[edk2-devel] [PATCH v2 6/7] .pytool/CISettings: Enable CodeQL audit mode

[Michael Kubacki]

From: Michael Kubacki <mikuback at microsoft.com>

Since a large number of CodeQL queries are being enabled to identify
issues that the community can collectively resolve, audit mode needs to
be enabled to prevent the build from failing.

In the future, this global audit mode can be disabled and individual
packages can enable/disable audit mode in their package CI YAML file
using the instructions in the CodeQL plugin readme.

Cc: Sean Brogan <sean.brogan at microsoft.com>
Cc: Michael D Kinney <michael.d.kinney at intel.com>
Cc: Liming Gao <gaoliming at byosoft.com.cn>
Signed-off-by: Michael Kubacki <michael.kubacki at microsoft.com>
---
 .pytool/CISettings.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py
index b8b8080439c1..ec3beb0dcf9d 100644
--- a/.pytool/CISettings.py
+++ b/.pytool/CISettings.py
@@ -196,6 +196,12 @@ class Settings(CiBuildSettingsManager, UpdateSettingsManager, SetupSettingsManag
 
             try:
                 scopes += codeql_helpers.get_scopes(self.codeql)
+
+                if self.codeql:
+                    shell_environment.GetBuildVars().SetValue(
+                        "STUART_CODEQL_AUDIT_ONLY",
+                        "TRUE",
+                        "Set in CISettings.py")
             except NameError:
                 pass
 
-- 
2.42.0.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#109652): https://edk2.groups.io/g/devel/message/109652
Mute This Topic: https://groups.io/mt/102004570/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-