What's Changed

⚠️ Breaking Changes

The container feed switched from ghcr.io/tianocore/containers
to ghcr.io/microsoft/mu_devops.

Note: This is marked as a breaking change because of the distro change
from Fedora to Ubuntu. Commands run inside the container such as those
interacting with the package manager need to be reviewed and updated.

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.5.4...v3.0.0

What's Changed

New repos:

• microsoft/mu_common_intel_min_platform
• microsoft/mu_oem_sample
• microsoft/mu_plus
• microsoft/mu_silicon_arm_tiano
• microsoft/mu_silicon_intel_tiano
• microsoft/mu_tiano_plus
  
  

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.5.3...v2.5.4

What's Changed

The exclude-labels configuration option does work. This change
adds a new label type:dependabot to dependabot PRs (via the
dependabot config file) and uses the exclude-labels option in
the release-drafter config file to exclude those PRs from release
notes.

Submodules are currently updated by either dependabot or the
submodule-release-updater GitHub action local to mu_devops. Since
submodules are recursive to repo consumers and to keep those
consistently in the release notes, the type:dependabot label is
not added to dependabot submodule updates keeping those updates in
the release notes.

Sizes:
Build - 2.74 Gb
Test - 3.63 Gb
Dev - 3.63 Gb

• mu_feature_config
• mu_feature_mm_supv
  
  

📖 Documentation Updates

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.5.2...v2.5.3

What's Changed

General release info: https://github.com/microsoft/mu_devops/releases

🐛 Bug Fixes

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.5.1...v2.5.2

What's Changed

This treats the following strings as "empty":

• ""
• " "
  
  

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.5.0...v2.5.1

What's Changed

• Fedora 37 image contents
• 3b3eb8f

Summary of updates:

• Enable GTK on Fedora QEMU
• Install vim and nano
• Set up a user to match the outside user
• Add the user to the sudo/wheel group to allow them to use sudo, and set a password

Signed-off-by: Michael Kubacki [email protected]

🚀 Features & ✨ Enhancements

Adds a new GitHub workflow that runs when an issue is assigned.

While additional behavior can be added in the future, right now the
workflow only removes the state:needs-owner label if present.

🐛 Bug Fixes

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.4.1...v2.5.0

What's Changed

Signed-off-by: Michael Kubacki [email protected]

Signed-off-by: Michael Kubacki [email protected]

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.4.0...v2.4.1

What's Changed

This prevents CI resources from building changes that may not actually
be merged for a while (and need to be rebuilt later again).

Rebasing can be done manually in the dependabot PR either through
the GitHub UI or the dependabot command or via a push to the
dependabot PR branch.

🚀 Features & ✨ Enhancements

Changes:

1. .github/actions: Add initial Submodule Release Updater GitHub Action

Adds an action that checks if any submodules in a repository have a
GitHub release available. If so, the submodule is updated to the
latest release and a pull request is made in the repository for
the submodule update.

2. .sync/Files.yml: Sync Submodule Release Update workflow

Syncs a new workflow to update submodules to the latest GitHub
release to mu_tiano_platforms.

3. .sync/Version.njk: Update Mu repos to Mu DevOps v2.4.0

Updates to v2.4.0 so the GitHub action is available.

Changes since last release:
https://github.com/microsoft/mu_devops/compare/v2.3.0...v2.4.0

General release info: https://github.com/microsoft/mu_devops/releases

• Example Action Run on Fork

Example Pull Requests Created by the Action (on fork):

• Bump MU_BASECORE from 2022080001.1.0 to 2022080001.2.1
• Bump Features/DFCI from 2.0.2 to 2.3.1

Signed-off-by: Michael Kubacki [email protected]

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.3.3...v2.4.0

What's Changed

• release-draft.yml - Leaf workflow
• release-draft-config.yml - Action config file

Signed-off-by: Michael Kubacki [email protected]

Signed-off-by: Michael Kubacki [email protected]

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.3.2...v2.3.3

What's Changed

🐛 Bug Fixes

Also works around a setup-python task issue that fails to ignore cache
contents if they do not previously exist and are not populated during the job.

Signed-off-by: Michael Kubacki [email protected]

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.3.1...v2.3.2

What's Changed

See the following article for more information about options:. https://learn.microsoft.com/en-us/azure/devops/pipelines/process/container-phases?view=azure-devops#options

Caching happens automatically based on pip-requirements.txt.

https://github.com/actions/setup-python#caching-packages-dependencies

Every job before:

Run pip install -r pip-requirements.txt --upgrade
Collecting edk2-pytool-library==0.14.0
  Downloading edk2_pytool_library-0.14.0-py3-none-any.whl (468 kB)
     -------------------------------------- 468.7/468.7 kB 2.7 MB/s eta 0:00:00
Collecting edk2-pytool-extensions==0.22.2
  Downloading edk2_pytool_extensions-0.22.2-py3-none-any.whl (2.5 MB)
     ---------------------------------------- 2.5/2.5 MB 10.7 MB/s eta 0:00:00
Collecting edk2-basetools==0.1.29
  Downloading edk2_basetools-0.1.29-py3-none-any.whl (1.3 MB)
     ---------------------------------------- 1.3/1.3 MB 4.5 MB/s eta 0:00:00
Collecting antlr4-python3-runtime==4.12.0
  Downloading antlr4_python3_runtime-4.12.0-py3-none-any.whl (144 kB)
     -------------------------------------- 144.4/144.4 kB 2.2 MB/s eta 0:00:00
Collecting regex==2023.3.23
  Downloading regex-2023.3.23-cp311-cp311-win_amd64.whl (267 kB)
     -------------------------------------- 267.7/267.7 kB 2.4 MB/s eta 0:00:00
...

Jobs after:

Run pip install -r pip-requirements.txt --upgrade
Collecting edk2-pytool-library==0.14.0
  Using cached edk2_pytool_library-0.14.0-py3-none-any.whl (468 kB)
Collecting edk2-pytool-extensions==0.22.2
  Using cached edk2_pytool_extensions-0.22.2-py3-none-any.whl (2.5 MB)
Collecting edk2-basetools==0.1.29
  Using cached edk2_basetools-0.1.29-py3-none-any.whl (1.3 MB)
Collecting antlr4-python3-runtime==4.12.0
  Using cached antlr4_python3_runtime-4.12.0-py3-none-any.whl (144 kB)
Collecting regex==2023.3.23
  Using cached regex-2023.3.23-cp311-cp311-win_amd64.whl (267 kB)
...

Signed-off-by: Michael Kubacki [email protected]

General release info: https://github.com/microsoft/mu_devops/releases

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.3.0...v2.3.1

What's Changed

Proposal to add a variable to prevent the checkout step for those repos /containers that have already taken the step.

##[error]Task 'Command Line' is using legacy execution handler which is not supported in container execution flow.

Changed all CmdLine@1 tasks to use CmdLine@2.

Closes #145

14d2aba image

• Fedora 35 image contents
• Fedora 37 image contents

Summary of updates:

• Fedora 35 to Fedora 37 (minimal image)
  • NEW: gcc for LoongArch (2022-09-06)
  • UPDATED: gcc 11.2.1 to gcc 12.2 (x86, x64, arm, aarch64, riscv)
  • UPDATED: Python 3.10 to Python 3.11
  • UPDATED: Qemu 6.10 to Qemu 7.2 (x86, arm, aarch64)
  • NO CHANGE: nasm 2.15.05

🚀 Features & ✨ Enhancements

Issue #84

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.2.3...v2.3.0

What's Changed

Signed-off-by: Michael Kubacki [email protected]

Signed-off-by: Michael Kubacki [email protected]

• microsoft/mu_feature_config
• microsoft/mu_feature_ipmi
• microsoft/mu_oem_sample
• microsoft/mu_silicon_arm_tiano

The workflow is now synced to all Mu repos with large amounts of
C code except mu_tiano_platforms. That will be included in a
future change.

Signed-off-by: Michael Kubacki [email protected]

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.2.2...v2.2.3

What's Changed

It is redundant and particularly impactful on Windows as discussed
below:

https://github.com/msysgit/msysgit/wiki/Git-cannot-create-a-file-or-directory-with-a-long-path

This especially causes an issue in a Mu repository at the moment
(mu_common_intel_min_platform) due to its longer name which is
repeated twice in the path (as <repo-name>).

This change is limited to the GitHub CodeQL workflow and was found
to resolve the issue encountered and not raise any additional issues
in this workflow in testing.

Signed-off-by: Michael Kubacki [email protected]

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.2.1...v2.2.2

What's Changed

Signed-off-by: Michael Kubacki [email protected]

This workflow has the following features to support
maintainability across the repos it is synced to:

• The packages are auto discovered and a dynamic matrix
  is generated for each package build. This allows the
  same file to work as-is in each repo that performs
  CI builds (packages are in the repo root directory).

• The Mu Basecore plugin directory is auto discovered
  in the workspace based on the presence of the CodeQL
  plugin being present in the directory.

• The operations supported by the Stuart CI script are
  dynamically discovered.

• CodeQL is only run on Windows agents. There is a known
  issue when building edk2-style code on Linux so this
  avoids encountering that issue.

  See: https://github.com/github/codeql-action/issues/1338

• The Windows CodeQL CLI package is about 260MB at this time.

  The GitHub Action cache is used by this workflow to cache
  the CLI after it is initially pulled down in the Stuart ext
  dep update.

• The CLI ext dep directory name and version used for caching
  are read from the ext_dep YAML file to reduce maintenance
  needed in the workflow if the file changes in the future.

Note that the SARIF file for each run is uploaded as a per-package
artifact. These can be downloaded and opened in VS Code with the
SARIF Viewer extension to view issues locally with the ability
to click to issue locations in files.

Signed-off-by: Michael Kubacki [email protected]

General release info: https://github.com/microsoft/mu_devops/releases

Signed-off-by: Michael Kubacki [email protected]

  </blockquote>
  <hr>
</details>

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.2.0...v2.2.1

What's Changed

🚀 Features & ✨ Enhancements

Breaking changes are identified with the GitHub label:
impact:breaking-change

Prior to this change, that label rolled the major version of the
repo.

Now, the label also places corresponding changes into a "Breaking
Changes" section of the release notes so it is easy for consumers
to see breaking changes in a release.

Signed-off-by: Michael Kubacki [email protected]

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.1.0...v2.2.0

What's Changed

🚀 Features & ✨ Enhancements

Signed-off-by: Michael Kubacki [email protected]

📖 Documentation Updates

Signed-off-by: Michael Kubacki [email protected]

  </blockquote>
  <hr>
</details>

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.0.2...v2.1.0

What's Changed

https://github.com/tianocore/containers/commit/3487a34

Therefore, microdnf will currently fail (not found). This change
updates code using the Fedora 35 container image to switch to dnf.

Signed-off-by: Michael Kubacki [email protected]

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.0.1...v2.0.2

What's Changed

General release Info: https://github.com/microsoft/mu_devops/releases

An important change in this release is reverting the label workflow
from v2.6 to v2.5 to resolve a regression:

https://github.com/microsoft/mu_devops/pull/110

Signed-off-by: Michael Kubacki [email protected]

Commit 6e00a3d added file sync for the release drafter flow to
Project Mu platform and feature repos. However, the config file
used by the workflow must be local to the repo, so it needs to
be synced as well.

This change syncs the config file.

Signed-off-by: Michael Kubacki [email protected]

🐛 Bug Fixes

This update is causing failures to be returned from the action
due to attempting to remove labels that do not exist.

Make an update plan separately and update in the future.

Signed-off-by: Michael Kubacki [email protected]

Full Changelog: https://github.com/microsoft/mu_devops/compare/v2.0.0...v2.0.1

What's Changed

🚀 Features & ✨ Enhancements

Also includes changes to publish artifacts by type to more cleanly
control how they are produced & consumed - binaries, logs, and other.

Integration Notes

This commit updates the major version of mu_devops. This means it
might require integration work that will result in a repo build
breaking unless performed.

• Artifacts are now published under three separate categories of "binaries",
• "logs", and "other"
  • Previously all artifacts were published under "Build Logs $(System.JobName)"
  • Any flows dependent on artifact names will need to be updated
  • Three new templates are provided for reusable publishing of content in these categories:
    1. Steps/BinaryCopyAndPublish.yml
    2. Steps/CommonLogCopyAndPublish.yml
    3. Steps/OtherCopyAndPublish.yml
• Steps/PrGate.yml has a new template parameter - artifacts_identifier
  • This can be used to adjust the name assigned to artifacts so it makes the
    most sense for a given platform
    • The default value is an empty string
    • For most platforms, it is recommended to pass the package name and build target
• Steps/PrGate.yml has new template parameters to control the binary and other
  content published.
  • The default value for both is an empty string

Non-Breaking Change Notes

• There is a new step template to easily publish content from the three artifact
  categories of a given pipeline to NuGet (Steps/NuGet.yml).
  • It is a step template so it can easily access file content already on the job
    build agent.
  • It provides the ability to select which categories of artifacts are published.
• There is a new job template to generate a build matrix. This is tailored toward
  firmware build scenarios that involve groups of packages that are built
  together on a single agent and others that are individually built on a dedicated agent.

Signed-off-by: Michael Kubacki [email protected]

🐛 Bug Fixes

• SECURITY.md:11 MD012/no-multiple-blanks Multiple consecutive blank lines
  [Expected: 1; Actual: 2]
• SECURITY.md:22:84 MD009/no-trailing-spaces Trailing spaces
  [Expected: 0 or 2; Actual: 1]
• SECURITY.md:34 MD012/no-multiple-blanks Multiple consecutive blank lines
  [Expected: 1; Actual: 2]

Signed-off-by: Michael Kubacki [email protected]

Full Changelog: https://github.com/microsoft/mu_devops/compare/v1.8.0...v2.0.0