Use CodeQL 3000 for Java build (#970)

* Add CodeQL auto-injected tasks

* force

* cleanup

* Disable in perf pipeline

* spacing fix

.vscode/settings.json

@@ -8,6 +8,6 @@
     "omnisharp.enableEditorConfigSupport": true,
     "omnisharp.enableRoslynAnalyzers": true,
     "yaml.schemas": {
-         "https://raw.githubusercontent.com/microsoft/azure-pipelines-vscode/master/service-schema.json": "builds/azure-pipelines/**/*.yml"
-     },
-}
+        "https://raw.githubusercontent.com/microsoft/azure-pipelines-vscode/master/service-schema.json": "builds/azure-pipelines/**/*.yml"
+    },
+}

builds/azure-pipelines/build-release-java.yml

@@ -1,4 +1,5 @@
 steps:
+
   - task: Maven@3
     displayName: Build library
     inputs:
@@ -8,19 +9,6 @@ steps:
       options: --batch-mode --define=org.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn --update-snapshots
       checkStyleRunAnalysis: true
 
-  - task: Semmle@1
-    env:
-      SYSTEM_ACCESSTOKEN: $(System.AccessToken)
-    inputs:
-      toolVersion: 'Latest'
-      sourceCodeDirectory: '$(Build.SourcesDirectory)/java-library'
-      language: 'java'
-      buildCommandsString: 'mvn clean package'
-      querySuite: 'Recommended'
-      timeout: '1800'
-      ram: '16384'
-      addProjectDirToScanningExclusionList: true
-
   - powershell: |
       $source = 'java-library'
       $destination = '$(Build.ArtifactStagingDirectory)/java-library'
@@ -43,6 +31,4 @@ steps:
 
   - publish: $(Build.ArtifactStagingDirectory)
     displayName: Publish library package
-    artifact: drop-java-library
-
-
+    artifact: drop-java-library

builds/azure-pipelines/build-release.yml

@@ -30,7 +30,9 @@ variables:
   nugetVersion: $[replace(replace('True', eq('${{ parameters.ReleaseType }}', 'full'), '$(binariesVersion)'),'True','$(binariesVersion)-preview')] # This will set the preview tag to the version based on the ReleaseType parameter.
   oopWorkerSupportedExtensionVersion: $[replace(replace('True', eq('${{ parameters.ReleaseType }}', 'full'), '$(binariesVersion)'),'True','$(binariesVersion)-preview')] # This will set the expression to pull the preview vs full version based on the ReleaseType parameter.
   LGTM.UploadSnapshot: true
-  Semmle.SkipAnalysis: true
+  Codeql.Enabled: true
+  Codeql.TSAEnabled: true
+
 
 stages:
 - stage: BuildPublish

builds/azure-pipelines/performance.yml

@@ -15,7 +15,7 @@ variables:
   serverPassword: ''
   nodeModulesPath: ''
   LGTM.UploadSnapshot: true
-  Semmle.SkipAnalysis: true
+  Codeql.Enabled: false
 
 stages:
 - stage: BuildPublish

builds/azure-pipelines/template-steps-build-test.yml

@@ -417,7 +417,7 @@ steps:
   displayName: 'TSA upload to Codebase: Sql Bindings Stamp: TSA'
   inputs:
     GdnPublishTsaOnboard: true
-    GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)\builds\TSAConfig.gdntsa'
+    GdnPublishTsaConfigFile: '$(Build.SourcesDirectory)\.config\tsaoptions.json'
   condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT'), eq(variables['TSA_UPLOAD'], 'true'))
 
 - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0