Releases: microsoft/mu_devops
v9.1.1
What's Changed
-
GitHub Action: Bump robinraju/release-downloader from 1.8 to 1.9 @makubacki (#307)
Change Details
Updates the CodeQL workflows to match the latest version that is being updated by dependabot in relevant repos.
Release notes
Sourced from robinraju/release-downloader's releases.
Release Downloader v1.9
What's Changed
- Correct minor typo in extract action input by
@philostlerin robinraju/release-downloader#666 - Fix broken link to CI status badge on README by
@robinrajuin robinraju/release-downloader#672 - Upgrade node runtime to v20 by
@xelarisin robinraju/release-downloader#673 - Add release name to output variable by
@robinrajuin robinraju/release-downloader#677 - Throw error when a release with no assets are obtained by
@robinrajuin robinraju/release-downloader#678 - Download latest pre-release by
@robinrajuin robinraju/release-downloader#679
Dependancy Updates
- Update dependencies by
@robinrajuin robinraju/release-downloader#671 - Bump
@types/nodefrom 20.9.4 to 20.11.8 by@dependabotin robinraju/release-downloader#674 - Bump
@typescript-eslint/parserfrom 6.12.0 to 6.19.1 by@dependabotin robinraju/release-downloader#675 - Bump eslint from 8.54.0 to 8.56.0 by
@dependabotin robinraju/release-downloader#676
New Contributors
@philostlermade their first contribution in robinraju/release-downloader#666@xelarismade their first contribution in robinraju/release-downloader#673
Full Changelog: robinraju/release-downloader@v1.8...v1.9
Commits
368754bDownload latest prerelease (#679)52c0768Throw error when a release with no assets are obtained (#678)a3ec587Add release name to output variable (#677)216d90dBump eslint from 8.54.0 to 8.56.0 (#676)f70dc82Bump@typescript-eslint/parserfrom 6.12.0 to 6.19.1 (#675)6dd543bBump@types/nodefrom 20.9.4 to 20.11.8 (#674)63ce2a8Upgrade node runtime to v20 (#673)50f312fFix broken link to CI status badge on README (#672)56fac71Update dependencies (#671)0ef9efaCorrect minor typo in extract action input (#666)- Additional commits viewable in compare view
- Correct minor typo in extract action input by
🔐 Security Impacting
-
workflows: Add permissions. @Javagedes (#305)
Change Details
Add permissions to the workflows across mu_devops. This includes the workflows sync'd across repositories, and workflows used in mu_devops itself.
With MU_BASECORE's Settings -> Code and automation -> Actions -> General -> Workflow permissions set to "Read repository contents and packages permissions" selected, I had no failures, with the following tested:
.github/workflows
- AutoMerger.yml - Untested
- FileSyncer.yml - Tested
- IssueAssignment.yml - Tested
- IssueTriager.yml - Tested
- LabelSyncer.yml - Tested
- Labeler.yml - Tested
- ReleaseDrafter.yml - Tested
.sync/workflows/leaf
- auto-approve.yml - Untested
- auto-merge.yml - Untested
- issue-assignment.yml - Tested through IssueAssignment.yml
- label-issues.yml - Tested through Labeler.yml
- label-sync.yml - Tested through LabelSyncer.yml
- pull-request-formatting-validator.yml - Tested Directly
- release-draft.yml - Tested through ReleaseDrafter.yml
- scheduled-maintenance.yml - Tested Directly
- stale.yml - Tested Directly
- submodule-release-update.yml - Untested
- triage-issues.yml - Tested
Full Changelog: v9.1.0...v9.1.1
Contributors
Assets 2
v9.1.0
What's Changed
-
.sync/workflows/codeql: Always remove plugins in .pytools @kenlautner (#302)
Change Details
With the CodeQL plugin moving to BaseTools (from .pytool) starting in release/202311, update the workflow to always remove unnecessary plugins (that slow down the workflow) in .pytools as opposed to relative the CodeQL plugin path.
-
.sync/workflows/codeql: Update sync action to v4 @makubacki (#301)
Change Details
Matches the latest version being propagated by dependabot.
🚀 Features & ✨ Enhancements
-
.sync/workflows/leaf/codeql.yml: Update CodeQL plugin from .pytool to BaseTools @makubacki (#299)
Change Details
The CodeQL plugin moved from .pytool to BaseTools in the Mu Basecore 202311 update. This change first looks for the plugin in BaseTools and falls back to the prior .pytool location if it is not found for backward compatibility with some earlier release branches that have not picked up the change.
Eventually, the .pytool fallback can be removed.
Issue to track removal of the fallback: #300
🐛 Bug Fixes
-
Fix issue with .pytool/Plugin removal which was introduced with the latest codeql.yml change. @kenlautner (#303)
Change Details
The latest codeql.yml change updated the cleanup step to find .pytool/Plugin folder directly instead of using a relevant path form the CodeQL plugin directory.
That change didn't take into account how all branches from release/202302 and older have the .pytool/Plugin version of CodeQL and was deleting all plugins in .pytool besides CompilerPlugin. This change excludes the CodeQL plugin if it exists as well.
Full Changelog: v9.0.6...v9.1.0
Contributors
Assets 2
v9.0.6
What's Changed
-
Rust: Makefile.toml: Add Feature flag support @Javagedes (#298)
Change Details
Adds additional environment variables to the Makefile.toml to set features when building.
setting the variable
FEATURESwill translate to passing--features <features>to the underlying build command.
Full Changelog: v9.0.5...v9.0.6
Contributors
Assets 2
v9.0.5
What's Changed
-
.sync/workflows/leaf: CodeQL workflow changes for upload-artifact v4 @makubacki (#291)
Change Details
Two key new restrictions:
- No more than 10 artifacts per job in a workflow run.
- It is no longer possible to upload to the same named artifact
multiple times.
These workflows can easily split their artifacts up under the 10
artifact limit while also not uploading to the same named artifact
in the process.Full Changelog: v9.0.4...v9.0.5
Contributors
Assets 2
v9.0.4
What's Changed
-
Bump setup-python action from v4 to v5 in sync files @makubacki (#288)
Change Details
Updates the sync files to use v5 so they will match the latest files updated by dependabot in the synced repo. Also updates the version in the file in the submodule-release-updater action.
Full Changelog: v9.0.3...v9.0.4
Contributors
Assets 2
v9.0.3
What's Changed
-
Start file sync for secureboot\_objects repo @apop5 (#285)
Change Details
Adding a first pass of filesync for the secureboot_objects repo.
@makubacki @Flickdm
Please verify that all necessary files are being sycned in this PR.
Full Changelog: v9.0.2...v9.0.3
Contributors
Assets 2
v9.0.2
What's Changed
-
Add secureboot objects repo to notebook queries @apop5 (#282)
Change Details
Adding secureboot_objects repo to the queries for issues and pull requests.
-
pull-request-formatting-validator: Use github-script v7 @makubacki (#281)
Change Details
Ensure that the latest version of the action is synced to other repos (v7).
-
.sync/Version.njk: Update Mu repos to Mu DevOps v9.0.1 @Javagedes (#280)
Change Details
Updates the version.njk file to 9.0.1
Full Changelog: v9.0.1...v9.0.2
Contributors
Assets 2
v9.0.1
What's Changed
-
MuDevOpsWrapper.yml: Bugfix bad value options @Javagedes (#279)
Change Details
the `values` config does not work as variables are not evaluated until the step runs, so what actually gets passed and verified against the `values` config ends up being the string `$(variable_name)`, which always fails as we were saying the value could only be "ado" or "codecov" or ""
This PR updates all yaml files to no longer pass the environment variable as a parameter from
MuDevOpsWrapper->Jobs/PrGate->Steps/PrGate->UploadCodeCoverageand instead uses the environment variable directly inUploadCodeCoverageAll aforementioned yaml files have been updated with documentation on how to generate code coverage.
Full Changelog: v9.0.0...v9.0.1
Contributors
Assets 2
v8.0.0
What's Changed
⚠️ Breaking Changes
-
Jobs/PrGate.yml: Update Code Coverage commands @Javagedes (#273)
Change Details
Updates the Code coverage command to also use the following flags:
CC_FLATTEN=TRUE - de-duplicates source file coverage due to the same source file being used by multiple INFs.
CC_FULL=TRUE - inserts coverage data (correct code line count, but zero lines covered) for all source files in the package that are not present in the original coverage report.
Integration Instructions
Pipelines consuming this change must add pygount to their pip-requirements file.
🚀 Features & ✨ Enhancements
-
Jobs/PrGate.yml: Update Code Coverage commands @Javagedes (#273)
Change Details
Updates the Code coverage command to also use the following flags:
CC_FLATTEN=TRUE - de-duplicates source file coverage due to the same source file being used by multiple INFs.
CC_FULL=TRUE - inserts coverage data (correct code line count, but zero lines covered) for all source files in the package that are not present in the original coverage report.
Integration Instructions
Pipelines consuming this change must add pygount to their pip-requirements file.
Full Changelog: v7.3.0...v8.0.0
Contributors
Assets 2
v7.3.0
What's Changed
🚀 Features & ✨ Enhancements
-
Steps/UploadCodeCoverage.yml: Remove dependency and conditionalize [Rebase \& FF] @makubacki (#274)
Change Details
Contains two changes related to uploading code coverage:
-
Remove edk2toollib dependency
Some repos (like pure Rust repos) are expected not to depend on
pytools. Since the codecov application can simply be run without
RunCmd(), do that and prevent the need for those repos to depend
on edk2toollib or unnecessary logic in the pipelines to bring it in. -
Conditionalize coverage upload steps on codecov token presence
Some repos may not upload to codecov for various reasons. Those repos
won't set the code coverage token so conditionalize the upload steps
on the token.
Will unblock microsoft/mu_rust_hid#12
-
Full Changelog: v7.2.0...v7.3.0