To conditionally run the GHAzDO tasks in a pipeline:
Use the following steps:
steps:
- bash: az devops configure --defaults organization='$(System.TeamFoundationCollectionUri)' project='$(System.TeamProject)' --use-git-aliases true
displayName: 'Set default Azure DevOps organization and project'
- bash: echo "##vso[task.setvariable variable=advSecEnabled]$(az devops invoke --area Management --resource RepoEnablement --route-parameters repository='$(Build.Repository.Name)' project='$(System.TeamProject)' --api-version '7.2-preview' --query advSecEnabled)"
env:
AZURE_DEVOPS_EXT_PAT: $(System.AccessToken)
displayName: 'Set var for GHAzDO Enablement'
- task: AdvancedSecurity-Codeql-Init@1
condition: eq(variables['advSecEnabled'], 'true')
inputs:
languages: 'javascript'
- task: AdvancedSecurity-Codeql-Autobuild@1
condition: eq(variables['advSecEnabled'], 'true')
- task: AdvancedSecurity-Dependency-Scanning@1
condition: eq(variables['advSecEnabled'], 'true')
- task: AdvancedSecurity-Codeql-Analyze@1
condition: eq(variables['advSecEnabled'], 'true')
Thanks @felickz! If you think it makes sense, I can create a PR with this task in order to integrate it in our GHAzDO-Resources repo 🥲