From bcd20744aeab9e1707c668b0921103b8615996ab Mon Sep 17 00:00:00 2001
From: hojmark <1203136+hojmark@users.noreply.github.com>
Date: Wed, 22 Apr 2026 09:55:07 +0200
Subject: [PATCH] ci: ignore vulnerability warnings duing CI

The audit workflow handles this.
---
 build/NukeBuild.CheckWarnings.cs | 31 ++++++++++++++++++++++++-------
 1 file changed, 24 insertions(+), 7 deletions(-)

diff --git a/build/NukeBuild.CheckWarnings.cs b/build/NukeBuild.CheckWarnings.cs
index e2aea481..ccb55795 100644
--- a/build/NukeBuild.CheckWarnings.cs
+++ b/build/NukeBuild.CheckWarnings.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Linq;
 using Drift.Build.Utilities;
 using Drift.Build.Utilities.MsBuild;
 using Nuke.Common;
@@ -12,6 +13,15 @@ sealed partial class NukeBuild {
   private const string BinaryBuildLogName = "build.binlog";
   private const string BinaryPublishLogName = "publish.binlog";
 
+  /*
+   * Ignore NuGet vulnerability warnings. The audit.yaml workflow will fail if any of these are detected.
+   * NU1901: Package with low severity detected
+   * NU1902: Package with moderate severity detected
+   * NU1903: Package with high severity detected
+   * NU1904: Package with critical severity detected
+   */
+  private static readonly string[] IgnoredBuildWarnings = ["NU1901", "NU1902", "NU1903", "NU1904"];
+
   Target CheckWarnings => _ => _
     .DependsOn( CheckBuildWarnings, CheckPublishBinariesWarnings );
 
@@ -20,17 +30,24 @@ sealed partial class NukeBuild {
     .Executes( () => {
         using var _ = new OperationTimer( nameof(CheckBuildWarnings) );
 
-        var warnings = BinaryLogReader.GetWarnings( BinaryBuildLogName );
+        var warnings = BinaryLogReader.GetWarnings( BinaryBuildLogName )
+          .Select( w => new { Warning = w, Ignored = IgnoredBuildWarnings.Any( w.Contains ) } )
+          .ToArray();
 
-        foreach ( var warning in warnings ) {
-          Log.Information( warning );
+        foreach ( var w in warnings ) {
+          if ( w.Ignored ) {
+            Log.Debug( "{WarningMessage} (ignored)", w.Warning );
+          }
+          else {
+            Log.Information( "{WarningMessage}", w.Warning );
+          }
         }
 
-        var hasWarnings = warnings.Length != 0;
+        var activeWarnings = warnings.Where( w => !w.Ignored ).ToArray();
 
-        if ( hasWarnings ) {
-          Log.Error( "Found {Count} build warnings", warnings.Length );
-          throw new Exception( $"Found {warnings.Length} build warnings" );
+        if ( activeWarnings.Any() ) {
+          Log.Error( "Found {Count} build warnings", activeWarnings.Length );
+          throw new Exception( $"Found {activeWarnings.Length} build warnings" );
         }
 
         Log.Information( "🟢 No build warnings found" );