├── .azurepipelines
├── GetCargoBinstall.yml
├── GetCargoMake.yml
└── GetCargoTarpaulin.yml
├── .github
├── Labels.yml
├── actions
│ ├── rust-tool-cache
│ │ └── action.yml
│ └── submodule-release-updater
│ │ ├── ReadMe.md
│ │ └── action.yml
├── dependabot.yml
├── release-draft-config.yml
└── workflows
│ ├── Build-Containers.yml
│ ├── CodeQl.yml
│ ├── FileSyncer.yml
│ ├── IssueAssignment.yml
│ ├── IssueTriager.yml
│ ├── LabelSyncer.yml
│ ├── Labeler.yml
│ ├── ReleaseDrafter.yml
│ ├── ReleaseWorkflow.yml
│ ├── Stale.yml
│ ├── label-sync.yml
│ ├── pull-request-formatting-validator.yml
│ ├── release-draft.yml
│ ├── scheduled-maintenance.yml
│ └── stale-leaf.yml
├── .gitignore
├── .markdownlint.yaml
├── .sync
├── Files.yml
├── ReadMe.rst
├── Version.njk
├── actions
│ └── submodule-release-updater-action.yml
├── azure_pipelines
│ ├── MuDevOpsWrapper.yml
│ ├── RustSetupSteps.yml
│ └── SetupPythonPreReqs.yml
├── ci_config
│ └── .markdownlint.yaml
├── containers
│ ├── Ubuntu-22
│ │ └── Dockerfile
│ └── Ubuntu-24
│ │ └── Dockerfile
├── dependabot
│ ├── actions-pip-submodules.yml
│ └── actions-pip.yml
├── devcontainer
│ └── devcontainer.json
├── git_templates
│ └── gitattributes_template.txt
├── github_templates
│ ├── ISSUE_TEMPLATE
│ │ ├── bug_report.yml
│ │ ├── config.yml
│ │ ├── documentation_request.yml
│ │ └── feature_request.yml
│ ├── contributing
│ │ └── CONTRIBUTING.md
│ ├── licensing
│ │ ├── project_mu_and_tianocore_license.txt
│ │ ├── project_mu_license.txt
│ │ └── tianocore_license.txt
│ ├── pull_requests
│ │ └── pull_request_template.md
│ └── security
│ │ └── SECURITY.md
├── rust_config
│ ├── Makefile.toml
│ ├── config.toml
│ ├── rust-toolchain.toml
│ └── rustfmt.toml
└── workflows
│ ├── config
│ ├── label-issues
│ │ ├── file-paths.yml
│ │ └── regex-pull-requests.yml
│ ├── release-draft
│ │ └── release-draft-config.yml
│ └── triage-issues
│ │ └── advanced-issue-labeler.yml
│ └── leaf
│ ├── backport-to-release-branch.yml
│ ├── codeql-platform.yml
│ ├── codeql.yml
│ ├── issue-assignment.yml
│ ├── label-issues.yml
│ ├── label-sync.yml
│ ├── publish-release.yml
│ ├── pull-request-formatting-validator.yml
│ ├── release-draft.yml
│ ├── scheduled-maintenance.yml
│ ├── stale.yml
│ ├── submodule-release-update.yml
│ └── triage-issues.yml
├── Containers
├── Readme.md
├── Ubuntu-22
│ └── Dockerfile
└── Ubuntu-24
│ └── Dockerfile
├── Jobs
├── CreateBuildMatrix.yml
├── GenerateTag.yml
├── PrGate.yml
└── Python
│ └── RunDevTests.yml
├── LICENSE.txt
├── Notebooks
├── MyPullRequests.github-issues
├── OpenIssues.github-issues
├── PullRequests.github-issues
└── ReadMe.md
├── ReadMe.rst
├── RepoDetails.md
├── SECURITY.md
├── Scripts
├── DownloadCargoBinaryFromGitHub
│ ├── DownloadCargoBinaryFromGitHub.py
│ └── Readme.md
└── TagGenerator
│ ├── Readme.md
│ └── TagGenerator.py
└── Steps
├── BinaryCopyAndPublish.yml
├── BuildBaseTools.yml
├── BuildPlatform.yml
├── CommonLogCopyAndPublish.yml
├── DownloadAzurePipelineArtifact.yml
├── FetchGitHubFile.yml
├── InstallCoverageTools.yml
├── InstallMarkdownLint.yml
├── InstallSpellCheck.yml
├── NuGet.yml
├── OtherCopyAndPublish.yml
├── PrGate.yml
├── PublishCodeCoverage.yml
├── Python
├── RunFlake8Tests.yml
└── RunPytest.yml
├── RunMarkdownLint.yml
├── RunPatchCheck.yml
├── RunSpellCheck.yml
├── RustCargoSteps.yml
├── RustSetupSteps.yml
├── SetNodeVersion.yml
├── SetupPythonPreReqs.yml
├── SetupToolChainTagPreReqs.yml
└── UploadCodeCoverage.yml
/.azurepipelines/GetCargoBinstall.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipeline to download Cargo Binstall and save it as a pipeline artifact that
3 | # can be accessed by other pipelines.
4 | #
5 | # Copyright (c) Microsoft Corporation. All rights reserved.
6 | # SPDX-License-Identifier: BSD-2-Clause-Patent
7 | ##
8 |
9 | schedules:
10 | # At 1:00 on Monday
11 | # https://crontab.guru/#0_1_*_*_1
12 | - cron: 0 1 * * 1
13 | branches:
14 | include:
15 | - main
16 | always: true
17 |
18 | jobs:
19 | - job: Update_Cargo_Binstall
20 | displayName: Update Cargo Binstall
21 |
22 | pool:
23 | vmImage: windows-latest
24 |
25 | steps:
26 | - checkout: self
27 | clean: true
28 | fetchDepth: 1
29 | fetchTags: false
30 |
31 | - script: pip install requests --upgrade
32 | displayName: Install and Upgrade pip Modules
33 | condition: succeeded()
34 |
35 | - task: PythonScript@0
36 | displayName: Download and Stage Cargo Binstall
37 | env:
38 | BINARIES_DIR: "$(Build.BinariesDirectory)"
39 | BINARY_NAME: "cargo-binstall"
40 | DOWNLOAD_DIR: "$(Build.ArtifactStagingDirectory)"
41 | REPO_URL: "https://api.github.com/repos/cargo-bins/cargo-binstall/releases"
42 | inputs:
43 | scriptSource: filePath
44 | scriptPath: Scripts/DownloadCargoBinaryFromGitHub/DownloadCargoBinaryFromGitHub.py
45 | workingDirectory: $(Agent.BuildDirectory)
46 | condition: succeeded()
47 |
48 | - task: PublishBuildArtifacts@1
49 | displayName: Publish Cargo Binstall
50 | retryCountOnTaskFailure: 3
51 | inputs:
52 | PathtoPublish: $(Build.BinariesDirectory)
53 | ArtifactName: Binaries
54 | condition: succeeded()
55 |
--------------------------------------------------------------------------------
/.azurepipelines/GetCargoMake.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipeline to download Cargo Make and save it as a pipeline artifact that
3 | # can be accessed by other pipelines.
4 | #
5 | # Copyright (c) Microsoft Corporation. All rights reserved.
6 | # SPDX-License-Identifier: BSD-2-Clause-Patent
7 | ##
8 |
9 | schedules:
10 | # At 1:00 on Monday
11 | # https://crontab.guru/#0_1_*_*_1
12 | - cron: 0 1 * * 1
13 | branches:
14 | include:
15 | - main
16 | always: true
17 |
18 | jobs:
19 | - job: Update_Cargo_Make
20 | displayName: Update Cargo Make
21 |
22 | pool:
23 | vmImage: windows-latest
24 |
25 | steps:
26 | - checkout: self
27 | clean: true
28 | fetchDepth: 1
29 | fetchTags: false
30 |
31 | - script: pip install requests --upgrade
32 | displayName: Install and Upgrade pip Modules
33 | condition: succeeded()
34 |
35 | - task: PythonScript@0
36 | displayName: Download and Stage Cargo Make
37 | env:
38 | BINARIES_DIR: "$(Build.BinariesDirectory)"
39 | BINARY_NAME: "cargo-make"
40 | DOWNLOAD_DIR: "$(Build.ArtifactStagingDirectory)"
41 | REPO_URL: "https://api.github.com/repos/sagiegurari/cargo-make/releases"
42 | inputs:
43 | scriptSource: filePath
44 | scriptPath: Scripts/DownloadCargoBinaryFromGitHub/DownloadCargoBinaryFromGitHub.py
45 | workingDirectory: $(Agent.BuildDirectory)
46 | condition: succeeded()
47 |
48 | - task: PublishBuildArtifacts@1
49 | displayName: Publish Cargo Make
50 | retryCountOnTaskFailure: 3
51 | inputs:
52 | PathtoPublish: $(Build.BinariesDirectory)
53 | ArtifactName: Binaries
54 | condition: succeeded()
55 |
--------------------------------------------------------------------------------
/.azurepipelines/GetCargoTarpaulin.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipeline to download Cargo Tarpaulin and save it as a pipeline artifact that
3 | # can be accessed by other pipelines.
4 | #
5 | # Copyright (c) Microsoft Corporation. All rights reserved.
6 | # SPDX-License-Identifier: BSD-2-Clause-Patent
7 | ##
8 |
9 | schedules:
10 | # At 1:00 on Monday
11 | # https://crontab.guru/#0_1_*_*_1
12 | - cron: 0 1 * * 1
13 | branches:
14 | include:
15 | - main
16 | always: true
17 |
18 | jobs:
19 | - job: Update_Cargo_Tarpaulin
20 | displayName: Update Cargo Tarpaulin
21 |
22 | pool:
23 | vmImage: windows-latest
24 |
25 | steps:
26 | - checkout: self
27 | clean: true
28 | fetchDepth: 1
29 | fetchTags: false
30 |
31 | - script: pip install requests --upgrade
32 | displayName: Install and Upgrade pip Modules
33 | condition: succeeded()
34 |
35 | - task: PythonScript@0
36 | displayName: Download and Stage Cargo Tarpaulin
37 | env:
38 | BINARIES_DIR: "$(Build.BinariesDirectory)"
39 | BINARY_NAME: "cargo-tarpaulin"
40 | DOWNLOAD_DIR: "$(Build.ArtifactStagingDirectory)"
41 | REPO_URL: "https://api.github.com/repos/xd009642/tarpaulin/releases"
42 | inputs:
43 | scriptSource: filePath
44 | scriptPath: Scripts/DownloadCargoBinaryFromGitHub/DownloadCargoBinaryFromGitHub.py
45 | workingDirectory: $(Agent.BuildDirectory)
46 | condition: succeeded()
47 |
48 | - task: PublishBuildArtifacts@1
49 | displayName: Publish Cargo Tarpaulin
50 | retryCountOnTaskFailure: 3
51 | inputs:
52 | PathtoPublish: $(Build.BinariesDirectory)
53 | ArtifactName: Binaries
54 | condition: succeeded()
55 |
--------------------------------------------------------------------------------
/.github/Labels.yml:
--------------------------------------------------------------------------------
1 | # Specifies the labels used in Project Mu repositories.
2 | #
3 | # This file is meant to define the labels used such that label management is consistent, centralized,
4 | # and tracked in source control.
5 | #
6 | # Note that:
7 | # 1. If a label color or description changes, the same label is updated with the new color or description.
8 | # 2. If a label name changes, add the old label name to the `aliases` section. That will update the old label
9 | # to the new label keeping label usage in previously labeled issues and PRs.
10 | # 3. All existing labels which are not listed in the manifest will be retained.
11 | # - We can specify to delete them in the future if desired.
12 | # - Please do not duplicate or let stale labels accumulate in repos. Only repo-specific labels should
13 | # be defined outside this file. Any other label should be reviewed and added to this file.
14 | #
15 | # Copyright (c) Microsoft Corporation.
16 | # SPDX-License-Identifier: BSD-2-Clause-Patent
17 | #
18 | # For more information, see:
19 | # https://github.com/EndBug/label-sync
20 |
21 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc.
22 |
23 | - name: complexity:advanced
24 | description: Requires substantial background information and effort to accomplish
25 | color: 'd35400'
26 | aliases: []
27 | - name: complexity:easy
28 | description: Requires minimal background information and effort to accomplish
29 | color: '229954'
30 | aliases: []
31 | - name: complexity:good-first-issue
32 | description: Good for newcomers
33 | color: '7057ff'
34 | aliases: []
35 | - name: complexity:intermediate
36 | description: Requires intermediate background information and effort to accomplish
37 | color: 'd4ac0d'
38 | aliases: []
39 |
40 | - name: impact:breaking-change
41 | description: Requires integration attention
42 | color: 'a54418'
43 | aliases: []
44 | - name: impact:non-functional
45 | description: Does not have a functional impact
46 | color: 'c2e0c6'
47 | aliases: []
48 | - name: impact:security
49 | description: Has a security impact
50 | color: '31df8c'
51 | aliases: []
52 | - name: impact:testing
53 | description: Affects testing
54 | color: 'd4c5f9'
55 | aliases: []
56 |
57 | - name: language:python
58 | description: Pull requests that update Python code
59 | color: '2b67c6'
60 | aliases: []
61 |
62 | - name: semver:major
63 | description: Pull requests that should increment the release major version
64 | color: '000000'
65 | aliases: []
66 | - name: semver:minor
67 | description: Pull requests that should increment the release minor version
68 | color: '000000'
69 | aliases: []
70 | - name: semver:patch
71 | description: Pull requests that should increment the release patch version
72 | color: '000000'
73 | aliases: []
74 |
75 | - name: state:backlog
76 | description: In the backlog
77 | color: 'e6e8d3'
78 | aliases: []
79 | - name: state:duplicate
80 | description: This issue or pull request already exists
81 | color: 'cfd3d7'
82 | aliases: []
83 | - name: state:help-wanted
84 | description: Extra attention (collaborator) is needed
85 | color: '008672'
86 | aliases: []
87 | - name: state:invalid
88 | description: This doesn't seem right
89 | color: 'e4e669'
90 | aliases: []
91 | - name: state:needs-maintainer-feedback
92 | description: Needs more information from a maintainer to determine next steps
93 | color: 'e7a540'
94 | aliases: []
95 | - name: state:needs-owner
96 | description: Needs an issue owner to be assigned
97 | color: 'f9e79f'
98 | aliases: []
99 | - name: state:needs-submitter-info
100 | description: Needs more information from the submitter to determine next steps
101 | color: 'fcf3cf'
102 | aliases: []
103 | - name: state:needs-triage
104 | description: Needs to triaged to determine next steps
105 | color: 'f1c40f'
106 | aliases: []
107 | - name: state:stale
108 | description: Has not been updated in a long time
109 | color: 'c0da14'
110 | aliases: []
111 | - name: state:under-discussion
112 | description: Under discussion
113 | color: 'c5def5'
114 | aliases: []
115 | - name: state:wont-fix
116 | description: This will not be worked on
117 | color: 'ffffff'
118 | aliases: []
119 |
120 | - name: type:bug
121 | description: Something isn't working
122 | color: 'd73a4a'
123 | aliases: []
124 | - name: type:dependabot
125 | description: Created by dependabot
126 | color: 'c57a90'
127 | aliases: []
128 | - name: type:dependencies
129 | description: Pull requests that update a dependency file
130 | color: '0366d6'
131 | aliases: []
132 | - name: type:design-change
133 | description: A new proposal or modification to a feature design
134 | color: '5b2c6f'
135 | aliases: []
136 | - name: type:documentation
137 | description: Improvements or additions to documentation
138 | color: '0075ca'
139 | aliases: []
140 | - name: type:enhancement
141 | description: New feature or pull request
142 | color: 'a2eeef'
143 | aliases: []
144 | - name: type:feature-request
145 | description: A new feature proposal
146 | color: 'a9dfbf'
147 | aliases: []
148 | - name: type:file-sync
149 | description: Files automatically synced from another repo
150 | color: '95d0e6'
151 | aliases: []
152 | - name: type:notes
153 | description: Notes from an organized meeting
154 | color: 'd9ee5d'
155 | aliases: []
156 | - name: type:submodules
157 | description: Pull requests that update submodules
158 | color: '000000'
159 | aliases: []
160 | - name: type:question
161 | description: Further information is requested
162 | color: 'd876e3'
163 | aliases: []
164 |
165 | - name: urgency:low
166 | description: Little to no impact
167 | color: '00d26a'
168 | aliases: []
169 | - name: urgency:medium
170 | description: Important with a moderate impact
171 | color: 'fcd53f'
172 | aliases: []
173 | - name: urgency:high
174 | description: Significant with a critical impact
175 | color: 'ff6723'
176 | aliases: []
177 |
--------------------------------------------------------------------------------
/.github/actions/rust-tool-cache/action.yml:
--------------------------------------------------------------------------------
1 | # A GitHub action that loads rust tools and toolchains from cache. If there is a miss, it will install
2 | # them. the tools are read from the tools section of the rust-toolchain.toml file at the root of the repository.
3 | #
4 | # Copyright (c) Microsoft Corporation.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | #
7 |
8 | name: "Install Rust Tools"
9 | description: "This action loads rust tools and toolchains from cache, or installs them."
10 |
11 | runs:
12 | using: composite
13 | steps:
14 | - name: Rust Tool Cache
15 | id: tool-cache
16 | uses: actions/cache@v4
17 | with:
18 | path: |
19 | ~/.cargo/bin/
20 | ~/.rustup/toolchains/
21 | key: ${{ runner.os }}-rust-tools-${{ hashFiles('**/rust-toolchain.toml' )}}
22 |
23 | - name: Install cargo-binstall
24 | uses: cargo-bins/cargo-binstall@v1.10.17
25 |
26 | # Read any tools from rust-toolchain.toml file and installs them
27 | - name: Install Rust Tools
28 | shell: bash
29 | run: |
30 | FILE="rust-toolchain.toml"
31 |
32 | if [ ! -f "$FILE" ]; then
33 | echo "::error::File $FILE not found."
34 | exit 1
35 | fi
36 |
37 | if ! grep -q '^\[tools\]' "$FILE"; then
38 | echo "::warning::[tools] section not found in $FILE."
39 | exit 1
40 | fi
41 |
42 | # Extract tools section from rust-toolchain.toml
43 | sed -n '/\[tools\]/,/^$/p' "$FILE" | grep -v '\[tools\]' | while read -r line; do
44 | # Extract tool name and clean it
45 | TOOL_NAME=${line%%=*}
46 | TOOL_NAME=${TOOL_NAME//[[:space:]]/}
47 | TOOL_NAME="${TOOL_NAME//$'\n'/}"
48 |
49 | # Extract tool version and clean it
50 | TOOL_VERSION=${line#*=}
51 | TOOL_VERSION=${TOOL_VERSION//[[:space:]]/}
52 | TOOL_VERSION=${TOOL_VERSION//\"/}
53 | TOOL_VERSION="${TOOL_VERSION//$'\n'/}"
54 |
55 | echo ""
56 | echo "##################################################################"
57 | echo "Installing $TOOL_NAME@$TOOL_VERSION"
58 | echo "##################################################################"
59 | echo ""
60 |
61 | # Attempt to binstall the tool first. If it fails, install it using cargo
62 | cargo binstall -y $TOOL_NAME --version $TOOL_VERSION || cargo install $TOOL_NAME --version $TOOL_VERSION
63 | done
64 | if: steps.tool-cache.outputs.cache-hit != 'true'
65 |
--------------------------------------------------------------------------------
/.github/actions/submodule-release-updater/ReadMe.md:
--------------------------------------------------------------------------------
1 | # Project Mu Submodule Release Updater GitHub Action
2 |
3 | This GitHub Action checks if new releases are available for submodules and creates pull requests to update
4 | them. A single pull request is opened per submodule. At this time, the action should only be used within
5 | Project Mu repositories.
6 |
7 | ## How to Use
8 |
9 | 1. Create a GitHub workflow in a repository
10 | 2. Add this GitHub Action as a step to the workflow
11 | 3. Configure the workflow to trigger as desired
12 | - It is recommended to trigger the workflow on a schedule (e.g. daily) to check for new releases.
13 |
14 | ### Example Workflow
15 |
16 | ```yaml
17 | name: Update Submodules to Latest Release
18 |
19 | on:
20 | schedule:
21 | - cron: '0 0 * * MON' # https://crontab.guru/every-monday
22 |
23 | jobs:
24 | repo_submodule_update:
25 | name: Check for Submodule Releases
26 | runs-on: ubuntu-latest
27 |
28 | steps:
29 | - name: Update Submodules to Latest Release
30 | uses: microsoft/mu_devops/.github/actions/submodule-release-updater@v2.4.0
31 | with:
32 | GH_PAT: ${{ secrets.SUBMODULE_UPDATER_TOKEN }}
33 | GH_USER: "Add GitHub account username here"
34 | GIT_EMAIL: "Add email address here"
35 | GIT_NAME: "Add git author name here"
36 |
37 | ```
38 |
39 | ## Action Inputs
40 |
41 | - `GH_PAT` - **Required** - GitHub Personal Access Token (PAT) with `repo` scope
42 | - `GH_USER` - **Required** - GitHub username
43 | - `GIT_EMAIL` - **Required** - Email address to use for git commits
44 | - `GIT_NAME` - **Required** - Name to use for git commits
45 |
46 | ## Action Outputs
47 |
48 | - `submodule-update-count` - Number of submodules updated. `0` if no submodules were updated.
49 |
50 | ## Limitations
51 |
52 | - This action is only intended to work within Project Mu repositories.
53 | - This action only supports repositories hosted on GitHub.
54 | - This action only updates submodules that are hosted on GitHub.
55 | - This action is only intended to work with submodules that use [semantic versioning](https://semver.org/).
56 | - Submodules should already be set to a specific release before enabling this action.
57 | - This allows the action to compare new versions to the current version.
58 | - This action does not automatically close stale PRs when a new release is available.
59 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Dependabot configuration file to enable GitHub services for managing and updating
3 | # dependencies.
4 | #
5 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
6 | # instead of the file in this repo.
7 | #
8 | # This dependabot file is limited to syncing the following type of dependencies. Other files
9 | # are already available in Mu DevOps to sync other dependency types.
10 | # - Rust Crate Dependencies (`cargo`)
11 | # - GitHub Actions (`github-actions`)
12 | # - Python PIP Modules (`pip`)
13 | #
14 | # Dependabot does not update the microsoft/mu_devops version because that is updated once in mu_devops
15 | # and then synced to all repos when the file sync occurs.
16 | #
17 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
18 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
19 | #
20 | # Copyright (c) Microsoft Corporation.
21 | # SPDX-License-Identifier: BSD-2-Clause-Patent
22 | #
23 | # Please see the documentation for all dependabot configuration options:
24 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
25 | ##
26 |
27 | version: 2
28 |
29 | updates:
30 | - package-ecosystem: "cargo"
31 | directory: "/"
32 | schedule:
33 | interval: "weekly"
34 | day: "monday"
35 | timezone: "America/Los_Angeles"
36 | time: "03:00"
37 | commit-message:
38 | prefix: "Rust Dependency"
39 | labels:
40 | - "type:dependencies"
41 | - "type:dependabot"
42 | rebase-strategy: "disabled"
43 |
44 | - package-ecosystem: "github-actions"
45 | directory: "/"
46 | schedule:
47 | interval: "weekly"
48 | day: "monday"
49 | timezone: "America/Los_Angeles"
50 | time: "06:00"
51 | ignore:
52 | - dependency-name: "microsoft/mu_devops"
53 | commit-message:
54 | prefix: "GitHub Action"
55 | labels:
56 | - "type:dependencies"
57 | - "type:dependabot"
58 | rebase-strategy: "disabled"
59 |
60 | - package-ecosystem: "pip"
61 | directory: "/"
62 | schedule:
63 | interval: "weekly"
64 | day: "wednesday"
65 | timezone: "America/Los_Angeles"
66 | time: "01:00"
67 | commit-message:
68 | prefix: "pip"
69 | labels:
70 | - "language:python"
71 | - "type:dependencies"
72 | - "type:dependabot"
73 | rebase-strategy: "disabled"
74 |
--------------------------------------------------------------------------------
/.github/release-draft-config.yml:
--------------------------------------------------------------------------------
1 | # Defines the configuration used for drafting new releases.
2 | #
3 | # IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo.
4 | #
5 | # NOTE: `semver:major`, `semver:minor`, and `semver:patch` can be used to force that
6 | # version to roll regardless of other labels.
7 | #
8 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
9 | # instead of the file in this repo.
10 | #
11 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
12 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
13 | #
14 | # Copyright (c) Microsoft Corporation.
15 | # SPDX-License-Identifier: BSD-2-Clause-Patent
16 | #
17 | # For more information, see:
18 | # https://github.com/release-drafter/release-drafter
19 |
20 | name-template: 'v$RESOLVED_VERSION'
21 | tag-template: 'v$RESOLVED_VERSION'
22 |
23 |
24 | template: |
25 | # What's Changed
26 |
27 | $CHANGES
28 |
29 | **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION
30 |
31 | categories:
32 | - title: '⚠️ Breaking Changes'
33 | labels:
34 | - 'impact:breaking-change'
35 | - title: '🚀 Features & ✨ Enhancements'
36 | labels:
37 | - 'type:design-change'
38 | - 'type:enhancement'
39 | - 'type:feature-request'
40 | - title: '🐛 Bug Fixes'
41 | labels:
42 | - 'type:bug'
43 | - title: '🔐 Security Impacting'
44 | labels:
45 | - 'impact:security'
46 | - title: '📖 Documentation Updates'
47 | labels:
48 | - 'type:documentation'
49 | - title: '🛠️ Submodule Updates'
50 | labels:
51 | - 'type:submodules'
52 |
53 | change-template: >-
54 |
55 | -
56 | $TITLE @$AUTHOR (#$NUMBER)
57 |
58 |
59 | Change Details
60 |
61 |
62 | $BODY
63 |
64 |
65 |
66 |
67 |
68 |
69 | change-title-escapes: '\<*_&@' # Note: @ is added to disable mentions
70 |
71 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc.
72 | version-resolver:
73 | major:
74 | labels:
75 | - 'impact:breaking-change'
76 | - 'semver:major'
77 | minor:
78 | labels:
79 | - 'semver:minor'
80 | - 'type:design-change'
81 | - 'type:enhancement'
82 | - 'type:feature-request'
83 | patch:
84 | labels:
85 | - 'impact:non-functional'
86 | - 'semver:patch'
87 | - 'type:bug'
88 | - 'type:documentation'
89 | default: patch
90 |
91 | exclude-labels:
92 | - 'type:dependabot'
93 | - 'type:file-sync'
94 | - 'type:notes'
95 | - 'type:question'
96 |
97 | exclude-contributors:
98 | - 'uefibot'
99 |
--------------------------------------------------------------------------------
/.github/workflows/Build-Containers.yml:
--------------------------------------------------------------------------------
1 | # GitHub Action Workflow for building the Project MU docker images.
2 | #
3 | # SPDX-License-Identifier: BSD-2-Clause-Patent
4 | #
5 |
6 | name: "Build Containers"
7 |
8 | #
9 | # This workflow only runs (on the main branch or on PRs targeted
10 | # at the main branch) and if a dockerfile was edited. Pull request images will
11 | # not be pushed to the repository.
12 | #
13 | on:
14 | workflow_dispatch:
15 | push:
16 | branches:
17 | - main
18 | paths:
19 | - ".sync/Version.njk"
20 | - "Containers/**/Dockerfile"
21 | pull_request:
22 | branches:
23 | - main
24 | paths:
25 | - ".sync/Version.njk"
26 | - "Containers/**/Dockerfile"
27 |
28 | jobs:
29 | build-and-push-image:
30 | runs-on: ubuntu-latest
31 | permissions:
32 | contents: read
33 | packages: write
34 | strategy:
35 | fail-fast: false
36 | matrix:
37 | include:
38 | - image_name: "Ubuntu-24"
39 | sub_images: "dev test build"
40 | - image_name: "Ubuntu-22"
41 | sub_images: "dev test build"
42 | env:
43 | REGISTRY: ghcr.io
44 | REPOSITORY: ${{ github.repository }}
45 | IMAGE_NAME: ${{ matrix.image_name }}
46 | SUB_IMAGES: ${{ matrix.sub_images }}
47 | steps:
48 | - name: Checkout repository
49 | uses: actions/checkout@v4
50 | - name: Log in to the Container registry
51 | uses: docker/login-action@v3
52 | with:
53 | registry: ${{ env.REGISTRY }}
54 | username: ${{ github.actor }}
55 | password: ${{ secrets.GITHUB_TOKEN }}
56 |
57 | - name: Set tag
58 | run: echo "short_sha=$(git rev-parse --short $GITHUB_SHA)" >> $GITHUB_ENV
59 | shell: bash
60 |
61 | - uses: dorny/paths-filter@v3
62 | id: changes
63 | with:
64 | filters: |
65 | dockerfile:
66 | - 'Containers/${{ matrix.image_name }}/Dockerfile'
67 |
68 | - name: Build
69 | if: steps.changes.outputs.dockerfile == 'true'
70 | run: |
71 | cd "Containers/${IMAGE_NAME}"
72 | for sub in $SUB_IMAGES; do
73 | IMG=$(tr '[:upper:]' '[:lower:]' <<< "${REGISTRY}/${REPOSITORY}/${IMAGE_NAME}-${sub}")
74 | echo "Building Image: ${IMG}:${short_sha}..."
75 | docker build --target "${sub}" --tag "${IMG}:${short_sha}" -f Dockerfile .
76 | done
77 | docker images
78 | shell: bash
79 |
80 | - name: Push
81 | if: ${{ github.ref == 'refs/heads/main' && steps.changes.outputs.dockerfile == 'true' }}
82 | run: |
83 | for sub in $SUB_IMAGES; do
84 | IMG=$(tr '[:upper:]' '[:lower:]' <<< "${REGISTRY}/${REPOSITORY}/${IMAGE_NAME}-${sub}")
85 | echo "Pushing Image: ${IMG}:${short_sha}..."
86 | docker tag "${IMG}:${short_sha}" "${IMG}:latest"
87 | docker push "${IMG}:${short_sha}"
88 | docker push "${IMG}:latest"
89 | done
90 | shell: bash
91 |
--------------------------------------------------------------------------------
/.github/workflows/CodeQl.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # GitHub action CodeQL reusable workflow file.
3 | #
4 | # Copyright (c) Microsoft Corporation.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | ##
7 |
8 | name: Mu DevOps CodeQL Workflow
9 |
10 | on:
11 | workflow_call:
12 | inputs:
13 | # Note: The caller can set a command to an empty string to skip that command
14 | setup_command:
15 | description: 'Stuart Setup command to use'
16 | default: ''
17 | required: false
18 | type: string
19 | update_command:
20 | description: 'Stuart Update command to use'
21 | default: 'stuart_update -c .pytool/CISettings.py'
22 | required: false
23 | type: string
24 | build_command:
25 | description: 'Stuart Build command to use'
26 | default: 'stuart_ci_build -c .pytool/CISettings.py'
27 | required: false
28 | type: string
29 | python_version:
30 | description: 'Python version to use in the workflow'
31 | default: '3.x'
32 | required: false
33 | type: string
34 |
35 | jobs:
36 | analyze:
37 | name: Analyze
38 | runs-on: ubuntu-latest
39 | permissions:
40 | actions: read
41 | contents: read
42 | security-events: write
43 |
44 | strategy:
45 | fail-fast: false
46 | matrix:
47 | language: [ 'cpp' ]
48 | # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
49 | # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
50 |
51 | steps:
52 | - name: Checkout Repository
53 | uses: actions/checkout@v4
54 |
55 | - name: Setup Python Version
56 | uses: actions/setup-python@v5
57 | with:
58 | python-version: ${{ inputs.python_version }}
59 |
60 | # Initializes the CodeQL tools for scanning.
61 | - name: Initialize CodeQL
62 | uses: github/codeql-action/init@v3
63 | with:
64 | languages: ${{ matrix.language }}
65 | # If you wish to specify custom queries, you can do so here or in a config file.
66 | # By default, queries listed here will override any specified in a config file.
67 | # Prefix the list here with "+" to use these queries and those in the config file.
68 |
69 | # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
70 | # queries: security-extended,security-and-quality
71 |
72 | - name: 'Install/Upgrade pip Modules'
73 | run: pip install -r pip-requirements.txt --upgrade
74 |
75 | - name: 'Setup'
76 | if: "${{ inputs.setup_command != '' }}"
77 | run: ${{ inputs.setup_command }}
78 |
79 | - name: 'Update'
80 | if: "${{ inputs.update_command != '' }}"
81 | run: ${{ inputs.update_command }}
82 |
83 | - name: 'Build'
84 | if: "${{ inputs.build_command != '' }}"
85 | run: ${{ inputs.build_command }}
86 |
87 | - name: Perform CodeQL Analysis
88 | uses: github/codeql-action/analyze@v3
89 |
--------------------------------------------------------------------------------
/.github/workflows/FileSyncer.yml:
--------------------------------------------------------------------------------
1 | # This workflow syncs files and directories from Mu DevOps to other
2 | # Project Mu repositories.
3 | #
4 | # Copyright (c) Microsoft Corporation.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | #
7 | # For more information, see:
8 | # https://github.com/BetaHuhn/repo-file-sync-action
9 |
10 | name: Sync Mu DevOps Files to Mu Repos
11 |
12 | on:
13 | schedule:
14 | # * is a special character in YAML so you have to quote this string
15 | # Run daily at 9am UTC - https://crontab.guru/#0_9_*_*_*
16 | - cron: '0 9 * * *'
17 | workflow_dispatch:
18 |
19 | jobs:
20 | sync:
21 | name: Repo File Sync
22 | runs-on: ubuntu-latest
23 |
24 | permissions:
25 | contents: write
26 | pull-requests: write
27 | actions: write
28 |
29 | steps:
30 | - name: Checkout Repository
31 | uses: actions/checkout@v4
32 |
33 | - name: Generate Token
34 | id: app-token
35 | uses: actions/create-github-app-token@v2
36 | with:
37 | app-id: ${{ vars.MU_ACCESS_APP_ID }}
38 | private-key: ${{ secrets.MU_ACCESS_APP_PRIVATE_KEY }}
39 | owner: ${{ github.repository_owner }}
40 |
41 | - name: Run GitHub File Sync
42 | uses: BetaHuhn/repo-file-sync-action@v1
43 | with:
44 | COMMIT_AS_PR_TITLE: true
45 | COMMIT_BODY: "Signed-off-by: Project Mu UEFI Bot "
46 | COMMIT_EACH_FILE: false
47 | COMMIT_PREFIX: "Repo File Sync:"
48 | CONFIG_PATH: .sync/Files.yml
49 | DRY_RUN: false
50 | FORK: false
51 | GH_INSTALLATION_TOKEN: ${{ steps.app-token.outputs.token }}
52 | GIT_EMAIL: uefibot@microsoft.com
53 | GIT_USERNAME: uefibot
54 | ORIGINAL_MESSAGE: true
55 | OVERWRITE_EXISTING_PR: true
56 | PR_BODY: |
57 | 🤖: View the [Repo File Sync Configuration File](https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml) to see how files are synced.
58 | PR_LABELS: type:file-sync
59 | SKIP_PR: false
60 |
--------------------------------------------------------------------------------
/.github/workflows/IssueAssignment.yml:
--------------------------------------------------------------------------------
1 | # This reusable workflow provides actions that should be applied when an issue is assigned.
2 | #
3 | # NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made
4 | # in the common/reusable workflow.
5 | #
6 | # Copyright (c) Microsoft Corporation.
7 | # SPDX-License-Identifier: BSD-2-Clause-Patent
8 |
9 | name: React to Issue Assignment
10 |
11 | on:
12 | workflow_call:
13 |
14 | jobs:
15 | adjust-labels:
16 | name: Adjust Issue Labels
17 | runs-on: ubuntu-latest
18 |
19 | permissions:
20 | contents: read
21 | issues: write
22 |
23 | steps:
24 | - uses: actions/checkout@v4
25 |
26 | - name: Remove Labels
27 | env:
28 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
29 | run: |
30 | # All labels here will be removed if present in the issue
31 | LABELS_TO_REMOVE=("state:needs-owner")
32 |
33 | # Gather issue context information
34 | ISSUE_NUMBER=$(jq --raw-output .issue.number "$GITHUB_EVENT_PATH")
35 | OWNER=$(jq --raw-output .repository.owner.login "$GITHUB_EVENT_PATH")
36 | REPO=$(jq --raw-output .repository.name "$GITHUB_EVENT_PATH")
37 | LABELS=$(curl -s \
38 | -H "Accept: application/vnd.github+json" \
39 | -H "Authorization: Bearer $GITHUB_TOKEN" \
40 | -H "X-GitHub-Api-Version: 2022-11-28" \
41 | https://api.github.com/repos/$OWNER/$REPO/issues/$ISSUE_NUMBER/labels | jq -r '.[].name')
42 |
43 | # Remove labels
44 | for LABEL in "${LABELS_TO_REMOVE[@]}"; do
45 | if echo "$LABELS" | grep -q "$LABEL"; then
46 | curl -X DELETE \
47 | -s \
48 | -H "Accept: application/vnd.github+json" \
49 | -H "Authorization: Bearer $GITHUB_TOKEN" \
50 | -H "X-GitHub-Api-Version: 2022-11-28" \
51 | https://api.github.com/repos/$OWNER/$REPO/issues/$ISSUE_NUMBER/labels/"$LABEL" > /dev/null
52 | echo "$LABEL removed from issue #$ISSUE_NUMBER"
53 | else
54 | echo "$LABEL not found on issue #$ISSUE_NUMBER"
55 | fi
56 | done
57 |
--------------------------------------------------------------------------------
/.github/workflows/IssueTriager.yml:
--------------------------------------------------------------------------------
1 | # This workflow assists with initial triage of new issues by applying
2 | # labels based on data provided in the issue.
3 | #
4 | # Configuration file that maps issue form input values to labels:
5 | # advanced-issue-labeler.yml
6 | #
7 | # Copyright (c) Microsoft Corporation.
8 | # SPDX-License-Identifier: BSD-2-Clause-Patent
9 | #
10 | # For more information, see:
11 | # https://github.com/stefanbuck/github-issue-parser
12 | # https://github.com/redhat-plumbers-in-action/advanced-issue-labeler
13 |
14 | name: Issue Triage Workflow
15 |
16 | on:
17 | workflow_call:
18 |
19 | jobs:
20 | triage_issues:
21 | name: Triage Issues
22 | runs-on: ubuntu-latest
23 |
24 | strategy:
25 | matrix:
26 | template: [ bug_report.yml, documentation_request.yml, feature_request.yml ]
27 |
28 | permissions:
29 | issues: write
30 |
31 | steps:
32 | - uses: actions/checkout@v4
33 |
34 | - name: Parse Issue Form
35 | uses: stefanbuck/github-issue-parser@v3
36 | id: issue-parser
37 | with:
38 | issue-body: ${{ github.event.issue.body }}
39 | template-path: .github/ISSUE_TEMPLATE/${{ matrix.template }}
40 |
41 | - name: Apply Labels from Triage
42 | uses: redhat-plumbers-in-action/advanced-issue-labeler@v2
43 | with:
44 | issue-form: ${{ steps.issue-parser.outputs.jsonString }}
45 | template: ${{ matrix.template }}
46 | token: ${{ secrets.GITHUB_TOKEN }}
47 |
48 | - name: Update Assignee
49 | env:
50 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
51 | FIX_OWNER: ${{ steps.issue-parser.outputs.issueparser_fix_owner }}
52 | run: |
53 | if [[ $FIX_OWNER == "I will fix it" ]] || [[ $FIX_OWNER == "I will make the change" ]] || [[ $FIX_OWNER == "I will implement the feature" ]]
54 | then
55 | gh issue edit ${{ github.event.issue.html_url }} --add-assignee ${{ github.event.issue.user.login }}
56 | fi
57 |
--------------------------------------------------------------------------------
/.github/workflows/LabelSyncer.yml:
--------------------------------------------------------------------------------
1 | # This workflow syncs GitHub labels to the integrating repository.
2 | #
3 | # The labels are declaratively defined in .github/Labels.yml.
4 | #
5 | # Copyright (c) Microsoft Corporation.
6 | # SPDX-License-Identifier: BSD-2-Clause-Patent
7 | #
8 | # For more information, see:
9 | # https://github.com/EndBug/label-sync
10 |
11 | name: Mu DevOps Git Label Sync Workflow
12 |
13 | on:
14 | workflow_call:
15 | inputs:
16 | # Note: The caller can set a command to an empty string to skip that command
17 | local_config_file:
18 | description: 'Repo relative path to a repo-specific label config file'
19 | default: ''
20 | required: false
21 | type: string
22 |
23 | jobs:
24 | sync:
25 | name: Sync
26 | runs-on: ubuntu-latest
27 |
28 | permissions:
29 | issues: write
30 |
31 | steps:
32 | - name: Sync Labels
33 | uses: EndBug/label-sync@v2
34 | with:
35 | config-file: |
36 | https://raw.githubusercontent.com/microsoft/mu_devops/main/.github/Labels.yml
37 | ${{ inputs.local_config_file }}
38 |
39 | delete-other-labels: false
40 |
--------------------------------------------------------------------------------
/.github/workflows/Labeler.yml:
--------------------------------------------------------------------------------
1 | # This workflow automatically applies labels to issues and pull requests
2 | # based on regular expression matches against the content in the issue
3 | # or pull request or file path pattern matches.
4 | #
5 | # The labels are declaratively defined in the following configuration files:
6 | # - File Path Patterns: .sync/workflows/config/label-issues/file-paths.yml
7 | # - Regular Expressions for Pull Requests: .sync/workflows/config/label-issues/regex-pull-requests.yml
8 | #
9 | # These will be mapped to the following directories in repos that use this reusable workflow:
10 | # - File Path Patterns: .github/workflows/label-issues/file-paths.yml
11 | # - Regular Expressions for Pull Requests: .github/workflows/label-issues/regex-pull-requests.yml
12 | #
13 | # Ideally, curl (or wget) could be used to grab the files from mu_devops in this workflow file and once on
14 | # the local runner, the file path could simply be passed to the actions. That is not currently possible as
15 | # the actions are hardcoded to use the GitHub REST API to get the files in the local repo. If that is fixed
16 | # (tracked in https://github.com/github/issue-labeler/issues/39) then that approach can be used.
17 | #
18 | # Copyright (c) Microsoft Corporation.
19 | # SPDX-License-Identifier: BSD-2-Clause-Patent
20 | #
21 | # For more information, see:
22 | # https://github.com/actions/labeler
23 | # https://github.com/github/issue-labeler
24 |
25 | name: Apply Labels Based on Message Content
26 |
27 | on:
28 | workflow_call:
29 |
30 | jobs:
31 | sync:
32 | name: Label Based on Messages
33 | runs-on: ubuntu-latest
34 |
35 | permissions:
36 | contents: read
37 | pull-requests: write
38 |
39 | steps:
40 | - name: Apply Labels Based on PR File Paths
41 | uses: actions/labeler@v4.3.0
42 | with:
43 | configuration-path: .github/workflows/label-issues/file-paths.yml
44 | repo-token: ${{ secrets.GITHUB_TOKEN }}
45 | sync-labels: true
46 | if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
47 |
48 | - name: Apply PR Labels Based on Policies
49 | uses: srvaroa/labeler@v1.13.0
50 | with:
51 | config_path: .github/workflows/label-issues/regex-pull-requests.yml
52 | use_local_config: false
53 | fail_on_error: true
54 | env:
55 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
56 | if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
57 |
--------------------------------------------------------------------------------
/.github/workflows/ReleaseWorkflow.yml:
--------------------------------------------------------------------------------
1 | # @file ReleaseWorkflow.yml
2 | #
3 | # A reusable CI workflow that releases all crates in a repository.
4 | #
5 | ##
6 | # Copyright (c) Microsoft Corporation.
7 | # SPDX-License-Identifier: BSD-2-Clause-Patent
8 | ##
9 | name: Publish
10 |
11 | on:
12 | workflow_call:
13 | secrets:
14 | CRATES_IO_TOKEN:
15 | description: 'The token to use for authenticating with crates.io'
16 | required: true
17 |
18 | jobs:
19 | run:
20 | name: Publish
21 |
22 | runs-on: ubuntu-latest
23 |
24 | permissions:
25 | contents: write
26 | actions: read
27 |
28 | steps:
29 | - name: ✅ Checkout Repository ✅
30 | uses: actions/checkout@v4
31 |
32 | - name: 🛠️ Download Rust Tools 🛠️
33 | uses: microsoft/mu_devops/.github/actions/rust-tool-cache@main
34 |
35 | - name: Get Current Draft Release
36 | id: draft_release
37 | uses: actions/github-script@v7
38 | with:
39 | script: |
40 | const releases = await github.rest.repos.listReleases({
41 | owner: context.repo.owner,
42 | repo: context.repo.repo,
43 | });
44 |
45 | const draftReleaseList = releases.data.filter(release => release.draft);
46 |
47 | if (draftReleaseList.length === 0) {
48 | core.setFailed("No draft release found. Exiting with error.");
49 | } else if (draftReleaseList.length > 1) {
50 | core.setFailed("Multiple draft releases found. Exiting with error.");
51 | } else {
52 | const draftRelease = draftReleaseList[0];
53 |
54 | let tag = draftRelease.tag_name;
55 | if (tag.startsWith('v')) {
56 | tag = tag.slice(1);
57 | }
58 | core.setOutput("id", draftRelease.id);
59 | core.setOutput("tag", tag);
60 | console.log(`Draft Release ID: ${draftRelease.id}`);
61 | console.log(`Draft Release Tag: ${tag}`);
62 | }
63 |
64 | - name: Cargo Release Dry Run
65 | run: cargo release ${{ steps.draft_release.outputs.tag }} --workspace
66 | env:
67 | RUSTC_BOOTSTRAP: 1
68 |
69 | - name: Login to Crates.io
70 | run: cargo login ${{ secrets.CRATES_IO_TOKEN }}
71 |
72 | - name: Update git credentials
73 | run: |
74 | git config --global user.name "github-actions[bot]"
75 | git config --global user.email "github-actions[bot]@users.noreply.github.com"
76 |
77 | - name: Cargo Release
78 | run: cargo release ${{ steps.draft_release.outputs.tag }} -x --no-tag --no-confirm --workspace
79 | env:
80 | RUSTC_BOOTSTRAP: 1
81 |
82 | - name: Wait for Release Draft Updater
83 | uses: actions/github-script@v7
84 | with:
85 | script: |
86 | const workflowId = "release-draft.yml";
87 | const ref = "main";
88 | const owner = context.repo.owner;
89 | const repo = context.repo.repo;
90 |
91 | // Try for 10 minutes. It should only take a few seconds
92 | let maxAttempts = 40;
93 | let attempt = 0;
94 | let completed = false
95 |
96 | while (attempt < maxAttempts && !completed) {
97 | await new Promise(resolve => setTimeout(resolve, 15000));
98 | const runs = await github.rest.actions.listWorkflowRuns({
99 | owner,
100 | repo,
101 | workflow_id: workflowId,
102 | branch: ref,
103 | event: 'push',
104 | status: 'in_progress',
105 | });
106 |
107 | if (runs.data.workflow_runs.length === 0) {
108 | completed = true;
109 | } else {
110 | attempt++;
111 | }
112 | }
113 |
114 | if (!completed) {
115 | core.setFailed("Release Drafter did not complete in time. Please perform the release manually.");
116 | }
117 |
118 | - name: Publish Release
119 | uses: actions/github-script@v7
120 | with:
121 | script: |
122 | const releaseId = ${{ steps.draft_release.outputs.id }};
123 |
124 | const response = await github.rest.repos.updateRelease({
125 | owner: context.repo.owner,
126 | repo: context.repo.repo,
127 | release_id: releaseId,
128 | draft: false,
129 | });
130 |
131 | if (response.status !== 200) {
132 | core.setFailed(`Failed to publish release. Exiting with error.`);
133 | }
134 |
--------------------------------------------------------------------------------
/.github/workflows/Stale.yml:
--------------------------------------------------------------------------------
1 | # This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
2 | #
3 | # Copyright (c) Microsoft Corporation.
4 | # SPDX-License-Identifier: BSD-2-Clause-Patent
5 | #
6 | # You can adjust the behavior by modifying this file.
7 | # For more information, see:
8 | # https://github.com/actions/stale
9 |
10 | name: Mu DevOps Stale Issue and PR Workflow
11 |
12 | on:
13 | workflow_call:
14 | inputs:
15 | # Note: It is recommended to use the default value for consistency across Mu repos.
16 | # However, values can be customized by workflow callers if needed.
17 | days-before-issue-stale:
18 | description: 'Override days-before-stale for issues only'
19 | default: 45
20 | required: false
21 | type: number
22 | days-before-pr-stale:
23 | description: 'Override days-before-stale for PRs only'
24 | default: 60
25 | required: false
26 | type: number
27 | days-before-issue-close:
28 | description: 'Idle number of days before closing stale issues'
29 | default: 7
30 | required: false
31 | type: number
32 | days-before-pr-close:
33 | description: 'Idle number of days before closing stale PRs'
34 | default: 7
35 | required: false
36 | type: number
37 | stale-issue-message:
38 | description: 'Comment made on stale issues'
39 | default: >
40 | This issue has been automatically marked as stale because it has not had
41 | activity in 45 days. It will be closed if no further activity occurs within
42 | 7 days. Thank you for your contributions.
43 | required: false
44 | type: string
45 | stale-pr-message:
46 | description: 'Comment made on stale PRs'
47 | default: >
48 | This PR has been automatically marked as stale because it has not had
49 | activity in 60 days. It will be closed if no further activity occurs within
50 | 7 days. Thank you for your contributions.
51 | required: false
52 | type: string
53 | close-issue-message:
54 | description: 'Comment made on stale issues when closed'
55 | default: >
56 | This issue has been automatically been closed because it did not have any
57 | activity in 45 days and no follow up within 7 days after being marked stale.
58 | Thank you for your contributions.
59 | required: false
60 | type: string
61 | close-pr-message:
62 | description: 'Comment made on stale PRs when closed'
63 | default: >
64 | This pull request has been automatically been closed because it did not have any
65 | activity in 60 days and no follow up within 7 days after being marked stale.
66 | Thank you for your contributions.
67 | required: false
68 | type: string
69 |
70 | jobs:
71 | stale:
72 | name: Stale
73 | runs-on: ubuntu-latest
74 | permissions:
75 | issues: write
76 | pull-requests: write
77 |
78 | steps:
79 | - name: Check for Stale Items
80 | uses: actions/stale@v9
81 | with:
82 | days-before-issue-stale: ${{ inputs.days-before-issue-stale }}
83 | days-before-pr-stale: ${{ inputs.days-before-pr-stale }}
84 | days-before-issue-close: ${{ inputs.days-before-issue-close }}
85 | days-before-pr-close: ${{ inputs.days-before-pr-close }}
86 | stale-issue-message: ${{ inputs.stale-issue-message }}
87 | stale-pr-message: ${{ inputs.stale-pr-message }}
88 | close-issue-message: ${{ inputs.close-issue-message }}
89 | close-pr-message: ${{ inputs.close-pr-message }}
90 | stale-issue-label: 'state:stale'
91 | stale-pr-label: 'state:stale'
92 | exempt-issue-labels: 'impact:security,state:backlog,state:under-discussion'
93 | exempt-pr-labels: 'impact:security,state:backlog,state:under-discussion'
94 |
--------------------------------------------------------------------------------
/.github/workflows/label-sync.yml:
--------------------------------------------------------------------------------
1 | # This workflow syncs GitHub labels to the common set of labels defined in Mu DevOps.
2 | #
3 | # All repos should sync at the same time.
4 | # '0 0,12 * * *''
5 | #
6 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
7 | # instead of the file in this repo.
8 | #
9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
11 | #
12 | # Copyright (c) Microsoft Corporation.
13 | # SPDX-License-Identifier: BSD-2-Clause-Patent
14 | #
15 |
16 | name: Sync GitHub Labels
17 |
18 | on:
19 | schedule:
20 | # At minute 0 past hour 0 and 12
21 | # https://crontab.guru/#0_0,12_*_*_*
22 | - cron: '0 0,12 * * *'
23 | workflow_dispatch:
24 |
25 | jobs:
26 | sync:
27 |
28 | permissions:
29 | issues: write
30 |
31 | uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v15.0.1
32 |
--------------------------------------------------------------------------------
/.github/workflows/pull-request-formatting-validator.yml:
--------------------------------------------------------------------------------
1 | # This workflow validates basic pull request formatting requirements are met.
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
8 | #
9 | # Copyright (c) Microsoft Corporation.
10 | # SPDX-License-Identifier: BSD-2-Clause-Patent
11 | #
12 |
13 | name: Validate Pull Request Formatting
14 |
15 | on:
16 | pull_request_target:
17 | types:
18 | - edited
19 | - opened
20 | - reopened
21 | - synchronize
22 |
23 | jobs:
24 | validate_pr:
25 | runs-on: ubuntu-latest
26 |
27 | permissions:
28 | contents: read
29 | pull-requests: write
30 |
31 | steps:
32 | - run: |
33 | prTitle="$(gh api graphql -F owner=$OWNER -F name=$REPO -F pr_number=$PR_NUMBER -f query='
34 | query($name: String!, $owner: String!, $pr_number: Int!) {
35 | repository(owner: $owner, name: $name) {
36 | pullRequest(number: $pr_number) {
37 | title
38 | }
39 | }
40 | }')"
41 |
42 | if [[ "${prTitle}" == *"Personal/"* ]]; then
43 | gh pr comment $PR_URL --body "⚠️ Please add a meaningful PR title (remove the 'Personal/' prefix from the title)."
44 | echo 'VALIDATION_ERROR=true' >> $GITHUB_ENV
45 | fi
46 |
47 | env:
48 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
49 | OWNER: ${{ github.repository_owner }}
50 | PR_NUMBER: ${{ github.event.number }}
51 | PR_URL: ${{ github.event.pull_request.html_url }}
52 | REPO: ${{ github.event.repository.name }}
53 |
54 | - name: Check for Validation Errors
55 | if: env.VALIDATION_ERROR
56 | uses: actions/github-script@v7
57 | with:
58 | script: |
59 | core.setFailed('PR Formatting Validation Check Failed!')
60 |
--------------------------------------------------------------------------------
/.github/workflows/release-draft.yml:
--------------------------------------------------------------------------------
1 | # This workflow automatically drafts new project releases so it is obvious
2 | # what a current release will look like at any time.
3 | #
4 | # It takes advantage of the labels used in Project Mu to automatically categorize
5 | # the types of changes in a given release. In addition, the semantic version of
6 | # the code is constantly maintained based on Project Mu label conventions to ensure
7 | # semantic versioning is followed and a release version is always ready.
8 | #
9 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
10 | # instead of the file in this repo.
11 | #
12 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
13 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
14 | #
15 | # Copyright (c) Microsoft Corporation.
16 | # SPDX-License-Identifier: BSD-2-Clause-Patent
17 | #
18 | # For more information, see:
19 | # https://github.com/release-drafter/release-drafter
20 |
21 | name: Update Release Draft
22 |
23 | on:
24 | push:
25 | branches:
26 | - main
27 |
28 | jobs:
29 | draft:
30 | name: Draft Releases
31 |
32 | permissions:
33 | contents: write
34 | pull-requests: write
35 |
36 | uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v15.0.1
37 | secrets: inherit
38 |
--------------------------------------------------------------------------------
/.github/workflows/scheduled-maintenance.yml:
--------------------------------------------------------------------------------
1 | # This workflow performs scheduled maintenance tasks.
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # NOTE: This file uses reusable workflows. Do not make changes to the file that should be made
7 | # in the common/reusable workflows.
8 | #
9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
11 | #
12 | # Copyright (c) Microsoft Corporation.
13 | # SPDX-License-Identifier: BSD-2-Clause-Patent
14 | #
15 |
16 | name: Scheduled Maintenance
17 |
18 | on:
19 | schedule:
20 | # * is a special character in YAML so you have to quote this string
21 | # Run every hour - https://crontab.guru/#0_*_*_*_*
22 | - cron: '0 * * * *'
23 |
24 | jobs:
25 | repo_cleanup:
26 | runs-on: ubuntu-latest
27 |
28 | permissions:
29 | pull-requests: write
30 | issues: write
31 |
32 | steps:
33 | - name: Get Repository Info
34 | run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
35 |
36 | - name: Prune Won't Fix Pull Requests
37 | env:
38 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
39 | REPOSITORY: ${{ env.REPOSITORY_NAME }}
40 | run: |
41 | gh api \
42 | -H "Accept: application/vnd.github+json" \
43 | /repos/microsoft/${REPOSITORY}/pulls | jq -r '.[]' | jq -rc '.html_url,.labels' | \
44 | while read -r html_url ; do
45 | read -r labels
46 | if [[ $labels == *"state:wont-fix"* ]]; then
47 | gh pr close $html_url -c "Closed due to being marked as wont fix" --delete-branch
48 | fi
49 | done
50 |
51 | - name: Prune Won't Fix Issues
52 | env:
53 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
54 | REPOSITORY: ${{ env.REPOSITORY_NAME }}
55 | run: |
56 | gh api \
57 | -H "Accept: application/vnd.github+json" \
58 | /repos/microsoft/${REPOSITORY}/issues | jq -r '.[]' | jq -rc '.html_url,.labels' | \
59 | while read -r html_url ; do
60 | read -r labels
61 | if [[ $labels == *"state:wont-fix"* ]]; then
62 | gh issue close $html_url -c "Closed due to being marked as wont fix" -r "not planned"
63 | fi
64 | done
65 |
--------------------------------------------------------------------------------
/.github/workflows/stale-leaf.yml:
--------------------------------------------------------------------------------
1 | # This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
8 | #
9 | # Copyright (c) Microsoft Corporation.
10 | # SPDX-License-Identifier: BSD-2-Clause-Patent
11 | #
12 | # You can adjust the behavior by modifying this file.
13 | # For more information, see:
14 | # https://github.com/actions/stale
15 |
16 | name: Check for Stale Issues and Pull Requests
17 |
18 | on:
19 | schedule:
20 | # At 23:35 on every day-of-week from Sunday through Saturday
21 | # https://crontab.guru/#35_23_*_*_0-6
22 | - cron: '35 23 * * 0-6'
23 | workflow_dispatch:
24 |
25 | jobs:
26 | check:
27 |
28 | permissions:
29 | issues: write
30 | pull-requests: write
31 |
32 | uses: microsoft/mu_devops/.github/workflows/Stale.yml@v15.0.1
33 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /Build/
2 | .DS_Store
3 | *_extdep/
4 | *.pyc
5 | __pycache__/
6 | *.bak
7 | BuildConfig.conf
8 | /Conf/
9 | settings.json
10 |
--------------------------------------------------------------------------------
/.markdownlint.yaml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # markdownlint configuration
3 | #
4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
5 | # instead of the file in this repo.
6 | #
7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
9 | #
10 | # Copyright (c) Microsoft Corporation.
11 | # SPDX-License-Identifier: BSD-2-Clause-Patent
12 | ##
13 |
14 | # Rules can be found here: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md
15 | # Config info: https://github.com/DavidAnson/markdownlint#configuration
16 |
17 | {
18 | "default": true,
19 | "MD013": {"line_length": 120, "code_blocks": false, "tables": false},
20 | "MD033": {"allowed_elements": ["br"]}
21 | }
22 |
--------------------------------------------------------------------------------
/.sync/ReadMe.rst:
--------------------------------------------------------------------------------
1 | ===============================
2 | Project Mu File Synchronization
3 | ===============================
4 |
5 | This directory contains files that are synchronized to Project Mu repositories.
6 |
7 | ::
8 |
9 | Note: Any files that are not synchronized should not be added in this directory.
10 |
11 | Why?
12 | ----
13 |
14 | - To automatically keep all repos up-to-date.
15 | - To ensure consistency of file content across repos.
16 | - To centralize content for files that need to be local to a repo (e.g. a GitHub action) but contain the same content
17 | across more than one Project Mu repo.
18 | - To minimize developer time to push file changes across repos.
19 |
20 | When?
21 | -----
22 |
23 | - Anytime a file in this directory (`/.sync`_) is updated
24 | - Anytime the workflow that synchronizes files is updated (`/.github/workflows/FileSyncer.yml`_)
25 | - `Manually`_
26 |
27 | .. _/.github/workflows/FileSyncer.yml: https://github.com/microsoft/mu_devops/blob/main/.github/workflows/FileSyncer.yml
28 | .. _/.sync: https://github.com/microsoft/mu_devops/blob/main/.sync/
29 | .. _Manually: https://github.com/microsoft/mu_devops/actions/workflows/FileSyncer.yml
30 |
31 | How to Configure File Syncing
32 | -----------------------------
33 |
34 | All of the file synchronization settings are maintained in the `/.sync/Files.yml`_ configuration file. Refer to the file
35 | to see the current synchronization settings and to modify settings.
36 |
37 | Any resource versions that might be substituted into files during the sync process are defined in `/.sync/Version.njk`.
38 |
39 | .. _/.sync/Files.yml: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
40 |
--------------------------------------------------------------------------------
/.sync/Version.njk:
--------------------------------------------------------------------------------
1 | {#
2 | Mu DevOps Dependency Version Control
3 |
4 | =====================================================================================================================
5 | About
6 | =====================================================================================================================
7 | This file centralizes definitions of versions placed into files synced from Mu DevOps to other repos before the
8 | files are synced.
9 |
10 | =====================================================================================================================
11 | `mu_devops` Example:
12 | =====================================================================================================================
13 | `mu_devops` defines the git tag value of Mu DevOps that will be synced (via file sync) to repos that depend on this
14 | repo. More simply, this updates the version of Mu DevOps used across all Project Mu repos.
15 |
16 | Example flow:
17 | 1. Make a new Mu DevOps release (e.g. "v1.0.0")
18 | 2. Update this file to set `mu_devops` to "v1.0.0"
19 |
20 | Step (2) causes the following automated actions to take place after the change is merged:
21 | 1. All sync files (e.g. an Azure Pipeline file) that depend on this version get the new value substituted
22 | 2. All sync files with the substituted value are synced to their respective repos (PRs created with the change)
23 | 3. After the PRs in those repos are merged, they use the new version of Mu DevOps
24 |
25 | ---------------------------------------------------------------------------------------------------------------------
26 | Note: This file is not actually synced. It controls the version used in other files that are synced.
27 |
28 | Copyright (c) Microsoft Corporation.
29 | SPDX-License-Identifier: BSD-2-Clause-Patent
30 | #}
31 |
32 | {# The git ref value that files dependent on this repo will use. #}
33 | {% set mu_devops = "v15.0.1" %}
34 |
35 | {# The latest Project Mu release branch value. #}
36 | {% set latest_mu_release_branch = "release/202502" %}
37 | {% set previous_mu_release_branch = "release/202405" %}
38 |
39 | {# The version of the ubuntu-24-build container to use. #}
40 | {% set linux_build_container = "ghcr.io/microsoft/mu_devops/ubuntu-24-build:68fa63a" %}
41 |
42 | {# The Python version to use. #}
43 | {% set python_version = "3.12" %}
44 |
45 | {# The Rust toolchain version to use. #}
46 | {% set rust_toolchain = "1.85.0" %}
47 |
48 | {# Rust tool versions. #}
49 | {% set cargo_make = "0.37.24" %}
50 | {% set cargo_tarpaulin = "0.31.5" %}
51 | {% set cargo_release = "0.25.12" %}
52 |
--------------------------------------------------------------------------------
/.sync/azure_pipelines/MuDevOpsWrapper.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipeline build file for a build using mu_devops.
3 | #
4 | # To upload coverage results, set `coverage_upload_target` to `ado` or `codecov`.
5 | #
6 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
7 | # instead of the file in this repo.
8 | #
9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
11 | #
12 | # Copyright (c) Microsoft Corporation.
13 | # SPDX-License-Identifier: BSD-2-Clause-Patent
14 | ##
15 |
16 | {% import '../Version.njk' as sync_version -%}
17 |
18 | resources:
19 | repositories:
20 | - repository: mu_devops
21 | type: github
22 | endpoint: microsoft
23 | name: microsoft/mu_devops
24 | ref: refs/tags/{{ sync_version.mu_devops }}
25 |
26 | parameters:
27 | - name: do_ci_build
28 | displayName: Perform Stuart CI Build
29 | type: boolean
30 | default: true
31 | - name: do_ci_setup
32 | displayName: Perform Stuart CI Setup
33 | type: boolean
34 | default: true
35 | - name: do_non_ci_build
36 | displayName: Perform non-CI Stuart Build
37 | type: boolean
38 | default: false
39 | - name: do_non_ci_setup
40 | displayName: Perform non-CI Stuart Setup
41 | type: boolean
42 | default: false
43 | - name: do_pr_eval
44 | displayName: Perform Stuart PR Evaluation
45 | type: boolean
46 | default: true
47 | - name: container_build
48 | displayName: Flag for whether this repo should do stuart_setup
49 | type: boolean
50 | default: false
51 | - name: os_type
52 | displayName: OS type on the self-hosted agent pools
53 | type: string
54 | values:
55 | - Windows_NT
56 | - Linux
57 | default: Windows_NT
58 | - name: build_matrix
59 | displayName: Build matrix for this repository
60 | type: object
61 | - name: pool_name
62 | displayName: Variable name that hosts pool name to be used for self-hosted agents
63 | type: string
64 | default: pool_name
65 | - name: extra_install_step
66 | displayName: Extra Install Steps
67 | type: stepList
68 | default:
69 | - script: echo No extra steps provided
70 | - name: extra_jobs
71 | displayName: Extra Jobs to be run after build
72 | type: jobList
73 | default: []
74 | - name: rust_build
75 | displayName: Whether Rust code is being built
76 | type: boolean
77 | default: false
78 | - name: extra_cargo_steps
79 | displayName: Extra Steps to Run Before Standard Cargo Steps
80 | type: stepList
81 | default:
82 | - script: echo No extra cargo steps provided
83 |
84 | jobs:
85 | - template: Jobs/PrGate.yml@mu_devops
86 | parameters:
87 | linux_container_image: {{ sync_version.linux_build_container }}
88 | {% raw %}
89 | ${{ if eq(parameters.rust_build, true) }}:
90 | linux_container_options: --security-opt seccomp=unconfined
91 | do_ci_build: ${{ parameters.do_ci_build }}
92 | do_ci_setup: ${{ parameters.do_ci_setup }}
93 | do_pr_eval: ${{ parameters.do_pr_eval }}
94 | do_non_ci_setup: ${{ parameters.do_non_ci_setup }}
95 | do_non_ci_build: ${{ parameters.do_non_ci_build }}
96 | build_matrix: ${{ parameters.build_matrix }}
97 | os_type: ${{ parameters.os_type }}
98 | pool_name: ${{ parameters.pool_name }}
99 | extra_install_step: ${{ parameters.extra_install_step }}
100 | tool_chain_tag: $(tool_chain_tag)
101 | vm_image: $(vm_image)
102 | container_build: ${{ parameters.container_build }}
103 | rust_build: ${{ parameters.rust_build }}
104 |
105 | - ${{ if eq(parameters.rust_build, true) }}:
106 | - job: CargoCmds
107 | displayName: Workspace Cargo Commands
108 |
109 | container:
110 | {% endraw %}
111 | image: {{ sync_version.linux_build_container }}
112 | {% raw %}
113 | options: --user root --name mu_devops_build_container --security-opt seccomp=unconfined
114 |
115 | steps:
116 | - checkout: self
117 | fetchDepth: 1
118 | clean: true
119 | - ${{ parameters.extra_cargo_steps }}
120 | - template: Steps/RustCargoSteps.yml@mu_devops
121 | parameters:
122 | container_build: true
123 |
124 | - ${{ parameters.extra_jobs }}
125 | {% endraw %}
126 |
--------------------------------------------------------------------------------
/.sync/azure_pipelines/RustSetupSteps.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step to run common Rust steps.
3 | #
4 | # Cargo should be installed on the system prior to invoking this template.
5 | #
6 | # Copyright (c) Microsoft Corporation. All rights reserved.
7 | # SPDX-License-Identifier: BSD-2-Clause-Patent
8 | ##
9 |
10 | {% import '../Version.njk' as sync_version -%}
11 |
12 | {% raw %}
13 | # NOTE: Because this pipeline YAML file is a Nunjucks template, the pipeline syntax of `{{}}` will conflict with
14 | # Nunjucks style. Surround pipeline YAML code that uses `{{}}` within `raw` and `endraw` tags
15 | # to allow it to pass through Nunjucks processing.
16 | {% endraw %}
17 |
18 | steps:
19 |
20 | # Note: This uses a local lookup table as opposed to `rustc -vV` since this is a Rust setup
21 | # template that tries to minimize assumptions about Rust tools already on a system.
22 | - task: PythonScript@0
23 | displayName: Get Host Rust Target Triple
24 | inputs:
25 | scriptSource: inline
26 | workingDirectory: $(Agent.BuildDirectory)
27 | script: |
28 | import os
29 | import platform
30 |
31 | system = platform.system()
32 | arch = platform.machine()
33 |
34 | rust_targets = {
35 | ('Windows', 'x86_64'): 'x86_64-pc-windows-msvc',
36 | ('Windows', 'AMD64'): 'x86_64-pc-windows-msvc',
37 | ('Windows', 'i386'): 'i686-pc-windows-msvc',
38 | ('Windows', 'i686'): 'i686-pc-windows-msvc',
39 | ('Linux', 'x86_64'): 'x86_64-unknown-linux-gnu',
40 | ('Linux', 'AMD64'): 'x86_64-unknown-linux-gnu',
41 | ('Linux', 'aarch64'): 'aarch64-unknown-linux-gnu',
42 | ('Linux', 'i386'): 'i686-unknown-linux-gnu',
43 | ('Linux', 'i686'): 'i686-unknown-linux-gnu',
44 | }
45 |
46 | print(f'System type = {system}')
47 | print(f'Architecture = {arch}')
48 |
49 | try:
50 | print(f'##vso[task.setvariable variable=rust_target_triple]{rust_targets[(system, arch)]}')
51 | except KeyError:
52 | print(f'##[error]Unsupported Host Combination! OS = {system}. Architecture = {arch}.')
53 | print(f'##vso[task.complete result=Failed;]Unsupported Host Combination! OS = {system}. Architecture = {arch}.')
54 |
55 | - script: |
56 | python -c "import os; print('##vso[task.setvariable variable=cargoBinPath]{}'.format(os.path.join(os.environ['USERPROFILE'], '.cargo', 'bin')))"
57 | displayName: Get Cargo bin Path (Windows)
58 | condition: eq(variables['Agent.OS'], 'Windows_NT')
59 |
60 | - script: |
61 | python -c "import os; print('##vso[task.setvariable variable=cargoBinPath]/.cargo/bin')"
62 | displayName: Get Cargo bin Path (Linux)
63 | condition: eq(variables['Agent.OS'], 'Linux')
64 |
65 | - task: CmdLine@2
66 | displayName: Setup Cargo Dir Permissions (Linux)
67 | target: host
68 | inputs:
69 | script: |
70 | /usr/bin/docker exec mu_devops_build_container chown -R vsts_azpcontainer:docker_azpcontainer /.cargo
71 | /usr/bin/docker exec mu_devops_build_container chmod -R ug+rw /.cargo
72 | /usr/bin/docker exec mu_devops_build_container chown -R vsts_azpcontainer:docker_azpcontainer /.rustup
73 | /usr/bin/docker exec mu_devops_build_container chmod -R ug+rw /.rustup
74 | condition: eq(variables['Agent.OS'], 'Linux')
75 |
76 | #
77 | # Linux will use a container image pre-loaded with the designated Rust version. Windows does not use a container
78 | # image, but will have a VM image with a very recent version of Rust installed. This step installs the same toolchain
79 | # version used in the Linux container for consistency between the two. The cargo-make and cargo-tarpaulin versions
80 | # placed in the container image are the latest at the time the image is built. That should be equal to or less than
81 | # the latest version available when the pipeline is run. Get the latest available in the cache pipelines and use
82 | # those on both Linux and Windows agents for consistency in the pipeline runs.
83 | #
84 | - script: |
85 | rustup install --no-self-update {{ sync_version.rust_toolchain }}
86 | displayName: Install Rust {{ sync_version.rust_toolchain }} (Windows)
87 | condition: eq(variables['Agent.OS'], 'Windows_NT')
88 |
89 | - script: |
90 | rustup default {{ sync_version.rust_toolchain }}
91 | displayName: Set Rust {{ sync_version.rust_toolchain }} (Windows)
92 | condition: eq(variables['Agent.OS'], 'Windows_NT')
93 |
94 | - script: pip install requests --upgrade
95 | displayName: Install and Upgrade requests PIP Module
96 | condition: succeeded()
97 |
98 | - template: DownloadAzurePipelineArtifact.yml
99 | parameters:
100 | task_display_name: Download Cargo Binstall (Windows)
101 | artifact_name: Binaries
102 | azure_pipeline_def_id: 169
103 | file_pattern: "**/cargo-binstall.exe"
104 | target_dir: "$(cargoBinPath)"
105 | target_os: "Windows_NT"
106 | work_dir: "$(Agent.TempDirectory)"
107 |
108 | - template: DownloadAzurePipelineArtifact.yml
109 | parameters:
110 | task_display_name: Download Cargo Binstall (Linux)
111 | artifact_name: Binaries
112 | azure_pipeline_def_id: 169
113 | file_pattern: "**/cargo-binstall"
114 | target_dir: "$(Agent.TempDirectory)"
115 | target_os: "Linux"
116 | work_dir: "$(Agent.TempDirectory)"
117 |
118 | - script: |
119 | cp $AGENT_TEMPDIRECTORY/cargo-binstall /.cargo/bin
120 | displayName: Copy cargo-binstall
121 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux'))
122 |
123 | - script: |
124 | sudo chmod +x /.cargo/bin/cargo-binstall
125 | displayName: Make cargo-binstall executable
126 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux'))
127 |
128 | - script: |
129 | cargo binstall -y cargo-make --version {{ sync_version.cargo_make }}
130 | displayName: Install cargo-make
131 |
132 | - script: |
133 | cargo binstall -y cargo-tarpaulin --version {{ sync_version.cargo_tarpaulin }}
134 | displayName: Install cargo-tarpaulin
135 |
136 | - script: rustup component add rustfmt rust-src --toolchain {{ sync_version.rust_toolchain }}-$(rust_target_triple)
137 | displayName: rustup add rust-src
138 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT'))
139 |
--------------------------------------------------------------------------------
/.sync/azure_pipelines/SetupPythonPreReqs.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step to setup Python pre-requisites.
3 | #
4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
5 | # instead of the file in this repo.
6 | #
7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
9 | #
10 | # Copyright (c) Microsoft Corporation. All rights reserved.
11 | # SPDX-License-Identifier: BSD-2-Clause-Patent
12 | ##
13 |
14 | {% import '../Version.njk' as sync_version -%}
15 |
16 | {% raw %}
17 | # NOTE: Because this pipeline YAML file is a Nunjucks template, the pipeline syntax of `{{}}` will conflict with
18 | # Nunjucks style. Surround pipeline YAML code that uses `{{}}` within `raw` and `endraw` tags
19 | # to allow it to pass through Nunjucks processing.
20 |
21 | parameters:
22 | - name: install_pip_modules
23 | displayName: Install PIP Modules
24 | type: boolean
25 | default: true
26 | - name: install_python
27 | displayName: Install Python
28 | type: boolean
29 | default: true
30 | - name: pip_requirement_files
31 | displayName: Pip Requirement Files
32 | type: string
33 | default: -r pip-requirements.txt
34 |
35 | steps:
36 |
37 | - ${{ if eq(parameters.install_python, true) }}:
38 | - task: UsePythonVersion@0
39 | inputs:{% endraw %}
40 | versionSpec: {{ sync_version.python_version }}
41 | architecture: x64
42 |
43 | {% raw %}- ${{ if eq(parameters.install_pip_modules, true) }}:
44 | - script: python -m pip install --upgrade pip setuptools wheel
45 | displayName: Install Wheel and SetupTools
46 | condition: succeeded()
47 |
48 | - script: pip install ${{ parameters.pip_requirement_files }} --upgrade
49 | displayName: Install and Upgrade pip Modules
50 | condition: succeeded(){% endraw %}
51 |
--------------------------------------------------------------------------------
/.sync/ci_config/.markdownlint.yaml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # markdownlint configuration
3 | #
4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
5 | # instead of the file in this repo.
6 | #
7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
9 | #
10 | # Copyright (c) Microsoft Corporation.
11 | # SPDX-License-Identifier: BSD-2-Clause-Patent
12 | ##
13 |
14 | # Rules can be found here: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md
15 | # Config info: https://github.com/DavidAnson/markdownlint#configuration
16 |
17 | {
18 | "default": true,
19 | "MD013": {"line_length": 120, "code_blocks": false, "tables": false},
20 | "MD033": {"allowed_elements": {{ allowed_elements | dump | safe }}}
21 | }
22 |
--------------------------------------------------------------------------------
/.sync/dependabot/actions-pip-submodules.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Dependabot configuration file to enable GitHub services for managing and updating
3 | # dependencies.
4 | #
5 | # This dependabot configuration expects submodules to be placed in specific directory paths
6 | # relative to the root of the repo. These are also the paths generally recommended to place
7 | # these submodules for consistency across Project Mu projects.
8 | #
9 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
10 | # instead of the file in this repo.
11 | #
12 | # This dependabot file is limited to syncing the following type of dependencies. Other files
13 | # are already available in Mu DevOps to sync other dependency types.
14 | # - Rust Crate Dependencies (`cargo`)
15 | # - GitHub Actions (`github-actions`)
16 | # - Git Submodules (`gitsubmodule`)
17 | # - Python PIP Modules (`pip`)
18 | #
19 | # Dependabot does not update the microsoft/mu_devops version because that is updated once in mu_devops
20 | # and then synced to all repos when the file sync occurs.
21 | #
22 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
23 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
24 | #
25 | # Copyright (c) Microsoft Corporation.
26 | # SPDX-License-Identifier: BSD-2-Clause-Patent
27 | #
28 | # Please see the documentation for all dependabot configuration options:
29 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
30 | ##
31 |
32 | version: 2
33 |
34 | updates:
35 | - package-ecosystem: "cargo"
36 | directory: "/"
37 | schedule:
38 | interval: "weekly"
39 | day: "monday"
40 | timezone: "America/Los_Angeles"
41 | time: "03:00"
42 | commit-message:
43 | prefix: "Rust Dependency"
44 | labels:
45 | - "type:dependencies"
46 | - "type:dependabot"
47 | rebase-strategy: "disabled"
48 |
49 | - package-ecosystem: "github-actions"
50 | directory: "/"
51 | schedule:
52 | interval: "weekly"
53 | day: "monday"
54 | timezone: "America/Los_Angeles"
55 | time: "06:00"
56 | ignore:
57 | - dependency-name: "microsoft/mu_devops"
58 | commit-message:
59 | prefix: "GitHub Action"
60 | labels:
61 | - "type:dependencies"
62 | - "type:dependabot"
63 | rebase-strategy: "disabled"
64 |
65 | - package-ecosystem: "gitsubmodule"
66 | directory: "/"
67 | schedule:
68 | interval: "weekly"
69 | day: "tuesday"
70 | timezone: "America/Los_Angeles"
71 | time: "23:00"
72 | labels:
73 | - "type:submodules"
74 | - "type:dependencies"
75 | rebase-strategy: "disabled"
76 | ignore:
77 | - dependency-name: "Common/MIN_PLAT"
78 | - dependency-name: "Common/MU_BASECORE"
79 | - dependency-name: "Common/MU_OEM_SAMPLE"
80 | - dependency-name: "Common/MU_TIANO"
81 | - dependency-name: "Common/MU"
82 | - dependency-name: "Features/CONFIG"
83 | - dependency-name: "Features/DEBUGGER"
84 | - dependency-name: "Features/DFCI"
85 | - dependency-name: "Features/IPMI"
86 | - dependency-name: "Features/MM_SUPV"
87 | - dependency-name: "MU_BASECORE"
88 | - dependency-name: "Silicon/Arm/MU_TIANO"
89 | - dependency-name: "Silicon/Intel/MU_TIANO"
90 |
91 | - package-ecosystem: "pip"
92 | directory: "/"
93 | schedule:
94 | interval: "weekly"
95 | day: "wednesday"
96 | timezone: "America/Los_Angeles"
97 | time: "01:00"
98 | commit-message:
99 | prefix: "pip"
100 | labels:
101 | - "language:python"
102 | - "type:dependencies"
103 | - "type:dependabot"
104 | rebase-strategy: "disabled"
105 |
--------------------------------------------------------------------------------
/.sync/dependabot/actions-pip.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Dependabot configuration file to enable GitHub services for managing and updating
3 | # dependencies.
4 | #
5 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
6 | # instead of the file in this repo.
7 | #
8 | # This dependabot file is limited to syncing the following type of dependencies. Other files
9 | # are already available in Mu DevOps to sync other dependency types.
10 | # - Rust Crate Dependencies (`cargo`)
11 | # - GitHub Actions (`github-actions`)
12 | # - Python PIP Modules (`pip`)
13 | #
14 | # Dependabot does not update the microsoft/mu_devops version because that is updated once in mu_devops
15 | # and then synced to all repos when the file sync occurs.
16 | #
17 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
18 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
19 | #
20 | # Copyright (c) Microsoft Corporation.
21 | # SPDX-License-Identifier: BSD-2-Clause-Patent
22 | #
23 | # Please see the documentation for all dependabot configuration options:
24 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
25 | ##
26 |
27 | version: 2
28 |
29 | updates:
30 | - package-ecosystem: "cargo"
31 | directory: "/"
32 | schedule:
33 | interval: "weekly"
34 | day: "monday"
35 | timezone: "America/Los_Angeles"
36 | time: "03:00"
37 | commit-message:
38 | prefix: "Rust Dependency"
39 | labels:
40 | - "type:dependencies"
41 | - "type:dependabot"
42 | rebase-strategy: "disabled"
43 |
44 | - package-ecosystem: "github-actions"
45 | directory: "/"
46 | schedule:
47 | interval: "weekly"
48 | day: "monday"
49 | timezone: "America/Los_Angeles"
50 | time: "06:00"
51 | ignore:
52 | - dependency-name: "microsoft/mu_devops"
53 | commit-message:
54 | prefix: "GitHub Action"
55 | labels:
56 | - "type:dependencies"
57 | - "type:dependabot"
58 | rebase-strategy: "disabled"
59 |
60 | - package-ecosystem: "pip"
61 | directory: "/"
62 | schedule:
63 | interval: "weekly"
64 | day: "wednesday"
65 | timezone: "America/Los_Angeles"
66 | time: "01:00"
67 | commit-message:
68 | prefix: "pip"
69 | labels:
70 | - "language:python"
71 | - "type:dependencies"
72 | - "type:dependabot"
73 | rebase-strategy: "disabled"
74 |
--------------------------------------------------------------------------------
/.sync/devcontainer/devcontainer.json:
--------------------------------------------------------------------------------
1 | {
2 | "image": "ghcr.io/microsoft/mu_devops/ubuntu-24-dev:latest",
3 | "postCreateCommand": "git config --global --add safe.directory '*' && git config --global --add core.autocrlf false && pip install --upgrade -r pip-requirements.txt",
4 | "customizations": {
5 | "vscode": {
6 | "extensions": [
7 | "ms-vscode.cpptools",
8 | "DavidAnson.vscode-markdownlint"
9 | ]
10 | }
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/.sync/git_templates/gitattributes_template.txt:
--------------------------------------------------------------------------------
1 | * -text
2 |
--------------------------------------------------------------------------------
/.sync/github_templates/ISSUE_TEMPLATE/bug_report.yml:
--------------------------------------------------------------------------------
1 | # Project Mu GitHub Bug Report Template
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
8 | #
9 | # Copyright (c) Microsoft Corporation.
10 | # SPDX-License-Identifier: BSD-2-Clause-Patent
11 | #
12 |
13 | name: 🐛 Bug Report
14 | description: File a bug report
15 | title: "[Bug]: "
16 | labels: ["type:bug", "state:needs-triage"]
17 |
18 | body:
19 | - type: markdown
20 | attributes:
21 | value: |
22 | 👋 Thanks for taking the time to fill out this bug report!
23 |
24 | - type: checkboxes
25 | attributes:
26 | label: Is there an existing issue for this?
27 | description: Please search to see if an issue already exists for the bug you encountered.
28 | options:
29 | - label: I have searched existing issues
30 | required: true
31 |
32 | - type: textarea
33 | id: current_behavior
34 | attributes:
35 | label: Current Behavior
36 | description: A concise description of the bug that you're experiencing.
37 | validations:
38 | required: true
39 |
40 | - type: textarea
41 | id: expected_behavior
42 | attributes:
43 | label: Expected Behavior
44 | description: A concise description of what you expected to happen.
45 | validations:
46 | required: true
47 |
48 | - type: textarea
49 | id: steps_to_reproduce
50 | attributes:
51 | label: Steps To Reproduce
52 | description: Steps to reproduce the behavior.
53 | placeholder: |
54 | <example>
55 | 1. In this environment...
56 | 2. With this config...
57 | 3. Boot to '...'
58 | 4. Change option '...'
59 | 4. See error...
60 | validations:
61 | required: true
62 |
63 | - type: textarea
64 | id: build_environment
65 | attributes:
66 | label: Build Environment
67 | description: |
68 | examples:
69 | - **OS**: Ubuntu 20.04 or Windows 11...
70 | - **Tool Chain**: GCC5 or VS2022 or CLANGPDB...
71 | - **Targets Impacted**: RELEASE, DEBUG, NO-TARGET, NOOPT...
72 | value: |
73 | - OS(s):
74 | - Tool Chain(s):
75 | - Targets Impacted:
76 | render: markdown
77 | validations:
78 | required: true
79 |
80 | - type: textarea
81 | id: version_info
82 | attributes:
83 | label: Version Information
84 | description: What version of this repo reproduces the problem?
85 | placeholder: |
86 | Commit: <SHA>
87 | -or-
88 | Tag: <Tag>
89 | render: text
90 | validations:
91 | required: true
92 |
93 | - type: markdown
94 | attributes:
95 | value: |
96 | **Urgency Key**
97 | - 🟢 **Low**
98 | - A minor change with little to no important functional impact
99 | - It is not important to fix this in a specific time frame
100 | - 🟡 **Medium**
101 | - An important change with a functional impact
102 | - Will be prioritized above *low* issues in the normal course of development
103 | - 🔥 **High**
104 | - A critical change that has a significant functional impact
105 | - Must be fixed immediately
106 |
107 | - type: dropdown
108 | id: urgency
109 | attributes:
110 | label: Urgency
111 | description: How urgent is it to fix this bug?
112 | multiple: false
113 | options:
114 | - Low
115 | - Medium
116 | - High
117 | validations:
118 | required: true
119 |
120 | - type: dropdown
121 | id: fix_owner
122 | attributes:
123 | label: Are you going to fix this?
124 | description: Indicate if you are going to fix this or requesting someone else fix it.
125 | multiple: false
126 | options:
127 | - I will fix it
128 | - Someone else needs to fix it
129 | validations:
130 | required: true
131 |
132 | - type: dropdown
133 | id: needs_maintainer_feedback
134 | attributes:
135 | label: Do you need maintainer feedback?
136 | description: Indicate if you would like a maintainer to provide feedback on this submission.
137 | multiple: false
138 | options:
139 | - No maintainer feedback needed
140 | - Maintainer feedback requested
141 | validations:
142 | required: true
143 |
144 | - type: textarea
145 | id: anything_else
146 | attributes:
147 | label: Anything else?
148 | description: |
149 | Links? References? Anything that will give us more context about the issue you are encountering.
150 |
151 | Serial debug logs and/or debugger logs are especially helpful!
152 |
153 | Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
154 | validations:
155 | required: false
156 |
--------------------------------------------------------------------------------
/.sync/github_templates/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
1 | # Project Mu GitHub Issue Configuration File
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
8 | #
9 | # Copyright (c) Microsoft Corporation.
10 | # SPDX-License-Identifier: BSD-2-Clause-Patent
11 | #
12 |
13 | contact_links:
14 | - name: 📃 Project Mu Documentation
15 | url: https://microsoft.github.io/mu/
16 | about: Goals, principles, repo layout, build instructions, and more.
17 |
--------------------------------------------------------------------------------
/.sync/github_templates/ISSUE_TEMPLATE/documentation_request.yml:
--------------------------------------------------------------------------------
1 | # Project Mu GitHub Documentation Request Template
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
8 | #
9 | # Copyright (c) Microsoft Corporation.
10 | # SPDX-License-Identifier: BSD-2-Clause-Patent
11 | #
12 |
13 | name: 📖 Documentation Request
14 | description: Request a documentation change
15 | title: "[Documentation]: <title>"
16 | labels: ["type:documentation", "state:needs-triage"]
17 |
18 | body:
19 | - type: markdown
20 | attributes:
21 | value: |
22 | 👋 Thanks for taking the time to help us improve our documentation!
23 |
24 | - type: textarea
25 | id: request_description
26 | attributes:
27 | label: Request Description
28 | description: A clear and concise description of what needs to change.
29 | validations:
30 | required: true
31 |
32 | - type: dropdown
33 | id: request_owner
34 | attributes:
35 | label: Are you going to make the change?
36 | description: Indicate if you are going to make this change or requesting someone else make it.
37 | multiple: false
38 | options:
39 | - I will make the change
40 | - Someone else needs to make the change
41 | validations:
42 | required: true
43 |
44 | - type: dropdown
45 | id: needs_maintainer_feedback
46 | attributes:
47 | label: Do you need maintainer feedback?
48 | description: Indicate if you would like a maintainer to provide feedback on this submission.
49 | multiple: false
50 | options:
51 | - No maintainer feedback needed
52 | - Maintainer feedback requested
53 | validations:
54 | required: true
55 |
56 | - type: textarea
57 | id: anything_else
58 | attributes:
59 | label: Anything else?
60 | description: |
61 | Links? References? Anything that will give us more context about the request.
62 |
63 | Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
64 | validations:
65 | required: false
66 |
--------------------------------------------------------------------------------
/.sync/github_templates/ISSUE_TEMPLATE/feature_request.yml:
--------------------------------------------------------------------------------
1 | # Project Mu GitHub Feature Request Template
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
8 | #
9 | # Copyright (c) Microsoft Corporation.
10 | # SPDX-License-Identifier: BSD-2-Clause-Patent
11 | #
12 |
13 | name: 🚀 Feature Request
14 | description: Request a feature change
15 | title: "[Feature]: <title>"
16 | labels: ["type:feature-request", "state:needs-triage"]
17 |
18 | body:
19 | - type: markdown
20 | attributes:
21 | value: |
22 | 👋 Thanks for taking the time to help us improve our features!
23 |
24 | - type: textarea
25 | id: feature_overview
26 | attributes:
27 | label: Feature Overview
28 | description: Provide a high-level summary of your feature request.
29 | validations:
30 | required: true
31 |
32 | - type: textarea
33 | id: solution_overview
34 | attributes:
35 | label: Solution Overview
36 | description: Give a clear and concise description of what you want to happen.
37 | validations:
38 | required: true
39 |
40 | - type: textarea
41 | id: alternatives_considered
42 | attributes:
43 | label: Alternatives Considered
44 | description: Describe alternatives you've considered.
45 | validations:
46 | required: false
47 |
48 | - type: markdown
49 | attributes:
50 | value: |
51 | **Urgency Key**
52 | - 🟢 **Low**
53 | - A minor enhancement
54 | - It is not important to address this request in a specific time frame
55 | - 🟡 **Medium**
56 | - An important enhancement
57 | - Will be prioritized above *low* requests in the normal course of development
58 | - 🔥 **High**
59 | - A critical enhancement with significant value
60 | - Should be prioritized above *low* and *medium* requests
61 |
62 | - type: dropdown
63 | id: urgency
64 | attributes:
65 | label: Urgency
66 | description: How urgent is it to resolve this feature request?
67 | multiple: false
68 | options:
69 | - Low
70 | - Medium
71 | - High
72 | validations:
73 | required: true
74 |
75 | - type: dropdown
76 | id: request_owner
77 | attributes:
78 | label: Are you going to implement the feature request?
79 | description: Indicate if you are going to do the work to close this feature request.
80 | multiple: false
81 | options:
82 | - I will implement the feature
83 | - Someone else needs to implement the feature
84 | validations:
85 | required: true
86 |
87 | - type: dropdown
88 | id: needs_maintainer_feedback
89 | attributes:
90 | label: Do you need maintainer feedback?
91 | description: Indicate if you would like a maintainer to provide feedback on this submission.
92 | multiple: false
93 | options:
94 | - No maintainer feedback needed
95 | - Maintainer feedback requested
96 | validations:
97 | required: true
98 |
99 | - type: textarea
100 | id: anything_else
101 | attributes:
102 | label: Anything else?
103 | description: |
104 | Links? References? Anything that will give us more context about the feature you are requesting.
105 |
106 | Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
107 | validations:
108 | required: false
109 |
--------------------------------------------------------------------------------
/.sync/github_templates/licensing/project_mu_and_tianocore_license.txt:
--------------------------------------------------------------------------------
1 | Copyright (c) Microsoft Corporation.
2 | Copyright (c) 2019, TianoCore and contributors. All rights reserved.
3 |
4 | SPDX-License-Identifier: BSD-2-Clause-Patent
5 |
6 | Redistribution and use in source and binary forms, with or without
7 | modification, are permitted provided that the following conditions are met:
8 |
9 | 1. Redistributions of source code must retain the above copyright notice,
10 | this list of conditions and the following disclaimer.
11 |
12 | 2. Redistributions in binary form must reproduce the above copyright notice,
13 | this list of conditions and the following disclaimer in the documentation
14 | and/or other materials provided with the distribution.
15 |
16 | Subject to the terms and conditions of this license, each copyright holder
17 | and contributor hereby grants to those receiving rights under this license
18 | a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
19 | (except for failure to satisfy the conditions of this license) patent
20 | license to make, have made, use, offer to sell, sell, import, and otherwise
21 | transfer this software, where such license applies only to those patent
22 | claims, already acquired or hereafter acquired, licensable by such copyright
23 | holder or contributor that are necessarily infringed by:
24 |
25 | (a) their Contribution(s) (the licensed copyrights of copyright holders and
26 | non-copyrightable additions of contributors, in source or binary form)
27 | alone; or
28 |
29 | (b) combination of their Contribution(s) with the work of authorship to
30 | which such Contribution(s) was added by such copyright holder or
31 | contributor, if, at the time the Contribution is added, such addition
32 | causes such combination to be necessarily infringed. The patent license
33 | shall not apply to any other combinations which include the
34 | Contribution.
35 |
36 | Except as expressly stated above, no rights or licenses from any copyright
37 | holder or contributor is granted under this license, whether expressly, by
38 | implication, estoppel or otherwise.
39 |
40 | DISCLAIMER
41 |
42 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
43 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
44 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
45 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
46 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
47 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
48 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
49 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
50 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
52 | POSSIBILITY OF SUCH DAMAGE.
53 |
--------------------------------------------------------------------------------
/.sync/github_templates/licensing/project_mu_license.txt:
--------------------------------------------------------------------------------
1 | BSD-2-Clause-Patent License
2 |
3 | Copyright (C) Microsoft Corporation. All rights reserved.
4 | SPDX-License-Identifier: BSD-2-Clause-Patent
5 |
--------------------------------------------------------------------------------
/.sync/github_templates/licensing/tianocore_license.txt:
--------------------------------------------------------------------------------
1 | Copyright (c) 2019, TianoCore and contributors. All rights reserved.
2 |
3 | SPDX-License-Identifier: BSD-2-Clause-Patent
4 |
5 | Redistribution and use in source and binary forms, with or without
6 | modification, are permitted provided that the following conditions are met:
7 |
8 | 1. Redistributions of source code must retain the above copyright notice,
9 | this list of conditions and the following disclaimer.
10 |
11 | 2. Redistributions in binary form must reproduce the above copyright notice,
12 | this list of conditions and the following disclaimer in the documentation
13 | and/or other materials provided with the distribution.
14 |
15 | Subject to the terms and conditions of this license, each copyright holder
16 | and contributor hereby grants to those receiving rights under this license
17 | a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
18 | (except for failure to satisfy the conditions of this license) patent
19 | license to make, have made, use, offer to sell, sell, import, and otherwise
20 | transfer this software, where such license applies only to those patent
21 | claims, already acquired or hereafter acquired, licensable by such copyright
22 | holder or contributor that are necessarily infringed by:
23 |
24 | (a) their Contribution(s) (the licensed copyrights of copyright holders and
25 | non-copyrightable additions of contributors, in source or binary form)
26 | alone; or
27 |
28 | (b) combination of their Contribution(s) with the work of authorship to
29 | which such Contribution(s) was added by such copyright holder or
30 | contributor, if, at the time the Contribution is added, such addition
31 | causes such combination to be necessarily infringed. The patent license
32 | shall not apply to any other combinations which include the
33 | Contribution.
34 |
35 | Except as expressly stated above, no rights or licenses from any copyright
36 | holder or contributor is granted under this license, whether expressly, by
37 | implication, estoppel or otherwise.
38 |
39 | DISCLAIMER
40 |
41 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
42 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
45 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
46 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
47 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
48 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
49 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
51 | POSSIBILITY OF SUCH DAMAGE.
52 |
--------------------------------------------------------------------------------
/.sync/github_templates/pull_requests/pull_request_template.md:
--------------------------------------------------------------------------------
1 | ## Description
2 |
3 | <_Include a description of the change and why this change was made._>
4 |
5 | For details on how to complete these options and their meaning refer to [CONTRIBUTING.md](https://github.com/microsoft/mu/blob/HEAD/CONTRIBUTING.md).
6 |
7 | - [ ] Impacts functionality?
8 | - [ ] Impacts security?
9 | - [ ] Breaking change?
10 | - [ ] Includes tests?
11 | - [ ] Includes documentation?
12 | {% for additional_checkbox in additional_checkboxes %}
13 | - [ ] {{ additional_checkbox }}
14 | {% endfor %}
15 |
16 | ## How This Was Tested
17 |
18 | <_Describe the test(s) that were run to verify the changes._>
19 |
20 | ## Integration Instructions
21 |
22 | <_Describe how these changes should be integrated. Use N/A if nothing is required._>
23 |
--------------------------------------------------------------------------------
/.sync/github_templates/security/SECURITY.md:
--------------------------------------------------------------------------------
1 | # Project Mu Security Policy
2 |
3 | Project Mu is an open source firmware project that is leveraged by and combined into
4 | other projects to build the firmware for a given product. We build and maintain this
5 | code with the intent that any consuming projects can use this code as-is. If features
6 | or fixes are necessary we ask that they contribute them back to the project. **But**, that
7 | said, in the firmware ecosystem there is a lot of variation and differentiation, and
8 | the license in this project allows flexibility for use without contribution back to
9 | Project Mu. Therefore, any issues found here may or may not exist in products using Project Mu.
10 |
11 | ## Supported Versions
12 |
13 | Due to the usage model we generally only supply fixes to the most recent release branch (or main).
14 | For a serious vulnerability we may patch older release branches.
15 |
16 | ## Additional Notes
17 |
18 | Project Mu contains code that is available and/or originally authored in other
19 | repositories (see <https://github.com/tianocore/edk2> as one such example). For any
20 | vulnerability found, we may be subject to their security policy and may need to work
21 | with those groups to resolve amicably and patch the "upstream". This might involve
22 | additional time to release and/or additional confidentiality requirements.
23 |
24 | ## Reporting a Vulnerability
25 |
26 | **Please do not report security vulnerabilities through public GitHub issues.**
27 |
28 | Instead please use **Github Private vulnerability reporting**, which is enabled for each Project Mu
29 | repository. This process is well documented by github in their documentation [here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
30 |
31 | This process will allow us to privately discuss the issue, collaborate on a solution, and then disclose the vulnerability.
32 |
33 | ## Preferred Languages
34 |
35 | We prefer all communications to be in English.
36 |
37 | ## Policy
38 |
39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
40 |
--------------------------------------------------------------------------------
/.sync/rust_config/Makefile.toml:
--------------------------------------------------------------------------------
1 | [config]
2 | default_to_workspace = false
3 |
4 | [env]
5 | CARGO_MAKE_EXTEND_WORKSPACE_MAKEFILE = true
6 | RUSTC_BOOTSTRAP = 1
7 | ARCH = "X64"
8 | TARGET_TRIPLE = { source = "${ARCH}", mapping = { "X64" = "x86_64-unknown-uefi", "IA32" = "i686-unknown-uefi", "AARCH64" = "aarch64-unknown-uefi", "LOCAL" = "${CARGO_MAKE_RUST_TARGET_TRIPLE}" }, condition = { env_not_set = [ "TARGET_TRIPLE" ] } }
9 |
10 | CARGO_FEATURES_FLAG = {value = "--features ${FEATURES}", condition = {env_set = ["FEATURES"], env_true = ["FEATURES"]}}
11 | BUILD_FLAGS = "--profile ${RUSTC_PROFILE} --target ${TARGET_TRIPLE} -Zbuild-std=core,compiler_builtins,alloc -Zbuild-std-features=compiler-builtins-mem -Zunstable-options --timings=html"
12 | TEST_FLAGS = { value = "", condition = { env_not_set = ["TEST_FLAGS"] } }
13 | COV_FLAGS = { value = "--out html --exclude-files **/tests/*", condition = { env_not_set = ["COV_FLAGS"] } }
14 |
15 | [env.development]
16 | RUSTC_PROFILE = "dev"
17 | RUSTC_TARGET = "debug"
18 |
19 | [env.release]
20 | RUSTC_PROFILE = "release"
21 | RUSTC_TARGET = "release"
22 |
23 | [tasks.individual-package-targets]
24 | script_runner = "@duckscript"
25 | script = '''
26 | args = get_env CARGO_MAKE_TASK_ARGS
27 |
28 | if is_empty ${args}
29 | exit
30 | end
31 |
32 | 1 = array ""
33 | 2 = split ${args} ,
34 | 3 = array_concat ${1} ${2}
35 | joined_args = array_join ${3} " -p "
36 | release ${1}
37 | release ${2}
38 | release ${3}
39 |
40 | joined_args = trim ${joined_args}
41 | set_env INDIVIDUAL_PACKAGE_TARGETS ${joined_args}
42 | release ${joined_args}
43 | '''
44 |
45 | [tasks.build]
46 | description = """Builds a single rust package.
47 |
48 | Customizations:
49 | -p [development|release]: Builds in debug or release. Default: development
50 | -e ARCH=[IA32|X64|AARCH64|LOCAL]: Builds with specifed arch. Default: X64
51 | -e FEATURES=[feature,...]: Builds with the specified features. Default: none
52 |
53 | Example:
54 | `cargo make build RustModule`
55 | `cargo make -p release build RustModule`
56 | `cargo make -e ARCH=IA32 build RustLib`
57 | `cargo make -e FEATURES=feature1,feature2 build RustLib`
58 | """
59 | clear = true
60 | command = "cargo"
61 | args = ["build", "@@split(INDIVIDUAL_PACKAGE_TARGETS, )", "@@split(BUILD_FLAGS, )", "@@split(CARGO_FEATURES_FLAG, ,remove-empty)"]
62 | dependencies = ["individual-package-targets"]
63 |
64 | [tasks.check]
65 | description = "Checks rust code for errors. Example `cargo make check`"
66 | clear = true
67 | command = "cargo"
68 | args = ["check", "@@split(INDIVIDUAL_PACKAGE_TARGETS, )", "@@split(BUILD_FLAGS, )"]
69 | dependencies = ["individual-package-targets"]
70 |
71 | [tasks.check_json]
72 | description = "Checks rust code for errors with results in JSON. Example `cargo make check_json`"
73 | clear = true
74 | command = "cargo"
75 | args = ["check", "@@split(INDIVIDUAL_PACKAGE_TARGETS, )", "@@split(BUILD_FLAGS, )", "--message-format=json"]
76 | dependencies = ["individual-package-targets"]
77 |
78 | [tasks.test]
79 | description = "Builds all rust tests in the workspace. Example `cargo make test`"
80 | clear = true
81 | command = "cargo"
82 | args = ["test", "@@split(INDIVIDUAL_PACKAGE_TARGETS, )", "@@split(TEST_FLAGS, )"]
83 | dependencies = ["individual-package-targets"]
84 |
85 | [tasks.coverage]
86 | description = "Build and run all tests and calculate coverage."
87 | clear = true
88 | command = "cargo"
89 | args = ["tarpaulin", "@@split(INDIVIDUAL_PACKAGE_TARGETS, )", "@@split(COV_FLAGS, )", "--output-dir", "${CARGO_MAKE_WORKSPACE_WORKING_DIRECTORY}/target"]
90 | dependencies = ["individual-package-targets"]
91 |
92 | [tasks.clippy]
93 | description = "Run cargo clippy."
94 | clear = true
95 | command = "cargo"
96 | args = ["clippy", "--all-targets", "--", "-D", "warnings"]
97 |
--------------------------------------------------------------------------------
/.sync/rust_config/config.toml:
--------------------------------------------------------------------------------
1 | [target.x86_64-unknown-uefi]
2 | rustflags = [
3 | "-C", "link-arg=/base:0x0",
4 | "-C", "link-arg=/subsystem:efi_boot_service_driver",
5 | ]
6 |
7 | [target.i686-unknown-uefi]
8 | rustflags = [
9 | "-C", "link-arg=/base:0x0",
10 | "-C", "link-arg=/subsystem:efi_boot_service_driver",
11 | ]
12 |
13 | [target.aarch64-unknown-uefi]
14 | rustflags = [
15 | "-C", "link-arg=/base:0x0",
16 | "-C", "link-arg=/subsystem:efi_boot_service_driver",
17 | ]
18 |
--------------------------------------------------------------------------------
/.sync/rust_config/rust-toolchain.toml:
--------------------------------------------------------------------------------
1 | {% import '../Version.njk' as sync_version -%}
2 |
3 | [toolchain]
4 | channel = "{{ sync_version.rust_toolchain }}"
5 |
6 | [tools]
7 | cargo-make = "{{ sync_version.cargo_make }}"
8 | cargo-tarpaulin = "{{ sync_version.cargo_tarpaulin }}"
9 | cargo-release = "{{ sync_version.cargo_release }}"
10 |
--------------------------------------------------------------------------------
/.sync/rust_config/rustfmt.toml:
--------------------------------------------------------------------------------
1 | # rustfmt (and cargo fmt) will automatically pick up this config when run in the workspace.
2 |
3 | # Note that some items are included here set to their default values. This is to explicitly
4 | # reveal settings for more common options.
5 |
6 | # Keep these options sorted in ascending order to ease lookup with rustfmt documentation.
7 |
8 | edition = "2021" # This would normally be picked up from Cargo.toml if not specified here
9 | enum_discrim_align_threshold = 8 # Vertically align enum discriminants
10 | force_explicit_abi = true # Always print the ABI for extern items (e.g. extern {... will become extern "C" {...)
11 | hard_tabs = false # Always uses spaces for indentation and alignment
12 | max_width = 120 # The maximum width of each line
13 | merge_derives = false # Do not merge derives into a single line (leave to author discretion).
14 | imports_granularity = "Crate" # Merge imports from a single crate into separate statements.
15 | newline_style = "Windows" # Always use Windows line endings '\r\n'
16 | reorder_impl_items = false # Do not force where type and const before macros and methods in impl blocks.
17 | reorder_imports = true # Do reorder import and extern crate statements alphabetically for readability.
18 | reorder_modules = true # Do reorder mod declarations alphabetically for readability.
19 | struct_field_align_threshold = 8 # Vertically align struct fields
20 | tab_spaces = 4 # Use 4 spaces for indentation (Rust default).
21 | unstable_features = false # Do not use unstable rustfmt features.
22 | use_small_heuristics = "Max" # Set all granular width settings to the same as max_width (do not use heuristics)
23 | wrap_comments = false # Leave comment formatting to author's discretion
24 |
--------------------------------------------------------------------------------
/.sync/workflows/config/label-issues/file-paths.yml:
--------------------------------------------------------------------------------
1 | # Specifies labels to apply to issues and pull requests based on file path patterns in Project Mu repositories.
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
8 | #
9 | # Copyright (c) Microsoft Corporation.
10 | # SPDX-License-Identifier: BSD-2-Clause-Patent
11 | #
12 | # For more information, see:
13 | # https://github.com/actions/labeler
14 |
15 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc.
16 |
17 | language:python:
18 | - '**/*.py'
19 |
--------------------------------------------------------------------------------
/.sync/workflows/config/label-issues/regex-pull-requests.yml:
--------------------------------------------------------------------------------
1 | # Specifies labels to apply to pull requests in Project Mu repositories based on regular expressions.
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
8 | #
9 | # Copyright (c) Microsoft Corporation.
10 | # SPDX-License-Identifier: BSD-2-Clause-Patent
11 | #
12 | # For more information, see:
13 | # https://github.com/srvaroa/labeler
14 |
15 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc.
16 | version: 1
17 | issues: False
18 |
19 | labels:
20 | - label: type:backport
21 | type: "pull_request"
22 | body: '\s*\[\s*(x|X){1}\s*\]\s*Backport to release branch\?'
23 |
24 | - label: type:backport
25 | type: "pull_request"
26 | authors: ["mu-automation[bot]"]
27 | branch : "repo-sync/mu_devops/default"
28 | base-branch: "dev/20[0-9]{4}"
29 |
30 | - label: type:backport
31 | type: "pull_request"
32 | authors: ["dependabot[bot]"]
33 | branch : "dependabot/*"
34 | base-branch: "dev/20[0-9]{4}"
35 |
36 | - label: impact:breaking-change
37 | type: "pull_request"
38 | body: '\s*\[\s*(x|X){1}\s*\]\s*Breaking\s*change\?'
39 |
40 | - label: type:documentation
41 | type: "pull_request"
42 | body: '\s*\[\s*(x|X){1}\s*\]\s*Includes\s*documentation\?'
43 |
44 | - label: impact:non-functional
45 | type: "pull_request"
46 | body: '\s*\[\s*\]\s*Impacts\s*functionality\?'
47 |
48 | - label: impact:security
49 | type: "pull_request"
50 | body: '\s*\[\s*(x|X){1}\s*\]\s*Impacts\s*security\?'
51 |
52 | - label: impact:testing
53 | type: "pull_request"
54 | body: '\[\s*(x|X){1}\s*\]\s*Includes\s*tests\?'
55 |
--------------------------------------------------------------------------------
/.sync/workflows/config/release-draft/release-draft-config.yml:
--------------------------------------------------------------------------------
1 | # Defines the configuration used for drafting new releases.
2 | #
3 | # IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo.
4 | #
5 | # NOTE: `semver:major`, `semver:minor`, and `semver:patch` can be used to force that
6 | # version to roll regardless of other labels.
7 | #
8 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
9 | # instead of the file in this repo.
10 | #
11 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
12 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
13 | #
14 | # Copyright (c) Microsoft Corporation.
15 | # SPDX-License-Identifier: BSD-2-Clause-Patent
16 | #
17 | # For more information, see:
18 | # https://github.com/release-drafter/release-drafter
19 |
20 | {% import '../../../Version.njk' as sync_version -%}
21 |
22 | {%- if release_branch %}
23 | name-template: 'dev-v$RESOLVED_VERSION'
24 | tag-template: 'dev-v$RESOLVED_VERSION'
25 | {% else %}
26 | name-template: 'v$RESOLVED_VERSION'
27 | tag-template: 'v$RESOLVED_VERSION'
28 | {% endif %}
29 |
30 | {# `release_branch` applies a commitish. `latest` then determines the branch to use. -#}
31 | {# If a commitish is not specified, then the `github.ref` value is implicitly used. -#}
32 | {%- if release_branch %}
33 | {%- set latest_mu_dev_branch = "refs/heads/" + (sync_version.latest_mu_release_branch | replace("release", "dev")) %}
34 | {%- set previous_mu_dev_branch = "refs/heads/" + (sync_version.previous_mu_release_branch | replace("release", "dev")) %}
35 | {%- set actual_branch = latest_mu_dev_branch if latest else previous_mu_dev_branch %}
36 | commitish: {{ actual_branch }}
37 | filter-by-commitish: true
38 | {% if filter_to_backport %}
39 | include-labels: ["type:backport"]
40 | {% endif %}
41 | {% endif %}
42 |
43 | template: |
44 | # What's Changed
45 |
46 | $CHANGES
47 |
48 | {% if release_branch %}
49 | **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...dev-v$RESOLVED_VERSION
50 | {% else %}
51 | **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION
52 | {% endif %}
53 |
54 | categories:
55 | - title: '⚠️ Breaking Changes'
56 | labels:
57 | - 'impact:breaking-change'
58 | - title: '🚀 Features & ✨ Enhancements'
59 | labels:
60 | - 'type:design-change'
61 | - 'type:enhancement'
62 | - 'type:feature-request'
63 | - title: '🐛 Bug Fixes'
64 | labels:
65 | - 'type:bug'
66 | - title: '🔐 Security Impacting'
67 | labels:
68 | - 'impact:security'
69 | - title: '📖 Documentation Updates'
70 | labels:
71 | - 'type:documentation'
72 | - title: '🛠️ Submodule Updates'
73 | labels:
74 | - 'type:submodules'
75 |
76 | change-template: >-
77 | <ul>
78 | <li>
79 | $TITLE @$AUTHOR (#$NUMBER)
80 | <br>
81 | <details>
82 | <summary>Change Details</summary>
83 | <blockquote>
84 | <!-- Non-breaking space to have content if body is empty -->
85 | $BODY
86 | </blockquote>
87 | <hr>
88 | </details>
89 | </li>
90 | </ul>
91 |
92 | change-title-escapes: '\<*_&@' # Note: @ is added to disable mentions
93 |
94 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc.
95 | version-resolver:
96 | major:
97 | labels:
98 | - 'impact:breaking-change'
99 | - 'semver:major'
100 | minor:
101 | labels:
102 | - 'semver:minor'
103 | - 'type:design-change'
104 | - 'type:enhancement'
105 | - 'type:feature-request'
106 | patch:
107 | labels:
108 | - 'impact:non-functional'
109 | - 'semver:patch'
110 | - 'type:bug'
111 | - 'type:documentation'
112 | default: patch
113 |
114 | exclude-labels:
115 | - 'type:dependabot'
116 | - 'type:file-sync'
117 | - 'type:notes'
118 | - 'type:question'
119 |
120 | exclude-contributors:
121 | - 'uefibot'
122 |
--------------------------------------------------------------------------------
/.sync/workflows/config/triage-issues/advanced-issue-labeler.yml:
--------------------------------------------------------------------------------
1 | # Defines the mappings between GitHub issue responses and labels applied to the issue
2 | # for Project Mu repos.
3 | #
4 | # IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo.
5 | #
6 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
7 | # instead of the file in this repo.
8 | #
9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
11 | #
12 | # Copyright (c) Microsoft Corporation.
13 | # SPDX-License-Identifier: BSD-2-Clause-Patent
14 | #
15 | # For more information, see:
16 | # https://github.com/redhat-plumbers-in-action/advanced-issue-labeler
17 |
18 | policy:
19 | - section:
20 |
21 | # Issue Template - Urgency Dropdown
22 | - id: ['urgency']
23 | block-list: []
24 | label:
25 | - name: 'urgency:low'
26 | keys: ['Low']
27 | - name: 'urgency:medium'
28 | keys: ['Medium']
29 | - name: 'urgency:high'
30 | keys: ['High']
31 |
32 | # Issue Template - Fix Owner Dropdown
33 | - id: ['fix_owner', 'request_owner']
34 | block-list: []
35 | label:
36 | - name: 'state:needs-owner'
37 | keys: [
38 | 'Someone else needs to fix it',
39 | 'Someone else needs to make the change',
40 | 'Someone else needs to implement the feature'
41 | ]
42 | - name: 'state:needs-triage'
43 | keys: [
44 | 'Someone else needs to fix it',
45 | 'Someone else needs to make the change',
46 | 'Someone else needs to implement the feature'
47 | ]
48 |
49 | # Issue Template - Needs Maintainer Feedback Dropdown
50 | - id: ['needs_maintainer_feedback']
51 | block-list: []
52 | label:
53 | - name: 'state:needs-maintainer-feedback'
54 | keys: ['Maintainer feedback requested']
55 |
--------------------------------------------------------------------------------
/.sync/workflows/leaf/issue-assignment.yml:
--------------------------------------------------------------------------------
1 | # This workflow provides actions that should be applied when an issue is assigned.
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
8 | #
9 | # Copyright (c) Microsoft Corporation.
10 | # SPDX-License-Identifier: BSD-2-Clause-Patent
11 | #
12 |
13 | {% import '../../Version.njk' as sync_version -%}
14 |
15 | name: React to Issue Assignment
16 |
17 | on:
18 | issues:
19 | types: assigned
20 |
21 | jobs:
22 | apply:
23 |
24 | permissions:
25 | contents: read
26 | issues: write
27 |
28 | uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@{{ sync_version.mu_devops }}
29 |
--------------------------------------------------------------------------------
/.sync/workflows/leaf/label-issues.yml:
--------------------------------------------------------------------------------
1 | # This workflow automatically applies labels to GitHub issues and pull requests based on the
2 | # file paths in a pull request or content in the body of an issue or pull request.
3 | #
4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
5 | # instead of the file in this repo.
6 | #
7 | # NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made
8 | # in the common/reusable workflow.
9 | #
10 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
11 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
12 | #
13 | # Copyright (c) Microsoft Corporation.
14 | # SPDX-License-Identifier: BSD-2-Clause-Patent
15 | #
16 |
17 | {% import '../../Version.njk' as sync_version -%}
18 |
19 | name: Apply Issue and PR Labels
20 |
21 | on:
22 | issues:
23 | types:
24 | - edited
25 | - opened
26 | pull_request_target:
27 | types:
28 | - edited
29 | - opened
30 | - reopened
31 | - synchronize
32 | workflow_dispatch:
33 |
34 | jobs:
35 | apply:
36 |
37 | permissions:
38 | contents: read
39 | pull-requests: write
40 |
41 | uses: microsoft/mu_devops/.github/workflows/Labeler.yml@{{ sync_version.mu_devops }}
42 |
--------------------------------------------------------------------------------
/.sync/workflows/leaf/label-sync.yml:
--------------------------------------------------------------------------------
1 | # This workflow syncs GitHub labels to the common set of labels defined in Mu DevOps.
2 | #
3 | # All repos should sync at the same time.
4 | # '0 0,12 * * *''
5 | #
6 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
7 | # instead of the file in this repo.
8 | #
9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
11 | #
12 | # Copyright (c) Microsoft Corporation.
13 | # SPDX-License-Identifier: BSD-2-Clause-Patent
14 | #
15 |
16 | {% import '../../Version.njk' as sync_version -%}
17 |
18 | name: Sync GitHub Labels
19 |
20 | on:
21 | schedule:
22 | # At minute 0 past hour 0 and 12
23 | # https://crontab.guru/#0_0,12_*_*_*
24 | - cron: '0 0,12 * * *'
25 | workflow_dispatch:
26 |
27 | jobs:
28 | sync:
29 |
30 | permissions:
31 | issues: write
32 |
33 | uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@{{ sync_version.mu_devops }}
34 |
--------------------------------------------------------------------------------
/.sync/workflows/leaf/publish-release.yml:
--------------------------------------------------------------------------------
1 | # @file publish-release.yml
2 | #
3 | # A Github workflow that publishes all crates in a repository to crates.io and creates a release on
4 | # GitHub.
5 | #
6 | # Copyright (c) Microsoft Corporation.
7 | # SPDX-License-Identifier: BSD-2-Clause-Patent
8 | ##
9 |
10 | name: Publish Release
11 |
12 | on:
13 | workflow_dispatch:
14 |
15 | jobs:
16 | validate_branch:
17 | name: Validate Branch
18 | runs-on: ubuntu-latest
19 |
20 | steps:
21 | - name: Checkout Repository
22 | uses: actions/checkout@v4
23 |
24 | - name: Validate Branch
25 | run: |
26 | if [ "${GITHUB_REF}" != "refs/heads/main" ]; then
27 | echo "This workflow can only be run on the main branch."
28 | exit 1
29 | fi
30 |
31 | release:
32 | name: Release
33 | needs: validate_branch
34 | uses: microsoft/mu_devops/.github/workflows/ReleaseWorkflow.yml@main
35 | secrets:
36 | CRATES_IO_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
37 | permissions:
38 | contents: write
39 | actions: read
40 |
--------------------------------------------------------------------------------
/.sync/workflows/leaf/pull-request-formatting-validator.yml:
--------------------------------------------------------------------------------
1 | # This workflow validates basic pull request formatting requirements are met.
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
8 | #
9 | # Copyright (c) Microsoft Corporation.
10 | # SPDX-License-Identifier: BSD-2-Clause-Patent
11 | #
12 |
13 | name: Validate Pull Request Formatting
14 |
15 | on:
16 | pull_request_target:
17 | types:
18 | - edited
19 | - opened
20 | - reopened
21 | - synchronize
22 |
23 | jobs:
24 | validate_pr:
25 | runs-on: ubuntu-latest
26 |
27 | permissions:
28 | contents: read
29 | pull-requests: write
30 |
31 | steps:
32 | - run: |
33 | prTitle="$(gh api graphql -F owner=$OWNER -F name=$REPO -F pr_number=$PR_NUMBER -f query='
34 | query($name: String!, $owner: String!, $pr_number: Int!) {
35 | repository(owner: $owner, name: $name) {
36 | pullRequest(number: $pr_number) {
37 | title
38 | }
39 | }
40 | }')"
41 |
42 | if [[ "${prTitle}" == *"Personal/"* ]]; then
43 | gh pr comment $PR_URL --body "⚠️ Please add a meaningful PR title (remove the 'Personal/' prefix from the title)."
44 | echo 'VALIDATION_ERROR=true' >> $GITHUB_ENV
45 | fi
46 |
47 | env:
48 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
49 | OWNER: ${{ github.repository_owner }}
50 | PR_NUMBER: ${{ github.event.number }}
51 | PR_URL: ${{ github.event.pull_request.html_url }}
52 | REPO: ${{ github.event.repository.name }}
53 |
54 | - name: Check for Validation Errors
55 | if: env.VALIDATION_ERROR
56 | uses: actions/github-script@v7
57 | with:
58 | script: |
59 | core.setFailed('PR Formatting Validation Check Failed!')
60 |
--------------------------------------------------------------------------------
/.sync/workflows/leaf/release-draft.yml:
--------------------------------------------------------------------------------
1 | # This workflow automatically drafts new project releases so it is obvious
2 | # what a current release will look like at any time.
3 | #
4 | # It takes advantage of the labels used in Project Mu to automatically categorize
5 | # the types of changes in a given release. In addition, the semantic version of
6 | # the code is constantly maintained based on Project Mu label conventions to ensure
7 | # semantic versioning is followed and a release version is always ready.
8 | #
9 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
10 | # instead of the file in this repo.
11 | #
12 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
13 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
14 | #
15 | # Copyright (c) Microsoft Corporation.
16 | # SPDX-License-Identifier: BSD-2-Clause-Patent
17 | #
18 | # For more information, see:
19 | # https://github.com/release-drafter/release-drafter
20 |
21 | {% import '../../Version.njk' as sync_version -%}
22 |
23 | name: Update Release Draft
24 |
25 | on:
26 | {% if depend_on_backport %}
27 | workflow_run:
28 | workflows: ["Backport Commits to Release Branch"]
29 | branches: [{{ trigger_branch_name if trigger_branch_name else sync_version.latest_mu_release_branch | replace ("release", "dev") }}]
30 | types:
31 | - completed
32 | {% else %}
33 | push:
34 | branches:
35 | - {{ trigger_branch_name if trigger_branch_name else sync_version.latest_mu_release_branch | replace ("release", "dev") }}
36 | {% endif %}
37 |
38 | jobs:
39 | draft:
40 | name: Draft Releases
41 |
42 | permissions:
43 | contents: write
44 | pull-requests: write
45 |
46 | uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@{{ sync_version.mu_devops }}
47 | secrets: inherit
48 |
--------------------------------------------------------------------------------
/.sync/workflows/leaf/scheduled-maintenance.yml:
--------------------------------------------------------------------------------
1 | # This workflow performs scheduled maintenance tasks.
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # NOTE: This file uses reusable workflows. Do not make changes to the file that should be made
7 | # in the common/reusable workflows.
8 | #
9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
11 | #
12 | # Copyright (c) Microsoft Corporation.
13 | # SPDX-License-Identifier: BSD-2-Clause-Patent
14 | #
15 |
16 | name: Scheduled Maintenance
17 |
18 | on:
19 | schedule:
20 | # * is a special character in YAML so you have to quote this string
21 | # Run every hour - https://crontab.guru/#0_*_*_*_*
22 | - cron: '0 * * * *'
23 |
24 | jobs:
25 | repo_cleanup:
26 | runs-on: ubuntu-latest
27 |
28 | permissions:
29 | pull-requests: write
30 | issues: write
31 |
32 | steps:
33 | - name: Get Repository Info
34 | run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
35 |
36 | - name: Prune Won't Fix Pull Requests
37 | env:
38 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
39 | REPOSITORY: ${{ env.REPOSITORY_NAME }}
40 | run: |
41 | gh api \
42 | -H "Accept: application/vnd.github+json" \
43 | /repos/microsoft/${REPOSITORY}/pulls | jq -r '.[]' | jq -rc '.html_url,.labels' | \
44 | while read -r html_url ; do
45 | read -r labels
46 | if [[ $labels == *"state:wont-fix"* ]]; then
47 | gh pr close $html_url -c "Closed due to being marked as wont fix" --delete-branch
48 | fi
49 | done
50 |
51 | - name: Prune Won't Fix Issues
52 | env:
53 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
54 | REPOSITORY: ${{ env.REPOSITORY_NAME }}
55 | run: |
56 | gh api \
57 | -H "Accept: application/vnd.github+json" \
58 | /repos/microsoft/${REPOSITORY}/issues | jq -r '.[]' | jq -rc '.html_url,.labels' | \
59 | while read -r html_url ; do
60 | read -r labels
61 | if [[ $labels == *"state:wont-fix"* ]]; then
62 | gh issue close $html_url -c "Closed due to being marked as wont fix" -r "not planned"
63 | fi
64 | done
65 |
--------------------------------------------------------------------------------
/.sync/workflows/leaf/stale.yml:
--------------------------------------------------------------------------------
1 | # This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
2 | #
3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
4 | # instead of the file in this repo.
5 | #
6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
8 | #
9 | # Copyright (c) Microsoft Corporation.
10 | # SPDX-License-Identifier: BSD-2-Clause-Patent
11 | #
12 | # You can adjust the behavior by modifying this file.
13 | # For more information, see:
14 | # https://github.com/actions/stale
15 |
16 | {% import '../../Version.njk' as sync_version -%}
17 |
18 | name: Check for Stale Issues and Pull Requests
19 |
20 | on:
21 | schedule:
22 | # At 23:35 on every day-of-week from Sunday through Saturday
23 | # https://crontab.guru/#35_23_*_*_0-6
24 | - cron: '35 23 * * 0-6'
25 | workflow_dispatch:
26 |
27 | jobs:
28 | check:
29 |
30 | permissions:
31 | issues: write
32 | pull-requests: write
33 |
34 | uses: microsoft/mu_devops/.github/workflows/Stale.yml@{{ sync_version.mu_devops }}
35 |
--------------------------------------------------------------------------------
/.sync/workflows/leaf/submodule-release-update.yml:
--------------------------------------------------------------------------------
1 | # This workflow automatically creates a pull request for any submodule in the repo
2 | # that has a new GitHub release available. The release must follow semantic versioning.
3 | #
4 | # The GitHub App ID and private key should be stored in the repository as a variable named `MU_ACCESS_APP_ID` and a
5 | # secret named `MU_ACCESS_APP_PRIVATE_KEY` respectively.
6 | #
7 | # The GitHub App must grant the following permissions:
8 | # - Read and write access to repository contents
9 | # - Read and write access to pull requests
10 | #
11 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
12 | # instead of the file in this repo.
13 | #
14 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
15 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
16 | #
17 | # Copyright (c) Microsoft Corporation.
18 | # SPDX-License-Identifier: BSD-2-Clause-Patent
19 | #
20 |
21 | {% import '../../Version.njk' as sync_version -%}
22 |
23 | name: Update Submodules to Latest Release
24 |
25 | on:
26 | schedule:
27 | - cron: '0 0 * * *' # https://crontab.guru/every-day
28 | workflow_dispatch:
29 |
30 | jobs:
31 | repo_submodule_update:
32 | name: Check for Submodule Releases
33 | runs-on: ubuntu-latest
34 |
35 | permissions:
36 | contents: write
37 | pull-requests: write
38 |
39 | steps:
40 | - name: Generate Token
41 | id: app-token
42 | uses: actions/create-github-app-token@v2
43 | with:
44 | app-id: {% raw %}${{ vars.MU_ACCESS_APP_ID }}{% endraw %}
45 | private-key: {% raw %}${{ secrets.MU_ACCESS_APP_PRIVATE_KEY }}{% endraw %}
46 |
47 | - name: Update Submodules to Latest Release
48 | uses: microsoft/mu_devops/.github/actions/submodule-release-updater@{{ sync_version.mu_devops }}
49 | with:
50 | GH_PAT: {% raw %}${{ steps.app-token.outputs.token }}{% endraw %}
51 | GH_USER: "ProjectMuBot"
52 | GIT_EMAIL: "mubot@microsoft.com"
53 | GIT_NAME: "Project Mu Bot"
54 |
--------------------------------------------------------------------------------
/.sync/workflows/leaf/triage-issues.yml:
--------------------------------------------------------------------------------
1 | # This workflow assists with initial triage of new issues by applying
2 | # labels based on data provided in the issue.
3 | #
4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
5 | # instead of the file in this repo.
6 | #
7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
9 | #
10 | # Copyright (c) Microsoft Corporation.
11 | # SPDX-License-Identifier: BSD-2-Clause-Patent
12 | #
13 |
14 | {% import '../../Version.njk' as sync_version -%}
15 |
16 | name: Initial Triage for New Issue
17 |
18 | on:
19 | issues:
20 | types: [ opened ]
21 |
22 | jobs:
23 | triage:
24 |
25 | permissions:
26 | issues: write
27 |
28 | uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@{{ sync_version.mu_devops }}
29 |
--------------------------------------------------------------------------------
/Containers/Readme.md:
--------------------------------------------------------------------------------
1 | # Mu Devops Containers
2 |
3 | Project Mu uses containers to build on Linux. These containers come with all of
4 | the tools expected for CI and virtual platform pipelines and local development.
5 | Containers can be pulled. For more details see the [mu_devops packages page](https://github.com/orgs/microsoft/packages?repo_name=mu_devops).
6 |
7 | ## Ubuntu-24 _(Recommended)_
8 |
9 | The Mu Ubuntu container provides the following layers. Ubuntu-24 is the recommended
10 | container image because it best aligns with existing development flows and provides
11 | tools needed to cross compile both kernel and user mode components needed in Mu.
12 |
13 | ## Ubuntu-22
14 |
15 | Ubuntu-22 is the previous Ubuntu container image used in Mu CI from May 2023 until
16 | February 2025. It is still available for use, but is not recommended for new projects
17 | and other CI dependencies and worfklows may not be supported with it.
18 |
19 | It will be deprecated soon. Users should migrate to Ubuntu-24 as soon as possible.
20 |
21 | ---
22 |
23 | | Name | Description | Package |
24 | |-------|--------------------------------------|---------|
25 | | Build | Used for CI pipeline builds. | [ubuntu-24-build](https://github.com/microsoft/mu_devops/pkgs/container/mu_devops%2Fubuntu-24-build) |
26 | | Test | Used for virtual platform pipelines. | [ubuntu-24-test](https://github.com/microsoft/mu_devops/pkgs/container/mu_devops%2Fubuntu-24-test) |
27 | | Dev | Used local development. | [ubuntu-24-dev](https://github.com/microsoft/mu_devops/pkgs/container/mu_devops%2Fubuntu-24-dev) |
28 | | Build | Ubuntu 22 (older) pipeline build. | [ubuntu-22-build](https://github.com/microsoft/mu_devops/pkgs/container/mu_devops%2Fubuntu-22-build) |
29 | | Test | Ubuntu 22 (older) virt plat image. | [ubuntu-22-test](https://github.com/microsoft/mu_devops/pkgs/container/mu_devops%2Fubuntu-22-test) |
30 | | Dev | Ubuntu 22 (older) local dev image | [ubuntu-22-dev](https://github.com/microsoft/mu_devops/pkgs/container/mu_devops%2Fubuntu-22-dev) |
31 |
--------------------------------------------------------------------------------
/Jobs/CreateBuildMatrix.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Mu DevOps template file to produce a build matrix according to the given
3 | # package and build target parameters.
4 | #
5 | # Copyright (c) Microsoft Corporation. All rights reserved.
6 | # SPDX-License-Identifier: BSD-2-Clause-Patent
7 | ##
8 |
9 | parameters:
10 | # An optional job dependency for this job to start.
11 | - name: dependency
12 | displayName: Job Dependency
13 | type: string
14 | default: ''
15 | # A group package list is not split to a separate package per job in the matrix.
16 | - name: group_package_list
17 | displayName: Group Package List (Optional - Will be Built Together)
18 | type: string
19 | default: ''
20 | # Each package in an individual package list is split to a separate job per package in the matrix.
21 | - name: individual_package_list
22 | displayName: Individual Package List (Required - Will be Built Individually)
23 | type: string
24 | default: ''
25 | # The targets that need be supported. These are kept as a list in the output of the matrix.
26 | - name: target_list
27 | displayName: Targets (e.g. DEBUG, RELEASE)
28 | type: string
29 | default: ''
30 |
31 | jobs:
32 |
33 | - job: CreateBuildMatrix
34 | displayName: Create Build Matrix
35 | dependsOn: ${{ parameters.dependency }}
36 |
37 | steps:
38 | - checkout: none
39 | fetchDepth: 0
40 |
41 | - task: PowerShell@2
42 | name: CalculateMatrix
43 | displayName: Calculate Matrix
44 | inputs:
45 | targetType: 'inline'
46 | script: |
47 | $configs = @{}
48 | '${{ parameters.target_list }}'.split(',').Trim() | % {
49 | $t = $_
50 | if (![string]::IsNullOrEmpty('${{ parameters.individual_package_list }}')) {
51 | '${{ parameters.individual_package_list }}'.split(',').Trim() | % {
52 | $p = $_
53 | $configs["${p} ${t}"] = @{
54 | 'package' = $p
55 | 'target' = $t
56 | }
57 | }
58 | }
59 | if (![string]::IsNullOrEmpty('${{ parameters.group_package_list }}')) {
60 | $configs["Non-Platform Package(s) ${t}"] = @{
61 | 'package' = '${{ parameters.group_package_list }}'.Trim()
62 | 'target' = $t
63 | }
64 | }
65 | }
66 | $c = $configs | ConvertTo-Json -Depth 10 -Compress
67 | Write-Host "##vso[task.setvariable variable=Matrix;isOutput=true;]$c"
68 |
69 |
--------------------------------------------------------------------------------
/Jobs/GenerateTag.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Template file used to generate tags on ADO. This template requires that the
3 | # consumer specifies this repository as a resource named mu_devops.
4 | #
5 | # Copyright (c) Microsoft Corporation.
6 | # SPDX-License-Identifier: BSD-2-Clause-Patent
7 | ##
8 |
9 | parameters:
10 | - name: major_version
11 | displayName: The major version.
12 | type: string
13 | default: ""
14 | - name: git_name
15 | displayName: Name to use for creating tag.
16 | type: string
17 | default: ""
18 | - name: git_email
19 | displayName: Email to use for creating tag.
20 | type: string
21 | default: ""
22 | - name: notes_file
23 | displayName: Path to the notes file to generate.
24 | type: string
25 | default: "ReleaseNotes.md"
26 | - name: extra_prepare_steps
27 | displayName: Extra Prepare Steps
28 | type: stepList
29 | default:
30 | - script: echo No extra prepare steps provided
31 |
32 | jobs:
33 | - job: Create_Release_Tag
34 | steps:
35 | - checkout: self
36 | clean: true
37 | fetchTags: true
38 | persistCredentials: true
39 | path: "target"
40 | fetchDepth: 0
41 |
42 | - checkout: mu_devops
43 | path: "mu_devops"
44 | fetchDepth: 1
45 |
46 | - template: ../Steps/SetupPythonPreReqs.yml
47 | parameters:
48 | install_pip_modules: false
49 |
50 | - script: |
51 | python -m pip install --upgrade pip
52 | pip install GitPython
53 | displayName: "Install Dependencies"
54 |
55 | - ${{ parameters.extra_prepare_steps }}
56 |
57 | # Checking the parameters should occur after extra_prepare_steps in case
58 | # the caller is using those steps to initialize a consumed variable.
59 | - script: |
60 | if [ -z "${{ parameters.major_version }}"] || \
61 | [ -z "${{ parameters.git_name }}"] || \
62 | [ -z "${{ parameters.git_email }}"]
63 | then
64 | echo "##vso[task.complete result=Failed;]"
65 | fi
66 | displayName: "Check Parameters"
67 |
68 | - script: |
69 | git config --global user.name "${{ parameters.git_name }}"
70 | git config --global user.email "${{ parameters.git_email }}"
71 | displayName: "Setup Git"
72 |
73 | - script: |
74 | python mu_devops/Scripts/TagGenerator/TagGenerator.py -r target/ --major ${{ parameters.major_version }} -v --printadovar tag_name --notes target/${{ parameters.notes_file }} --url $(Build.Repository.Uri)
75 | displayName: "Run Tag Generator"
76 | workingDirectory: $(Agent.BuildDirectory)
77 |
78 | - script: |
79 | set -e
80 | git branch
81 | git add ${{ parameters.notes_file }}
82 | git commit -m "Release notes for $(tag_name)"
83 | git tag $(tag_name)
84 | git push origin HEAD:$(Build.SourceBranchName)
85 | git push origin $(tag_name)
86 | continueOnError: false
87 | displayName: "Create Tag"
88 | workingDirectory: $(Agent.BuildDirectory)/target
89 |
--------------------------------------------------------------------------------
/Jobs/PrGate.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Template file used to build supported packages.
3 | #
4 | # To upload coverage results, set `coverage_upload_target` to `ado` or `codecov`.
5 | #
6 | # Copyright (c) Microsoft Corporation. All rights reserved.
7 | # Copyright (c) 2020 - 2021, ARM Limited. All rights reserved.<BR>
8 | # SPDX-License-Identifier: BSD-2-Clause-Patent
9 | ##
10 |
11 | parameters:
12 | - name: build_file
13 | displayName: Stuart Build File
14 | type: string
15 | default: ".pytool/CISettings.py"
16 | - name: container_build
17 | displayName: Use Container for Build
18 | type: boolean
19 | default: false
20 | - name: do_ci_build
21 | displayName: Perform Stuart CI Build
22 | type: boolean
23 | default: true
24 | - name: do_ci_setup
25 | displayName: Perform Stuart CI Setup
26 | type: boolean
27 | default: true
28 | - name: do_non_ci_build
29 | displayName: Perform non-CI Stuart Build
30 | type: boolean
31 | default: false
32 | - name: do_non_ci_setup
33 | displayName: Perform non-CI Stuart Setup
34 | type: boolean
35 | default: false
36 | - name: do_pr_eval
37 | displayName: Perform Stuart PR Evaluation
38 | type: boolean
39 | default: true
40 | - name: extra_build_args
41 | displayName: Extra Build Command Arguments
42 | type: string
43 | default: 'CODE_COVERAGE=TRUE CC_FLATTEN=TRUE CC_FULL=TRUE'
44 | - name: extra_pre_build_steps
45 | displayName: Extra Pre-Build Steps
46 | type: stepList
47 | default: []
48 | - name: extra_post_build_steps
49 | displayName: Extra Post-Build Steps
50 | type: stepList
51 | default: []
52 | - name: extra_steps
53 | displayName: Extra Steps
54 | type: stepList
55 | default:
56 | - script: echo No extra steps provided
57 | - name: linux_container_image
58 | displayName: Linux Container Image
59 | type: string
60 | default: ''
61 | - name: linux_container_options
62 | displayName: Linux Container Options
63 | type: string
64 | default: ''
65 | - name: packages
66 | displayName: Packages
67 | type: string
68 | default: ''
69 | - name: target_list
70 | displayName: Targets (e.g. DEBUG, RELEASE)
71 | type: string
72 | default: ''
73 | - name: tool_chain_tag
74 | displayName: Tool Chain (e.g. VS2022)
75 | type: string
76 | default: ''
77 | - name: vm_image
78 | displayName: Virtual Machine Image (e.g. windows-latest)
79 | type: string
80 | default: 'windows-latest'
81 | - name: extra_install_step
82 | displayName: Extra Install Steps
83 | type: stepList
84 | default: []
85 | - name: pool_name
86 | displayName: Variable name that hosts pool name to be used for self-hosted agents
87 | type: string
88 | default: ''
89 | - name: artifacts_binary
90 | displayName: Binary Artifacts to Publish
91 | type: string
92 | default: ''
93 | - name: artifacts_other
94 | displayName: Other Artifacts to Publish
95 | type: string
96 | default: ''
97 | - name: os_type
98 | displayName: OS type on the self-hosted agent pools
99 | type: string
100 | values:
101 | - Windows_NT
102 | - Linux
103 | default: Windows_NT
104 | - name: build_matrix
105 | type: object
106 | # Each element in the matrix will be used in a separate job
107 | # Required fields:
108 | # Pkgs: Specify what packages in the target repo are to be built for this job
109 | # Targets: Specify which targets are to be built in this job, i.e. DEBUG,
110 | # RELEASE, NO-TARGET, NOOPT. The acceptable values depend on the
111 | # Pkgs to be built.
112 | # ArchList: List of architectures to be supported by the packages (e.g. IA32, X64)
113 | # Optional fields:
114 | # SelfHostAgent: A boolean indicating whether this job should be run on the selfhosted
115 | # "pool_name". If the matrix entry does not specify this element, it
116 | # will be treated as false.
117 | # Example:
118 | # TARGET_MDEMODULE_DEBUG:
119 | # Pkgs: 'MdeModulePkg'
120 | # Targets: 'DEBUG,NOOPT'
121 | # ArchList: 'IA32,X64,AARCH64'
122 | # TARGET_TEST_POLICY_ARM:
123 | # Pkgs: 'UnitTestFrameworkPkg,PolicyServicePkg'
124 | # Targets: 'DEBUG,RELEASE,NO-TARGET,NOOPT'
125 | # ArchList: 'IA32,X64'
126 | # SelfHostAgent: true
127 | - name: rust_build
128 | displayName: Whether Rust code is being built
129 | type: boolean
130 | default: false
131 |
132 | # Build step
133 | jobs:
134 |
135 | - ${{ each item in parameters.build_matrix }}:
136 | - job: Build_${{ item.Key }}
137 | timeoutInMinutes: 120
138 | condition: |
139 | and(not(Canceled()),
140 | or(${{ ne(item.Value.SelfHostAgent, true) }}, ne(variables['${{ parameters.pool_name }}'], '')))
141 |
142 | workspace:
143 | clean: all
144 |
145 | ${{ if eq(item.Value.SelfHostAgent, true) }}:
146 | pool:
147 | name: $(${{ parameters.pool_name }})
148 | demands:
149 | - Agent.OS -equals ${{ parameters.os_type }}
150 | ${{ else }}:
151 | pool:
152 | vmImage: ${{ parameters.vm_image }}
153 |
154 | # Use a container if one was specified.
155 | ${{ if and(eq(parameters.container_build, true), not(contains(parameters.vm_image, 'windows')), ne(item.Value.SelfHostAgent, true)) }}:
156 | container:
157 | image: ${{ parameters.linux_container_image }}
158 | options: --name mu_devops_build_container ${{ parameters.linux_container_options }}
159 |
160 | steps:
161 | - ${{ if and(eq(parameters.rust_build, true), ne(item.Value.SelfHostAgent, true)) }}:
162 | - template: ../Steps/RustSetupSteps.yml
163 | - ${{ if and(contains(parameters.tool_chain_tag, 'CLANGPDB'), ne(item.Value.SelfHostAgent, true)) }}:
164 | - template: ../Steps/SetupToolChainTagPreReqs.yml
165 | - ${{ parameters.extra_steps }}
166 | - template: ../Steps/PrGate.yml
167 | parameters:
168 | artifacts_identifier: '${{ item.Key }} ${{ item.Value.Targets }}'
169 | artifacts_binary: ${{ parameters.artifacts_binary }}
170 | artifacts_other: ${{ parameters.artifacts_other }}
171 | build_file: ${{ parameters.build_file }}
172 | build_pkgs: ${{ item.Value.Pkgs }}
173 | build_targets: ${{ item.Value.Targets }}
174 | build_archs: ${{ item.Value.ArchList }}
175 | do_ci_build: ${{ parameters.do_ci_build }}
176 | do_ci_setup: ${{ parameters.do_ci_setup }}
177 | do_non_ci_build: ${{ parameters.do_non_ci_build }}
178 | do_non_ci_setup: ${{ parameters.do_non_ci_setup }}
179 | do_pr_eval: ${{ parameters.do_pr_eval }}
180 | tool_chain_tag: ${{ parameters.tool_chain_tag }}
181 | install_tools: ${{ and(not(eq(item.Value.SelfHostAgent, true)), not(parameters.container_build)) }}
182 | extra_install_step: ${{ parameters.extra_install_step }}
183 | extra_pre_build_steps: ${{ parameters.extra_pre_build_steps }}
184 | extra_post_build_steps: ${{ parameters.extra_post_build_steps }}
185 | # This is to handle the matrices that do not specify this.
186 | ${{ if eq(item.Value.SelfHostAgent, true) }}:
187 | self_host_agent: true
188 | ${{ else }}:
189 | self_host_agent: false
190 | extra_build_args: ${{ parameters.extra_build_args }}
191 |
--------------------------------------------------------------------------------
/Jobs/Python/RunDevTests.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines job template to run Python developer tests.
3 | #
4 | # Copyright (c) Microsoft Corporation. All rights reserved.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | ##
7 |
8 | parameters:
9 | - name: code_cov_enabled
10 | displayName: Enable Code Coverage
11 | type: boolean
12 | default: false
13 | - name: custom_job_name
14 | displayName: Custom Job name
15 | type: string
16 | default: ''
17 | - name: extra_steps
18 | displayName: Extra Steps
19 | type: stepList
20 | default:
21 | - script: echo No extra steps provided
22 | - name: pypi_auth_feed
23 | displayName: PyPI Authorization Feed (Set For Release)
24 | type: string
25 | default: ''
26 | - name: root_package_folder
27 | displayName: Root Package Folder
28 | type: string
29 | default: ''
30 | - name: vm_image
31 | displayName: Virtual Machine Image (e.g. windows-latest)
32 | type: string
33 | default: 'windows-latest'
34 |
35 | jobs:
36 |
37 | - job: Build_and_Test
38 |
39 | workspace:
40 | clean: all
41 |
42 | pool:
43 | vmImage: ${{ parameters.vm_image }}
44 |
45 | steps:
46 | - template: ../../Steps/SetNodeVersion.yml
47 | - template: ../../Steps/SetupPythonPreReqs.yml
48 | parameters:
49 | pip_requirement_files: -r pip-requirements.txt -r py-requirements.txt
50 | - ${{ parameters.extra_steps }}
51 | - template: ../../Steps/Python/RunPytest.yml
52 | parameters:
53 | root_package_folder: ${{parameters.root_package_folder}}
54 | code_cov_enabled: ${{parameters.code_cov_enabled}}
55 |
56 | - template: ../../Steps/Python/RunFlake8Tests.yml
57 |
58 | - template: ../../Steps/InstallSpellCheck.yml
59 | - template: ../../Steps/RunSpellCheck.yml
60 |
61 | - template: ../../Steps/InstallMarkdownLint.yml
62 | - template: ../../Steps/RunMarkdownLint.yml
63 |
64 | - task: PythonScript@0
65 | inputs:
66 | scriptSource: 'filePath'
67 | scriptPath: 'BasicDevTests.py'
68 | displayName: 'Check Basic File and Folder Tests'
69 | condition: succeededOrFailed()
70 |
--------------------------------------------------------------------------------
/LICENSE.txt:
--------------------------------------------------------------------------------
1 | BSD-2-Clause-Patent License
2 |
3 | Copyright (C) Microsoft Corporation. All rights reserved.
4 | SPDX-License-Identifier: BSD-2-Clause-Patent
5 |
--------------------------------------------------------------------------------
/Notebooks/MyPullRequests.github-issues:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "kind": 1,
4 | "language": "markdown",
5 | "value": "# Project Mu GitHub Personal Dashboard\r\n\r\nThis notebook displays your issue & personal pull request status across [Project Mu](https://microsoft.github.io/mu/)\r\nrepos."
6 | },
7 | {
8 | "kind": 2,
9 | "language": "github-issues",
10 | "value": "// list of project mu repos\r\n$repos=repo:microsoft/mu repo:microsoft/mu_basecore repo:microsoft/mu_tiano_plus repo:microsoft/mu_plus repo:microsoft/mu_oem_sample repo:microsoft/mu_pip_python_library repo:microsoft/mu_silicon_arm_tiano repo:microsoft/mu_silicon_intel_tiano repo:microsoft/mu_tiano_platforms repo:microsoft/mu_pip_environment repo:microsoft/mu_pip_build repo:microsoft/mu_devops repo:microsoft/mu_feature_config repo:microsoft/mu_feature_debugger repo:microsoft/mu_feature_dfci repo:microsoft/mu_feature_ipmi repo:microsoft/mu_common_intel_min_platform repo:microsoft/mu_feature_mm_supv repo:microsoft/mu_common_intel_adv_features repo:microsoft/mu_feature_uefi_variable repo:microsoft/mu_crypto_release repo:microsoft/mu_rust_hid repo:microsoft/mu_rust_pi repo:microsoft/mu_rust_helpers repo:microsoft/secureboot_objects repo:microsoft/mu_feature_ffa"
11 | },
12 | {
13 | "kind": 1,
14 | "language": "markdown",
15 | "value": "## Pull Requests"
16 | },
17 | {
18 | "kind": 1,
19 | "language": "markdown",
20 | "value": "✶ All My Pull Requests"
21 | },
22 | {
23 | "kind": 2,
24 | "language": "github-issues",
25 | "value": "$repos author:@me is:open type:pr"
26 | },
27 | {
28 | "kind": 1,
29 | "language": "markdown",
30 | "value": "✅ Approved"
31 | },
32 | {
33 | "kind": 2,
34 | "language": "github-issues",
35 | "value": "$repos author:@me is:open type:pr review:approved"
36 | },
37 | {
38 | "kind": 1,
39 | "language": "markdown",
40 | "value": "⌛ Pending Approval"
41 | },
42 | {
43 | "kind": 2,
44 | "language": "github-issues",
45 | "value": "$repos author:@me is:open is:pr review:required"
46 | },
47 | {
48 | "kind": 1,
49 | "language": "markdown",
50 | "value": "## Issues"
51 | },
52 | {
53 | "kind": 1,
54 | "language": "markdown",
55 | "value": "✶ All My Issues"
56 | },
57 | {
58 | "kind": 2,
59 | "language": "github-issues",
60 | "value": "$repos assignee:@me is:open"
61 | },
62 | {
63 | "kind": 1,
64 | "language": "markdown",
65 | "value": "🐛 My Open Bugs"
66 | },
67 | {
68 | "kind": 2,
69 | "language": "github-issues",
70 | "value": "$repos assignee:@me is:open label:bug"
71 | },
72 | {
73 | "kind": 1,
74 | "language": "markdown",
75 | "value": "✨ My Enhancements"
76 | },
77 | {
78 | "kind": 2,
79 | "language": "github-issues",
80 | "value": "$repos assignee:@me is:open label:enhancement"
81 | }
82 | ]
--------------------------------------------------------------------------------
/Notebooks/OpenIssues.github-issues:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "kind": 1,
4 | "language": "markdown",
5 | "value": "# Project Mu GitHub Open Issue Dashboard\r\n\r\nThis notebook displays [Project Mu](https://microsoft.github.io/mu/) open issues."
6 | },
7 | {
8 | "kind": 2,
9 | "language": "github-issues",
10 | "value": ""
11 | },
12 | {
13 | "kind": 2,
14 | "language": "github-issues",
15 | "value": "// list of project mu repos\r\n$repos=repo:repo:microsoft/mu repo:microsoft/mu_basecore repo:microsoft/mu_plus repo:microsoft/mu_tiano_plus repo:microsoft/mu_oem_sample repo:microsoft/mu_tiano_platforms repo:microsoft/mu_silicon_arm_tiano repo:microsoft/mu_silicon_intel_tiano repo:microsoft/mu_common_intel_min_platform repo:microsoft/mu_devops repo:microsoft/mu_feature_config repo:microsoft/mu_feature_debugger repo:microsoft/mu_feature_dfci repo:microsoft/mu_feature_mm_supv repo:microsoft/mu_feature_ipmi repo:microsoft/mu_feature_uefi_variable repo:microsoft/mu_crypto_release repo:microsoft/mu_pip_environment repo:microsoft/mu_pip_python_library repo:microsoft/mu_pip_build repo:microsoft/mu_build repo:microsoft/mu_common_intel_adv_features repo:microsoft/mu_rust_hid repo:microsoft/mu_rust_pi repo:microsoft/mu_rust_helpers repo:microsoft/secureboot_objects repo:microsoft/mu_feature_ffa"
16 | },
17 | {
18 | "kind": 1,
19 | "language": "markdown",
20 | "value": "📬 All Open Issues"
21 | },
22 | {
23 | "kind": 2,
24 | "language": "github-issues",
25 | "value": "$repos is:open is:issue archived:false"
26 | },
27 | {
28 | "kind": 1,
29 | "language": "markdown",
30 | "value": "All Open Issues with no labels"
31 | },
32 | {
33 | "kind": 2,
34 | "language": "github-issues",
35 | "value": "$repos is:open is:issue archived:false no:label"
36 | },
37 | {
38 | "kind": 1,
39 | "language": "markdown",
40 | "value": "All Open Issues with no assignee"
41 | },
42 | {
43 | "kind": 2,
44 | "language": "github-issues",
45 | "value": "$repos is:open is:issue archived:false no:assignee"
46 | },
47 | {
48 | "kind": 1,
49 | "language": "markdown",
50 | "value": "All Open Issues with needs-owner label"
51 | },
52 | {
53 | "kind": 2,
54 | "language": "github-issues",
55 | "value": "$repos is:open is:issue archived:false label:state:needs-owner"
56 | },
57 | {
58 | "kind": 1,
59 | "language": "markdown",
60 | "value": "All Open Issues marked stale"
61 | },
62 | {
63 | "kind": 2,
64 | "language": "github-issues",
65 | "value": "$repos is:open is:issue archived:false label:state:stale"
66 | }
67 | ]
--------------------------------------------------------------------------------
/Notebooks/PullRequests.github-issues:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "kind": 1,
4 | "language": "markdown",
5 | "value": "# Project Mu GitHub PR Dashboard\r\n\r\nThis notebook displays [Project Mu](https://microsoft.github.io/mu/) pull request status."
6 | },
7 | {
8 | "kind": 2,
9 | "language": "github-issues",
10 | "value": "// list of project mu repos\r\n$repos=repo:microsoft/mu repo:microsoft/mu_basecore repo:microsoft/mu_tiano_plus repo:microsoft/mu_plus repo:microsoft/mu_oem_sample repo:microsoft/mu_pip_python_library repo:microsoft/mu_silicon_arm_tiano repo:microsoft/mu_silicon_intel_tiano repo:microsoft/mu_tiano_platforms repo:microsoft/mu_pip_environment repo:microsoft/mu_pip_build repo:microsoft/mu_devops repo:microsoft/mu_feature_config repo:microsoft/mu_feature_debugger repo:microsoft/mu_feature_dfci repo:microsoft/mu_feature_ipmi repo:microsoft/mu_common_intel_min_platform repo:microsoft/mu_feature_mm_supv repo:microsoft/mu_common_intel_adv_features repo:microsoft/mu_feature_uefi_variable repo:microsoft/mu_crypto_release repo:microsoft/mu_rust_hid repo:microsoft/mu_rust_pi repo:microsoft/mu_rust_helpers repo:microsoft/secureboot_objects repo:microsoft/mu_feature_ffa"
11 | },
12 | {
13 | "kind": 1,
14 | "language": "markdown",
15 | "value": "📬 All Open PRs"
16 | },
17 | {
18 | "kind": 2,
19 | "language": "github-issues",
20 | "value": "$repos is:open type:pr"
21 | },
22 | {
23 | "kind": 1,
24 | "language": "markdown",
25 | "value": "📬 - 🤖 = Opened by Humans"
26 | },
27 | {
28 | "kind": 2,
29 | "language": "github-issues",
30 | "value": "$repos is:open type:pr -author:app/dependabot -author:app/dependabot-preview -author:app/microsoft-github-policy-service -author:mu-automation[bot] -author:uefibot -author:ProjectMuBot"
31 | },
32 | {
33 | "kind": 1,
34 | "language": "markdown",
35 | "value": "✅ All Approved PRs"
36 | },
37 | {
38 | "kind": 2,
39 | "language": "github-issues",
40 | "value": "$repos is:open type:pr review:approved"
41 | },
42 | {
43 | "kind": 1,
44 | "language": "markdown",
45 | "value": "🏁 All Completed PRs"
46 | },
47 | {
48 | "kind": 2,
49 | "language": "github-issues",
50 | "value": "// This needs to be bumped very occassionally (annually likely) to prevent\r\n// the maximum allowed number of results from being reached.\r\n$since=2023-01-01\r\n\r\n$repos is:closed type:pr sort:created-desc closed:>$since"
51 | },
52 | {
53 | "kind": 1,
54 | "language": "markdown",
55 | "value": "All Stale PRs"
56 | },
57 | {
58 | "kind": 2,
59 | "language": "github-issues",
60 | "value": "$repos is:open is:pr archived:false label:state:stale"
61 | }
62 | ]
63 |
--------------------------------------------------------------------------------
/Notebooks/ReadMe.md:
--------------------------------------------------------------------------------
1 | # Project Mu VS Code Notebooks
2 |
3 | These notebooks summarize Project Mu information across all of the Project Mu repos.
4 |
5 | ## How to Use
6 |
7 | 1. Install [Visual Studio Code (VS Code)](https://code.visualstudio.com/)
8 | 2. Install the `GitHub Issue Notebooks` VS Code extension
9 | - Extension ID: ms-vscode.vscode-github-issue-notebooks
10 | - [Marketplace link](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-github-issue-notebooks)
11 | 3. Open a notebook file (e.g. `PullRequests.github-issues`)
12 | 4. Click `Run All` at the top of the file to run all the queries
13 |
14 | ## How to View Dashboard in Web Browser
15 |
16 | Since VS Code can run in your Web browser, you can treat this dashboard as a Web page rather than a file that you open
17 | locally.
18 |
19 | To view the file in the Web version of VS Code, simply open the file in GitHub and replace `github.com` with
20 | `github.dev` in the URL.
21 |
22 | - [Project Mu Pull Request Dashboard](https://github.dev/microsoft/mu_devops/blob/main/Notebooks/PullRequests.github-issues)
23 | - [Project Mu Personal Issue & Pull Request Dashboard](https://github.dev/microsoft/mu_devops/blob/main/Notebooks/MyPullRequests.github-issues)
24 | - [Project Mu Issue Dashboard](https://github.Dev/microsoft/mu_devops/blob/main/Notebooks/OpenIssues.github-issues)
25 |
26 | Once opened, run the same steps in [How to Use](#how-to-use) to install the extension and view the file. You can then
27 | save the page to your bookmarks so you can easily load it in the future.
28 |
--------------------------------------------------------------------------------
/RepoDetails.md:
--------------------------------------------------------------------------------
1 | # Project MU Developer Operations (DevOps) Repository
2 |
3 | ??? info "Git Details"
4 | Repository Url: {{mu_devops.url}}
5 | Branch: {{mu_devops.branch}}
6 | Commit: [{{mu_devops.commit}}]({{mu_devops.commitlink}})
7 | Commit Date: {{mu_devops.date}}
8 |
9 | ## Repository Philosophy
10 |
11 | Todo
12 |
13 | ## Integration Instruction
14 |
15 | Todo
16 |
17 | ## Code of Conduct
18 |
19 | This project has adopted the Microsoft Open Source Code of Conduct https://opensource.microsoft.com/codeofconduct/
20 |
21 | For more information see the Code of Conduct FAQ https://opensource.microsoft.com/codeofconduct/faq/
22 | or contact `opencode@microsoft.com <mailto:opencode@microsoft.com>`_. with any additional questions or comments.
23 |
24 | ## Contributions
25 |
26 | Contributions are always welcome and encouraged!
27 | Please open any issues in the Project Mu GitHub tracker and read https://microsoft.github.io/mu/How/contributing/
28 |
29 | * [Code Requirements](https://microsoft.github.io/mu/CodeDevelopment/requirements/)
30 | * [Doc Requirements](https://microsoft.github.io/mu/DeveloperDocs/requirements/)
31 |
32 | ## Issues
33 |
34 | Please open any issues in the Project Mu GitHub tracker. [More
35 | Details](https://microsoft.github.io/mu/How/contributing/)
36 |
37 |
38 | ## Builds
39 |
40 | Please follow the steps in the Project Mu docs to build for CI and local
41 | testing. [More Details](https://microsoft.github.io/mu/CodeDevelopment/compile/)
42 |
43 | ## Copyright
44 |
45 | Copyright (C) Microsoft Corporation. All rights reserved.
46 | SPDX-License-Identifier: BSD-2-Clause-Patent
47 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 | # Project Mu Security Policy
2 |
3 | Project Mu is an open source firmware project that is leveraged by and combined into
4 | other projects to build the firmware for a given product. We build and maintain this
5 | code with the intent that any consuming projects can use this code as-is. If features
6 | or fixes are necessary we ask that they contribute them back to the project. **But**, that
7 | said, in the firmware ecosystem there is a lot of variation and differentiation, and
8 | the license in this project allows flexibility for use without contribution back to
9 | Project Mu. Therefore, any issues found here may or may not exist in products using Project Mu.
10 |
11 | ## Supported Versions
12 |
13 | Due to the usage model we generally only supply fixes to the most recent release branch (or main).
14 | For a serious vulnerability we may patch older release branches.
15 |
16 | ## Additional Notes
17 |
18 | Project Mu contains code that is available and/or originally authored in other
19 | repositories (see <https://github.com/tianocore/edk2> as one such example). For any
20 | vulnerability found, we may be subject to their security policy and may need to work
21 | with those groups to resolve amicably and patch the "upstream". This might involve
22 | additional time to release and/or additional confidentiality requirements.
23 |
24 | ## Reporting a Vulnerability
25 |
26 | **Please do not report security vulnerabilities through public GitHub issues.**
27 |
28 | Instead please use **Github Private vulnerability reporting**, which is enabled for each Project Mu
29 | repository. This process is well documented by github in their documentation [here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
30 |
31 | This process will allow us to privately discuss the issue, collaborate on a solution, and then disclose the vulnerability.
32 |
33 | ## Preferred Languages
34 |
35 | We prefer all communications to be in English.
36 |
37 | ## Policy
38 |
39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
40 |
--------------------------------------------------------------------------------
/Scripts/DownloadCargoBinaryFromGitHub/DownloadCargoBinaryFromGitHub.py:
--------------------------------------------------------------------------------
1 | # @file DownloadCargoBinaryFromGitHub.py
2 | #
3 | # A script used in pipelines to download Cargo binaries from a given GitHub
4 | # repo.
5 | #
6 | # See the accompanying script readme for more details.
7 | #
8 | # The environment variables are (name and example value):
9 | # - `BINARIES_DIR` - `$(Build.BinariesDirectory)`
10 | # - `BINARY_NAME` - `cargo-make`
11 | # - `DOWNLOAD_DIR` - `$(Build.ArtifactStagingDirectory)`
12 | # - `REPO_URL` - `https://api.github.com/repos/sagiegurari/cargo-make/releases`
13 | #
14 | # Copyright (c) Microsoft Corporation. All rights reserved.
15 | # SPDX-License-Identifier: BSD-2-Clause-Patent
16 | ##
17 |
18 | import os
19 | import requests
20 | import shutil
21 | import tarfile
22 | import zipfile
23 | from pathlib import Path
24 | from typing import Iterable
25 |
26 | BINARY_NAME = os.environ["BINARY_NAME"]
27 | REPO_URL = os.environ["REPO_URL"]
28 | BINARIES_DIR = Path(os.environ["BINARIES_DIR"])
29 | DOWNLOAD_DIR = Path(os.environ["DOWNLOAD_DIR"], "archives")
30 |
31 | # Ensure the directories exist
32 | BINARIES_DIR.mkdir(parents=True, exist_ok=True)
33 | DOWNLOAD_DIR.mkdir(parents=True, exist_ok=True)
34 |
35 | # Fetch the list of assets from the GitHub releases
36 | response = requests.get(REPO_URL)
37 | response.raise_for_status()
38 | releases = response.json()
39 |
40 | if len(releases) == 0:
41 | print("Failed to find a release.")
42 | exit(1)
43 |
44 | linux_found, windows_found = False, False
45 |
46 | # Download assets
47 | for release in releases:
48 | for asset in release['assets']:
49 | name = asset['name'].lower()
50 | if (("x86_64-pc-windows-msvc" in name or "x86_64-unknown-linux-gnu" in name)
51 | and asset['name'].endswith(('.zip', '.tar.gz', '.tgz'))):
52 | linux_found = linux_found or "x86_64-unknown-linux-gnu" in name
53 | windows_found = windows_found or "x86_64-pc-windows-msvc" in name
54 | filepath = DOWNLOAD_DIR / asset['name']
55 | print(f"Downloading {asset['name']}...")
56 | with requests.get(asset['browser_download_url'], stream=True) as r:
57 | with filepath.open('wb') as f:
58 | for chunk in r.iter_content(chunk_size=8192):
59 | f.write(chunk)
60 | if linux_found and windows_found:
61 | break
62 |
63 | # Extract files
64 | for filename in DOWNLOAD_DIR.iterdir():
65 | extracted_dir = DOWNLOAD_DIR / filename.stem
66 |
67 | print(f"Extracting {filename.name}...")
68 | if filename.name.endswith('.zip'):
69 | with zipfile.ZipFile(filename, 'r') as zip_ref:
70 | zip_ref.extractall(extracted_dir)
71 | elif filename.name.endswith(('.tar.gz', '.tgz')):
72 | with tarfile.open(filename, 'r:gz') as tar:
73 | tar.extractall(path=extracted_dir)
74 |
75 | def flatten_copy(src: Path, dst: Path, names: Iterable = ("",)):
76 | if not dst.exists():
77 | dst.mkdir(parents=True)
78 |
79 | for item in src.iterdir():
80 | print(f"item is {item}")
81 | if item.is_dir():
82 | flatten_copy(item, dst, names)
83 | elif any(name.lower() in item.name.lower() for name in names):
84 | shutil.copy2(item, dst)
85 |
86 | # Copy extracted files to the binaries directory
87 | flatten_copy(extracted_dir, BINARIES_DIR, (BINARY_NAME, "license"))
88 |
--------------------------------------------------------------------------------
/Scripts/DownloadCargoBinaryFromGitHub/Readme.md:
--------------------------------------------------------------------------------
1 | # Download Cargo Binary From GitHub Script
2 |
3 | [DownloadCargoBinaryFromGitHub.py](./DownloadCargoBinaryFromGitHub.py) is a script used in pipelines to download Cargo
4 | binaries from a given GitHub repo.
5 |
6 | ## Responsibilities
7 |
8 | The script manages:
9 |
10 | - Downloading the binary onto the agent
11 | - Extracting relevant binaries
12 | - Currently Windows and Linux GNU x86_64 binaries
13 | - Placing the binaries in the given binaries directory
14 |
15 | ## Background
16 |
17 | This is intended to provide more fine grained control over the process (as opposed to built-in GitHub release download
18 | tasks), to optimize file filtering, and accommodate future adjustments such as expanding support for additional file
19 | checks or archive formats, etc. while also being portable between CI environments. For example, it can be directly
20 | reused between Azure Pipelines and GitHub workflows without swapping out tasks, changing service connection details,
21 | and so on while also encasing operations like file extraction.
22 |
23 | ## Inputs
24 |
25 | Because this script is only intended to run in pipelines, it does not present a user-facing command-line parameter
26 | interface and accepts its input as environment variables that are expected to be passed in the environment variable
27 | section of the task that invokes the script.
28 |
29 | The environment variables are (name and example value):
30 |
31 | - `BINARIES_DIR` - `$(Build.BinariesDirectory)`
32 | - `BINARY_NAME` - `cargo-make`
33 | - `DOWNLOAD_DIR` - `$(Build.ArtifactStagingDirectory)`
34 | - `REPO_URL` - `https://api.github.com/repos/sagiegurari/cargo-make/releases`
35 |
--------------------------------------------------------------------------------
/Scripts/TagGenerator/Readme.md:
--------------------------------------------------------------------------------
1 | # Tag Generator Script
2 |
3 | [TagGenerator.py](./TagGenerator.py) will automatically generate the next version tag
4 | and add notes to a release notes file for the current git HEAD. The Tag Generator
5 | script is primarily intended for use by the [Generate Tag Pipeline](../../Jobs/GenerateTag.yml)
6 | but can be used locally as well. This script is intended to be used for ADO repositories,
7 | but may be used for GitHub, though certain features may not work in their current
8 | form such as PR links in tag notes.
9 |
10 | ## Versioning Scheme
11 |
12 | This script uses the `major.minor.patch` versioning scheme, but diverges from semantic
13 | versioning in some significant ways.
14 |
15 | - `major version` - Indicates the EDKII release tag that the repo is compiled against, e.g. `202405`.
16 | - `minor version` - Indicates the breaking change number since the last major version change.
17 | - `patch version` - Indicates the number of non-breaking changes since the last minor version.
18 |
19 | ## Repro Requirements
20 |
21 | For this script to work properly it makes assumptions about the repository and
22 | project structure for tag history and generating notes.
23 |
24 | ### Pull Request Template
25 |
26 | To determine what kind of change each commit is, this script expects certain strings
27 | exists in the commit message. It is recommended consumers include these in the PR
28 | templates for the repository. The script expects `[x] Breaking Change` for breaking
29 | changes, `[x] Security Fix` for security changes, and `[x] New Feature` for new
30 | features. The template forms of these are provided below.
31 |
32 | ```md
33 | - [ ] Breaking Change
34 | - [ ] Security Fix
35 | - [ ] New Feature
36 | ```
37 |
--------------------------------------------------------------------------------
/Steps/BinaryCopyAndPublish.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to publish binary files specified in the template
3 | # parameters as build artifacts.
4 | #
5 | # Copyright (c) Microsoft Corporation. All rights reserved.
6 | # SPDX-License-Identifier: BSD-2-Clause-Patent
7 | ##
8 |
9 | parameters:
10 | - name: artifacts_binary
11 | displayName: Binary Artifacts to Publish
12 | type: string
13 | default: ''
14 | - name: artifacts_identifier
15 | displayName: Artifacts Identifier
16 | type: string
17 | default: 'Artifacts'
18 | - name: publish_artifacts
19 | displayName: Publish Artifacts
20 | type: boolean
21 | default: true
22 |
23 | steps:
24 | - bash: |
25 | artifacts_str=$(echo "${{ parameters.artifacts_binary }}" | tr -d '[:space:]')
26 | if [[ -z "$artifacts_str" ]]; then
27 | echo "##vso[task.setvariable variable=artifacts_present]false"
28 | else
29 | echo "##vso[task.setvariable variable=artifacts_present]true"
30 | fi
31 | condition: succeededOrFailed()
32 |
33 | # Copy binaries to the artifact staging directory
34 | - task: CopyFiles@2
35 | displayName: Copy Build Binaries
36 | inputs:
37 | targetFolder: "$(Build.ArtifactStagingDirectory)/Binaries"
38 | SourceFolder: "Build"
39 | contents: |
40 | ${{ parameters.artifacts_binary }}
41 | flattenFolders: true
42 | condition: and(succeededOrFailed(), eq(variables.artifacts_present, 'true'))
43 |
44 | # Publish build artifacts to Azure Artifacts/TFS or a file share
45 | - ${{ if eq(parameters.publish_artifacts, true) }}:
46 | - task: PublishPipelineArtifact@1
47 | continueOnError: true
48 | displayName: Publish Build Binaries
49 | inputs:
50 | targetPath: "$(Build.ArtifactStagingDirectory)/Binaries"
51 | artifactName: "Binaries ${{ parameters.artifacts_identifier }}"
52 | condition: and(succeededOrFailed(), eq(variables.artifacts_present, 'true'))
53 |
--------------------------------------------------------------------------------
/Steps/BuildBaseTools.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to build BaseTools.
3 | #
4 | # Copyright (c) Microsoft Corporation. All rights reserved.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | ##
7 |
8 | parameters:
9 | - name: extra_parameters
10 | displayName: Extra Edk2ToolsBuild.py Parameters
11 | type: string
12 | default: ''
13 | - name: tool_chain_tag
14 | displayName: Tool Chain (e.g. VS2022)
15 | type: string
16 | default: ''
17 |
18 | steps:
19 | - ${{ if contains(parameters.tool_chain_tag, 'GCC') }}:
20 | - bash: sudo apt-get update
21 | displayName: Update apt
22 | condition: and(gt(variables.pkg_count, 0), succeeded())
23 |
24 | - bash: sudo apt-get install gcc g++ make uuid-dev
25 | displayName: Install required tools
26 | condition: and(gt(variables.pkg_count, 0), succeeded())
27 |
28 | - task: CmdLine@2
29 | displayName: Build Base Tools from source
30 | inputs:
31 | script: python BaseTools/Edk2ToolsBuild.py -t ${{ parameters.tool_chain_tag }} ${{ parameters.extra_parameters }}
32 | condition: and(gt(variables.pkg_count, 0), succeeded())
33 |
34 | - task: CopyFiles@2
35 | displayName: "Copy base tools build log"
36 | inputs:
37 | targetFolder: '$(Build.ArtifactStagingDirectory)/Logs'
38 | SourceFolder: 'BaseTools/BaseToolsBuild'
39 | contents: |
40 | BASETOOLS_BUILD*.*
41 | flattenFolders: true
42 | condition: and(gt(variables.pkg_count, 0), succeededOrFailed())
43 |
--------------------------------------------------------------------------------
/Steps/BuildPlatform.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to build a platform.
3 | #
4 | # Copyright (c) Microsoft Corporation. All rights reserved.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | ##
7 |
8 | parameters:
9 | - name: artifacts_binary
10 | displayName: Binary Artifacts to Publish
11 | type: string
12 | default: ''
13 | - name: artifacts_identifier
14 | displayName: Artifacts Identifier
15 | type: string
16 | default: 'Artifacts'
17 | - name: artifacts_other
18 | displayName: Other Artifacts to Publish
19 | type: string
20 | default: ''
21 | - name: build_base_tools
22 | displayName: Build BaseTools
23 | type: boolean
24 | default: false
25 | - name: do_pr_eval
26 | displayName: Perform Stuart PR Evaluation
27 | type: boolean
28 | default: true
29 | - name: build_file
30 | displayName: Build File
31 | type: string
32 | default: ''
33 | - name: build_flags
34 | displayName: Build Flags
35 | type: string
36 | default: ''
37 | - name: build_pkg
38 | displayName: Build Package
39 | type: string
40 | default: ''
41 | - name: build_target
42 | displayName: Build Target (e.g. DEBUG, RELEASE)
43 | type: string
44 | default: ''
45 | - name: extra_install_step
46 | displayName: Extra Install Steps
47 | type: stepList
48 | default: []
49 | - name: run_flags
50 | displayName: Run Flags
51 | type: string
52 | default: ''
53 | - name: run_timeout
54 | displayName: Run Timeout (in minutes)
55 | type: number
56 | default: 5
57 | - name: install_tools
58 | displayName: Install Build Tools
59 | type: boolean
60 | default: true
61 | - name: install_pip_modules
62 | displayName: Install PIP Modules
63 | type: boolean
64 | default: true
65 | - name: tool_chain_tag
66 | displayName: Tool Chain (e.g. VS2022)
67 | type: string
68 | default: ''
69 | - name: checkout_self
70 | displayName: Perform self checkout step
71 | type: boolean
72 | default: true
73 | - name: publish_artifacts
74 | displayName: Publish Artifacts
75 | type: boolean
76 | default: true
77 |
78 | steps:
79 | - ${{ if eq(parameters.checkout_self, true) }}:
80 | - checkout: self
81 | clean: true
82 | fetchDepth: 0
83 | # Note: Depth cannot be limited if PR Eval is used. A pipeline may choose
84 | # to use a shallow checkout if PR eval is not used.
85 |
86 | - template: SetupPythonPreReqs.yml
87 | parameters:
88 | install_python: ${{ parameters.install_tools }}
89 | install_pip_modules: ${{ parameters.install_pip_modules }}
90 |
91 | # Set default
92 | - bash: echo "##vso[task.setvariable variable=pkg_count]${{ 1 }}"
93 |
94 | # trim the package list if this is a PR
95 | - ${{ if eq(parameters.do_pr_eval, true) }}:
96 | - powershell:
97 | $TargetBranch = "$(System.PullRequest.targetBranch)".replace('refs/heads/', '');
98 | Write-Host "##vso[task.setvariable variable=pr_compare_branch]origin/$TargetBranch";
99 | displayName: Workaround for Branch Names
100 | condition: eq(variables['Build.Reason'], 'PullRequest')
101 | - task: CmdLine@2
102 | displayName: Check if ${{ parameters.build_pkg }} Needs Testing
103 | inputs:
104 | script: stuart_pr_eval -c ${{ parameters.build_file }} -t ${{ parameters.build_target}} --pr-target $(pr_compare_branch) --output-count-format-string "##vso[task.setvariable variable=pkg_count]{pkgcount}"
105 | condition: eq(variables['Build.Reason'], 'PullRequest')
106 |
107 | # Setup repo
108 | - task: CmdLine@2
109 | displayName: Setup
110 | inputs:
111 | script: stuart_setup -c ${{ parameters.build_file }} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}} -t ${{ parameters.build_target}} ${{ parameters.build_flags}}
112 | condition: and(gt(variables.pkg_count, 0), succeeded())
113 |
114 | # Stuart Update
115 | - task: CmdLine@2
116 | displayName: Update
117 | inputs:
118 | script: stuart_update -c ${{ parameters.build_file }} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}} -t ${{ parameters.build_target}} ${{ parameters.build_flags}}
119 | condition: and(gt(variables.pkg_count, 0), succeeded())
120 |
121 | # build basetools
122 | # do this after setup and update so that code base dependencies
123 | # are all resolved.
124 | - ${{ if eq(parameters.build_base_tools, true) }}:
125 | - template: BuildBaseTools.yml
126 | parameters:
127 | tool_chain_tag: ${{ parameters.tool_chain_tag }}
128 |
129 | # Potential Extra steps
130 | - ${{ parameters.extra_install_step }}
131 |
132 | # Build
133 | - task: CmdLine@2
134 | displayName: Build
135 | inputs:
136 | script: stuart_build -c ${{ parameters.build_file }} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}} TARGET=${{ parameters.build_target}} ${{ parameters.build_flags}}
137 | condition: and(gt(variables.pkg_count, 0), succeeded())
138 |
139 | # Run
140 | - task: CmdLine@2
141 | displayName: Run to Shell
142 | inputs:
143 | script: stuart_build -c ${{ parameters.build_file }} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}} TARGET=${{ parameters.build_target}} ${{ parameters.build_flags}} ${{ parameters.run_flags }} --FlashOnly
144 | condition: and(and(gt(variables.pkg_count, 0), succeeded()), eq(variables['Run'], true))
145 | timeoutInMinutes: ${{ parameters.run_timeout }}
146 |
147 | # Copy build logs to the artifact staging directory
148 | - template: CommonLogCopyAndPublish.yml
149 | parameters:
150 | artifacts_identifier: ${{ parameters.artifacts_identifier }}
151 | publish_artifacts: ${{ parameters.publish_artifacts }}
152 |
153 | # Copy build binaries to the artifact staging directory
154 | - template: BinaryCopyAndPublish.yml
155 | parameters:
156 | artifacts_binary: ${{ parameters.artifacts_binary }}
157 | artifacts_identifier: ${{ parameters.artifacts_identifier }}
158 | publish_artifacts: ${{ parameters.publish_artifacts }}
159 |
160 | # Copy other files to the artifact staging directory
161 | - template: OtherCopyAndPublish.yml
162 | parameters:
163 | artifacts_other: ${{ parameters.artifacts_other }}
164 | artifacts_identifier: ${{ parameters.artifacts_identifier }}
165 | publish_artifacts: ${{ parameters.publish_artifacts }}
166 |
--------------------------------------------------------------------------------
/Steps/CommonLogCopyAndPublish.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to copy the common log files produced
3 | # by an edk2 firmware build.
4 | #
5 | # Copyright (c) Microsoft Corporation. All rights reserved.
6 | # SPDX-License-Identifier: BSD-2-Clause-Patent
7 | ##
8 |
9 | parameters:
10 | - name: artifacts_identifier
11 | displayName: Artifacts Identifier
12 | type: string
13 | default: 'Artifacts'
14 | - name: publish_artifacts
15 | displayName: Publish Artifacts
16 | type: boolean
17 | default: true
18 |
19 | steps:
20 | - task: CopyFiles@2
21 | displayName: Copy Build Logs
22 | inputs:
23 | targetFolder: "$(Build.ArtifactStagingDirectory)/Logs"
24 | SourceFolder: "Build"
25 | contents: |
26 | **/*coverage.xml
27 | **/BUILD_REPORT.TXT
28 | **/BUILD_TOOLS_REPORT.html
29 | **/BUILD_TOOLS_REPORT.json
30 | **/FD_REPORT.HTML
31 | **/OVERRIDELOG.TXT
32 | BASETOOLS_BUILD*.*
33 | BUILDLOG_*.md
34 | BUILDLOG_*.txt
35 | CI_*.md
36 | CI_*.txt
37 | CISETUP.txt
38 | PREVALLOG.txt
39 | SETUPLOG.txt
40 | TestSuites.xml
41 | UPDATE_LOG.txt
42 | flattenFolders: true
43 | condition: succeededOrFailed()
44 |
45 | - ${{ if eq(parameters.publish_artifacts, true) }}:
46 | - task: PublishPipelineArtifact@1
47 | continueOnError: true
48 | displayName: Publish Build Logs
49 | inputs:
50 | targetPath: '$(Build.ArtifactStagingDirectory)/Logs'
51 | artifactName: 'Logs ${{ parameters.artifacts_identifier }}'
52 | condition: succeededOrFailed()
53 |
--------------------------------------------------------------------------------
/Steps/DownloadAzurePipelineArtifact.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to download Azure Pipeline artifacts.
3 | #
4 | # Copyright (c) Microsoft Corporation. All rights reserved.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | ##
7 |
8 | parameters:
9 | - name: artifact_name
10 | displayName: Artifact Name
11 | type: string
12 | default: 'Binaries'
13 | - name: azure_org_name
14 | displayName: Azure Org Name
15 | type: string
16 | default: 'projectmu'
17 | - name: azure_proj_name
18 | displayName: Azure Project Name
19 | type: string
20 | default: 'mu'
21 | - name: azure_pipeline_def_id
22 | displayName: Azure Pipeline Definition ID
23 | type: string
24 | default: '0'
25 | - name: file_pattern
26 | displayName: File Pattern
27 | type: string
28 | default: '*'
29 | - name: target_dir
30 | displayName: Target Directory
31 | type: string
32 | default: ''
33 | - name: target_os
34 | displayName: Target OS For Task to Run
35 | type: string
36 | default: 'Windows_NT,Darwin,Linux'
37 | - name: task_display_name
38 | displayName: Task Display Name
39 | type: string
40 | default: 'Download Pipeline Artifact'
41 | - name: work_dir
42 | displayName: Work Directory
43 | type: string
44 | default: ''
45 |
46 | steps:
47 |
48 | - task: PythonScript@0
49 | displayName: ${{ parameters.task_display_name }}
50 | env:
51 | ARTIFACT_NAME: ${{ parameters.artifact_name }}
52 | AZURE_ORG_NAME: ${{ parameters.azure_org_name }}
53 | AZURE_PROJ_NAME: ${{ parameters.azure_proj_name }}
54 | AZURE_PIPELINE_DEF_ID: ${{ parameters.azure_pipeline_def_id }}
55 | FILE_PATTERN: ${{ parameters.file_pattern }}
56 | TARGET_DIR: ${{ parameters.target_dir }}
57 | WORK_DIR: ${{ parameters.work_dir }}
58 | inputs:
59 | scriptSource: inline
60 | workingDirectory: $(Agent.BuildDirectory)
61 | script: |
62 | import os
63 | import requests
64 | import shutil
65 | import zipfile
66 | from pathlib import Path
67 |
68 | ARTIFACT_NAME = os.environ["ARTIFACT_NAME"]
69 | AZURE_ORG_NAME = os.environ["AZURE_ORG_NAME"]
70 | AZURE_PROJ_NAME = os.environ["AZURE_PROJ_NAME"]
71 | AZURE_PIPELINE_DEF_ID = os.environ["AZURE_PIPELINE_DEF_ID"]
72 | FILE_PATTERN = os.environ["FILE_PATTERN"]
73 | TARGET_DIR = Path(os.environ["TARGET_DIR"])
74 | WORK_DIR = os.environ["WORK_DIR"]
75 |
76 | build_id_url = f"https://dev.azure.com/{AZURE_ORG_NAME}/{AZURE_PROJ_NAME}/_apis/build/builds?definitions={AZURE_PIPELINE_DEF_ID}&$top=1&api-version=6.0"
77 |
78 | # Fetch the list of assets from the GitHub releases
79 | response = requests.get(build_id_url)
80 | response.raise_for_status()
81 | latest_build_id = response.json()["value"][0]["id"]
82 |
83 | artifact_url = f"https://dev.azure.com/{AZURE_ORG_NAME}/{AZURE_PROJ_NAME}/_apis/build/builds/{latest_build_id}/artifacts?artifactName={ARTIFACT_NAME}&api-version=6.0"
84 | response = requests.get(artifact_url)
85 | response.raise_for_status()
86 | download_url = response.json()["resource"]["downloadUrl"]
87 |
88 | print(f"Latest Build ID: {latest_build_id}")
89 | print(f"Artifact Download URL: {download_url}")
90 |
91 | download_path = Path(WORK_DIR, "artifact_download", ARTIFACT_NAME).with_suffix(".zip")
92 | download_path.parent.mkdir(parents=True)
93 | with requests.get(download_url, stream=True) as r:
94 | with download_path.open('wb') as f:
95 | for chunk in r.iter_content(chunk_size=8192):
96 | f.write(chunk)
97 |
98 | with zipfile.ZipFile(download_path, 'r') as zip_ref:
99 | zip_ref.extractall(download_path.parent)
100 |
101 | unzip_path = download_path.parent / ARTIFACT_NAME
102 |
103 |
104 | def flatten_copy(src: Path, dst: Path, pattern: str):
105 | if not dst.exists():
106 | dst.mkdir(parents=True)
107 |
108 | for item in src.rglob(pattern):
109 | print(f"Current item is {item}")
110 | if item.is_dir():
111 | flatten_copy(item, dst, pattern)
112 | else:
113 | shutil.copy2(item, dst)
114 |
115 |
116 | TARGET_DIR.mkdir(parents=True, exist_ok=True)
117 | flatten_copy(unzip_path, TARGET_DIR, FILE_PATTERN)
118 | shutil.rmtree(download_path.parent)
119 | condition: and(succeeded(), contains('${{ parameters.target_os}}', variables['Agent.OS']))
120 |
--------------------------------------------------------------------------------
/Steps/FetchGitHubFile.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to fetch a single file
3 | # from the top of a given branch in a public GitHub repo.
4 | #
5 | # Copyright (c) Microsoft Corporation. All rights reserved.
6 | # SPDX-License-Identifier: BSD-2-Clause-Patent
7 | ##
8 |
9 | parameters:
10 | - name: dest_file_path
11 | displayName: Destination File Path
12 | type: string
13 | default: ''
14 | - name: display_name
15 | displayName: Display Name
16 | type: string
17 | default: Fetch GitHub File
18 | - name: github_repo
19 | displayName: GitHub Repo
20 | type: string
21 | default: ''
22 | - name: source_branch
23 | displayName: Source Branch
24 | type: string
25 | default: ''
26 | - name: source_file_path
27 | displayName: Source File Path
28 | type: string
29 | default: ''
30 |
31 | steps:
32 |
33 | - powershell:
34 | $branch_url = '${{ parameters.source_branch }}'.replace('refs/heads/', '');
35 | $fetch_source = 'https://raw.githubusercontent.com/${{ parameters.github_repo }}/'+$branch_url+'/${{ parameters.source_file_path }}';
36 | Write-Host $fetch_source;
37 | (New-Object System.Net.WebClient).DownloadFile($fetch_source, '${{ parameters.dest_file_path }}');
38 | displayName: ${{ parameters.display_name }}
39 | condition: succeeded()
40 |
--------------------------------------------------------------------------------
/Steps/InstallCoverageTools.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to install code coverage tools.
3 | #
4 | # Copyright (c) Microsoft Corporation. All rights reserved.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | ##
7 |
8 | steps:
9 |
10 | - powershell: |
11 | Invoke-WebRequest -Uri https://github.com/OpenCppCoverage/OpenCppCoverage/releases/download/release-0.9.9.0/OpenCppCoverageSetup-x64-0.9.9.0.exe -OutFile $(Agent.TempDirectory)\OpenCppCoverageInstall.exe
12 | start-process -FilePath "$(Agent.TempDirectory)\OpenCppCoverageInstall.exe" -ArgumentList "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-" -NoNewWindow -Wait
13 | Write-Host "##vso[task.prependpath]C:\Program Files\OpenCppCoverage"
14 | displayName: Install Windows Code Coverage Tools
15 | condition: eq( variables['Agent.OS'], 'Windows_NT' )
16 |
--------------------------------------------------------------------------------
/Steps/InstallMarkdownLint.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to install markdownlint.
3 | #
4 | # Copyright (c) Microsoft Corporation. All rights reserved.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | ##
7 | parameters:
8 | - name: extra_npm_args
9 | displayName: Extra npm arguments
10 | type: string
11 | default: ''
12 |
13 | steps:
14 |
15 | - script: npm install -g markdownlint-cli@0.32.2 ${{ parameters.extra_npm_args }}
16 | displayName: Install Markdown Linter
17 | condition: succeeded()
18 |
--------------------------------------------------------------------------------
/Steps/InstallSpellCheck.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to install spell check (cspell).
3 | #
4 | # Copyright (c) Microsoft Corporation. All rights reserved.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | ##
7 | parameters:
8 | - name: extra_npm_args
9 | displayName: Extra npm arguments
10 | type: string
11 | default: ''
12 |
13 | steps:
14 |
15 | - script: npm install -g cspell@5.20.0 ${{ parameters.extra_npm_args }}
16 | displayName: Install cspell npm
17 | condition: succeeded()
18 |
--------------------------------------------------------------------------------
/Steps/OtherCopyAndPublish.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to publish miscellaneous (other) files specified in the template
3 | # parameters as build artifacts.
4 | #
5 | # Copyright (c) Microsoft Corporation. All rights reserved.
6 | # SPDX-License-Identifier: BSD-2-Clause-Patent
7 | ##
8 |
9 | parameters:
10 | - name: artifacts_identifier
11 | displayName: Artifacts Identifier
12 | type: string
13 | default: 'Artifacts'
14 | - name: artifacts_other
15 | displayName: Other Artifacts to Publish
16 | type: string
17 | default: ''
18 | - name: publish_artifacts
19 | displayName: Publish Artifacts
20 | type: boolean
21 | default: true
22 |
23 | steps:
24 | - bash: |
25 | artifacts_str=$(echo "${{ parameters.artifacts_other }}" | tr -d '[:space:]')
26 | if [[ -z "$artifacts_str" ]]; then
27 | echo "##vso[task.setvariable variable=artifacts_present]false"
28 | else
29 | echo "##vso[task.setvariable variable=artifacts_present]true"
30 | fi
31 | condition: succeededOrFailed()
32 |
33 | # Copy other files to the artifact staging directory
34 | - task: CopyFiles@2
35 | displayName: Copy Other Files from Build
36 | inputs:
37 | targetFolder: "$(Build.ArtifactStagingDirectory)/Other"
38 | SourceFolder: "Build"
39 | contents: |
40 | ${{ parameters.artifacts_other }}
41 | flattenFolders: true
42 | condition: and(succeededOrFailed(), eq(variables.artifacts_present, 'true'))
43 |
44 | # Publish build artifacts to Azure Artifacts/TFS or a file share
45 | - ${{ if eq(parameters.publish_artifacts, true) }}:
46 | - task: PublishPipelineArtifact@1
47 | continueOnError: true
48 | displayName: Publish Other Files
49 | inputs:
50 | targetPath: "$(Build.ArtifactStagingDirectory)/Other"
51 | artifactName: "Other ${{ parameters.artifacts_identifier }}"
52 | condition: and(succeededOrFailed(), eq(variables.artifacts_present, 'true'))
53 |
--------------------------------------------------------------------------------
/Steps/PublishCodeCoverage.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to merge and publish all code coverage results.
3 | #
4 | # Copyright (c) Microsoft Corporation. All rights reserved.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | ##
7 |
8 | parameters:
9 | - name: checkout_self
10 | displayName: Perform self checkout step
11 | type: boolean
12 | default: true
13 | - name: setup_python
14 | displayName: Setup Python
15 | type: boolean
16 | default: true
17 |
18 | steps:
19 | - ${{ if eq(parameters.checkout_self, true) }}:
20 | - checkout: self
21 | clean: true
22 | fetchDepth: 1
23 |
24 | - ${{ if eq(parameters.setup_python, true ) }}:
25 | - template: SetupPythonPreReqs.yml
26 | parameters:
27 | install_python: true
28 | #
29 | # Download the build
30 | #
31 | - task: DownloadPipelineArtifact@2
32 | name: DownloadBuildLogArtifacts
33 | displayName: Download Log Artifacts
34 | inputs:
35 | buildType: 'current'
36 | targetPath: '$(Build.ArtifactStagingDirectory)/coverage/'
37 | itemPattern: "**/*_coverage.xml"
38 |
39 | - powershell: |
40 | $coverage_file_count=(Get-ChildItem $(Build.ArtifactStagingDirectory)/coverage/ -Recurse -Include *_coverage.xml).count
41 | Write-Host echo "##vso[task.setvariable variable=coverage_file_count]$coverage_file_count"
42 | displayName: Check For Coverage Files
43 |
44 | - task: CmdLine@2
45 | displayName: Merge Coverage Reports
46 | inputs:
47 | script: |
48 | dotnet tool install -g dotnet-reportgenerator-globaltool
49 | reportgenerator -reports:$(Build.ArtifactStagingDirectory)/coverage/**/*_coverage.xml -targetdir:$(Build.ArtifactStagingDirectory)/Coverage -reporttypes:Cobertura
50 | condition: gt(variables.coverage_file_count, 0)
51 |
52 | - task: PublishCodeCoverageResults@1
53 | displayName: Publish Code Coverage
54 | inputs:
55 | codeCoverageTool: Cobertura
56 | summaryFileLocation: '$(Build.ArtifactStagingDirectory)/Coverage/Cobertura.xml'
57 | condition: gt(variables.coverage_file_count, 0)
58 |
--------------------------------------------------------------------------------
/Steps/Python/RunFlake8Tests.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to run flake8 and publish
3 | # an error log if any errors occur.
4 | #
5 | # Copyright (c) Microsoft Corporation. All rights reserved.
6 | # SPDX-License-Identifier: BSD-2-Clause-Patent
7 | ##
8 |
9 | steps:
10 | - script: flake8 .
11 | displayName: 'Run flake8'
12 | condition: succeededOrFailed()
13 |
14 | # Only capture and archive the lint log on failures.
15 | - script: flake8 . > flake8.err.log
16 | displayName: 'Capture flake8 Failures'
17 | condition: Failed()
18 |
19 | - task: PublishBuildArtifacts@1
20 | inputs:
21 | pathtoPublish: 'flake8.err.log'
22 | artifactName: 'Flake8 Error Log File'
23 | continueOnError: true
24 | condition: Failed()
25 |
--------------------------------------------------------------------------------
/Steps/Python/RunPytest.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to run pytest.
3 | #
4 | # Copyright (c) Microsoft Corporation. All rights reserved.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | ##
7 |
8 | parameters:
9 | - name: code_cov_enabled
10 | displayName: Enable Code Coverage
11 | type: boolean
12 | default: false
13 | - name: root_package_folder
14 | displayName: Root Package Folder
15 | type: string
16 | default: ''
17 |
18 | steps:
19 | - script: pytest -v --junitxml=test.junit.xml --html=pytest_report.html --self-contained-html --cov=${{ parameters.root_package_folder }} --cov-report html:cov_html --cov-report xml:cov.xml --cov-config .coveragerc
20 | displayName: 'Run pytest Unit Tests'
21 |
22 | # Publish Test Results to Azure Pipelines/TFS
23 | - task: PublishTestResults@2
24 | displayName: 'Publish junit Test Results'
25 | continueOnError: true
26 | condition: succeededOrFailed()
27 | inputs:
28 | testResultsFormat: 'JUnit' # Options: JUnit, NUnit, VSTest, xUnit
29 | testResultsFiles: 'test.junit.xml'
30 | mergeTestResults: true # Optional
31 | publishRunAttachments: true # Optional
32 |
33 | # Publish build artifacts to Azure Pipelines
34 | - task: PublishBuildArtifacts@1
35 | inputs:
36 | pathtoPublish: 'pytest_report.html'
37 | artifactName: 'unit test report'
38 | continueOnError: true
39 | condition: succeededOrFailed()
40 |
41 | - script: |
42 | curl -s https://codecov.io/bash | bash -s -- -C $(Build.SourceVersion) -F $(Agent.OS)
43 | displayName: 'Upload to codecov.io'
44 | continueOnError: true
45 | condition: ${{parameters.code_cov_enabled}}
46 |
47 | # Publish Cobertura code coverage results
48 | - task: PublishCodeCoverageResults@1
49 | inputs:
50 | codeCoverageTool: 'cobertura' # Options: cobertura, jaCoCo
51 | summaryFileLocation: $(System.DefaultWorkingDirectory)/cov.xml
52 | reportDirectory: $(System.DefaultWorkingDirectory)/cov_html
53 | condition: succeededOrFailed()
54 |
--------------------------------------------------------------------------------
/Steps/RunMarkdownLint.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step to lint markdown files
3 | # in the repository.
4 | #
5 | # markdownlint should be installed on the system
6 | # prior to invoking this template.
7 | #
8 | # Copyright (c) Microsoft Corporation. All rights reserved.
9 | # SPDX-License-Identifier: BSD-2-Clause-Patent
10 | ##
11 |
12 | steps:
13 |
14 | - script: markdownlint "**/*.md"
15 | displayName: Lint MD Files
16 | condition: succeeded()
17 |
--------------------------------------------------------------------------------
/Steps/RunPatchCheck.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step to evaluate the patch series in a PR by
3 | # running BaseTools/Scripts/PatchCheck.py.
4 | #
5 | # NOTE: This example monitors pull requests against the edk2-ci branch. Most
6 | # environments would replace 'edk2-ci' with 'master'.
7 | #
8 | # Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR>
9 | # Copyright (c) Microsoft Corporation. All rights reserved.
10 | # SPDX-License-Identifier: BSD-2-Clause-Patent
11 | #
12 | # https://github.com/tianocore
13 | #
14 | ##
15 |
16 | trigger: none
17 |
18 | pr:
19 | - main
20 |
21 | pool:
22 | vmImage: 'ubuntu-latest'
23 |
24 | steps:
25 | - checkout: self
26 | clean: true
27 | fetchDepth: 0
28 |
29 | - template: Steps/SetupPythonPreReqs.yml
30 | - script: |
31 | git fetch origin $(System.PullRequest.TargetBranch):$(System.PullRequest.TargetBranch)
32 | python BaseTools/Scripts/PatchCheck.py $(System.PullRequest.TargetBranch)..$(System.PullRequest.SourceCommitId)
33 | displayName: Use PatchCheck.py to Verify Patch Series in Pull Request
34 | condition: succeeded()
35 |
--------------------------------------------------------------------------------
/Steps/RunSpellCheck.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step to run spell check against
3 | # a set of files.
4 | #
5 | # cspell should be installed on the system
6 | # prior to invoking this template.
7 | #
8 | # Copyright (c) Microsoft Corporation. All rights reserved.
9 | # SPDX-License-Identifier: BSD-2-Clause-Patent
10 | ##
11 |
12 | parameters:
13 | - name: spell_check_parameters
14 | displayName: Spell Check (cspell) Parameters
15 | type: string
16 | default: "-c .cspell.json **/*.py"
17 |
18 | steps:
19 |
20 | - script: cspell ${{ parameters.spell_check_parameters }}
21 | displayName: Run Spell Check Test
22 | condition: succeeded()
23 |
--------------------------------------------------------------------------------
/Steps/RustCargoSteps.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step to run common Cargo commands.
3 | #
4 | # Cargo should be installed on the system prior to invoking this template.
5 | #
6 | # Copyright (c) Microsoft Corporation. All rights reserved.
7 | # SPDX-License-Identifier: BSD-2-Clause-Patent
8 | ##
9 |
10 | parameters:
11 | - name: format_command
12 | displayName: Rust Format Command
13 | type: string
14 | default: "cargo fmt --all --check"
15 | - name: test_command
16 | displayName: Rust Test Command
17 | type: string
18 | default: "cargo make test"
19 | - name: build_command
20 | displayName: Rust Build Command
21 | type: string
22 | default: "cargo make build"
23 | - name: container_build
24 | displayName: Flag for whether a container is being used
25 | type: boolean
26 | default: false
27 |
28 | steps:
29 |
30 | - task: CmdLine@2
31 | displayName: Setup Cargo Dir Permissions (Linux)
32 | target: host
33 | inputs:
34 | script: |
35 | /usr/bin/docker exec mu_devops_build_container chown -R vsts_azpcontainer:docker_azpcontainer /.cargo
36 | /usr/bin/docker exec mu_devops_build_container chmod -R ug+rw /.cargo
37 | /usr/bin/docker exec mu_devops_build_container chown -R vsts_azpcontainer:docker_azpcontainer /.rustup
38 | /usr/bin/docker exec mu_devops_build_container chmod -R ug+rw /.rustup
39 | condition: and(eq('${{ parameters.container_build }}', 'true'), eq(variables['Agent.OS'], 'Linux'))
40 |
41 | - task: CmdLine@2
42 | displayName: cargo fmt
43 | inputs:
44 | script: ${{ parameters.format_command }}
45 | workingDirectory: '$(System.DefaultWorkingDirectory)'
46 | failOnStandardError: true
47 | condition: succeeded()
48 |
49 | - task: CmdLine@2
50 | displayName: cargo make test
51 | inputs:
52 | script: ${{ parameters.test_command }}
53 | workingDirectory: '$(System.DefaultWorkingDirectory)'
54 | failOnStandardError: true
55 | condition: succeeded()
56 |
57 | - task: CmdLine@2
58 | displayName: cargo make build
59 | inputs:
60 | script: ${{ parameters.build_command }}
61 | workingDirectory: '$(System.DefaultWorkingDirectory)'
62 | failOnStandardError: true
63 | condition: succeeded()
64 |
--------------------------------------------------------------------------------
/Steps/RustSetupSteps.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step to run common Rust steps.
3 | #
4 | # Cargo should be installed on the system prior to invoking this template.
5 | #
6 | # Copyright (c) Microsoft Corporation. All rights reserved.
7 | # SPDX-License-Identifier: BSD-2-Clause-Patent
8 | ##
9 |
10 | # NOTE: Because this pipeline YAML file is a Nunjucks template, the pipeline syntax of `{{}}` will conflict with
11 | # Nunjucks style. Surround pipeline YAML code that uses `{{}}` within `raw` and `endraw` tags
12 | # to allow it to pass through Nunjucks processing.
13 |
14 |
15 | steps:
16 |
17 | # Note: This uses a local lookup table as opposed to `rustc -vV` since this is a Rust setup
18 | # template that tries to minimize assumptions about Rust tools already on a system.
19 | - task: PythonScript@0
20 | displayName: Get Host Rust Target Triple
21 | inputs:
22 | scriptSource: inline
23 | workingDirectory: $(Agent.BuildDirectory)
24 | script: |
25 | import os
26 | import platform
27 |
28 | system = platform.system()
29 | arch = platform.machine()
30 |
31 | rust_targets = {
32 | ('Windows', 'x86_64'): 'x86_64-pc-windows-msvc',
33 | ('Windows', 'AMD64'): 'x86_64-pc-windows-msvc',
34 | ('Windows', 'i386'): 'i686-pc-windows-msvc',
35 | ('Windows', 'i686'): 'i686-pc-windows-msvc',
36 | ('Linux', 'x86_64'): 'x86_64-unknown-linux-gnu',
37 | ('Linux', 'AMD64'): 'x86_64-unknown-linux-gnu',
38 | ('Linux', 'aarch64'): 'aarch64-unknown-linux-gnu',
39 | ('Linux', 'i386'): 'i686-unknown-linux-gnu',
40 | ('Linux', 'i686'): 'i686-unknown-linux-gnu',
41 | }
42 |
43 | print(f'System type = {system}')
44 | print(f'Architecture = {arch}')
45 |
46 | try:
47 | print(f'##vso[task.setvariable variable=rust_target_triple]{rust_targets[(system, arch)]}')
48 | except KeyError:
49 | print(f'##[error]Unsupported Host Combination! OS = {system}. Architecture = {arch}.')
50 | print(f'##vso[task.complete result=Failed;]Unsupported Host Combination! OS = {system}. Architecture = {arch}.')
51 |
52 | - script: |
53 | python -c "import os; print('##vso[task.setvariable variable=cargoBinPath]{}'.format(os.path.join(os.environ['USERPROFILE'], '.cargo', 'bin')))"
54 | displayName: Get Cargo bin Path (Windows)
55 | condition: eq(variables['Agent.OS'], 'Windows_NT')
56 |
57 | - script: |
58 | python -c "import os; print('##vso[task.setvariable variable=cargoBinPath]/.cargo/bin')"
59 | displayName: Get Cargo bin Path (Linux)
60 | condition: eq(variables['Agent.OS'], 'Linux')
61 |
62 | - task: CmdLine@2
63 | displayName: Setup Cargo Dir Permissions (Linux)
64 | target: host
65 | inputs:
66 | script: |
67 | /usr/bin/docker exec mu_devops_build_container chown -R vsts_azpcontainer:docker_azpcontainer /.cargo
68 | /usr/bin/docker exec mu_devops_build_container chmod -R ug+rw /.cargo
69 | /usr/bin/docker exec mu_devops_build_container chown -R vsts_azpcontainer:docker_azpcontainer /.rustup
70 | /usr/bin/docker exec mu_devops_build_container chmod -R ug+rw /.rustup
71 | condition: eq(variables['Agent.OS'], 'Linux')
72 |
73 | #
74 | # Linux will use a container image pre-loaded with the designated Rust version. Windows does not use a container
75 | # image, but will have a VM image with a very recent version of Rust installed. This step installs the same toolchain
76 | # version used in the Linux container for consistency between the two. The cargo-make and cargo-tarpaulin versions
77 | # placed in the container image are the latest at the time the image is built. That should be equal to or less than
78 | # the latest version available when the pipeline is run. Get the latest available in the cache pipelines and use
79 | # those on both Linux and Windows agents for consistency in the pipeline runs.
80 | #
81 | - script: |
82 | rustup install --no-self-update 1.85.0
83 | displayName: Install Rust 1.85.0 (Windows)
84 | condition: eq(variables['Agent.OS'], 'Windows_NT')
85 |
86 | - script: |
87 | rustup default 1.85.0
88 | displayName: Set Rust 1.85.0 (Windows)
89 | condition: eq(variables['Agent.OS'], 'Windows_NT')
90 |
91 | - script: pip install requests --upgrade
92 | displayName: Install and Upgrade requests PIP Module
93 | condition: succeeded()
94 |
95 | - template: DownloadAzurePipelineArtifact.yml
96 | parameters:
97 | task_display_name: Download Cargo Binstall (Windows)
98 | artifact_name: Binaries
99 | azure_pipeline_def_id: 169
100 | file_pattern: "**/cargo-binstall.exe"
101 | target_dir: "$(cargoBinPath)"
102 | target_os: "Windows_NT"
103 | work_dir: "$(Agent.TempDirectory)"
104 |
105 | - template: DownloadAzurePipelineArtifact.yml
106 | parameters:
107 | task_display_name: Download Cargo Binstall (Linux)
108 | artifact_name: Binaries
109 | azure_pipeline_def_id: 169
110 | file_pattern: "**/cargo-binstall"
111 | target_dir: "$(Agent.TempDirectory)"
112 | target_os: "Linux"
113 | work_dir: "$(Agent.TempDirectory)"
114 |
115 | - script: |
116 | cp $AGENT_TEMPDIRECTORY/cargo-binstall /.cargo/bin
117 | displayName: Copy cargo-binstall
118 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux'))
119 |
120 | - script: |
121 | sudo chmod +x /.cargo/bin/cargo-binstall
122 | displayName: Make cargo-binstall executable
123 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux'))
124 |
125 | - script: |
126 | cargo binstall -y cargo-make --version 0.37.24
127 | displayName: Install cargo-make
128 |
129 | - script: |
130 | cargo binstall -y cargo-tarpaulin --version 0.31.5
131 | displayName: Install cargo-tarpaulin
132 |
133 | - script: rustup component add rustfmt rust-src --toolchain 1.85.0-$(rust_target_triple)
134 | displayName: rustup add rust-src
135 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT'))
136 |
--------------------------------------------------------------------------------
/Steps/SetNodeVersion.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template to set the Node version.
3 | #
4 | # Copyright (c) Microsoft Corporation. All rights reserved.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | ##
7 |
8 | steps:
9 |
10 | - task: NodeTool@0
11 | inputs:
12 | versionSpec: '19.x'
13 | condition: succeeded()
14 |
--------------------------------------------------------------------------------
/Steps/SetupPythonPreReqs.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step to setup Python pre-requisites.
3 | #
4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
5 | # instead of the file in this repo.
6 | #
7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops
8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
9 | #
10 | # Copyright (c) Microsoft Corporation. All rights reserved.
11 | # SPDX-License-Identifier: BSD-2-Clause-Patent
12 | ##
13 |
14 | # NOTE: Because this pipeline YAML file is a Nunjucks template, the pipeline syntax of `{{}}` will conflict with
15 | # Nunjucks style. Surround pipeline YAML code that uses `{{}}` within `raw` and `endraw` tags
16 | # to allow it to pass through Nunjucks processing.
17 |
18 | parameters:
19 | - name: install_pip_modules
20 | displayName: Install PIP Modules
21 | type: boolean
22 | default: true
23 | - name: install_python
24 | displayName: Install Python
25 | type: boolean
26 | default: true
27 | - name: pip_requirement_files
28 | displayName: Pip Requirement Files
29 | type: string
30 | default: -r pip-requirements.txt
31 |
32 | steps:
33 |
34 | - ${{ if eq(parameters.install_python, true) }}:
35 | - task: UsePythonVersion@0
36 | inputs:
37 | versionSpec: 3.12
38 | architecture: x64
39 |
40 | - ${{ if eq(parameters.install_pip_modules, true) }}:
41 | - script: python -m pip install --upgrade pip setuptools wheel
42 | displayName: Install Wheel and SetupTools
43 | condition: succeeded()
44 |
45 | - script: pip install ${{ parameters.pip_requirement_files }} --upgrade
46 | displayName: Install and Upgrade pip Modules
47 | condition: succeeded()
48 |
--------------------------------------------------------------------------------
/Steps/SetupToolChainTagPreReqs.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step to setup Python pre-requisites.
3 | #
4 | # Copyright (c) Microsoft Corporation. All rights reserved.
5 | # SPDX-License-Identifier: BSD-2-Clause-Patent
6 | ##
7 |
8 | steps:
9 | - powershell:
10 | wget https://apt.llvm.org/llvm.sh;
11 | chmod +x llvm.sh;
12 | sudo ./llvm.sh 18;
13 | displayName: Install LLVM 18 on Linux;
14 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux'))
15 |
16 | - powershell:
17 | choco install make --force; Write-Host "##vso[task.prependpath]$env:ChocolateyInstall\bin\";
18 | choco install llvm --version=18.1.5 --install-arguments="'/NCRC /S /D=$(Agent.TempDirectory)\LLVM'" --force; Write-Host "##vso[task.prependpath]$(Agent.TempDirectory)\LLVM\bin\";
19 | displayName: Install LLVM 18 on Windows
20 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT'))
21 |
--------------------------------------------------------------------------------
/Steps/UploadCodeCoverage.yml:
--------------------------------------------------------------------------------
1 | ## @file
2 | # Azure Pipelines step template upload code coverage to codecov.io
3 | #
4 | # Set `coverage_upload_target` to `codecov` or `ado` rather than passing it
5 | # as a parameter to this template.
6 | #
7 | # Follows the codecov.io documentation for uploading code coverage reports:
8 | # https://docs.codecov.com/docs/codecov-uploader
9 | #
10 | # Copyright (c) Microsoft Corporation. All rights reserved.
11 | # SPDX-License-Identifier: BSD-2-Clause-Patent
12 | ##
13 |
14 | parameters:
15 | - name: report_dir
16 | displayName: Code Coverage Report
17 | type: string
18 | default: ''
19 | - name: flag
20 | displayName: Use Package Flags
21 | type: string
22 | default: ''
23 | - name: install_dependencies
24 | displayName: Install Pypi Dependencies
25 | type: boolean
26 | default: true
27 |
28 | steps:
29 | - task: PythonScript@0
30 | displayName: Detect Code Coverage Target and Files
31 | env:
32 | UPLOAD_TARGET: $(coverage_upload_target)
33 | REPORT_DIR: ${{ parameters.report_dir }}
34 | inputs:
35 | scriptSource: inline
36 | script: |
37 | import os
38 | from pathlib import Path
39 |
40 | UPLOAD_TARGET = os.environ['UPLOAD_TARGET']
41 | REPORT_DIR = os.environ['REPORT_DIR']
42 |
43 | print(f'##vso[task.setvariable variable=upload_target]{UPLOAD_TARGET}')
44 | print(f'Code Coverage Upload Target: {UPLOAD_TARGET}')
45 |
46 | print(f'##vso[task.setvariable variable=coverage_file_count]{len(list(Path(REPORT_DIR).rglob("*coverage.xml")))}')
47 | print(f'Code Coverage Files: {list(Path(REPORT_DIR).rglob("*coverage.xml"))}')
48 | #
49 | # Steps to upload to Azure DevOps
50 | #
51 | - task: PublishCodeCoverageResults@2
52 | displayName: "Coverage ADO ${{ parameters.flag }}: Publish"
53 | inputs:
54 | summaryFileLocation: '${{ parameters.report_dir }}/**/*coverage.xml'
55 | condition: and(eq(variables['upload_target'] , 'ado'), gt(variables.coverage_file_count, 0))
56 | #
57 | # All Steps to upload to codecov.io
58 | #
59 | - ${{ if eq(parameters.install_dependencies, true) }}:
60 | - script: |
61 | pip install requests
62 | displayName: "Coverage CodeCov ${{ parameters.flag }}: Install Python Dependencies"
63 | condition: and(eq(variables['upload_target'] , 'codecov'), gt(variables.coverage_file_count, 0))
64 |
65 | - task: PythonScript@0
66 | displayName: "Coverage CodeCov ${{ parameters.flag }}: Download and Verify Codecov Uploader"
67 | condition: and(eq(variables['upload_target'] , 'codecov'), gt(variables.coverage_file_count, 0))
68 | inputs:
69 | scriptSource: inline
70 | script: |
71 | import platform
72 | import requests
73 | import hashlib
74 | import os
75 |
76 | system = platform.system()
77 |
78 | if system == 'Windows':
79 | url = 'https://uploader.codecov.io/latest/windows/codecov.exe'
80 | filename = 'codecov.exe'
81 | checksum_url = 'https://uploader.codecov.io/latest/windows/codecov.exe.SHA256SUM'
82 | checksum_filename = 'codecov.exe.SHA256SUM'
83 | print(f'##vso[task.setvariable variable=codecov_uploader_cmd].\{filename}')
84 | elif system == 'Linux':
85 | url = 'https://uploader.codecov.io/latest/linux/codecov'
86 | filename = 'codecov'
87 | checksum_url = 'https://uploader.codecov.io/latest/linux/codecov.SHA256SUM'
88 | checksum_filename = 'codecov.SHA256SUM'
89 | print(f'##vso[task.setvariable variable=codecov_uploader_cmd]./{filename}')
90 | else:
91 | print(f'##[error]Unsupported Host System! System = {system}.')
92 | print(f'##vso[task.complete result=Failed;]Unsupported Host System! System = {system}.')
93 |
94 | response = requests.get(url)
95 | if response.status_code == 200:
96 | with open(filename, 'wb') as f:
97 | f.write(response.content)
98 | else:
99 | print(f'##[error]Failed to download Uploader. Error code: {response.status_code}.')
100 | print(f'##vso[task.complete result=Failed;]Failed to download Uploader. Error code: {response.status_code}.')
101 |
102 | response = requests.get(checksum_url)
103 | if response.status_code == 200:
104 | with open(checksum_filename, 'wb') as f:
105 | f.write(response.content)
106 | else:
107 | print(f'##[error]Failed to download Checksum file. Error code: {response.status_code}.')
108 | print(f'##vso[task.complete result=Failed;]Failed to download Checksum file. Error code: {response.status_code}.')
109 |
110 | with open(checksum_filename, 'r') as f:
111 | expected_hash = f.read().split(' ')[0]
112 |
113 | actual_hash = hashlib.new('sha256')
114 | with open(filename, 'rb') as f:
115 | for chunk in iter(lambda: f.read(4096), b''):
116 | actual_hash.update(chunk)
117 |
118 | if expected_hash != actual_hash.hexdigest():
119 | print(f'##[error]Checksum did not match. Expected: {expected_hash}; Actual: {actual_hash.hexdigest()}.')
120 | print(f'##vso[task.complete result=Failed;]Hash Mismatch.')
121 |
122 | if system == 'Linux':
123 | os.chmod(filename, 0o755)
124 |
125 | - task: PythonScript@0
126 | displayName: "Coverage CodeCov ${{ parameters.flag }}: Upload Results"
127 | condition: and(eq(variables['upload_target'] , 'codecov'), gt(variables.coverage_file_count, 0))
128 | env:
129 | COV_FLAG: ${{ parameters.flag }}
130 | REPORT_DIR: ${{ parameters.report_dir }}
131 | UPLOAD_CMD: $(codecov_uploader_cmd)
132 | inputs:
133 | scriptSource: inline
134 | script: |
135 | from pathlib import Path
136 | import io
137 | import os
138 | import subprocess
139 |
140 | COV_FLAG = os.environ['COV_FLAG']
141 | REPORT_DIR = os.environ['REPORT_DIR']
142 | UPLOAD_CMD = os.environ['UPLOAD_CMD']
143 |
144 | for cov_file in Path(REPORT_DIR).rglob('*coverage.xml'):
145 | cmd = f'{UPLOAD_CMD} -f {cov_file} -Z'
146 | if COV_FLAG:
147 | cmd += f' -F {COV_FLAG}'
148 | process = subprocess.Popen(
149 | cmd,
150 | stdout=subprocess.PIPE,
151 | stderr=subprocess.PIPE,
152 | shell=True)
153 | output, error = process.communicate()
154 | print(f"##[debug]{output.decode('utf-8')}")
155 | if process.returncode != 0:
156 | print(f"##[error]{error.decode('utf-8')}")
157 | raise Exception(f"{UPLOAD_CMD} failed with Return Code: "
158 | f"{process.returncode}.")
159 |
--------------------------------------------------------------------------------