.pytool/CISettings: Enable CodeQL audit mode

Since a large number of CodeQL queries are being enabled to identify issues that the community can collectively resolve, audit mode needs to be enabled to prevent the build from failing. In the future, this global audit mode can be disabled and individual packages can enable/disable audit mode in their package CI YAML file using the instructions in the CodeQL plugin readme. Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Sean Brogan <sean.brogan@microsoft.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
microsoft · Nov 7, 2023 · a3e8efc · a3e8efc
1 parent 1384ce4
commit a3e8efc
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py
@@ -196,6 +196,12 @@ def GetActiveScopes(self):
 
             try:
                 scopes += codeql_helpers.get_scopes(self.codeql)
+
+                if self.codeql:
+                    shell_environment.GetBuildVars().SetValue(
+                        "STUART_CODEQL_AUDIT_ONLY",
+                        "TRUE",
+                        "Set in CISettings.py")
             except NameError:
                 pass