From a3e8efcc8efa87b3cafb5648e956b3396493fce1 Mon Sep 17 00:00:00 2001
From: Michael Kubacki <mikuback@microsoft.com>
Date: Fri, 13 Oct 2023 21:56:53 -0400
Subject: [PATCH] .pytool/CISettings: Enable CodeQL audit mode

Since a large number of CodeQL queries are being enabled to identify
issues that the community can collectively resolve, audit mode needs to
be enabled to prevent the build from failing.

In the future, this global audit mode can be disabled and individual
packages can enable/disable audit mode in their package CI YAML file
using the instructions in the CodeQL plugin readme.

Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 .pytool/CISettings.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py
index b8b8080439..ec3beb0dcf 100644
--- a/.pytool/CISettings.py
+++ b/.pytool/CISettings.py
@@ -196,6 +196,12 @@ class Settings(CiBuildSettingsManager, UpdateSettingsManager, SetupSettingsManag
 
             try:
                 scopes += codeql_helpers.get_scopes(self.codeql)
+
+                if self.codeql:
+                    shell_environment.GetBuildVars().SetValue(
+                        "STUART_CODEQL_AUDIT_ONLY",
+                        "TRUE",
+                        "Set in CISettings.py")
             except NameError:
                 pass