Continue on error for CG

[mmitche]

We've come across a few cases where CG fails due to environment issues (missing .NET).
Continue on error as this is non-critical functionality.

To double check:

• The right tests are in and and the right validation has happened. Guidance: https://github.com/dotnet/core-eng/tree/master/Documentation/Validation

[dougbu]

This would mean we don't have to set disableComponentGovernance: true in jobs where we expect the task to fail. However, I'm a bit concerned this will hide problems and mean the task remains enabled despite no chance of success. That seems wasteful.

(We only knew about the newly enabled task here when @captainsafia saw our internal build breaks on Linux MUSL.)

[dougbu]

Separately, we chatted about the new CG scan this morning and @wtgodbe took an action item about doing the opposite: Ensuring builds of release branches fail when high or critical CG bugs are detected. Is that possible❔

[mmitche]

Separately, we chatted about the new CG scan this morning and @wtgodbe took an action item about doing the opposite: Ensuring builds of release branches fail when high or critical CG bugs are detected. Is that possible❔

Not that I know of. They will surface in S360

[mmitche]

This would mean we don't have to set disableComponentGovernance: true in jobs where we expect the task to fail. However, I'm a bit concerned this will hide problems and mean the task remains enabled despite no chance of success. That seems wasteful.

(We only knew about the newly enabled task here when @captainsafia saw our internal build breaks on Linux MUSL.)

I believe the automatic CG detection has been continueOnError forever. The task we are injecting and the auto-injected task are the same.