From ad984535e18eeb764a4908fe7761549e0d470392 Mon Sep 17 00:00:00 2001
From: Scott Kurtzeborn <scotk@microsoft.com>
Date: Thu, 22 Jun 2023 15:57:02 -0700
Subject: [PATCH] Create a CodeQL job for C++ pipelines (#4566)

* Enable CodeQL

* No jobs, so CodeQL not being injected

* trying something else

* forgot a file

* Update eng/pipelines/templates/jobs/ci.tests.yml

Co-authored-by: Ahson Khan <ahkha@microsoft.com>

---------

Co-authored-by: Wes Haggard <weshaggard@users.noreply.github.com>
Co-authored-by: Ahson Khan <ahkha@microsoft.com>
---
 eng/pipelines/templates/jobs/ci.tests.yml     | 6 ++++++
 eng/pipelines/templates/variables/globals.yml | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/eng/pipelines/templates/jobs/ci.tests.yml b/eng/pipelines/templates/jobs/ci.tests.yml
index 2a7522914..f73f32c94 100644
--- a/eng/pipelines/templates/jobs/ci.tests.yml
+++ b/eng/pipelines/templates/jobs/ci.tests.yml
@@ -86,6 +86,12 @@ jobs:
       value: "PLAYBACK"
     - name: AZURE_LOG_LEVEL
       value: "verbose"
+    - name: Codeql.Enabled 
+      value: true
+    - name: Codeql.BuildIdentifier 
+      value: ${{ parameters.ServiceDirectory }}
+    - name: Codeql.SkipTaskAutoInjection
+      value: false
     - ${{ each testEnvVar in parameters.TestEnv }}:
       - name: ${{ testEnvVar.Name }}
         value: ${{ testEnvVar.Value }}
diff --git a/eng/pipelines/templates/variables/globals.yml b/eng/pipelines/templates/variables/globals.yml
index b782b8823..1381498ce 100644
--- a/eng/pipelines/templates/variables/globals.yml
+++ b/eng/pipelines/templates/variables/globals.yml
@@ -20,3 +20,6 @@ variables:
   skipComponentGovernanceDetection: true
   DisableDockerDetector: true
   Package.EnableSBOMSigning: true
+
+  # Disable CodeQL injections except for where we specifically enable it
+  Codeql.SkipTaskAutoInjection: true