[release/2.1] Remove CodeQL scheduled runs

azure-pipelines.yml

@@ -1,17 +1,3 @@
-schedules:
-- cron: 0 9 * * 1
-  displayName: "Run CodeQL3000 weekly, Monday at 2:00 AM PDT"
-  branches:
-    include:
-    - release/*
-    - main
-  always: true
-
-parameters:
-- name: runCodeQL3000
-  default: false
-  displayName: Run CodeQL3000 tasks
-  type: boolean
 variables:
   # Needed for Arcade template
 - name: _TeamName
@@ -25,15 +11,9 @@ variables:
   value: true
 - name: _BuildConfig
   value: Release
-- name: runCodeQL3000
-  value: ${{ and(ne(variables['System.TeamProject'], 'public'), or(eq(variables['Build.Reason'], 'Schedule'), and(eq(variables['Build.Reason'], 'Manual'), eq(parameters.runCodeQL3000, 'true')))) }}
 - template: /eng/common/templates/variables/pool-providers.yml@self
 - name: skipComponentGovernanceDetection
   value: true
-- name: Codeql.SkipTaskAutoInjection
-  value: true
-- ${{ if and(ne(variables['System.TeamProject'], 'public'), notin(variables['Build.Reason'], 'PullRequest'), ne(variables.runCodeQL3000, 'true')) }}:
-  - group: YARP-SDLValidation-Params
 
 trigger:
   batch: true
@@ -48,7 +28,7 @@ pr:
   branches:
     include:
     - '*'
-    
+
 resources:
   repositories:
   - repository: MicroBuildTemplate
@@ -72,10 +52,10 @@ extends:
       jobs:
       - template: /eng/common/templates-official/jobs/jobs.yml@self
         parameters:
-          enableMicrobuild: ${{ ne(variables.runCodeQL3000, 'true') }}
+          enableMicrobuild: true
           enablePublishBuildArtifacts: true
-          enablePublishTestResults: ${{ ne(variables.runCodeQL3000, 'true') }}
-          enablePublishBuildAssets: ${{ ne(variables.runCodeQL3000, 'true') }}
+          enablePublishTestResults: true
+          enablePublishBuildAssets: true
           enablePublishUsingPipelines: ${{ variables._PublishUsingPipelines }}
           enableTelemetry: true
           mergeTestResults: true
@@ -85,76 +65,52 @@ extends:
               name: $(DncEngInternalBuildPool)
               image: 1es-windows-2022-pt
               os: windows
-            ${{ if eq(variables.runCodeQL3000, 'true') }}:
-              disableComponentGovernance: true
-              enableSbom: false
             variables:
-            - ${{ if eq(variables.runCodeQL3000, 'true') }}:
-              - _OfficialBuildArgs: /p:Test=false /p:Sign=false /p:Pack=false /p:Publish=false /p:UseSharedCompilation=false
-              - _SignType: none
-              - skipNugetSecurityAnalysis: true
-              - Codeql.Cadence: 0
-              - Codeql.Enabled: true
-              - Codeql.SourceRoot: src
-              - Codeql.TSAEnabled: ${{ eq(variables['Build.Reason'], 'Schedule') }}
-              - Codeql.TSAOptionsPath: '$(Build.SourcesDirectory)/.config/tsaoptions.json'
-            - ${{ if ne(variables.runCodeQL3000, 'true') }}:
-              - group: Publish-Build-Assets
-              - name: _OfficialBuildArgs
-                value: /p:DotNetSignType=$(_SignType) 
-                       /p:TeamName=$(_TeamName) 
-                       /p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines) 
-                       /p:OfficialBuildId=$(BUILD.BUILDNUMBER)
-              - name: _SignType
-                value: real
+            - group: Publish-Build-Assets
+            - name: _OfficialBuildArgs
+              value: /p:DotNetSignType=$(_SignType)
+                     /p:TeamName=$(_TeamName)
+                     /p:DotNetPublishUsingPipelines=$(_PublishUsingPipelines)
+                     /p:OfficialBuildId=$(BUILD.BUILDNUMBER)
+            - name: _SignType
+              value: real
             steps:
             - checkout: self
               clean: true
-            - ${{ if eq(variables.runCodeQL3000, 'true') }}:
-              - task: CodeQL3000Init@0
-                displayName: CodeQL Initialize
-              - script: "echo ##vso[build.addbuildtag]CodeQL3000"
-                displayName: 'Set CI CodeQL3000 tag'
-                condition: ne(variables.CODEQL_DIST,'')
             - script: eng\common\cibuild.cmd -configuration $(_BuildConfig) -prepareMachine $(_OfficialBuildArgs)
               displayName: Build and Publish
-            - ${{ if eq(variables.runCodeQL3000, 'true') }}:
-              - task: CodeQL3000Finalize@0
-                displayName: CodeQL Finalize
-            - ${{ else }}:
-              - task: 1ES.PublishBuildArtifacts@1
-                displayName: Upload TestResults
-                condition: always()
-                continueOnError: true
-                inputs:
-                  PathtoPublish: artifacts/TestResults/$(_BuildConfig)/
-                  ArtifactName: $(Agent.Os)_$(Agent.JobName) TestResults
-                  PublishLocation: Container
-              - task: 1ES.PublishBuildArtifacts@1
-                displayName: Upload package artifacts
-                condition: and(succeeded(), eq(variables['system.pullrequest.isfork'], false), eq(variables['_BuildConfig'], 'Release'))
-                inputs:
-                  PathtoPublish: artifacts/packages/
-                  ArtifactName: artifacts
-                  PublishLocation: Container
-    - ${{ if ne(variables.runCodeQL3000, 'true') }}:
-      - template: /eng/common/templates-official/post-build/post-build.yml@self
-        parameters:
-          publishingInfraVersion: 3
-          enableSymbolValidation: false
-          enableSourceLinkValidation: false
-          enableSigningValidation: false
-          enableNugetValidation: false
-          SDLValidationParameters:
-            enable: true
-            continueOnError: false
-            params: ' -SourceToolsList @("policheck","credscan") 
-            -TsaInstanceURL $(_TsaInstanceURL) 
-            -TsaProjectName $(_TsaProjectName) 
-            -TsaNotificationEmail $(_TsaNotificationEmail) 
-            -TsaCodebaseAdmin $(_TsaCodebaseAdmin) 
-            -TsaBugAreaPath $(_TsaBugAreaPath) 
-            -TsaIterationPath $(_TsaIterationPath) 
-            -TsaRepositoryName "ReverseProxy" 
-            -TsaCodebaseName "ReverseProxy" 
-            -TsaPublish $True -PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")'
+            - task: 1ES.PublishBuildArtifacts@1
+              displayName: Upload TestResults
+              condition: always()
+              continueOnError: true
+              inputs:
+                PathtoPublish: artifacts/TestResults/$(_BuildConfig)/
+                ArtifactName: $(Agent.Os)_$(Agent.JobName) TestResults
+                PublishLocation: Container
+            - task: 1ES.PublishBuildArtifacts@1
+              displayName: Upload package artifacts
+              condition: and(succeeded(), eq(variables['system.pullrequest.isfork'], false), eq(variables['_BuildConfig'], 'Release'))
+              inputs:
+                PathtoPublish: artifacts/packages/
+                ArtifactName: artifacts
+                PublishLocation: Container
+    - template: /eng/common/templates-official/post-build/post-build.yml@self
+      parameters:
+        publishingInfraVersion: 3
+        enableSymbolValidation: false
+        enableSourceLinkValidation: false
+        enableSigningValidation: false
+        enableNugetValidation: false
+        SDLValidationParameters:
+          enable: true
+          continueOnError: false
+          params: ' -SourceToolsList @("policheck","credscan")
+          -TsaInstanceURL $(_TsaInstanceURL)
+          -TsaProjectName $(_TsaProjectName)
+          -TsaNotificationEmail $(_TsaNotificationEmail)
+          -TsaCodebaseAdmin $(_TsaCodebaseAdmin)
+          -TsaBugAreaPath $(_TsaBugAreaPath)
+          -TsaIterationPath $(_TsaIterationPath)
+          -TsaRepositoryName "ReverseProxy"
+          -TsaCodebaseName "ReverseProxy"
+          -TsaPublish $True -PoliCheckAdditionalRunConfigParams @("UserExclusionPath < $(Build.SourcesDirectory)/eng/PoliCheckExclusions.xml")'