From bd3344ddcd6ca967fdd6760c83fd262ac3c07c2a Mon Sep 17 00:00:00 2001
From: manvkaur <67894494+manvkaur@users.noreply.github.com>
Date: Thu, 19 Dec 2024 11:03:05 -0800
Subject: [PATCH] move codeql variables to sql section

---
 eng/ci/public-build.yml | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/eng/ci/public-build.yml b/eng/ci/public-build.yml
index 28406861..be42b00f 100644
--- a/eng/ci/public-build.yml
+++ b/eng/ci/public-build.yml
@@ -24,16 +24,6 @@ resources:
       name: 1ESPipelineTemplates/1ESPipelineTemplates
       ref: refs/tags/release
 
-variables:
-  - name: codeql.language
-    value: java,powershell,csharp
-  - name: codeql.buildIdentifier
-    value: java_worker_public
-  - name: codeql.excludePathPatterns
-    value: extract/inst
-  - name: codeql.compiled.enabled
-    value: true
-
 extends:
   template: v1/1ES.Unofficial.PipelineTemplate.yml@1es
   parameters:
@@ -42,6 +32,14 @@ extends:
       image: 1es-windows-2022
       os: windows
 
+    sdl:
+      codeql:
+        compiled:
+          enabled: true # still only runs for default branch
+        language: java,powershell,csharp
+        buildIdentifier: java_worker_public
+        excludePathPatterns: extract/inst
+
     settings:
       # PR's from forks do not have sufficient permissions to set tags.
       skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }}