Releases: microsoft/mu_devops
v18.0.5
What's Changed
-
pull-request-formatting-validator.yml Updates [Rebase \& FF] @makubacki (#555)
Change Details
**pull-request-formatting-validator: Prevent duplicate comments**
Only leaves a single comment on the PR if the title is not updated
after the first validation error comment is made.Originally, this was used to show that remind the developer that
the PR title was still invalid on each push, but that information
is available in the status check in a less disruptive way.
pull-request-formatting-validator: Validate file sync PR titles
The default file sync PR title is not useful in source history.
This check ensures the title is updated to reflect the actual file
sync changes.
-
clangpdb-ci.yml: Fix string replacement @Javagedes (#552)
Change Details
String replacement did not occur as expected with nunjucks. The yaml/json formatted strings were not treated as raw strings as expected, resulting in unexpected formatting of inputs.
Example of Incorrect formatting:
Example 1:
In this example, both the python version and package config inputs need to be wrapped in quotes
Example 2:
In this example, package config value replacement value needed to be treated as a raw string, so the
|was used
</blockquote> <hr> </details>
-
.sync: Adds groups to actions-pip-submodules.yml @makubacki (#550)
Change Details
This file is synced to mu_tiano_platforms which includes submodule updates. This includes the same action and pip modules groups as actions-pip.yml, also including a group for submodules.
-
File Sync: Add clangpdb-ci workflow @Javagedes (#548)
Change Details
This commit adds a new workflow, `clangpdb-ci.yml` that is sync'd to various repositories in the Mu ecosystem to provide continious integration coverage for EDK II style packages in a repository. Specially, this repository builds will build the package's DSC with CLANGPDB for both DEBUG and RELEASE targets.
🐛 Bug Fixes
-
[REBASE\&FF] CLANGPDB CI updates @Javagedes (#553)
Change Details
This commit pull-request does two things:
- Updates
PackageMatrix.ymlto better support when there are no packages to test (See commit details). - Updates
Files.ymlsync settings for a few repositories using the CLANGPDB CI (See commit details).
Testing for (1):
- https://github.com/Javagedes/mu_crypto_release/actions/runs/23872989748
- https://github.com/microsoft/mu_basecore/actions/runs/24036974499
Testing for (2):
- Updates
-
clangpdb-ci.yml: bugfix comment section @Javagedes (#551)
Change Details
One comment section in the `clangpdb-ci.yml` workflow had `{{}}` sections that did not actually need to be string replaced, but were not wrapped in a raw / endraw tags
This commit wraps said section in the appropriate tags.
-
.sync/PackageCi.yml: Fix Version.njk import path @makubacki (#546)
Change Details
Version.njk is located two levels above the PackageCi.yml.
.sync/
├── Version.njk *
└── workflows/
└── leaf/
└── PackageCi.yml *This resolves an error during file sync after commit ec8aaf3:
Repo File Sync
(mu_devops/.sync/workflows/leaf/PackageCi.yml)
Template render error: (mu_devops/.sync/workflows/leaf/PackageCi.yml)
Error: template not found: mu_devops/.sync/workflows/Version.njk
Full Changelog: v18.0.4...v18.0.5
Contributors
Assets 2
v18.0.4
What's Changed
-
Add github workflows for stuart CI Builds @Javagedes (#545)
Change Details
This pull request adds two new workflows and a github action that are reusable across repositories that use the Stuart CI system.
New Actions
stuart-ciactionThis action is an OS agnostic action that will setup the stuart environment (
stuart_setup,stuart_ci_setup,stuart_update) and runstuart_ci_buildwith the specified configurations. It provides a single output,log-pathwhich is a path to all logs generated by this action. It has some performance increases like caching the .git/modules folder.PackageCiworfklowThis workflow is an OS agnostic workflow that will setup the entire runner environment and run CI on the specified packages. This workflow will generate a build matrix using the provided configuration input to test multiple packages under multiple conditions. The
package-configinput is a json string that contains all matrix configuration for the job (e.g. the input is passed directly tostrategy.matrix(Examples below). This input string can be hardcoded or automatically generated. It has some performance increases like caching the python version and python dependencies.PackageMatrixworfklowThis workflow is used to generate a matrix configuration that is consumed by the
PackageCiworfklow. This workflow works by discovering all packages in a repository and generating a configuration for it. This workflow has two main inputs: (1)default-configwhich is the default list of matrix configurations to apply for each discovered package in the workspace and (2)package-configwhich is a way to define more specific configuration for a specific package, which will replace thedefault-config.PackageMatrixalso supports runningstuart_ci_build, which will filter the discovered packages in the workspace to only package's that actually need to be tested. This is useful as it prevents generating a runner for a package that does not need tested.Usage Examples
The three actions / workflows above are not sync'd to repositories. It is expected that a repository maintains its own final github workflow that consumes these packages with it's specific configuration. An example can be seen below
Example Leaf node worfklow
# A workflow to build EDKII packages using the CLANGPDB toolchain in windows and ubuntu environments. ## # Copyright (c) Microsoft Corporation. # # SPDX-License-Identifier: BSD-2-Clause-Patent ## name: CLANGPDB Package CI on: workflow_dispatch: push: branches: - release/202511 pull_request: branches: - release/202511 jobs: package-matrix: name: Gather Repository Packages uses: microsoft/mu_devops/.github/workflows/PackageMatrix.yml@personal/joeyvagedes/ci-workflow with: ci-config: '.pytool/CISettings.py' # Manually declared package configurations. package-config: | - packages: MdeModulePkg targets: RELEASE toolchain: CLANGPDB - packages: MdeModulePkg targets: DEBUG toolchain: CLANGPDB # Default config applied to any undeclared packages in the repo default-config: | targets: ["DEBUG,RELEASE"] toolchain: ["CLANGPDB"] python-version: '3.12' windows-ci: name: Windows CLANGPDB CI if: ${{ needs.package-matrix.outputs.matrix != '' }} needs: package-matrix uses: microsoft/mu_devops/.github/workflows/PackageCi.yml@personal/joeyvagedes/ci-workflow with: package-config: ${{ needs.package-matrix.outputs.matrix }} runner: windows-latest python-version: '3.12' setup-cmd: setup ubuntu-ci: name: Ubuntu CLANGPDB CI if: ${{ needs.package-matrix.outputs.matrix != '' }} needs: package-matrix uses: microsoft/mu_devops/.github/workflows/PackageCi.yml@personal/joeyvagedes/ci-workflow with: package-config: ${{ needs.package-matrix.outputs.matrix }} runner: ubuntu-latest container: ghcr.io/microsoft/mu_devops/ubuntu-24-test:latest python-version: '3.12' setup-cmd: setup
Example CI runs
Below is an example of a pull request that generates a large amount of runners because it changes file that is not specific to a package, which results in all packages needing tested:
Below is an example of a pull request that generates only a few runners, as stuart_pr_eval decided only a few packages required testing:
-
.sync/codeql-platform.yml: Use GitHub TF-Hafnium mirrors @makubacki (#542)
Change Details
Replaces nested submodule URLs with GitHub mirrors to avoid issues with git.trustedfirmware.org being down.
-
Actions: Group dependabot and github actions PR updates @apop5 (#540)
Change Details
Group the dependabot pip updates into a single PR instead of individual PRs.
Group dependabot github action updates into a single PR instead of a group of PRs.
-
Update actions/create-github-app-token from @2 to @3 @apop5 (#541)
Change Details
actions/create-github-app-token
No breaking changes for this usages
-
.sync/MuDevOpsWrapper.yml: Add extra\_steps parameter @makubacki (#536)
Change Details
Jobs/PrGate.yml has an `extra_steps` parameter that allows for additional steps to run before it calls Steps/PrGate.yml.
This change allows a MuDevopsWrapper.yml pipeline to pass through build steps using this parameter.
-
Remove depreciated repos from filesync @apop5 (#530)
Change Details
With mu_tiano_plus, mu_silicon_intel_tiano, mu_silicon_arm_tiano being depreciated, remove those repos as filesync targets.
-
Containers: Prepare for GCC5 to GCC switch @apop5 (#529)
Change Details
EDK2 is moving towards depreciating the GCC5 toolchain in favor of the GCC tool chain.
To prepare for this, create exports for both GCC5 and GCC to allow container builds to use either.
-
Bump upload-artifact from v6 to v7 @apop5 (#531)
Change Details
Updates codeql sync file to use upload-artifact@v7
Full Changelog: v18.0.3...v18.0.4
Contributors
Assets 2
v18.0.3
What's Changed
-
Version.njk: Update the Mu DevOps version to v18.0.3 @makubacki (#527)
Change Details
Updates Mu repos to use the latest Mu DevOps release.
-
Version.njk: Update n,n-1 to 202511, 202502 @apop5 (#526)
Change Details
Update version.njk to target 202511 and 202502 as the n and n-1 branches.
-
CodeQl: Support repos with no packages. @apop5 (#525)
Change Details
The codeql workflow will attempting to locate Packages by finding folders ending with pkg and then attempting to find a .dsc located within that folder.
For repos without any valid pkgs, the codeql workflow will generate an empty matrix. Adding a package_count variable to differentiate this scenario and gate creating and empty matrix.
Most repos list the codeql Analyze task as a required check. With an empty matrix, this would fail. Skipping the Analyze task would result in a pending check that will never execute.
Modify the codeql to create an empty sarif file when the package_count is zero and upload this. This will allow the Analyze step to run and pass CI when a repo contains no valid packages that can have results uploaded.
This is being handled in this manor to allow the same CI checks to exist for repos which still contain a valid release/202502 branch, and a release/202511 branch which deprecates the repo.
-
CodeQl: Update to verify IA32/X64 package compat @apop5 (#523)
Change Details
With moving ArmPkg and ArmPlatformPkg into mu_basecore, the existing codeql workflow (which only runs under windows target under IA32/X64) needs to account for packages which only support AARCH64.
Add a couple of lines to filter packages based on their DSC file's SUPPORTED_ARCHITECTURES, and exclude packages which cannot be run.
-
Update cache action to v5 @makubacki (#521)
Change Details
Updates to the latest version. Prevents file sync from trying sync an older version.
-
.sync: Update checkout action from v5 to v6 @makubacki (#520)
Change Details
Updates to the latest version. Prevents a file sync from overwriting the version back to v5.
-
rust\_toolchain update to 1.92.0 @antklein (#518)
Change Details
Update to rust toolchain 1.92.0 Pending PR for mu_plus to meet new clippy requirements. https://github.com/microsoft/mu_plus/pull/804
Testing:
- Validated rust toolchain 1.92.0 does not break common cargo make scenarios for the following repositories.
- microsoft/mu_plus
- microsoft/mu_rust_helpers
- microsoft/mu_rust_hid
- microsoft/mu_rust_pi
Testing steps:
- Update the rust-toolchain.toml to toolchain version 1.92.0
cargo updatecargo make buildcargo make testcargo make clippycargo make fmt
Any errors or build failures will be addressed in the corresponding repository before this PR is completed.
- Validated rust toolchain 1.92.0 does not break common cargo make scenarios for the following repositories.
-
Update actions/checkout from v5 to v6 @apop5 (#517)
Change Details
Update filesync files and local actions to use actions/checkout@v6
-
Version.njk update mu\_devops from v18.0.0 to v18.0.2 @apop5 (#511)
Change Details
v18.0.1 was released, but the Version.njk was not updated so file sync is still referencing the older version.
</blockquote> <hr> </details>
Full Changelog: v18.0.2...v18.0.3
Contributors
Assets 2
v18.0.2
What's Changed
-
Dependabot: Update syntax for ignore dependency names. @apop5 (#512)
Change Details
Dependabot created a lot of update PRs for mu_devops actions. This was tracked back to dependabot configuration needing its syntax tweaked.
Relevant section:
dependency-name | Ignore updates for dependencies with matching names, optionally using * to match zero or more characters.
This week was the first time dependabot created individual PRs for the mu_devops actions.
I suspect this has always been an issue. I am not aware of a case where mu_devops was tagged and there way a week's gap between version.njk being updated and file sync run.
-
Minor fixup: Do not extract iasl nuget package to root @vineelko (#505)
Change Details
Do not extract iasl nuget package to root, because of which we are not cleaning the `iasl` completely because the following line `cd .. && rm -rf iasl_temp` assumes all the extracted contents are in `iasl_temp`
Signed-off-by: Vineel Kovvuri[MSFT] vineelko@microsoft.com
-
Updating actions/upload-artifact from v4 to v5 @apop5 (#506)
Change Details
According to release notes, the major change is supporting Node v24.x, which should not matter when consumed in the github action.
-
Configure dependabot to ignore CodeQL action updates @makubacki (#503)
Change Details
The CodeQL action is exclusively used in workflows synced from mu_devops. Prevent dependabot from creating PRs for it in individual repos.
-
Updates the following CodeQL actions from v3 to v4 @makubacki (#502)
Change Details
- github/codeql-action/init - github/codeql-action/analyze - github/codeql-action/upload-sarif
Dependabot currently has updates out to individual repos but the files in /.sync need to be updated here so they are not overwritten in future file syncs.
Full Changelog: v18.0.1...v18.0.2
Contributors
Assets 2
v18.0.1
What's Changed
-
label-issues/file-paths.yml: Add `-changed-files` @makubacki (#500)
Change Details
Follows the latest config format to specify file types that have labels applied.
See: https://github.com/actions/labeler?tab=readme-ov-file#basic-examples
Adds compatibility to the file to prevent this issue when running against the v6.0.1 actions/labeler action:
found unexpected type for label 'language:python' (should be array of config options)
-
Version.njk: Update the Mu DevOps version to v18.0.0 @makubacki (#497)
Change Details
Updates Mu repos to use the latest Mu DevOps release.
-
CodeQL workflows: Remove dev branch trigger @makubacki (#498)
Change Details
Does not trigger the workflow on the dev branch since the dev branch concept has been dropped from Project Mu.
One more reference found that is not needed.
-
Files.yml: Sync release-draft.yml as a template @makubacki (#496)
Change Details
Previously a parameter was provided. Now, just set `template:true` to the file is treated as a template during syncing.
Small update that's needed for the file sync.
Full Changelog: v18.0.0...v18.0.1
Contributors
Assets 2
v18.0.0
What's Changed
-
Prevent dependabot from attempting to update Features/Ffa in mu\_tiano\_platforms @apop5 (#493)
Change Details
Add Feature/FFA to the list of submodules that dependabot should not attempt to update.
Feature/FFA should be handled though submodule updater.
-
Bump action/setup-ptyhon from 5 to 6, Bump action/github-script from 7 to 8 @apop5 (#491)
Change Details
Updating actions for the sync files for all repos.
⚠️ Breaking Changes
-
Remove dev branch support @makubacki (#495)
Change Details
Project Mu is dropping the concept of "dev" and "release" branches in favor of having only a "release" branch. This change reverts support added for the branch split.
🚀 Features & ✨ Enhancements
-
Remove dev branch support @makubacki (#495)
Change Details
Project Mu is dropping the concept of "dev" and "release" branches in favor of having only a "release" branch. This change reverts support added for the branch split.
Full Changelog: v17.0.1...v18.0.0
Contributors
Assets 2
v17.0.1
What's Changed
-
Rust setup: Use UID / GID @Javagedes (#484)
Change Details
Depending on the pipeline runner, the account name created in the container may be `azure_pipelines_docker` or `docker_azpcontainer`, leading to issues in setting the permissions that allow us to create or move files for rust setup / rust testing. It was seen that regardless of the name, the actual UID / GID that they are using is always 1001, so we instead hardcode the UID/GID value instead of the name.
This has proven to work here:
-
Update mu\_devops version for pipelines @Javagedes (#482)
Change Details
Step 7 to fully update the rust version to 1.85 to 1.89 as defined in
Full Changelog: v17.0.0...v17.0.1
Contributors
Assets 2
v17.0.0
What's Changed
-
Remove mu\_tiano\_platforms from rust CI sync. @apop5 (#478)
Change Details
Do not sync rust CI files to mu_tiano_platforms.
mu_tiano_platforms will deprecate the current rust support during next file sync.
⚠️ Breaking Changes
-
Update container to 737aacc @Javagedes (#481)
Change Details
Step 4 to fully update the rust version to 1.85 to 1.89 as defined in [ReadMe#steps-for-updating-rust-toolchain](https://github.com/microsoft/mu_devops/?tab=readme-ov-file#steps-for-updating-rust-tool-chain).
-
Update rust version to 1.89 @Javagedes (#479)
Change Details
Step 1 to fully update the rust version to 1.85 to 1.89 as defined in [ReadMe#steps-for-updating-rust-toolchain](https://github.com/microsoft/mu_devops/?tab=readme-ov-file#steps-for-updating-rust-tool-chain).
Full Changelog: v16.0.1...v17.0.0
Contributors
Assets 2
v16.0.1
What's Changed
-
Version.njk: Update Ubuntu-24 container to 71390ed @makubacki (#477)
Change Details
Updates to the latest container build with the components included for the Hafnium build.
-
Containers/Ubuntu-22: Add disutils for QEMU build @makubacki (#476)
Change Details
Install distutils to resolve the following issue building QEMU:
39.05 python determined to be '/usr/bin/python3' 39.05 python version: Python 3.12.11 39.16 mkvenv: Creating non-isolated virtual environment at 'pyvenv' 39.42 39.42 *** Ouch! *** 39.42 39.42 found no usable distlib, please install it
Note: Ubuntu-22 build verified with these changes here https://github.com/microsoft/mu_devops/actions/runs/17243889671/job/48928359995.
-
Version.njk: Update the Mu DevOps version to v16.0.0 @makubacki (#474)
Change Details
Updates Mu repos to use the latest Mu DevOps release.
Full Changelog: v16.0.0...v16.0.1
Contributors
Assets 2
v16.0.0
What's Changed
⚠️ Breaking Changes
-
Rust CI Updates [Rebase \& FF] @makubacki (#471)
Change Details
Series of changes to reduce file sync overhead, increase Rust testing across Mu repos, and improve consistency of Rust environment configuration across repos.
.sync/Files.yml: Remove some Rust file syncs
- Removes RustSetupSteps.yml and SetupPythonPreReqs.yml from being
synced. They will be referenced as templates in mu_devops. - Removes Rust related files from being synced to mu_basecore since
it does not have any Rust code and this will reduce file sync
overhead and overall maintenance complexity in the repo.
.sync/Files.yml: Sync Rust config files to all Rust repos
Ensure consistency in Mu repos with Rust code by syncing the
following files to all repos:- rust-toolchain.toml
- rustfmt.toml
- Makefile.toml
- .cargo/config.toml
Makefile.toml: Add new cargo make tasks
Add the following tasks:
doc- To build docs.doc-open- To build and open docs.fmt- To run fmt.all- To run all cargo make tasks used in CI.
Update Rust Cargo Steps
- Delete the workflow being synced to merge the checks into existing
pipeline flows. - Call
RustCargoSteps.ymlfrom PrGate.yml. - Allow task specifics to be controlled via the
cargo make all
command in a given repo and simply call that from the pipeline.
.sync/rust-toolchain.toml: Add common components
Add common Rust components to be installed with the toolchain.
- Removes RustSetupSteps.yml and SetupPythonPreReqs.yml from being
Full Changelog: v15.0.4...v16.0.0