To conditionally run the GHAzDO tasks in a pipeline:
Use the following steps:
steps:
- bash: az devops configure --defaults organization='$(System.TeamFoundationCollectionUri)' project='$(System.TeamProject)' --use-git-aliases true
displayName: 'Set default Azure DevOps organization and project'
- bash: echo "##vso[task.setvariable variable=advSecEnabled]$(az devops invoke --area Management --resource RepoEnablement --route-parameters repository='$(Build.Repository.Name)' project='$(System.TeamProject)' --api-version '7.2-preview' --query advSecEnabled)"
env:
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
displayName: 'Set var for GHAzDO Enablement'
- task: AdvancedSecurity-Codeql-Init@1
condition: eq(variables['advSecEnabled'], 'true')
inputs:
languages: 'javascript'
- task: AdvancedSecurity-Codeql-Autobuild@1
condition: eq(variables['advSecEnabled'], 'true')
- task: AdvancedSecurity-Dependency-Scanning@1
condition: eq(variables['advSecEnabled'], 'true')
- task: AdvancedSecurity-Codeql-Analyze@1
condition: eq(variables['advSecEnabled'], 'true')
Thank you so much @felickz for your effort! I tested it but It didn't work because you need to put the values of the variables in quotes, because if you have names with spaces it won't work:
On the other hand , did you try it using a regular pipeline or decorator? If I put those lines in a decorator is not working for me but It works perfectly in a regular pipeline.
I've created also a custom task with the same approach and It works in a decorator:
Cheers!