.pytool/CISettings.py: Integrate CodeQL

Adds the `--codeql` parameter to `stuart_update` and `stuart_ci_build`. - `stuart_update --codeql` - Downloads the CodeQL CLI locally. The command will pull the appropriate binary for the host OS. - `stuart_ci_build --codeql` - Runs CodeQL during the build resulting in a CodeQL database and SARIF result file in the `Build` directory. Cc: Sean Brogan <sean.brogan@microsoft.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Sean Brogan <sean.brogan@microsoft.com> Acked-by: Laszlo Ersek <lersek@redhat.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
microsoft · Nov 7, 2023 · 2976301 · 2976301
1 parent b531ca4
commit 2976301
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py
@@ -7,12 +7,27 @@
 ##
 import os
 import logging
+import sys
 from edk2toolext.environment import shell_environment
 from edk2toolext.invocables.edk2_ci_build import CiBuildSettingsManager
 from edk2toolext.invocables.edk2_setup import SetupSettingsManager, RequiredSubmodule
 from edk2toolext.invocables.edk2_update import UpdateSettingsManager
 from edk2toolext.invocables.edk2_pr_eval import PrEvalSettingsManager
 from edk2toollib.utility_functions import GetHostInfo
+from pathlib import Path
+
+
+try:
+    # Temporarily needed until edk2 can update to the latest edk2-pytools
+    # that has the CodeQL helpers.
+    #
+    # May not be present until submodules are populated.
+    #
+    root = Path(__file__).parent.parent.resolve()
+    sys.path.append(str(root/'BaseTools'/'Plugin'/'CodeQL'/'integration'))
+    import stuart_codeql as codeql_helpers
+except ImportError:
+    pass
 
 
 class Settings(CiBuildSettingsManager, UpdateSettingsManager, SetupSettingsManager, PrEvalSettingsManager):
@@ -34,13 +49,23 @@ def AddCommandLineOptions(self, parserObj):
         group.add_argument("-force_piptools", "--fpt", dest="force_piptools", action="store_true", default=False, help="Force the system to use pip tools")
         group.add_argument("-no_piptools", "--npt", dest="no_piptools", action="store_true", default=False, help="Force the system to not use pip tools")
 
+        try:
+            codeql_helpers.add_command_line_option(parserObj)
+        except NameError:
+            pass
+
     def RetrieveCommandLineOptions(self, args):
         super().RetrieveCommandLineOptions(args)
         if args.force_piptools:
             self.UseBuiltInBaseTools = True
         if args.no_piptools:
             self.UseBuiltInBaseTools = False
 
+        try:
+            self.codeql = codeql_helpers.is_codeql_enabled_on_command_line(args)
+        except NameError:
+            pass
+
     # ####################################################################################### #
     #                        Default Support for this Ci Build                                #
     # ####################################################################################### #
@@ -169,6 +194,11 @@ def GetActiveScopes(self):
             else:
                 logging.warning("Falling back to using in-tree BaseTools")
 
+            try:
+                scopes += codeql_helpers.get_scopes(self.codeql)
+            except NameError:
+                pass
+
             self.ActualScopes = scopes
         return self.ActualScopes