From acfc1efe047a5ec12bf199418d56b1796d3758dc Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Fri, 11 Nov 2022 12:34:10 -0500
Subject: [PATCH] [ci] Enable CodeQL on nightly build (#7522)

Context: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/codeql/codeql-semmle

CodeQL static analysis has been added to our nightly build job.  This
tool dramatically increases build times, and for complex builds like
xamarin-android it should run in a separate pipeline that is not time
sensitive.  CodeQL will only run against commits to the main branch.
---
 build-tools/automation/azure-pipelines-nightly.yaml       | 6 +++---
 .../automation/yaml-templates/commercial-build.yaml       | 8 ++++++++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/build-tools/automation/azure-pipelines-nightly.yaml b/build-tools/automation/azure-pipelines-nightly.yaml
index accfeb81df6..a1c876a8484 100644
--- a/build-tools/automation/azure-pipelines-nightly.yaml
+++ b/build-tools/automation/azure-pipelines-nightly.yaml
@@ -35,14 +35,15 @@ stages:
     pool:
       name: VSEng-Xamarin-RedmondMac-Android-Untrusted
       demands: macOS.Name -equals Monterey
-    timeoutInMinutes: 240
-    cancelTimeoutInMinutes: 5
+    timeoutInMinutes: 420
     workspace:
       clean: all
     variables:
       - group: Xamarin-Secrets
       - group: Xamarin Signing
       - group: xamops-azdev-secrets
+      - name: Codeql.Enabled
+        value: true
     steps:
     - checkout: self
       submodules: recursive
@@ -67,7 +68,6 @@ stages:
   - job: emulator_tests
     displayName: macOS > Tests > APKs (Emulator)
     timeoutInMinutes: 180
-    cancelTimeoutInMinutes: 2
     strategy:
       matrix:
         Android21-x86:
diff --git a/build-tools/automation/yaml-templates/commercial-build.yaml b/build-tools/automation/yaml-templates/commercial-build.yaml
index d886be39e67..76b29f8b5b7 100644
--- a/build-tools/automation/yaml-templates/commercial-build.yaml
+++ b/build-tools/automation/yaml-templates/commercial-build.yaml
@@ -41,6 +41,10 @@ steps:
   workingDirectory: ${{ parameters.xaSourcePath }}
   displayName: delete legacy xamarin-android submodule
 
+- task: CodeQL3000Init@0
+  displayName: CodeQL 3000 Init
+  condition: and(succeeded(), eq(variables['Codeql.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
+
 - script: make prepare-external-git-dependencies PREPARE_CI=1 CONFIGURATION=$(XA.Build.Configuration)
   workingDirectory: ${{ parameters.xaSourcePath }}
   displayName: make prepare-external-git-dependencies
@@ -50,6 +54,10 @@ steps:
   workingDirectory: ${{ parameters.xaSourcePath }}
   displayName: make jenkins
 
+- task: CodeQL3000Finalize@0
+  displayName: CodeQL 3000 Finalize
+  condition: and(succeededOrFailed(), eq(variables['Codeql.Enabled'], 'true'), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
+
 # Build test assemblies
 - script: make all-tests CONFIGURATION=$(XA.Build.Configuration)
   workingDirectory: ${{ parameters.xaSourcePath }}