4%
mssql_python.pybind.ddbc_bindings.h: 69.7%
mssql_python.pybind.connection.connection.cpp: 73.6%
mssql_python.ddbc_bindings.py: 79.6%
mssql_python.pybind.connection.connection_pool.cpp: 79.6%
mssql_python.connection.py: 84.1%
mssql_python.cursor.py: 84.7%

---

🔗 Quick Links

⚙️ Build Summary	📋 Coverage Details
View Azure DevOps Build	Browse Full Coverage Report