From ad9718e25f5011a405f45d6a00d42176b4920cef Mon Sep 17 00:00:00 2001
From: Tanmay Satam <tsatam@redhat.com>
Date: Wed, 16 Aug 2023 12:01:50 -0400
Subject: [PATCH] Use CodeQL3000 tasks in OneBranch pipeline

---
 .pipelines/ci.yml                             | 27 -------------------
 .../onebranch/pipeline.buildrp.official.yml   |  1 +
 .../templates/template-buildrp-buildaro.yml   |  4 +++
 3 files changed, 5 insertions(+), 27 deletions(-)

diff --git a/.pipelines/ci.yml b/.pipelines/ci.yml
index a66a137a3dd..35a1caaad3c 100644
--- a/.pipelines/ci.yml
+++ b/.pipelines/ci.yml
@@ -1,17 +1,4 @@
 # Azure DevOps Pipeline running CI
-#
-# Note: This pipeline uses a secret variable "github_codeql_upload_token".
-#       This is a GitHub Personal Access Token (Classic) owned by mbarnes.
-#       It has no expiration and only has the "security_events" scope for
-#       the purpose of uploading CodeQL results.
-#
-#       However, for this secret to be available to pull requests from
-#       forked ARO-RP repositories, the pipeline option "Make secrets
-#       available to builds of forks" is enabled.
-#
-#       More information:
-#       https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/github#contributions-from-forks
-#
 trigger:
   branches:
     include:
@@ -44,20 +31,6 @@ variables:
   - template: vars.yml
 
 jobs:
-  - job: Golang_CodeQL
-    pool:
-      name: 1es-aro-ci-pool
-    variables:
-      HOME: $(Agent.BuildDirectory)
-    steps:
-      - template: ./templates/template-checkout.yml
-      - template: ./templates/template-codeql.yml
-        parameters:
-          language: go
-          target: golang
-          github_token: $(github_codeql_upload_token)
-    timeoutInMinutes: 120
-
   - job: Python_Unit_Tests
     pool:
       name: 1es-aro-ci-pool
diff --git a/.pipelines/onebranch/pipeline.buildrp.official.yml b/.pipelines/onebranch/pipeline.buildrp.official.yml
index dbea6399890..8f87cc73128 100644
--- a/.pipelines/onebranch/pipeline.buildrp.official.yml
+++ b/.pipelines/onebranch/pipeline.buildrp.official.yml
@@ -16,6 +16,7 @@ variables:
   ONEBRANCH_AME_ACR_LOGIN: cdpxb8e9ef87cd634085ab141c637806568c00.azurecr.io
   LinuxContainerImage: $(ONEBRANCH_AME_ACR_LOGIN)/b8e9ef87-cd63-4085-ab14-1c637806568c/official/ubi8/go-toolset:1.18.4 # Docker image which is used to build the project https://aka.ms/obpipelines/containers
   Debian_Frontend: noninteractive
+  Codeql.Enabled: true
 
 resources:
   repositories:
diff --git a/.pipelines/onebranch/templates/template-buildrp-buildaro.yml b/.pipelines/onebranch/templates/template-buildrp-buildaro.yml
index fc6bf1069b1..d7f7fae6dc9 100644
--- a/.pipelines/onebranch/templates/template-buildrp-buildaro.yml
+++ b/.pipelines/onebranch/templates/template-buildrp-buildaro.yml
@@ -1,4 +1,6 @@
 steps:
+  - task: CodeQL3000Init@0
+    displayName: 'Initialize CodeQL'
   - task: Bash@3
     displayName: ⚙️ Make ARO
     inputs:
@@ -37,3 +39,5 @@ steps:
         export GOPATH=$(Agent.TempDirectory)
         make validate-fips
       workingDirectory: $(Agent.TempDirectory)/src/github.com/Azure/ARO-RP
+  - task: CodeQL3000Finalize@0
+    displayName: 'Finalize CodeQL'