[release/v7.5] Refactor analyze job to reusable workflow and enable on Windows CI#26799
Merged
daxian-dbw merged 3 commits intoPowerShell:release/v7.5from Feb 13, 2026
Conversation
…owerShell#26322) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: TravisEz13 <10873629+TravisEz13@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Backports the CI refactor that extracts the CodeQL “analyze” job into a reusable workflow and wires it up for both Linux and Windows CI, reducing duplication and improving security scanning coverage.
Changes:
- Added a reusable CodeQL workflow (
analyze-reusable.yml) parameterized by runner OS. - Updated Linux CI to call the reusable CodeQL workflow instead of inlining the job.
- Updated Windows CI to add the CodeQL workflow and include it in
ready_to_mergedependencies. - Extended
Invoke-CIBuildto accept a-Configurationparameter so CodeQL can build withStaticAnalysis.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
tools/ci.psm1 |
Adds -Configuration parameter to Invoke-CIBuild to support StaticAnalysis builds for CodeQL. |
.github/workflows/analyze-reusable.yml |
Introduces reusable workflow encapsulating CodeQL init/build/analyze steps. |
.github/workflows/linux-ci.yml |
Replaces inline analyze job with a call to the reusable CodeQL workflow. |
.github/workflows/windows-ci.yml |
Adds analyze job via reusable workflow and makes it a ready_to_merge dependency. |
TravisEz13
approved these changes
Feb 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #26322 to release/v7.5
Triggered by @daxian-dbw on behalf of @app/copilot-swe-agent
Original CL Label: CL-Tools
/cc @PowerShell/powershell-maintainers
Impact
REQUIRED: Choose either Tooling Impact or Customer Impact (or both). At least one checkbox must be selected.
Tooling Impact
This change improves CI/CD infrastructure by making CodeQL analysis reusable and enabling security scanning on Windows builds.
Customer Impact
Regression
REQUIRED: Check exactly one box.
This is not a regression.
Testing
Verified that CodeQL analysis runs correctly on both Linux and Windows CI workflows using the reusable workflow. Already validated in master, 7.4, and 7.6 branches.
Risk
REQUIRED: Check exactly one box.
This refactors the CodeQL analysis job to a reusable workflow and enables it on Windows CI. The change improves security coverage and maintainability. Already validated in master, 7.4, and 7.6 branches.
Merge Conflicts
Resolved conflicts in linux-ci.yml and windows-ci.yml: replaced inline analyze job with reusable workflow call and added analyze job to windows-ci.yml.