├── .azurepipelines ├── GetCargoBinstall.yml ├── GetCargoMake.yml └── GetCargoTarpaulin.yml ├── .github ├── Labels.yml ├── actions │ ├── rust-tool-cache │ │ └── action.yml │ └── submodule-release-updater │ │ ├── ReadMe.md │ │ └── action.yml ├── dependabot.yml ├── release-draft-config.yml └── workflows │ ├── Build-Containers.yml │ ├── CodeQl.yml │ ├── FileSyncer.yml │ ├── IssueAssignment.yml │ ├── IssueTriager.yml │ ├── LabelSyncer.yml │ ├── Labeler.yml │ ├── ReleaseDrafter.yml │ ├── ReleaseWorkflow.yml │ ├── Stale.yml │ ├── label-sync.yml │ ├── pull-request-formatting-validator.yml │ ├── release-draft.yml │ ├── scheduled-maintenance.yml │ └── stale-leaf.yml ├── .gitignore ├── .markdownlint.yaml ├── .sync ├── Files.yml ├── ReadMe.rst ├── Version.njk ├── actions │ └── submodule-release-updater-action.yml ├── azure_pipelines │ ├── MuDevOpsWrapper.yml │ ├── RustSetupSteps.yml │ └── SetupPythonPreReqs.yml ├── ci_config │ └── .markdownlint.yaml ├── containers │ ├── Ubuntu-22 │ │ └── Dockerfile │ └── Ubuntu-24 │ │ └── Dockerfile ├── dependabot │ ├── actions-pip-submodules.yml │ └── actions-pip.yml ├── devcontainer │ └── devcontainer.json ├── git_templates │ └── gitattributes_template.txt ├── github_templates │ ├── ISSUE_TEMPLATE │ │ ├── bug_report.yml │ │ ├── config.yml │ │ ├── documentation_request.yml │ │ └── feature_request.yml │ ├── contributing │ │ └── CONTRIBUTING.md │ ├── licensing │ │ ├── project_mu_and_tianocore_license.txt │ │ ├── project_mu_license.txt │ │ └── tianocore_license.txt │ ├── pull_requests │ │ └── pull_request_template.md │ └── security │ │ └── SECURITY.md ├── rust_config │ ├── Makefile.toml │ ├── config.toml │ ├── rust-toolchain.toml │ └── rustfmt.toml └── workflows │ ├── config │ ├── label-issues │ │ ├── file-paths.yml │ │ └── regex-pull-requests.yml │ ├── release-draft │ │ └── release-draft-config.yml │ └── triage-issues │ │ └── advanced-issue-labeler.yml │ └── leaf │ ├── backport-to-release-branch.yml │ ├── codeql-platform.yml │ ├── codeql.yml │ ├── issue-assignment.yml │ ├── label-issues.yml │ ├── label-sync.yml │ ├── publish-release.yml │ ├── pull-request-formatting-validator.yml │ ├── release-draft.yml │ ├── scheduled-maintenance.yml │ ├── stale.yml │ ├── submodule-release-update.yml │ └── triage-issues.yml ├── Containers ├── Readme.md ├── Ubuntu-22 │ └── Dockerfile └── Ubuntu-24 │ └── Dockerfile ├── Jobs ├── CreateBuildMatrix.yml ├── GenerateTag.yml ├── PrGate.yml └── Python │ └── RunDevTests.yml ├── LICENSE.txt ├── Notebooks ├── MyPullRequests.github-issues ├── OpenIssues.github-issues ├── PullRequests.github-issues └── ReadMe.md ├── ReadMe.rst ├── RepoDetails.md ├── SECURITY.md ├── Scripts ├── DownloadCargoBinaryFromGitHub │ ├── DownloadCargoBinaryFromGitHub.py │ └── Readme.md └── TagGenerator │ ├── Readme.md │ └── TagGenerator.py └── Steps ├── BinaryCopyAndPublish.yml ├── BuildBaseTools.yml ├── BuildPlatform.yml ├── CommonLogCopyAndPublish.yml ├── DownloadAzurePipelineArtifact.yml ├── FetchGitHubFile.yml ├── InstallCoverageTools.yml ├── InstallMarkdownLint.yml ├── InstallSpellCheck.yml ├── NuGet.yml ├── OtherCopyAndPublish.yml ├── PrGate.yml ├── PublishCodeCoverage.yml ├── Python ├── RunFlake8Tests.yml └── RunPytest.yml ├── RunMarkdownLint.yml ├── RunPatchCheck.yml ├── RunSpellCheck.yml ├── RustCargoSteps.yml ├── RustSetupSteps.yml ├── SetNodeVersion.yml ├── SetupPythonPreReqs.yml ├── SetupToolChainTagPreReqs.yml └── UploadCodeCoverage.yml /.azurepipelines/GetCargoBinstall.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipeline to download Cargo Binstall and save it as a pipeline artifact that 3 | # can be accessed by other pipelines. 4 | # 5 | # Copyright (c) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | ## 8 | 9 | schedules: 10 | # At 1:00 on Monday 11 | # https://crontab.guru/#0_1_*_*_1 12 | - cron: 0 1 * * 1 13 | branches: 14 | include: 15 | - main 16 | always: true 17 | 18 | jobs: 19 | - job: Update_Cargo_Binstall 20 | displayName: Update Cargo Binstall 21 | 22 | pool: 23 | vmImage: windows-latest 24 | 25 | steps: 26 | - checkout: self 27 | clean: true 28 | fetchDepth: 1 29 | fetchTags: false 30 | 31 | - script: pip install requests --upgrade 32 | displayName: Install and Upgrade pip Modules 33 | condition: succeeded() 34 | 35 | - task: PythonScript@0 36 | displayName: Download and Stage Cargo Binstall 37 | env: 38 | BINARIES_DIR: "$(Build.BinariesDirectory)" 39 | BINARY_NAME: "cargo-binstall" 40 | DOWNLOAD_DIR: "$(Build.ArtifactStagingDirectory)" 41 | REPO_URL: "https://api.github.com/repos/cargo-bins/cargo-binstall/releases" 42 | inputs: 43 | scriptSource: filePath 44 | scriptPath: Scripts/DownloadCargoBinaryFromGitHub/DownloadCargoBinaryFromGitHub.py 45 | workingDirectory: $(Agent.BuildDirectory) 46 | condition: succeeded() 47 | 48 | - task: PublishBuildArtifacts@1 49 | displayName: Publish Cargo Binstall 50 | retryCountOnTaskFailure: 3 51 | inputs: 52 | PathtoPublish: $(Build.BinariesDirectory) 53 | ArtifactName: Binaries 54 | condition: succeeded() 55 | -------------------------------------------------------------------------------- /.azurepipelines/GetCargoMake.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipeline to download Cargo Make and save it as a pipeline artifact that 3 | # can be accessed by other pipelines. 4 | # 5 | # Copyright (c) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | ## 8 | 9 | schedules: 10 | # At 1:00 on Monday 11 | # https://crontab.guru/#0_1_*_*_1 12 | - cron: 0 1 * * 1 13 | branches: 14 | include: 15 | - main 16 | always: true 17 | 18 | jobs: 19 | - job: Update_Cargo_Make 20 | displayName: Update Cargo Make 21 | 22 | pool: 23 | vmImage: windows-latest 24 | 25 | steps: 26 | - checkout: self 27 | clean: true 28 | fetchDepth: 1 29 | fetchTags: false 30 | 31 | - script: pip install requests --upgrade 32 | displayName: Install and Upgrade pip Modules 33 | condition: succeeded() 34 | 35 | - task: PythonScript@0 36 | displayName: Download and Stage Cargo Make 37 | env: 38 | BINARIES_DIR: "$(Build.BinariesDirectory)" 39 | BINARY_NAME: "cargo-make" 40 | DOWNLOAD_DIR: "$(Build.ArtifactStagingDirectory)" 41 | REPO_URL: "https://api.github.com/repos/sagiegurari/cargo-make/releases" 42 | inputs: 43 | scriptSource: filePath 44 | scriptPath: Scripts/DownloadCargoBinaryFromGitHub/DownloadCargoBinaryFromGitHub.py 45 | workingDirectory: $(Agent.BuildDirectory) 46 | condition: succeeded() 47 | 48 | - task: PublishBuildArtifacts@1 49 | displayName: Publish Cargo Make 50 | retryCountOnTaskFailure: 3 51 | inputs: 52 | PathtoPublish: $(Build.BinariesDirectory) 53 | ArtifactName: Binaries 54 | condition: succeeded() 55 | -------------------------------------------------------------------------------- /.azurepipelines/GetCargoTarpaulin.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipeline to download Cargo Tarpaulin and save it as a pipeline artifact that 3 | # can be accessed by other pipelines. 4 | # 5 | # Copyright (c) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | ## 8 | 9 | schedules: 10 | # At 1:00 on Monday 11 | # https://crontab.guru/#0_1_*_*_1 12 | - cron: 0 1 * * 1 13 | branches: 14 | include: 15 | - main 16 | always: true 17 | 18 | jobs: 19 | - job: Update_Cargo_Tarpaulin 20 | displayName: Update Cargo Tarpaulin 21 | 22 | pool: 23 | vmImage: windows-latest 24 | 25 | steps: 26 | - checkout: self 27 | clean: true 28 | fetchDepth: 1 29 | fetchTags: false 30 | 31 | - script: pip install requests --upgrade 32 | displayName: Install and Upgrade pip Modules 33 | condition: succeeded() 34 | 35 | - task: PythonScript@0 36 | displayName: Download and Stage Cargo Tarpaulin 37 | env: 38 | BINARIES_DIR: "$(Build.BinariesDirectory)" 39 | BINARY_NAME: "cargo-tarpaulin" 40 | DOWNLOAD_DIR: "$(Build.ArtifactStagingDirectory)" 41 | REPO_URL: "https://api.github.com/repos/xd009642/tarpaulin/releases" 42 | inputs: 43 | scriptSource: filePath 44 | scriptPath: Scripts/DownloadCargoBinaryFromGitHub/DownloadCargoBinaryFromGitHub.py 45 | workingDirectory: $(Agent.BuildDirectory) 46 | condition: succeeded() 47 | 48 | - task: PublishBuildArtifacts@1 49 | displayName: Publish Cargo Tarpaulin 50 | retryCountOnTaskFailure: 3 51 | inputs: 52 | PathtoPublish: $(Build.BinariesDirectory) 53 | ArtifactName: Binaries 54 | condition: succeeded() 55 | -------------------------------------------------------------------------------- /.github/Labels.yml: -------------------------------------------------------------------------------- 1 | # Specifies the labels used in Project Mu repositories. 2 | # 3 | # This file is meant to define the labels used such that label management is consistent, centralized, 4 | # and tracked in source control. 5 | # 6 | # Note that: 7 | # 1. If a label color or description changes, the same label is updated with the new color or description. 8 | # 2. If a label name changes, add the old label name to the `aliases` section. That will update the old label 9 | # to the new label keeping label usage in previously labeled issues and PRs. 10 | # 3. All existing labels which are not listed in the manifest will be retained. 11 | # - We can specify to delete them in the future if desired. 12 | # - Please do not duplicate or let stale labels accumulate in repos. Only repo-specific labels should 13 | # be defined outside this file. Any other label should be reviewed and added to this file. 14 | # 15 | # Copyright (c) Microsoft Corporation. 16 | # SPDX-License-Identifier: BSD-2-Clause-Patent 17 | # 18 | # For more information, see: 19 | # https://github.com/EndBug/label-sync 20 | 21 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. 22 | 23 | - name: complexity:advanced 24 | description: Requires substantial background information and effort to accomplish 25 | color: 'd35400' 26 | aliases: [] 27 | - name: complexity:easy 28 | description: Requires minimal background information and effort to accomplish 29 | color: '229954' 30 | aliases: [] 31 | - name: complexity:good-first-issue 32 | description: Good for newcomers 33 | color: '7057ff' 34 | aliases: [] 35 | - name: complexity:intermediate 36 | description: Requires intermediate background information and effort to accomplish 37 | color: 'd4ac0d' 38 | aliases: [] 39 | 40 | - name: impact:breaking-change 41 | description: Requires integration attention 42 | color: 'a54418' 43 | aliases: [] 44 | - name: impact:non-functional 45 | description: Does not have a functional impact 46 | color: 'c2e0c6' 47 | aliases: [] 48 | - name: impact:security 49 | description: Has a security impact 50 | color: '31df8c' 51 | aliases: [] 52 | - name: impact:testing 53 | description: Affects testing 54 | color: 'd4c5f9' 55 | aliases: [] 56 | 57 | - name: language:python 58 | description: Pull requests that update Python code 59 | color: '2b67c6' 60 | aliases: [] 61 | 62 | - name: semver:major 63 | description: Pull requests that should increment the release major version 64 | color: '000000' 65 | aliases: [] 66 | - name: semver:minor 67 | description: Pull requests that should increment the release minor version 68 | color: '000000' 69 | aliases: [] 70 | - name: semver:patch 71 | description: Pull requests that should increment the release patch version 72 | color: '000000' 73 | aliases: [] 74 | 75 | - name: state:backlog 76 | description: In the backlog 77 | color: 'e6e8d3' 78 | aliases: [] 79 | - name: state:duplicate 80 | description: This issue or pull request already exists 81 | color: 'cfd3d7' 82 | aliases: [] 83 | - name: state:help-wanted 84 | description: Extra attention (collaborator) is needed 85 | color: '008672' 86 | aliases: [] 87 | - name: state:invalid 88 | description: This doesn't seem right 89 | color: 'e4e669' 90 | aliases: [] 91 | - name: state:needs-maintainer-feedback 92 | description: Needs more information from a maintainer to determine next steps 93 | color: 'e7a540' 94 | aliases: [] 95 | - name: state:needs-owner 96 | description: Needs an issue owner to be assigned 97 | color: 'f9e79f' 98 | aliases: [] 99 | - name: state:needs-submitter-info 100 | description: Needs more information from the submitter to determine next steps 101 | color: 'fcf3cf' 102 | aliases: [] 103 | - name: state:needs-triage 104 | description: Needs to triaged to determine next steps 105 | color: 'f1c40f' 106 | aliases: [] 107 | - name: state:stale 108 | description: Has not been updated in a long time 109 | color: 'c0da14' 110 | aliases: [] 111 | - name: state:under-discussion 112 | description: Under discussion 113 | color: 'c5def5' 114 | aliases: [] 115 | - name: state:wont-fix 116 | description: This will not be worked on 117 | color: 'ffffff' 118 | aliases: [] 119 | 120 | - name: type:bug 121 | description: Something isn't working 122 | color: 'd73a4a' 123 | aliases: [] 124 | - name: type:dependabot 125 | description: Created by dependabot 126 | color: 'c57a90' 127 | aliases: [] 128 | - name: type:dependencies 129 | description: Pull requests that update a dependency file 130 | color: '0366d6' 131 | aliases: [] 132 | - name: type:design-change 133 | description: A new proposal or modification to a feature design 134 | color: '5b2c6f' 135 | aliases: [] 136 | - name: type:documentation 137 | description: Improvements or additions to documentation 138 | color: '0075ca' 139 | aliases: [] 140 | - name: type:enhancement 141 | description: New feature or pull request 142 | color: 'a2eeef' 143 | aliases: [] 144 | - name: type:feature-request 145 | description: A new feature proposal 146 | color: 'a9dfbf' 147 | aliases: [] 148 | - name: type:file-sync 149 | description: Files automatically synced from another repo 150 | color: '95d0e6' 151 | aliases: [] 152 | - name: type:notes 153 | description: Notes from an organized meeting 154 | color: 'd9ee5d' 155 | aliases: [] 156 | - name: type:submodules 157 | description: Pull requests that update submodules 158 | color: '000000' 159 | aliases: [] 160 | - name: type:question 161 | description: Further information is requested 162 | color: 'd876e3' 163 | aliases: [] 164 | 165 | - name: urgency:low 166 | description: Little to no impact 167 | color: '00d26a' 168 | aliases: [] 169 | - name: urgency:medium 170 | description: Important with a moderate impact 171 | color: 'fcd53f' 172 | aliases: [] 173 | - name: urgency:high 174 | description: Significant with a critical impact 175 | color: 'ff6723' 176 | aliases: [] 177 | -------------------------------------------------------------------------------- /.github/actions/rust-tool-cache/action.yml: -------------------------------------------------------------------------------- 1 | # A GitHub action that loads rust tools and toolchains from cache. If there is a miss, it will install 2 | # them. the tools are read from the tools section of the rust-toolchain.toml file at the root of the repository. 3 | # 4 | # Copyright (c) Microsoft Corporation. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | # 7 | 8 | name: "Install Rust Tools" 9 | description: "This action loads rust tools and toolchains from cache, or installs them." 10 | 11 | runs: 12 | using: composite 13 | steps: 14 | - name: Rust Tool Cache 15 | id: tool-cache 16 | uses: actions/cache@v4 17 | with: 18 | path: | 19 | ~/.cargo/bin/ 20 | ~/.rustup/toolchains/ 21 | key: ${{ runner.os }}-rust-tools-${{ hashFiles('**/rust-toolchain.toml' )}} 22 | 23 | - name: Install cargo-binstall 24 | uses: cargo-bins/cargo-binstall@v1.10.17 25 | 26 | # Read any tools from rust-toolchain.toml file and installs them 27 | - name: Install Rust Tools 28 | shell: bash 29 | run: | 30 | FILE="rust-toolchain.toml" 31 | 32 | if [ ! -f "$FILE" ]; then 33 | echo "::error::File $FILE not found." 34 | exit 1 35 | fi 36 | 37 | if ! grep -q '^\[tools\]' "$FILE"; then 38 | echo "::warning::[tools] section not found in $FILE." 39 | exit 1 40 | fi 41 | 42 | # Extract tools section from rust-toolchain.toml 43 | sed -n '/\[tools\]/,/^$/p' "$FILE" | grep -v '\[tools\]' | while read -r line; do 44 | # Extract tool name and clean it 45 | TOOL_NAME=${line%%=*} 46 | TOOL_NAME=${TOOL_NAME//[[:space:]]/} 47 | TOOL_NAME="${TOOL_NAME//$'\n'/}" 48 | 49 | # Extract tool version and clean it 50 | TOOL_VERSION=${line#*=} 51 | TOOL_VERSION=${TOOL_VERSION//[[:space:]]/} 52 | TOOL_VERSION=${TOOL_VERSION//\"/} 53 | TOOL_VERSION="${TOOL_VERSION//$'\n'/}" 54 | 55 | echo "" 56 | echo "##################################################################" 57 | echo "Installing $TOOL_NAME@$TOOL_VERSION" 58 | echo "##################################################################" 59 | echo "" 60 | 61 | # Attempt to binstall the tool first. If it fails, install it using cargo 62 | cargo binstall -y $TOOL_NAME --version $TOOL_VERSION || cargo install $TOOL_NAME --version $TOOL_VERSION 63 | done 64 | if: steps.tool-cache.outputs.cache-hit != 'true' 65 | -------------------------------------------------------------------------------- /.github/actions/submodule-release-updater/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Project Mu Submodule Release Updater GitHub Action 2 | 3 | This GitHub Action checks if new releases are available for submodules and creates pull requests to update 4 | them. A single pull request is opened per submodule. At this time, the action should only be used within 5 | Project Mu repositories. 6 | 7 | ## How to Use 8 | 9 | 1. Create a GitHub workflow in a repository 10 | 2. Add this GitHub Action as a step to the workflow 11 | 3. Configure the workflow to trigger as desired 12 | - It is recommended to trigger the workflow on a schedule (e.g. daily) to check for new releases. 13 | 14 | ### Example Workflow 15 | 16 | ```yaml 17 | name: Update Submodules to Latest Release 18 | 19 | on: 20 | schedule: 21 | - cron: '0 0 * * MON' # https://crontab.guru/every-monday 22 | 23 | jobs: 24 | repo_submodule_update: 25 | name: Check for Submodule Releases 26 | runs-on: ubuntu-latest 27 | 28 | steps: 29 | - name: Update Submodules to Latest Release 30 | uses: microsoft/mu_devops/.github/actions/submodule-release-updater@v2.4.0 31 | with: 32 | GH_PAT: ${{ secrets.SUBMODULE_UPDATER_TOKEN }} 33 | GH_USER: "Add GitHub account username here" 34 | GIT_EMAIL: "Add email address here" 35 | GIT_NAME: "Add git author name here" 36 | 37 | ``` 38 | 39 | ## Action Inputs 40 | 41 | - `GH_PAT` - **Required** - GitHub Personal Access Token (PAT) with `repo` scope 42 | - `GH_USER` - **Required** - GitHub username 43 | - `GIT_EMAIL` - **Required** - Email address to use for git commits 44 | - `GIT_NAME` - **Required** - Name to use for git commits 45 | 46 | ## Action Outputs 47 | 48 | - `submodule-update-count` - Number of submodules updated. `0` if no submodules were updated. 49 | 50 | ## Limitations 51 | 52 | - This action is only intended to work within Project Mu repositories. 53 | - This action only supports repositories hosted on GitHub. 54 | - This action only updates submodules that are hosted on GitHub. 55 | - This action is only intended to work with submodules that use [semantic versioning](https://semver.org/). 56 | - Submodules should already be set to a specific release before enabling this action. 57 | - This allows the action to compare new versions to the current version. 58 | - This action does not automatically close stale PRs when a new release is available. 59 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Dependabot configuration file to enable GitHub services for managing and updating 3 | # dependencies. 4 | # 5 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 6 | # instead of the file in this repo. 7 | # 8 | # This dependabot file is limited to syncing the following type of dependencies. Other files 9 | # are already available in Mu DevOps to sync other dependency types. 10 | # - Rust Crate Dependencies (`cargo`) 11 | # - GitHub Actions (`github-actions`) 12 | # - Python PIP Modules (`pip`) 13 | # 14 | # Dependabot does not update the microsoft/mu_devops version because that is updated once in mu_devops 15 | # and then synced to all repos when the file sync occurs. 16 | # 17 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 18 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 19 | # 20 | # Copyright (c) Microsoft Corporation. 21 | # SPDX-License-Identifier: BSD-2-Clause-Patent 22 | # 23 | # Please see the documentation for all dependabot configuration options: 24 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 25 | ## 26 | 27 | version: 2 28 | 29 | updates: 30 | - package-ecosystem: "cargo" 31 | directory: "/" 32 | schedule: 33 | interval: "weekly" 34 | day: "monday" 35 | timezone: "America/Los_Angeles" 36 | time: "03:00" 37 | commit-message: 38 | prefix: "Rust Dependency" 39 | labels: 40 | - "type:dependencies" 41 | - "type:dependabot" 42 | rebase-strategy: "disabled" 43 | 44 | - package-ecosystem: "github-actions" 45 | directory: "/" 46 | schedule: 47 | interval: "weekly" 48 | day: "monday" 49 | timezone: "America/Los_Angeles" 50 | time: "06:00" 51 | ignore: 52 | - dependency-name: "microsoft/mu_devops" 53 | commit-message: 54 | prefix: "GitHub Action" 55 | labels: 56 | - "type:dependencies" 57 | - "type:dependabot" 58 | rebase-strategy: "disabled" 59 | 60 | - package-ecosystem: "pip" 61 | directory: "/" 62 | schedule: 63 | interval: "weekly" 64 | day: "wednesday" 65 | timezone: "America/Los_Angeles" 66 | time: "01:00" 67 | commit-message: 68 | prefix: "pip" 69 | labels: 70 | - "language:python" 71 | - "type:dependencies" 72 | - "type:dependabot" 73 | rebase-strategy: "disabled" 74 | -------------------------------------------------------------------------------- /.github/release-draft-config.yml: -------------------------------------------------------------------------------- 1 | # Defines the configuration used for drafting new releases. 2 | # 3 | # IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. 4 | # 5 | # NOTE: `semver:major`, `semver:minor`, and `semver:patch` can be used to force that 6 | # version to roll regardless of other labels. 7 | # 8 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 9 | # instead of the file in this repo. 10 | # 11 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 12 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 13 | # 14 | # Copyright (c) Microsoft Corporation. 15 | # SPDX-License-Identifier: BSD-2-Clause-Patent 16 | # 17 | # For more information, see: 18 | # https://github.com/release-drafter/release-drafter 19 | 20 | name-template: 'v$RESOLVED_VERSION' 21 | tag-template: 'v$RESOLVED_VERSION' 22 | 23 | 24 | template: | 25 | # What's Changed 26 | 27 | $CHANGES 28 | 29 | **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION 30 | 31 | categories: 32 | - title: '⚠️ Breaking Changes' 33 | labels: 34 | - 'impact:breaking-change' 35 | - title: '🚀 Features & ✨ Enhancements' 36 | labels: 37 | - 'type:design-change' 38 | - 'type:enhancement' 39 | - 'type:feature-request' 40 | - title: '🐛 Bug Fixes' 41 | labels: 42 | - 'type:bug' 43 | - title: '🔐 Security Impacting' 44 | labels: 45 | - 'impact:security' 46 | - title: '📖 Documentation Updates' 47 | labels: 48 | - 'type:documentation' 49 | - title: '🛠️ Submodule Updates' 50 | labels: 51 | - 'type:submodules' 52 | 53 | change-template: >- 54 | 68 | 69 | change-title-escapes: '\<*_&@' # Note: @ is added to disable mentions 70 | 71 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. 72 | version-resolver: 73 | major: 74 | labels: 75 | - 'impact:breaking-change' 76 | - 'semver:major' 77 | minor: 78 | labels: 79 | - 'semver:minor' 80 | - 'type:design-change' 81 | - 'type:enhancement' 82 | - 'type:feature-request' 83 | patch: 84 | labels: 85 | - 'impact:non-functional' 86 | - 'semver:patch' 87 | - 'type:bug' 88 | - 'type:documentation' 89 | default: patch 90 | 91 | exclude-labels: 92 | - 'type:dependabot' 93 | - 'type:file-sync' 94 | - 'type:notes' 95 | - 'type:question' 96 | 97 | exclude-contributors: 98 | - 'uefibot' 99 | -------------------------------------------------------------------------------- /.github/workflows/Build-Containers.yml: -------------------------------------------------------------------------------- 1 | # GitHub Action Workflow for building the Project MU docker images. 2 | # 3 | # SPDX-License-Identifier: BSD-2-Clause-Patent 4 | # 5 | 6 | name: "Build Containers" 7 | 8 | # 9 | # This workflow only runs (on the main branch or on PRs targeted 10 | # at the main branch) and if a dockerfile was edited. Pull request images will 11 | # not be pushed to the repository. 12 | # 13 | on: 14 | workflow_dispatch: 15 | push: 16 | branches: 17 | - main 18 | paths: 19 | - ".sync/Version.njk" 20 | - "Containers/**/Dockerfile" 21 | pull_request: 22 | branches: 23 | - main 24 | paths: 25 | - ".sync/Version.njk" 26 | - "Containers/**/Dockerfile" 27 | 28 | jobs: 29 | build-and-push-image: 30 | runs-on: ubuntu-latest 31 | permissions: 32 | contents: read 33 | packages: write 34 | strategy: 35 | fail-fast: false 36 | matrix: 37 | include: 38 | - image_name: "Ubuntu-24" 39 | sub_images: "dev test build" 40 | - image_name: "Ubuntu-22" 41 | sub_images: "dev test build" 42 | env: 43 | REGISTRY: ghcr.io 44 | REPOSITORY: ${{ github.repository }} 45 | IMAGE_NAME: ${{ matrix.image_name }} 46 | SUB_IMAGES: ${{ matrix.sub_images }} 47 | steps: 48 | - name: Checkout repository 49 | uses: actions/checkout@v4 50 | - name: Log in to the Container registry 51 | uses: docker/login-action@v3 52 | with: 53 | registry: ${{ env.REGISTRY }} 54 | username: ${{ github.actor }} 55 | password: ${{ secrets.GITHUB_TOKEN }} 56 | 57 | - name: Set tag 58 | run: echo "short_sha=$(git rev-parse --short $GITHUB_SHA)" >> $GITHUB_ENV 59 | shell: bash 60 | 61 | - uses: dorny/paths-filter@v3 62 | id: changes 63 | with: 64 | filters: | 65 | dockerfile: 66 | - 'Containers/${{ matrix.image_name }}/Dockerfile' 67 | 68 | - name: Build 69 | if: steps.changes.outputs.dockerfile == 'true' 70 | run: | 71 | cd "Containers/${IMAGE_NAME}" 72 | for sub in $SUB_IMAGES; do 73 | IMG=$(tr '[:upper:]' '[:lower:]' <<< "${REGISTRY}/${REPOSITORY}/${IMAGE_NAME}-${sub}") 74 | echo "Building Image: ${IMG}:${short_sha}..." 75 | docker build --target "${sub}" --tag "${IMG}:${short_sha}" -f Dockerfile . 76 | done 77 | docker images 78 | shell: bash 79 | 80 | - name: Push 81 | if: ${{ github.ref == 'refs/heads/main' && steps.changes.outputs.dockerfile == 'true' }} 82 | run: | 83 | for sub in $SUB_IMAGES; do 84 | IMG=$(tr '[:upper:]' '[:lower:]' <<< "${REGISTRY}/${REPOSITORY}/${IMAGE_NAME}-${sub}") 85 | echo "Pushing Image: ${IMG}:${short_sha}..." 86 | docker tag "${IMG}:${short_sha}" "${IMG}:latest" 87 | docker push "${IMG}:${short_sha}" 88 | docker push "${IMG}:latest" 89 | done 90 | shell: bash 91 | -------------------------------------------------------------------------------- /.github/workflows/CodeQl.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # GitHub action CodeQL reusable workflow file. 3 | # 4 | # Copyright (c) Microsoft Corporation. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | name: Mu DevOps CodeQL Workflow 9 | 10 | on: 11 | workflow_call: 12 | inputs: 13 | # Note: The caller can set a command to an empty string to skip that command 14 | setup_command: 15 | description: 'Stuart Setup command to use' 16 | default: '' 17 | required: false 18 | type: string 19 | update_command: 20 | description: 'Stuart Update command to use' 21 | default: 'stuart_update -c .pytool/CISettings.py' 22 | required: false 23 | type: string 24 | build_command: 25 | description: 'Stuart Build command to use' 26 | default: 'stuart_ci_build -c .pytool/CISettings.py' 27 | required: false 28 | type: string 29 | python_version: 30 | description: 'Python version to use in the workflow' 31 | default: '3.x' 32 | required: false 33 | type: string 34 | 35 | jobs: 36 | analyze: 37 | name: Analyze 38 | runs-on: ubuntu-latest 39 | permissions: 40 | actions: read 41 | contents: read 42 | security-events: write 43 | 44 | strategy: 45 | fail-fast: false 46 | matrix: 47 | language: [ 'cpp' ] 48 | # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] 49 | # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support 50 | 51 | steps: 52 | - name: Checkout Repository 53 | uses: actions/checkout@v4 54 | 55 | - name: Setup Python Version 56 | uses: actions/setup-python@v5 57 | with: 58 | python-version: ${{ inputs.python_version }} 59 | 60 | # Initializes the CodeQL tools for scanning. 61 | - name: Initialize CodeQL 62 | uses: github/codeql-action/init@v3 63 | with: 64 | languages: ${{ matrix.language }} 65 | # If you wish to specify custom queries, you can do so here or in a config file. 66 | # By default, queries listed here will override any specified in a config file. 67 | # Prefix the list here with "+" to use these queries and those in the config file. 68 | 69 | # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs 70 | # queries: security-extended,security-and-quality 71 | 72 | - name: 'Install/Upgrade pip Modules' 73 | run: pip install -r pip-requirements.txt --upgrade 74 | 75 | - name: 'Setup' 76 | if: "${{ inputs.setup_command != '' }}" 77 | run: ${{ inputs.setup_command }} 78 | 79 | - name: 'Update' 80 | if: "${{ inputs.update_command != '' }}" 81 | run: ${{ inputs.update_command }} 82 | 83 | - name: 'Build' 84 | if: "${{ inputs.build_command != '' }}" 85 | run: ${{ inputs.build_command }} 86 | 87 | - name: Perform CodeQL Analysis 88 | uses: github/codeql-action/analyze@v3 89 | -------------------------------------------------------------------------------- /.github/workflows/FileSyncer.yml: -------------------------------------------------------------------------------- 1 | # This workflow syncs files and directories from Mu DevOps to other 2 | # Project Mu repositories. 3 | # 4 | # Copyright (c) Microsoft Corporation. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | # 7 | # For more information, see: 8 | # https://github.com/BetaHuhn/repo-file-sync-action 9 | 10 | name: Sync Mu DevOps Files to Mu Repos 11 | 12 | on: 13 | schedule: 14 | # * is a special character in YAML so you have to quote this string 15 | # Run daily at 9am UTC - https://crontab.guru/#0_9_*_*_* 16 | - cron: '0 9 * * *' 17 | workflow_dispatch: 18 | 19 | jobs: 20 | sync: 21 | name: Repo File Sync 22 | runs-on: ubuntu-latest 23 | 24 | permissions: 25 | contents: write 26 | pull-requests: write 27 | actions: write 28 | 29 | steps: 30 | - name: Checkout Repository 31 | uses: actions/checkout@v4 32 | 33 | - name: Generate Token 34 | id: app-token 35 | uses: actions/create-github-app-token@v2 36 | with: 37 | app-id: ${{ vars.MU_ACCESS_APP_ID }} 38 | private-key: ${{ secrets.MU_ACCESS_APP_PRIVATE_KEY }} 39 | owner: ${{ github.repository_owner }} 40 | 41 | - name: Run GitHub File Sync 42 | uses: BetaHuhn/repo-file-sync-action@v1 43 | with: 44 | COMMIT_AS_PR_TITLE: true 45 | COMMIT_BODY: "Signed-off-by: Project Mu UEFI Bot " 46 | COMMIT_EACH_FILE: false 47 | COMMIT_PREFIX: "Repo File Sync:" 48 | CONFIG_PATH: .sync/Files.yml 49 | DRY_RUN: false 50 | FORK: false 51 | GH_INSTALLATION_TOKEN: ${{ steps.app-token.outputs.token }} 52 | GIT_EMAIL: uefibot@microsoft.com 53 | GIT_USERNAME: uefibot 54 | ORIGINAL_MESSAGE: true 55 | OVERWRITE_EXISTING_PR: true 56 | PR_BODY: | 57 | 🤖: View the [Repo File Sync Configuration File](https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml) to see how files are synced. 58 | PR_LABELS: type:file-sync 59 | SKIP_PR: false 60 | -------------------------------------------------------------------------------- /.github/workflows/IssueAssignment.yml: -------------------------------------------------------------------------------- 1 | # This reusable workflow provides actions that should be applied when an issue is assigned. 2 | # 3 | # NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made 4 | # in the common/reusable workflow. 5 | # 6 | # Copyright (c) Microsoft Corporation. 7 | # SPDX-License-Identifier: BSD-2-Clause-Patent 8 | 9 | name: React to Issue Assignment 10 | 11 | on: 12 | workflow_call: 13 | 14 | jobs: 15 | adjust-labels: 16 | name: Adjust Issue Labels 17 | runs-on: ubuntu-latest 18 | 19 | permissions: 20 | contents: read 21 | issues: write 22 | 23 | steps: 24 | - uses: actions/checkout@v4 25 | 26 | - name: Remove Labels 27 | env: 28 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 29 | run: | 30 | # All labels here will be removed if present in the issue 31 | LABELS_TO_REMOVE=("state:needs-owner") 32 | 33 | # Gather issue context information 34 | ISSUE_NUMBER=$(jq --raw-output .issue.number "$GITHUB_EVENT_PATH") 35 | OWNER=$(jq --raw-output .repository.owner.login "$GITHUB_EVENT_PATH") 36 | REPO=$(jq --raw-output .repository.name "$GITHUB_EVENT_PATH") 37 | LABELS=$(curl -s \ 38 | -H "Accept: application/vnd.github+json" \ 39 | -H "Authorization: Bearer $GITHUB_TOKEN" \ 40 | -H "X-GitHub-Api-Version: 2022-11-28" \ 41 | https://api.github.com/repos/$OWNER/$REPO/issues/$ISSUE_NUMBER/labels | jq -r '.[].name') 42 | 43 | # Remove labels 44 | for LABEL in "${LABELS_TO_REMOVE[@]}"; do 45 | if echo "$LABELS" | grep -q "$LABEL"; then 46 | curl -X DELETE \ 47 | -s \ 48 | -H "Accept: application/vnd.github+json" \ 49 | -H "Authorization: Bearer $GITHUB_TOKEN" \ 50 | -H "X-GitHub-Api-Version: 2022-11-28" \ 51 | https://api.github.com/repos/$OWNER/$REPO/issues/$ISSUE_NUMBER/labels/"$LABEL" > /dev/null 52 | echo "$LABEL removed from issue #$ISSUE_NUMBER" 53 | else 54 | echo "$LABEL not found on issue #$ISSUE_NUMBER" 55 | fi 56 | done 57 | -------------------------------------------------------------------------------- /.github/workflows/IssueTriager.yml: -------------------------------------------------------------------------------- 1 | # This workflow assists with initial triage of new issues by applying 2 | # labels based on data provided in the issue. 3 | # 4 | # Configuration file that maps issue form input values to labels: 5 | # advanced-issue-labeler.yml 6 | # 7 | # Copyright (c) Microsoft Corporation. 8 | # SPDX-License-Identifier: BSD-2-Clause-Patent 9 | # 10 | # For more information, see: 11 | # https://github.com/stefanbuck/github-issue-parser 12 | # https://github.com/redhat-plumbers-in-action/advanced-issue-labeler 13 | 14 | name: Issue Triage Workflow 15 | 16 | on: 17 | workflow_call: 18 | 19 | jobs: 20 | triage_issues: 21 | name: Triage Issues 22 | runs-on: ubuntu-latest 23 | 24 | strategy: 25 | matrix: 26 | template: [ bug_report.yml, documentation_request.yml, feature_request.yml ] 27 | 28 | permissions: 29 | issues: write 30 | 31 | steps: 32 | - uses: actions/checkout@v4 33 | 34 | - name: Parse Issue Form 35 | uses: stefanbuck/github-issue-parser@v3 36 | id: issue-parser 37 | with: 38 | issue-body: ${{ github.event.issue.body }} 39 | template-path: .github/ISSUE_TEMPLATE/${{ matrix.template }} 40 | 41 | - name: Apply Labels from Triage 42 | uses: redhat-plumbers-in-action/advanced-issue-labeler@v2 43 | with: 44 | issue-form: ${{ steps.issue-parser.outputs.jsonString }} 45 | template: ${{ matrix.template }} 46 | token: ${{ secrets.GITHUB_TOKEN }} 47 | 48 | - name: Update Assignee 49 | env: 50 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 51 | FIX_OWNER: ${{ steps.issue-parser.outputs.issueparser_fix_owner }} 52 | run: | 53 | if [[ $FIX_OWNER == "I will fix it" ]] || [[ $FIX_OWNER == "I will make the change" ]] || [[ $FIX_OWNER == "I will implement the feature" ]] 54 | then 55 | gh issue edit ${{ github.event.issue.html_url }} --add-assignee ${{ github.event.issue.user.login }} 56 | fi 57 | -------------------------------------------------------------------------------- /.github/workflows/LabelSyncer.yml: -------------------------------------------------------------------------------- 1 | # This workflow syncs GitHub labels to the integrating repository. 2 | # 3 | # The labels are declaratively defined in .github/Labels.yml. 4 | # 5 | # Copyright (c) Microsoft Corporation. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | # 8 | # For more information, see: 9 | # https://github.com/EndBug/label-sync 10 | 11 | name: Mu DevOps Git Label Sync Workflow 12 | 13 | on: 14 | workflow_call: 15 | inputs: 16 | # Note: The caller can set a command to an empty string to skip that command 17 | local_config_file: 18 | description: 'Repo relative path to a repo-specific label config file' 19 | default: '' 20 | required: false 21 | type: string 22 | 23 | jobs: 24 | sync: 25 | name: Sync 26 | runs-on: ubuntu-latest 27 | 28 | permissions: 29 | issues: write 30 | 31 | steps: 32 | - name: Sync Labels 33 | uses: EndBug/label-sync@v2 34 | with: 35 | config-file: | 36 | https://raw.githubusercontent.com/microsoft/mu_devops/main/.github/Labels.yml 37 | ${{ inputs.local_config_file }} 38 | 39 | delete-other-labels: false 40 | -------------------------------------------------------------------------------- /.github/workflows/Labeler.yml: -------------------------------------------------------------------------------- 1 | # This workflow automatically applies labels to issues and pull requests 2 | # based on regular expression matches against the content in the issue 3 | # or pull request or file path pattern matches. 4 | # 5 | # The labels are declaratively defined in the following configuration files: 6 | # - File Path Patterns: .sync/workflows/config/label-issues/file-paths.yml 7 | # - Regular Expressions for Pull Requests: .sync/workflows/config/label-issues/regex-pull-requests.yml 8 | # 9 | # These will be mapped to the following directories in repos that use this reusable workflow: 10 | # - File Path Patterns: .github/workflows/label-issues/file-paths.yml 11 | # - Regular Expressions for Pull Requests: .github/workflows/label-issues/regex-pull-requests.yml 12 | # 13 | # Ideally, curl (or wget) could be used to grab the files from mu_devops in this workflow file and once on 14 | # the local runner, the file path could simply be passed to the actions. That is not currently possible as 15 | # the actions are hardcoded to use the GitHub REST API to get the files in the local repo. If that is fixed 16 | # (tracked in https://github.com/github/issue-labeler/issues/39) then that approach can be used. 17 | # 18 | # Copyright (c) Microsoft Corporation. 19 | # SPDX-License-Identifier: BSD-2-Clause-Patent 20 | # 21 | # For more information, see: 22 | # https://github.com/actions/labeler 23 | # https://github.com/github/issue-labeler 24 | 25 | name: Apply Labels Based on Message Content 26 | 27 | on: 28 | workflow_call: 29 | 30 | jobs: 31 | sync: 32 | name: Label Based on Messages 33 | runs-on: ubuntu-latest 34 | 35 | permissions: 36 | contents: read 37 | pull-requests: write 38 | 39 | steps: 40 | - name: Apply Labels Based on PR File Paths 41 | uses: actions/labeler@v4.3.0 42 | with: 43 | configuration-path: .github/workflows/label-issues/file-paths.yml 44 | repo-token: ${{ secrets.GITHUB_TOKEN }} 45 | sync-labels: true 46 | if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' 47 | 48 | - name: Apply PR Labels Based on Policies 49 | uses: srvaroa/labeler@v1.13.0 50 | with: 51 | config_path: .github/workflows/label-issues/regex-pull-requests.yml 52 | use_local_config: false 53 | fail_on_error: true 54 | env: 55 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 56 | if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' 57 | -------------------------------------------------------------------------------- /.github/workflows/ReleaseWorkflow.yml: -------------------------------------------------------------------------------- 1 | # @file ReleaseWorkflow.yml 2 | # 3 | # A reusable CI workflow that releases all crates in a repository. 4 | # 5 | ## 6 | # Copyright (c) Microsoft Corporation. 7 | # SPDX-License-Identifier: BSD-2-Clause-Patent 8 | ## 9 | name: Publish 10 | 11 | on: 12 | workflow_call: 13 | secrets: 14 | CRATES_IO_TOKEN: 15 | description: 'The token to use for authenticating with crates.io' 16 | required: true 17 | 18 | jobs: 19 | run: 20 | name: Publish 21 | 22 | runs-on: ubuntu-latest 23 | 24 | permissions: 25 | contents: write 26 | actions: read 27 | 28 | steps: 29 | - name: ✅ Checkout Repository ✅ 30 | uses: actions/checkout@v4 31 | 32 | - name: 🛠️ Download Rust Tools 🛠️ 33 | uses: microsoft/mu_devops/.github/actions/rust-tool-cache@main 34 | 35 | - name: Get Current Draft Release 36 | id: draft_release 37 | uses: actions/github-script@v7 38 | with: 39 | script: | 40 | const releases = await github.rest.repos.listReleases({ 41 | owner: context.repo.owner, 42 | repo: context.repo.repo, 43 | }); 44 | 45 | const draftReleaseList = releases.data.filter(release => release.draft); 46 | 47 | if (draftReleaseList.length === 0) { 48 | core.setFailed("No draft release found. Exiting with error."); 49 | } else if (draftReleaseList.length > 1) { 50 | core.setFailed("Multiple draft releases found. Exiting with error."); 51 | } else { 52 | const draftRelease = draftReleaseList[0]; 53 | 54 | let tag = draftRelease.tag_name; 55 | if (tag.startsWith('v')) { 56 | tag = tag.slice(1); 57 | } 58 | core.setOutput("id", draftRelease.id); 59 | core.setOutput("tag", tag); 60 | console.log(`Draft Release ID: ${draftRelease.id}`); 61 | console.log(`Draft Release Tag: ${tag}`); 62 | } 63 | 64 | - name: Cargo Release Dry Run 65 | run: cargo release ${{ steps.draft_release.outputs.tag }} --workspace 66 | env: 67 | RUSTC_BOOTSTRAP: 1 68 | 69 | - name: Login to Crates.io 70 | run: cargo login ${{ secrets.CRATES_IO_TOKEN }} 71 | 72 | - name: Update git credentials 73 | run: | 74 | git config --global user.name "github-actions[bot]" 75 | git config --global user.email "github-actions[bot]@users.noreply.github.com" 76 | 77 | - name: Cargo Release 78 | run: cargo release ${{ steps.draft_release.outputs.tag }} -x --no-tag --no-confirm --workspace 79 | env: 80 | RUSTC_BOOTSTRAP: 1 81 | 82 | - name: Wait for Release Draft Updater 83 | uses: actions/github-script@v7 84 | with: 85 | script: | 86 | const workflowId = "release-draft.yml"; 87 | const ref = "main"; 88 | const owner = context.repo.owner; 89 | const repo = context.repo.repo; 90 | 91 | // Try for 10 minutes. It should only take a few seconds 92 | let maxAttempts = 40; 93 | let attempt = 0; 94 | let completed = false 95 | 96 | while (attempt < maxAttempts && !completed) { 97 | await new Promise(resolve => setTimeout(resolve, 15000)); 98 | const runs = await github.rest.actions.listWorkflowRuns({ 99 | owner, 100 | repo, 101 | workflow_id: workflowId, 102 | branch: ref, 103 | event: 'push', 104 | status: 'in_progress', 105 | }); 106 | 107 | if (runs.data.workflow_runs.length === 0) { 108 | completed = true; 109 | } else { 110 | attempt++; 111 | } 112 | } 113 | 114 | if (!completed) { 115 | core.setFailed("Release Drafter did not complete in time. Please perform the release manually."); 116 | } 117 | 118 | - name: Publish Release 119 | uses: actions/github-script@v7 120 | with: 121 | script: | 122 | const releaseId = ${{ steps.draft_release.outputs.id }}; 123 | 124 | const response = await github.rest.repos.updateRelease({ 125 | owner: context.repo.owner, 126 | repo: context.repo.repo, 127 | release_id: releaseId, 128 | draft: false, 129 | }); 130 | 131 | if (response.status !== 200) { 132 | core.setFailed(`Failed to publish release. Exiting with error.`); 133 | } 134 | -------------------------------------------------------------------------------- /.github/workflows/Stale.yml: -------------------------------------------------------------------------------- 1 | # This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. 2 | # 3 | # Copyright (c) Microsoft Corporation. 4 | # SPDX-License-Identifier: BSD-2-Clause-Patent 5 | # 6 | # You can adjust the behavior by modifying this file. 7 | # For more information, see: 8 | # https://github.com/actions/stale 9 | 10 | name: Mu DevOps Stale Issue and PR Workflow 11 | 12 | on: 13 | workflow_call: 14 | inputs: 15 | # Note: It is recommended to use the default value for consistency across Mu repos. 16 | # However, values can be customized by workflow callers if needed. 17 | days-before-issue-stale: 18 | description: 'Override days-before-stale for issues only' 19 | default: 45 20 | required: false 21 | type: number 22 | days-before-pr-stale: 23 | description: 'Override days-before-stale for PRs only' 24 | default: 60 25 | required: false 26 | type: number 27 | days-before-issue-close: 28 | description: 'Idle number of days before closing stale issues' 29 | default: 7 30 | required: false 31 | type: number 32 | days-before-pr-close: 33 | description: 'Idle number of days before closing stale PRs' 34 | default: 7 35 | required: false 36 | type: number 37 | stale-issue-message: 38 | description: 'Comment made on stale issues' 39 | default: > 40 | This issue has been automatically marked as stale because it has not had 41 | activity in 45 days. It will be closed if no further activity occurs within 42 | 7 days. Thank you for your contributions. 43 | required: false 44 | type: string 45 | stale-pr-message: 46 | description: 'Comment made on stale PRs' 47 | default: > 48 | This PR has been automatically marked as stale because it has not had 49 | activity in 60 days. It will be closed if no further activity occurs within 50 | 7 days. Thank you for your contributions. 51 | required: false 52 | type: string 53 | close-issue-message: 54 | description: 'Comment made on stale issues when closed' 55 | default: > 56 | This issue has been automatically been closed because it did not have any 57 | activity in 45 days and no follow up within 7 days after being marked stale. 58 | Thank you for your contributions. 59 | required: false 60 | type: string 61 | close-pr-message: 62 | description: 'Comment made on stale PRs when closed' 63 | default: > 64 | This pull request has been automatically been closed because it did not have any 65 | activity in 60 days and no follow up within 7 days after being marked stale. 66 | Thank you for your contributions. 67 | required: false 68 | type: string 69 | 70 | jobs: 71 | stale: 72 | name: Stale 73 | runs-on: ubuntu-latest 74 | permissions: 75 | issues: write 76 | pull-requests: write 77 | 78 | steps: 79 | - name: Check for Stale Items 80 | uses: actions/stale@v9 81 | with: 82 | days-before-issue-stale: ${{ inputs.days-before-issue-stale }} 83 | days-before-pr-stale: ${{ inputs.days-before-pr-stale }} 84 | days-before-issue-close: ${{ inputs.days-before-issue-close }} 85 | days-before-pr-close: ${{ inputs.days-before-pr-close }} 86 | stale-issue-message: ${{ inputs.stale-issue-message }} 87 | stale-pr-message: ${{ inputs.stale-pr-message }} 88 | close-issue-message: ${{ inputs.close-issue-message }} 89 | close-pr-message: ${{ inputs.close-pr-message }} 90 | stale-issue-label: 'state:stale' 91 | stale-pr-label: 'state:stale' 92 | exempt-issue-labels: 'impact:security,state:backlog,state:under-discussion' 93 | exempt-pr-labels: 'impact:security,state:backlog,state:under-discussion' 94 | -------------------------------------------------------------------------------- /.github/workflows/label-sync.yml: -------------------------------------------------------------------------------- 1 | # This workflow syncs GitHub labels to the common set of labels defined in Mu DevOps. 2 | # 3 | # All repos should sync at the same time. 4 | # '0 0,12 * * *'' 5 | # 6 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 7 | # instead of the file in this repo. 8 | # 9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 11 | # 12 | # Copyright (c) Microsoft Corporation. 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | # 15 | 16 | name: Sync GitHub Labels 17 | 18 | on: 19 | schedule: 20 | # At minute 0 past hour 0 and 12 21 | # https://crontab.guru/#0_0,12_*_*_* 22 | - cron: '0 0,12 * * *' 23 | workflow_dispatch: 24 | 25 | jobs: 26 | sync: 27 | 28 | permissions: 29 | issues: write 30 | 31 | uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v15.0.1 32 | -------------------------------------------------------------------------------- /.github/workflows/pull-request-formatting-validator.yml: -------------------------------------------------------------------------------- 1 | # This workflow validates basic pull request formatting requirements are met. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | name: Validate Pull Request Formatting 14 | 15 | on: 16 | pull_request_target: 17 | types: 18 | - edited 19 | - opened 20 | - reopened 21 | - synchronize 22 | 23 | jobs: 24 | validate_pr: 25 | runs-on: ubuntu-latest 26 | 27 | permissions: 28 | contents: read 29 | pull-requests: write 30 | 31 | steps: 32 | - run: | 33 | prTitle="$(gh api graphql -F owner=$OWNER -F name=$REPO -F pr_number=$PR_NUMBER -f query=' 34 | query($name: String!, $owner: String!, $pr_number: Int!) { 35 | repository(owner: $owner, name: $name) { 36 | pullRequest(number: $pr_number) { 37 | title 38 | } 39 | } 40 | }')" 41 | 42 | if [[ "${prTitle}" == *"Personal/"* ]]; then 43 | gh pr comment $PR_URL --body "⚠️ Please add a meaningful PR title (remove the 'Personal/' prefix from the title)." 44 | echo 'VALIDATION_ERROR=true' >> $GITHUB_ENV 45 | fi 46 | 47 | env: 48 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 49 | OWNER: ${{ github.repository_owner }} 50 | PR_NUMBER: ${{ github.event.number }} 51 | PR_URL: ${{ github.event.pull_request.html_url }} 52 | REPO: ${{ github.event.repository.name }} 53 | 54 | - name: Check for Validation Errors 55 | if: env.VALIDATION_ERROR 56 | uses: actions/github-script@v7 57 | with: 58 | script: | 59 | core.setFailed('PR Formatting Validation Check Failed!') 60 | -------------------------------------------------------------------------------- /.github/workflows/release-draft.yml: -------------------------------------------------------------------------------- 1 | # This workflow automatically drafts new project releases so it is obvious 2 | # what a current release will look like at any time. 3 | # 4 | # It takes advantage of the labels used in Project Mu to automatically categorize 5 | # the types of changes in a given release. In addition, the semantic version of 6 | # the code is constantly maintained based on Project Mu label conventions to ensure 7 | # semantic versioning is followed and a release version is always ready. 8 | # 9 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 10 | # instead of the file in this repo. 11 | # 12 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 13 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 14 | # 15 | # Copyright (c) Microsoft Corporation. 16 | # SPDX-License-Identifier: BSD-2-Clause-Patent 17 | # 18 | # For more information, see: 19 | # https://github.com/release-drafter/release-drafter 20 | 21 | name: Update Release Draft 22 | 23 | on: 24 | push: 25 | branches: 26 | - main 27 | 28 | jobs: 29 | draft: 30 | name: Draft Releases 31 | 32 | permissions: 33 | contents: write 34 | pull-requests: write 35 | 36 | uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v15.0.1 37 | secrets: inherit 38 | -------------------------------------------------------------------------------- /.github/workflows/scheduled-maintenance.yml: -------------------------------------------------------------------------------- 1 | # This workflow performs scheduled maintenance tasks. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # NOTE: This file uses reusable workflows. Do not make changes to the file that should be made 7 | # in the common/reusable workflows. 8 | # 9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 11 | # 12 | # Copyright (c) Microsoft Corporation. 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | # 15 | 16 | name: Scheduled Maintenance 17 | 18 | on: 19 | schedule: 20 | # * is a special character in YAML so you have to quote this string 21 | # Run every hour - https://crontab.guru/#0_*_*_*_* 22 | - cron: '0 * * * *' 23 | 24 | jobs: 25 | repo_cleanup: 26 | runs-on: ubuntu-latest 27 | 28 | permissions: 29 | pull-requests: write 30 | issues: write 31 | 32 | steps: 33 | - name: Get Repository Info 34 | run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV 35 | 36 | - name: Prune Won't Fix Pull Requests 37 | env: 38 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 39 | REPOSITORY: ${{ env.REPOSITORY_NAME }} 40 | run: | 41 | gh api \ 42 | -H "Accept: application/vnd.github+json" \ 43 | /repos/microsoft/${REPOSITORY}/pulls | jq -r '.[]' | jq -rc '.html_url,.labels' | \ 44 | while read -r html_url ; do 45 | read -r labels 46 | if [[ $labels == *"state:wont-fix"* ]]; then 47 | gh pr close $html_url -c "Closed due to being marked as wont fix" --delete-branch 48 | fi 49 | done 50 | 51 | - name: Prune Won't Fix Issues 52 | env: 53 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 54 | REPOSITORY: ${{ env.REPOSITORY_NAME }} 55 | run: | 56 | gh api \ 57 | -H "Accept: application/vnd.github+json" \ 58 | /repos/microsoft/${REPOSITORY}/issues | jq -r '.[]' | jq -rc '.html_url,.labels' | \ 59 | while read -r html_url ; do 60 | read -r labels 61 | if [[ $labels == *"state:wont-fix"* ]]; then 62 | gh issue close $html_url -c "Closed due to being marked as wont fix" -r "not planned" 63 | fi 64 | done 65 | -------------------------------------------------------------------------------- /.github/workflows/stale-leaf.yml: -------------------------------------------------------------------------------- 1 | # This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | # You can adjust the behavior by modifying this file. 13 | # For more information, see: 14 | # https://github.com/actions/stale 15 | 16 | name: Check for Stale Issues and Pull Requests 17 | 18 | on: 19 | schedule: 20 | # At 23:35 on every day-of-week from Sunday through Saturday 21 | # https://crontab.guru/#35_23_*_*_0-6 22 | - cron: '35 23 * * 0-6' 23 | workflow_dispatch: 24 | 25 | jobs: 26 | check: 27 | 28 | permissions: 29 | issues: write 30 | pull-requests: write 31 | 32 | uses: microsoft/mu_devops/.github/workflows/Stale.yml@v15.0.1 33 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /Build/ 2 | .DS_Store 3 | *_extdep/ 4 | *.pyc 5 | __pycache__/ 6 | *.bak 7 | BuildConfig.conf 8 | /Conf/ 9 | settings.json 10 | -------------------------------------------------------------------------------- /.markdownlint.yaml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # markdownlint configuration 3 | # 4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 5 | # instead of the file in this repo. 6 | # 7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 9 | # 10 | # Copyright (c) Microsoft Corporation. 11 | # SPDX-License-Identifier: BSD-2-Clause-Patent 12 | ## 13 | 14 | # Rules can be found here: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md 15 | # Config info: https://github.com/DavidAnson/markdownlint#configuration 16 | 17 | { 18 | "default": true, 19 | "MD013": {"line_length": 120, "code_blocks": false, "tables": false}, 20 | "MD033": {"allowed_elements": ["br"]} 21 | } 22 | -------------------------------------------------------------------------------- /.sync/ReadMe.rst: -------------------------------------------------------------------------------- 1 | =============================== 2 | Project Mu File Synchronization 3 | =============================== 4 | 5 | This directory contains files that are synchronized to Project Mu repositories. 6 | 7 | :: 8 | 9 | Note: Any files that are not synchronized should not be added in this directory. 10 | 11 | Why? 12 | ---- 13 | 14 | - To automatically keep all repos up-to-date. 15 | - To ensure consistency of file content across repos. 16 | - To centralize content for files that need to be local to a repo (e.g. a GitHub action) but contain the same content 17 | across more than one Project Mu repo. 18 | - To minimize developer time to push file changes across repos. 19 | 20 | When? 21 | ----- 22 | 23 | - Anytime a file in this directory (`/.sync`_) is updated 24 | - Anytime the workflow that synchronizes files is updated (`/.github/workflows/FileSyncer.yml`_) 25 | - `Manually`_ 26 | 27 | .. _/.github/workflows/FileSyncer.yml: https://github.com/microsoft/mu_devops/blob/main/.github/workflows/FileSyncer.yml 28 | .. _/.sync: https://github.com/microsoft/mu_devops/blob/main/.sync/ 29 | .. _Manually: https://github.com/microsoft/mu_devops/actions/workflows/FileSyncer.yml 30 | 31 | How to Configure File Syncing 32 | ----------------------------- 33 | 34 | All of the file synchronization settings are maintained in the `/.sync/Files.yml`_ configuration file. Refer to the file 35 | to see the current synchronization settings and to modify settings. 36 | 37 | Any resource versions that might be substituted into files during the sync process are defined in `/.sync/Version.njk`. 38 | 39 | .. _/.sync/Files.yml: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 40 | -------------------------------------------------------------------------------- /.sync/Version.njk: -------------------------------------------------------------------------------- 1 | {# 2 | Mu DevOps Dependency Version Control 3 | 4 | ===================================================================================================================== 5 | About 6 | ===================================================================================================================== 7 | This file centralizes definitions of versions placed into files synced from Mu DevOps to other repos before the 8 | files are synced. 9 | 10 | ===================================================================================================================== 11 | `mu_devops` Example: 12 | ===================================================================================================================== 13 | `mu_devops` defines the git tag value of Mu DevOps that will be synced (via file sync) to repos that depend on this 14 | repo. More simply, this updates the version of Mu DevOps used across all Project Mu repos. 15 | 16 | Example flow: 17 | 1. Make a new Mu DevOps release (e.g. "v1.0.0") 18 | 2. Update this file to set `mu_devops` to "v1.0.0" 19 | 20 | Step (2) causes the following automated actions to take place after the change is merged: 21 | 1. All sync files (e.g. an Azure Pipeline file) that depend on this version get the new value substituted 22 | 2. All sync files with the substituted value are synced to their respective repos (PRs created with the change) 23 | 3. After the PRs in those repos are merged, they use the new version of Mu DevOps 24 | 25 | --------------------------------------------------------------------------------------------------------------------- 26 | Note: This file is not actually synced. It controls the version used in other files that are synced. 27 | 28 | Copyright (c) Microsoft Corporation. 29 | SPDX-License-Identifier: BSD-2-Clause-Patent 30 | #} 31 | 32 | {# The git ref value that files dependent on this repo will use. #} 33 | {% set mu_devops = "v15.0.1" %} 34 | 35 | {# The latest Project Mu release branch value. #} 36 | {% set latest_mu_release_branch = "release/202502" %} 37 | {% set previous_mu_release_branch = "release/202405" %} 38 | 39 | {# The version of the ubuntu-24-build container to use. #} 40 | {% set linux_build_container = "ghcr.io/microsoft/mu_devops/ubuntu-24-build:68fa63a" %} 41 | 42 | {# The Python version to use. #} 43 | {% set python_version = "3.12" %} 44 | 45 | {# The Rust toolchain version to use. #} 46 | {% set rust_toolchain = "1.85.0" %} 47 | 48 | {# Rust tool versions. #} 49 | {% set cargo_make = "0.37.24" %} 50 | {% set cargo_tarpaulin = "0.31.5" %} 51 | {% set cargo_release = "0.25.12" %} 52 | -------------------------------------------------------------------------------- /.sync/azure_pipelines/MuDevOpsWrapper.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipeline build file for a build using mu_devops. 3 | # 4 | # To upload coverage results, set `coverage_upload_target` to `ado` or `codecov`. 5 | # 6 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 7 | # instead of the file in this repo. 8 | # 9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 11 | # 12 | # Copyright (c) Microsoft Corporation. 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | ## 15 | 16 | {% import '../Version.njk' as sync_version -%} 17 | 18 | resources: 19 | repositories: 20 | - repository: mu_devops 21 | type: github 22 | endpoint: microsoft 23 | name: microsoft/mu_devops 24 | ref: refs/tags/{{ sync_version.mu_devops }} 25 | 26 | parameters: 27 | - name: do_ci_build 28 | displayName: Perform Stuart CI Build 29 | type: boolean 30 | default: true 31 | - name: do_ci_setup 32 | displayName: Perform Stuart CI Setup 33 | type: boolean 34 | default: true 35 | - name: do_non_ci_build 36 | displayName: Perform non-CI Stuart Build 37 | type: boolean 38 | default: false 39 | - name: do_non_ci_setup 40 | displayName: Perform non-CI Stuart Setup 41 | type: boolean 42 | default: false 43 | - name: do_pr_eval 44 | displayName: Perform Stuart PR Evaluation 45 | type: boolean 46 | default: true 47 | - name: container_build 48 | displayName: Flag for whether this repo should do stuart_setup 49 | type: boolean 50 | default: false 51 | - name: os_type 52 | displayName: OS type on the self-hosted agent pools 53 | type: string 54 | values: 55 | - Windows_NT 56 | - Linux 57 | default: Windows_NT 58 | - name: build_matrix 59 | displayName: Build matrix for this repository 60 | type: object 61 | - name: pool_name 62 | displayName: Variable name that hosts pool name to be used for self-hosted agents 63 | type: string 64 | default: pool_name 65 | - name: extra_install_step 66 | displayName: Extra Install Steps 67 | type: stepList 68 | default: 69 | - script: echo No extra steps provided 70 | - name: extra_jobs 71 | displayName: Extra Jobs to be run after build 72 | type: jobList 73 | default: [] 74 | - name: rust_build 75 | displayName: Whether Rust code is being built 76 | type: boolean 77 | default: false 78 | - name: extra_cargo_steps 79 | displayName: Extra Steps to Run Before Standard Cargo Steps 80 | type: stepList 81 | default: 82 | - script: echo No extra cargo steps provided 83 | 84 | jobs: 85 | - template: Jobs/PrGate.yml@mu_devops 86 | parameters: 87 | linux_container_image: {{ sync_version.linux_build_container }} 88 | {% raw %} 89 | ${{ if eq(parameters.rust_build, true) }}: 90 | linux_container_options: --security-opt seccomp=unconfined 91 | do_ci_build: ${{ parameters.do_ci_build }} 92 | do_ci_setup: ${{ parameters.do_ci_setup }} 93 | do_pr_eval: ${{ parameters.do_pr_eval }} 94 | do_non_ci_setup: ${{ parameters.do_non_ci_setup }} 95 | do_non_ci_build: ${{ parameters.do_non_ci_build }} 96 | build_matrix: ${{ parameters.build_matrix }} 97 | os_type: ${{ parameters.os_type }} 98 | pool_name: ${{ parameters.pool_name }} 99 | extra_install_step: ${{ parameters.extra_install_step }} 100 | tool_chain_tag: $(tool_chain_tag) 101 | vm_image: $(vm_image) 102 | container_build: ${{ parameters.container_build }} 103 | rust_build: ${{ parameters.rust_build }} 104 | 105 | - ${{ if eq(parameters.rust_build, true) }}: 106 | - job: CargoCmds 107 | displayName: Workspace Cargo Commands 108 | 109 | container: 110 | {% endraw %} 111 | image: {{ sync_version.linux_build_container }} 112 | {% raw %} 113 | options: --user root --name mu_devops_build_container --security-opt seccomp=unconfined 114 | 115 | steps: 116 | - checkout: self 117 | fetchDepth: 1 118 | clean: true 119 | - ${{ parameters.extra_cargo_steps }} 120 | - template: Steps/RustCargoSteps.yml@mu_devops 121 | parameters: 122 | container_build: true 123 | 124 | - ${{ parameters.extra_jobs }} 125 | {% endraw %} 126 | -------------------------------------------------------------------------------- /.sync/azure_pipelines/RustSetupSteps.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step to run common Rust steps. 3 | # 4 | # Cargo should be installed on the system prior to invoking this template. 5 | # 6 | # Copyright (c) Microsoft Corporation. All rights reserved. 7 | # SPDX-License-Identifier: BSD-2-Clause-Patent 8 | ## 9 | 10 | {% import '../Version.njk' as sync_version -%} 11 | 12 | {% raw %} 13 | # NOTE: Because this pipeline YAML file is a Nunjucks template, the pipeline syntax of `{{}}` will conflict with 14 | # Nunjucks style. Surround pipeline YAML code that uses `{{}}` within `raw` and `endraw` tags 15 | # to allow it to pass through Nunjucks processing. 16 | {% endraw %} 17 | 18 | steps: 19 | 20 | # Note: This uses a local lookup table as opposed to `rustc -vV` since this is a Rust setup 21 | # template that tries to minimize assumptions about Rust tools already on a system. 22 | - task: PythonScript@0 23 | displayName: Get Host Rust Target Triple 24 | inputs: 25 | scriptSource: inline 26 | workingDirectory: $(Agent.BuildDirectory) 27 | script: | 28 | import os 29 | import platform 30 | 31 | system = platform.system() 32 | arch = platform.machine() 33 | 34 | rust_targets = { 35 | ('Windows', 'x86_64'): 'x86_64-pc-windows-msvc', 36 | ('Windows', 'AMD64'): 'x86_64-pc-windows-msvc', 37 | ('Windows', 'i386'): 'i686-pc-windows-msvc', 38 | ('Windows', 'i686'): 'i686-pc-windows-msvc', 39 | ('Linux', 'x86_64'): 'x86_64-unknown-linux-gnu', 40 | ('Linux', 'AMD64'): 'x86_64-unknown-linux-gnu', 41 | ('Linux', 'aarch64'): 'aarch64-unknown-linux-gnu', 42 | ('Linux', 'i386'): 'i686-unknown-linux-gnu', 43 | ('Linux', 'i686'): 'i686-unknown-linux-gnu', 44 | } 45 | 46 | print(f'System type = {system}') 47 | print(f'Architecture = {arch}') 48 | 49 | try: 50 | print(f'##vso[task.setvariable variable=rust_target_triple]{rust_targets[(system, arch)]}') 51 | except KeyError: 52 | print(f'##[error]Unsupported Host Combination! OS = {system}. Architecture = {arch}.') 53 | print(f'##vso[task.complete result=Failed;]Unsupported Host Combination! OS = {system}. Architecture = {arch}.') 54 | 55 | - script: | 56 | python -c "import os; print('##vso[task.setvariable variable=cargoBinPath]{}'.format(os.path.join(os.environ['USERPROFILE'], '.cargo', 'bin')))" 57 | displayName: Get Cargo bin Path (Windows) 58 | condition: eq(variables['Agent.OS'], 'Windows_NT') 59 | 60 | - script: | 61 | python -c "import os; print('##vso[task.setvariable variable=cargoBinPath]/.cargo/bin')" 62 | displayName: Get Cargo bin Path (Linux) 63 | condition: eq(variables['Agent.OS'], 'Linux') 64 | 65 | - task: CmdLine@2 66 | displayName: Setup Cargo Dir Permissions (Linux) 67 | target: host 68 | inputs: 69 | script: | 70 | /usr/bin/docker exec mu_devops_build_container chown -R vsts_azpcontainer:docker_azpcontainer /.cargo 71 | /usr/bin/docker exec mu_devops_build_container chmod -R ug+rw /.cargo 72 | /usr/bin/docker exec mu_devops_build_container chown -R vsts_azpcontainer:docker_azpcontainer /.rustup 73 | /usr/bin/docker exec mu_devops_build_container chmod -R ug+rw /.rustup 74 | condition: eq(variables['Agent.OS'], 'Linux') 75 | 76 | # 77 | # Linux will use a container image pre-loaded with the designated Rust version. Windows does not use a container 78 | # image, but will have a VM image with a very recent version of Rust installed. This step installs the same toolchain 79 | # version used in the Linux container for consistency between the two. The cargo-make and cargo-tarpaulin versions 80 | # placed in the container image are the latest at the time the image is built. That should be equal to or less than 81 | # the latest version available when the pipeline is run. Get the latest available in the cache pipelines and use 82 | # those on both Linux and Windows agents for consistency in the pipeline runs. 83 | # 84 | - script: | 85 | rustup install --no-self-update {{ sync_version.rust_toolchain }} 86 | displayName: Install Rust {{ sync_version.rust_toolchain }} (Windows) 87 | condition: eq(variables['Agent.OS'], 'Windows_NT') 88 | 89 | - script: | 90 | rustup default {{ sync_version.rust_toolchain }} 91 | displayName: Set Rust {{ sync_version.rust_toolchain }} (Windows) 92 | condition: eq(variables['Agent.OS'], 'Windows_NT') 93 | 94 | - script: pip install requests --upgrade 95 | displayName: Install and Upgrade requests PIP Module 96 | condition: succeeded() 97 | 98 | - template: DownloadAzurePipelineArtifact.yml 99 | parameters: 100 | task_display_name: Download Cargo Binstall (Windows) 101 | artifact_name: Binaries 102 | azure_pipeline_def_id: 169 103 | file_pattern: "**/cargo-binstall.exe" 104 | target_dir: "$(cargoBinPath)" 105 | target_os: "Windows_NT" 106 | work_dir: "$(Agent.TempDirectory)" 107 | 108 | - template: DownloadAzurePipelineArtifact.yml 109 | parameters: 110 | task_display_name: Download Cargo Binstall (Linux) 111 | artifact_name: Binaries 112 | azure_pipeline_def_id: 169 113 | file_pattern: "**/cargo-binstall" 114 | target_dir: "$(Agent.TempDirectory)" 115 | target_os: "Linux" 116 | work_dir: "$(Agent.TempDirectory)" 117 | 118 | - script: | 119 | cp $AGENT_TEMPDIRECTORY/cargo-binstall /.cargo/bin 120 | displayName: Copy cargo-binstall 121 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux')) 122 | 123 | - script: | 124 | sudo chmod +x /.cargo/bin/cargo-binstall 125 | displayName: Make cargo-binstall executable 126 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux')) 127 | 128 | - script: | 129 | cargo binstall -y cargo-make --version {{ sync_version.cargo_make }} 130 | displayName: Install cargo-make 131 | 132 | - script: | 133 | cargo binstall -y cargo-tarpaulin --version {{ sync_version.cargo_tarpaulin }} 134 | displayName: Install cargo-tarpaulin 135 | 136 | - script: rustup component add rustfmt rust-src --toolchain {{ sync_version.rust_toolchain }}-$(rust_target_triple) 137 | displayName: rustup add rust-src 138 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT')) 139 | -------------------------------------------------------------------------------- /.sync/azure_pipelines/SetupPythonPreReqs.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step to setup Python pre-requisites. 3 | # 4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 5 | # instead of the file in this repo. 6 | # 7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 9 | # 10 | # Copyright (c) Microsoft Corporation. All rights reserved. 11 | # SPDX-License-Identifier: BSD-2-Clause-Patent 12 | ## 13 | 14 | {% import '../Version.njk' as sync_version -%} 15 | 16 | {% raw %} 17 | # NOTE: Because this pipeline YAML file is a Nunjucks template, the pipeline syntax of `{{}}` will conflict with 18 | # Nunjucks style. Surround pipeline YAML code that uses `{{}}` within `raw` and `endraw` tags 19 | # to allow it to pass through Nunjucks processing. 20 | 21 | parameters: 22 | - name: install_pip_modules 23 | displayName: Install PIP Modules 24 | type: boolean 25 | default: true 26 | - name: install_python 27 | displayName: Install Python 28 | type: boolean 29 | default: true 30 | - name: pip_requirement_files 31 | displayName: Pip Requirement Files 32 | type: string 33 | default: -r pip-requirements.txt 34 | 35 | steps: 36 | 37 | - ${{ if eq(parameters.install_python, true) }}: 38 | - task: UsePythonVersion@0 39 | inputs:{% endraw %} 40 | versionSpec: {{ sync_version.python_version }} 41 | architecture: x64 42 | 43 | {% raw %}- ${{ if eq(parameters.install_pip_modules, true) }}: 44 | - script: python -m pip install --upgrade pip setuptools wheel 45 | displayName: Install Wheel and SetupTools 46 | condition: succeeded() 47 | 48 | - script: pip install ${{ parameters.pip_requirement_files }} --upgrade 49 | displayName: Install and Upgrade pip Modules 50 | condition: succeeded(){% endraw %} 51 | -------------------------------------------------------------------------------- /.sync/ci_config/.markdownlint.yaml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # markdownlint configuration 3 | # 4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 5 | # instead of the file in this repo. 6 | # 7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 9 | # 10 | # Copyright (c) Microsoft Corporation. 11 | # SPDX-License-Identifier: BSD-2-Clause-Patent 12 | ## 13 | 14 | # Rules can be found here: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md 15 | # Config info: https://github.com/DavidAnson/markdownlint#configuration 16 | 17 | { 18 | "default": true, 19 | "MD013": {"line_length": 120, "code_blocks": false, "tables": false}, 20 | "MD033": {"allowed_elements": {{ allowed_elements | dump | safe }}} 21 | } 22 | -------------------------------------------------------------------------------- /.sync/dependabot/actions-pip-submodules.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Dependabot configuration file to enable GitHub services for managing and updating 3 | # dependencies. 4 | # 5 | # This dependabot configuration expects submodules to be placed in specific directory paths 6 | # relative to the root of the repo. These are also the paths generally recommended to place 7 | # these submodules for consistency across Project Mu projects. 8 | # 9 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 10 | # instead of the file in this repo. 11 | # 12 | # This dependabot file is limited to syncing the following type of dependencies. Other files 13 | # are already available in Mu DevOps to sync other dependency types. 14 | # - Rust Crate Dependencies (`cargo`) 15 | # - GitHub Actions (`github-actions`) 16 | # - Git Submodules (`gitsubmodule`) 17 | # - Python PIP Modules (`pip`) 18 | # 19 | # Dependabot does not update the microsoft/mu_devops version because that is updated once in mu_devops 20 | # and then synced to all repos when the file sync occurs. 21 | # 22 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 23 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 24 | # 25 | # Copyright (c) Microsoft Corporation. 26 | # SPDX-License-Identifier: BSD-2-Clause-Patent 27 | # 28 | # Please see the documentation for all dependabot configuration options: 29 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 30 | ## 31 | 32 | version: 2 33 | 34 | updates: 35 | - package-ecosystem: "cargo" 36 | directory: "/" 37 | schedule: 38 | interval: "weekly" 39 | day: "monday" 40 | timezone: "America/Los_Angeles" 41 | time: "03:00" 42 | commit-message: 43 | prefix: "Rust Dependency" 44 | labels: 45 | - "type:dependencies" 46 | - "type:dependabot" 47 | rebase-strategy: "disabled" 48 | 49 | - package-ecosystem: "github-actions" 50 | directory: "/" 51 | schedule: 52 | interval: "weekly" 53 | day: "monday" 54 | timezone: "America/Los_Angeles" 55 | time: "06:00" 56 | ignore: 57 | - dependency-name: "microsoft/mu_devops" 58 | commit-message: 59 | prefix: "GitHub Action" 60 | labels: 61 | - "type:dependencies" 62 | - "type:dependabot" 63 | rebase-strategy: "disabled" 64 | 65 | - package-ecosystem: "gitsubmodule" 66 | directory: "/" 67 | schedule: 68 | interval: "weekly" 69 | day: "tuesday" 70 | timezone: "America/Los_Angeles" 71 | time: "23:00" 72 | labels: 73 | - "type:submodules" 74 | - "type:dependencies" 75 | rebase-strategy: "disabled" 76 | ignore: 77 | - dependency-name: "Common/MIN_PLAT" 78 | - dependency-name: "Common/MU_BASECORE" 79 | - dependency-name: "Common/MU_OEM_SAMPLE" 80 | - dependency-name: "Common/MU_TIANO" 81 | - dependency-name: "Common/MU" 82 | - dependency-name: "Features/CONFIG" 83 | - dependency-name: "Features/DEBUGGER" 84 | - dependency-name: "Features/DFCI" 85 | - dependency-name: "Features/IPMI" 86 | - dependency-name: "Features/MM_SUPV" 87 | - dependency-name: "MU_BASECORE" 88 | - dependency-name: "Silicon/Arm/MU_TIANO" 89 | - dependency-name: "Silicon/Intel/MU_TIANO" 90 | 91 | - package-ecosystem: "pip" 92 | directory: "/" 93 | schedule: 94 | interval: "weekly" 95 | day: "wednesday" 96 | timezone: "America/Los_Angeles" 97 | time: "01:00" 98 | commit-message: 99 | prefix: "pip" 100 | labels: 101 | - "language:python" 102 | - "type:dependencies" 103 | - "type:dependabot" 104 | rebase-strategy: "disabled" 105 | -------------------------------------------------------------------------------- /.sync/dependabot/actions-pip.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Dependabot configuration file to enable GitHub services for managing and updating 3 | # dependencies. 4 | # 5 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 6 | # instead of the file in this repo. 7 | # 8 | # This dependabot file is limited to syncing the following type of dependencies. Other files 9 | # are already available in Mu DevOps to sync other dependency types. 10 | # - Rust Crate Dependencies (`cargo`) 11 | # - GitHub Actions (`github-actions`) 12 | # - Python PIP Modules (`pip`) 13 | # 14 | # Dependabot does not update the microsoft/mu_devops version because that is updated once in mu_devops 15 | # and then synced to all repos when the file sync occurs. 16 | # 17 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 18 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 19 | # 20 | # Copyright (c) Microsoft Corporation. 21 | # SPDX-License-Identifier: BSD-2-Clause-Patent 22 | # 23 | # Please see the documentation for all dependabot configuration options: 24 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 25 | ## 26 | 27 | version: 2 28 | 29 | updates: 30 | - package-ecosystem: "cargo" 31 | directory: "/" 32 | schedule: 33 | interval: "weekly" 34 | day: "monday" 35 | timezone: "America/Los_Angeles" 36 | time: "03:00" 37 | commit-message: 38 | prefix: "Rust Dependency" 39 | labels: 40 | - "type:dependencies" 41 | - "type:dependabot" 42 | rebase-strategy: "disabled" 43 | 44 | - package-ecosystem: "github-actions" 45 | directory: "/" 46 | schedule: 47 | interval: "weekly" 48 | day: "monday" 49 | timezone: "America/Los_Angeles" 50 | time: "06:00" 51 | ignore: 52 | - dependency-name: "microsoft/mu_devops" 53 | commit-message: 54 | prefix: "GitHub Action" 55 | labels: 56 | - "type:dependencies" 57 | - "type:dependabot" 58 | rebase-strategy: "disabled" 59 | 60 | - package-ecosystem: "pip" 61 | directory: "/" 62 | schedule: 63 | interval: "weekly" 64 | day: "wednesday" 65 | timezone: "America/Los_Angeles" 66 | time: "01:00" 67 | commit-message: 68 | prefix: "pip" 69 | labels: 70 | - "language:python" 71 | - "type:dependencies" 72 | - "type:dependabot" 73 | rebase-strategy: "disabled" 74 | -------------------------------------------------------------------------------- /.sync/devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "image": "ghcr.io/microsoft/mu_devops/ubuntu-24-dev:latest", 3 | "postCreateCommand": "git config --global --add safe.directory '*' && git config --global --add core.autocrlf false && pip install --upgrade -r pip-requirements.txt", 4 | "customizations": { 5 | "vscode": { 6 | "extensions": [ 7 | "ms-vscode.cpptools", 8 | "DavidAnson.vscode-markdownlint" 9 | ] 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /.sync/git_templates/gitattributes_template.txt: -------------------------------------------------------------------------------- 1 | * -text 2 | -------------------------------------------------------------------------------- /.sync/github_templates/ISSUE_TEMPLATE/bug_report.yml: -------------------------------------------------------------------------------- 1 | # Project Mu GitHub Bug Report Template 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | name: 🐛 Bug Report 14 | description: File a bug report 15 | title: "[Bug]: " 16 | labels: ["type:bug", "state:needs-triage"] 17 | 18 | body: 19 | - type: markdown 20 | attributes: 21 | value: | 22 | 👋 Thanks for taking the time to fill out this bug report! 23 | 24 | - type: checkboxes 25 | attributes: 26 | label: Is there an existing issue for this? 27 | description: Please search to see if an issue already exists for the bug you encountered. 28 | options: 29 | - label: I have searched existing issues 30 | required: true 31 | 32 | - type: textarea 33 | id: current_behavior 34 | attributes: 35 | label: Current Behavior 36 | description: A concise description of the bug that you're experiencing. 37 | validations: 38 | required: true 39 | 40 | - type: textarea 41 | id: expected_behavior 42 | attributes: 43 | label: Expected Behavior 44 | description: A concise description of what you expected to happen. 45 | validations: 46 | required: true 47 | 48 | - type: textarea 49 | id: steps_to_reproduce 50 | attributes: 51 | label: Steps To Reproduce 52 | description: Steps to reproduce the behavior. 53 | placeholder: | 54 | <example> 55 | 1. In this environment... 56 | 2. With this config... 57 | 3. Boot to '...' 58 | 4. Change option '...' 59 | 4. See error... 60 | validations: 61 | required: true 62 | 63 | - type: textarea 64 | id: build_environment 65 | attributes: 66 | label: Build Environment 67 | description: | 68 | examples: 69 | - **OS**: Ubuntu 20.04 or Windows 11... 70 | - **Tool Chain**: GCC5 or VS2022 or CLANGPDB... 71 | - **Targets Impacted**: RELEASE, DEBUG, NO-TARGET, NOOPT... 72 | value: | 73 | - OS(s): 74 | - Tool Chain(s): 75 | - Targets Impacted: 76 | render: markdown 77 | validations: 78 | required: true 79 | 80 | - type: textarea 81 | id: version_info 82 | attributes: 83 | label: Version Information 84 | description: What version of this repo reproduces the problem? 85 | placeholder: | 86 | Commit: <SHA> 87 | -or- 88 | Tag: <Tag> 89 | render: text 90 | validations: 91 | required: true 92 | 93 | - type: markdown 94 | attributes: 95 | value: | 96 | **Urgency Key** 97 | - 🟢 **Low** 98 | - A minor change with little to no important functional impact 99 | - It is not important to fix this in a specific time frame 100 | - 🟡 **Medium** 101 | - An important change with a functional impact 102 | - Will be prioritized above *low* issues in the normal course of development 103 | - 🔥 **High** 104 | - A critical change that has a significant functional impact 105 | - Must be fixed immediately 106 | 107 | - type: dropdown 108 | id: urgency 109 | attributes: 110 | label: Urgency 111 | description: How urgent is it to fix this bug? 112 | multiple: false 113 | options: 114 | - Low 115 | - Medium 116 | - High 117 | validations: 118 | required: true 119 | 120 | - type: dropdown 121 | id: fix_owner 122 | attributes: 123 | label: Are you going to fix this? 124 | description: Indicate if you are going to fix this or requesting someone else fix it. 125 | multiple: false 126 | options: 127 | - I will fix it 128 | - Someone else needs to fix it 129 | validations: 130 | required: true 131 | 132 | - type: dropdown 133 | id: needs_maintainer_feedback 134 | attributes: 135 | label: Do you need maintainer feedback? 136 | description: Indicate if you would like a maintainer to provide feedback on this submission. 137 | multiple: false 138 | options: 139 | - No maintainer feedback needed 140 | - Maintainer feedback requested 141 | validations: 142 | required: true 143 | 144 | - type: textarea 145 | id: anything_else 146 | attributes: 147 | label: Anything else? 148 | description: | 149 | Links? References? Anything that will give us more context about the issue you are encountering. 150 | 151 | Serial debug logs and/or debugger logs are especially helpful! 152 | 153 | Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. 154 | validations: 155 | required: false 156 | -------------------------------------------------------------------------------- /.sync/github_templates/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | # Project Mu GitHub Issue Configuration File 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | contact_links: 14 | - name: 📃 Project Mu Documentation 15 | url: https://microsoft.github.io/mu/ 16 | about: Goals, principles, repo layout, build instructions, and more. 17 | -------------------------------------------------------------------------------- /.sync/github_templates/ISSUE_TEMPLATE/documentation_request.yml: -------------------------------------------------------------------------------- 1 | # Project Mu GitHub Documentation Request Template 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | name: 📖 Documentation Request 14 | description: Request a documentation change 15 | title: "[Documentation]: <title>" 16 | labels: ["type:documentation", "state:needs-triage"] 17 | 18 | body: 19 | - type: markdown 20 | attributes: 21 | value: | 22 | 👋 Thanks for taking the time to help us improve our documentation! 23 | 24 | - type: textarea 25 | id: request_description 26 | attributes: 27 | label: Request Description 28 | description: A clear and concise description of what needs to change. 29 | validations: 30 | required: true 31 | 32 | - type: dropdown 33 | id: request_owner 34 | attributes: 35 | label: Are you going to make the change? 36 | description: Indicate if you are going to make this change or requesting someone else make it. 37 | multiple: false 38 | options: 39 | - I will make the change 40 | - Someone else needs to make the change 41 | validations: 42 | required: true 43 | 44 | - type: dropdown 45 | id: needs_maintainer_feedback 46 | attributes: 47 | label: Do you need maintainer feedback? 48 | description: Indicate if you would like a maintainer to provide feedback on this submission. 49 | multiple: false 50 | options: 51 | - No maintainer feedback needed 52 | - Maintainer feedback requested 53 | validations: 54 | required: true 55 | 56 | - type: textarea 57 | id: anything_else 58 | attributes: 59 | label: Anything else? 60 | description: | 61 | Links? References? Anything that will give us more context about the request. 62 | 63 | Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. 64 | validations: 65 | required: false 66 | -------------------------------------------------------------------------------- /.sync/github_templates/ISSUE_TEMPLATE/feature_request.yml: -------------------------------------------------------------------------------- 1 | # Project Mu GitHub Feature Request Template 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | name: 🚀 Feature Request 14 | description: Request a feature change 15 | title: "[Feature]: <title>" 16 | labels: ["type:feature-request", "state:needs-triage"] 17 | 18 | body: 19 | - type: markdown 20 | attributes: 21 | value: | 22 | 👋 Thanks for taking the time to help us improve our features! 23 | 24 | - type: textarea 25 | id: feature_overview 26 | attributes: 27 | label: Feature Overview 28 | description: Provide a high-level summary of your feature request. 29 | validations: 30 | required: true 31 | 32 | - type: textarea 33 | id: solution_overview 34 | attributes: 35 | label: Solution Overview 36 | description: Give a clear and concise description of what you want to happen. 37 | validations: 38 | required: true 39 | 40 | - type: textarea 41 | id: alternatives_considered 42 | attributes: 43 | label: Alternatives Considered 44 | description: Describe alternatives you've considered. 45 | validations: 46 | required: false 47 | 48 | - type: markdown 49 | attributes: 50 | value: | 51 | **Urgency Key** 52 | - 🟢 **Low** 53 | - A minor enhancement 54 | - It is not important to address this request in a specific time frame 55 | - 🟡 **Medium** 56 | - An important enhancement 57 | - Will be prioritized above *low* requests in the normal course of development 58 | - 🔥 **High** 59 | - A critical enhancement with significant value 60 | - Should be prioritized above *low* and *medium* requests 61 | 62 | - type: dropdown 63 | id: urgency 64 | attributes: 65 | label: Urgency 66 | description: How urgent is it to resolve this feature request? 67 | multiple: false 68 | options: 69 | - Low 70 | - Medium 71 | - High 72 | validations: 73 | required: true 74 | 75 | - type: dropdown 76 | id: request_owner 77 | attributes: 78 | label: Are you going to implement the feature request? 79 | description: Indicate if you are going to do the work to close this feature request. 80 | multiple: false 81 | options: 82 | - I will implement the feature 83 | - Someone else needs to implement the feature 84 | validations: 85 | required: true 86 | 87 | - type: dropdown 88 | id: needs_maintainer_feedback 89 | attributes: 90 | label: Do you need maintainer feedback? 91 | description: Indicate if you would like a maintainer to provide feedback on this submission. 92 | multiple: false 93 | options: 94 | - No maintainer feedback needed 95 | - Maintainer feedback requested 96 | validations: 97 | required: true 98 | 99 | - type: textarea 100 | id: anything_else 101 | attributes: 102 | label: Anything else? 103 | description: | 104 | Links? References? Anything that will give us more context about the feature you are requesting. 105 | 106 | Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. 107 | validations: 108 | required: false 109 | -------------------------------------------------------------------------------- /.sync/github_templates/licensing/project_mu_and_tianocore_license.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) Microsoft Corporation. 2 | Copyright (c) 2019, TianoCore and contributors. All rights reserved. 3 | 4 | SPDX-License-Identifier: BSD-2-Clause-Patent 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, 10 | this list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | Subject to the terms and conditions of this license, each copyright holder 17 | and contributor hereby grants to those receiving rights under this license 18 | a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable 19 | (except for failure to satisfy the conditions of this license) patent 20 | license to make, have made, use, offer to sell, sell, import, and otherwise 21 | transfer this software, where such license applies only to those patent 22 | claims, already acquired or hereafter acquired, licensable by such copyright 23 | holder or contributor that are necessarily infringed by: 24 | 25 | (a) their Contribution(s) (the licensed copyrights of copyright holders and 26 | non-copyrightable additions of contributors, in source or binary form) 27 | alone; or 28 | 29 | (b) combination of their Contribution(s) with the work of authorship to 30 | which such Contribution(s) was added by such copyright holder or 31 | contributor, if, at the time the Contribution is added, such addition 32 | causes such combination to be necessarily infringed. The patent license 33 | shall not apply to any other combinations which include the 34 | Contribution. 35 | 36 | Except as expressly stated above, no rights or licenses from any copyright 37 | holder or contributor is granted under this license, whether expressly, by 38 | implication, estoppel or otherwise. 39 | 40 | DISCLAIMER 41 | 42 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 43 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 44 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 45 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE 46 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 47 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 48 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 49 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 50 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 51 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 52 | POSSIBILITY OF SUCH DAMAGE. 53 | -------------------------------------------------------------------------------- /.sync/github_templates/licensing/project_mu_license.txt: -------------------------------------------------------------------------------- 1 | BSD-2-Clause-Patent License 2 | 3 | Copyright (C) Microsoft Corporation. All rights reserved. 4 | SPDX-License-Identifier: BSD-2-Clause-Patent 5 | -------------------------------------------------------------------------------- /.sync/github_templates/licensing/tianocore_license.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2019, TianoCore and contributors. All rights reserved. 2 | 3 | SPDX-License-Identifier: BSD-2-Clause-Patent 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, 9 | this list of conditions and the following disclaimer. 10 | 11 | 2. Redistributions in binary form must reproduce the above copyright notice, 12 | this list of conditions and the following disclaimer in the documentation 13 | and/or other materials provided with the distribution. 14 | 15 | Subject to the terms and conditions of this license, each copyright holder 16 | and contributor hereby grants to those receiving rights under this license 17 | a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable 18 | (except for failure to satisfy the conditions of this license) patent 19 | license to make, have made, use, offer to sell, sell, import, and otherwise 20 | transfer this software, where such license applies only to those patent 21 | claims, already acquired or hereafter acquired, licensable by such copyright 22 | holder or contributor that are necessarily infringed by: 23 | 24 | (a) their Contribution(s) (the licensed copyrights of copyright holders and 25 | non-copyrightable additions of contributors, in source or binary form) 26 | alone; or 27 | 28 | (b) combination of their Contribution(s) with the work of authorship to 29 | which such Contribution(s) was added by such copyright holder or 30 | contributor, if, at the time the Contribution is added, such addition 31 | causes such combination to be necessarily infringed. The patent license 32 | shall not apply to any other combinations which include the 33 | Contribution. 34 | 35 | Except as expressly stated above, no rights or licenses from any copyright 36 | holder or contributor is granted under this license, whether expressly, by 37 | implication, estoppel or otherwise. 38 | 39 | DISCLAIMER 40 | 41 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 42 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE 45 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 46 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 47 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 48 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 49 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 51 | POSSIBILITY OF SUCH DAMAGE. 52 | -------------------------------------------------------------------------------- /.sync/github_templates/pull_requests/pull_request_template.md: -------------------------------------------------------------------------------- 1 | ## Description 2 | 3 | <_Include a description of the change and why this change was made._> 4 | 5 | For details on how to complete these options and their meaning refer to [CONTRIBUTING.md](https://github.com/microsoft/mu/blob/HEAD/CONTRIBUTING.md). 6 | 7 | - [ ] Impacts functionality? 8 | - [ ] Impacts security? 9 | - [ ] Breaking change? 10 | - [ ] Includes tests? 11 | - [ ] Includes documentation? 12 | {% for additional_checkbox in additional_checkboxes %} 13 | - [ ] {{ additional_checkbox }} 14 | {% endfor %} 15 | 16 | ## How This Was Tested 17 | 18 | <_Describe the test(s) that were run to verify the changes._> 19 | 20 | ## Integration Instructions 21 | 22 | <_Describe how these changes should be integrated. Use N/A if nothing is required._> 23 | -------------------------------------------------------------------------------- /.sync/github_templates/security/SECURITY.md: -------------------------------------------------------------------------------- 1 | # Project Mu Security Policy 2 | 3 | Project Mu is an open source firmware project that is leveraged by and combined into 4 | other projects to build the firmware for a given product. We build and maintain this 5 | code with the intent that any consuming projects can use this code as-is. If features 6 | or fixes are necessary we ask that they contribute them back to the project. **But**, that 7 | said, in the firmware ecosystem there is a lot of variation and differentiation, and 8 | the license in this project allows flexibility for use without contribution back to 9 | Project Mu. Therefore, any issues found here may or may not exist in products using Project Mu. 10 | 11 | ## Supported Versions 12 | 13 | Due to the usage model we generally only supply fixes to the most recent release branch (or main). 14 | For a serious vulnerability we may patch older release branches. 15 | 16 | ## Additional Notes 17 | 18 | Project Mu contains code that is available and/or originally authored in other 19 | repositories (see <https://github.com/tianocore/edk2> as one such example). For any 20 | vulnerability found, we may be subject to their security policy and may need to work 21 | with those groups to resolve amicably and patch the "upstream". This might involve 22 | additional time to release and/or additional confidentiality requirements. 23 | 24 | ## Reporting a Vulnerability 25 | 26 | **Please do not report security vulnerabilities through public GitHub issues.** 27 | 28 | Instead please use **Github Private vulnerability reporting**, which is enabled for each Project Mu 29 | repository. This process is well documented by github in their documentation [here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability). 30 | 31 | This process will allow us to privately discuss the issue, collaborate on a solution, and then disclose the vulnerability. 32 | 33 | ## Preferred Languages 34 | 35 | We prefer all communications to be in English. 36 | 37 | ## Policy 38 | 39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd). 40 | -------------------------------------------------------------------------------- /.sync/rust_config/Makefile.toml: -------------------------------------------------------------------------------- 1 | [config] 2 | default_to_workspace = false 3 | 4 | [env] 5 | CARGO_MAKE_EXTEND_WORKSPACE_MAKEFILE = true 6 | RUSTC_BOOTSTRAP = 1 7 | ARCH = "X64" 8 | TARGET_TRIPLE = { source = "${ARCH}", mapping = { "X64" = "x86_64-unknown-uefi", "IA32" = "i686-unknown-uefi", "AARCH64" = "aarch64-unknown-uefi", "LOCAL" = "${CARGO_MAKE_RUST_TARGET_TRIPLE}" }, condition = { env_not_set = [ "TARGET_TRIPLE" ] } } 9 | 10 | CARGO_FEATURES_FLAG = {value = "--features ${FEATURES}", condition = {env_set = ["FEATURES"], env_true = ["FEATURES"]}} 11 | BUILD_FLAGS = "--profile ${RUSTC_PROFILE} --target ${TARGET_TRIPLE} -Zbuild-std=core,compiler_builtins,alloc -Zbuild-std-features=compiler-builtins-mem -Zunstable-options --timings=html" 12 | TEST_FLAGS = { value = "", condition = { env_not_set = ["TEST_FLAGS"] } } 13 | COV_FLAGS = { value = "--out html --exclude-files **/tests/*", condition = { env_not_set = ["COV_FLAGS"] } } 14 | 15 | [env.development] 16 | RUSTC_PROFILE = "dev" 17 | RUSTC_TARGET = "debug" 18 | 19 | [env.release] 20 | RUSTC_PROFILE = "release" 21 | RUSTC_TARGET = "release" 22 | 23 | [tasks.individual-package-targets] 24 | script_runner = "@duckscript" 25 | script = ''' 26 | args = get_env CARGO_MAKE_TASK_ARGS 27 | 28 | if is_empty ${args} 29 | exit 30 | end 31 | 32 | 1 = array "" 33 | 2 = split ${args} , 34 | 3 = array_concat ${1} ${2} 35 | joined_args = array_join ${3} " -p " 36 | release ${1} 37 | release ${2} 38 | release ${3} 39 | 40 | joined_args = trim ${joined_args} 41 | set_env INDIVIDUAL_PACKAGE_TARGETS ${joined_args} 42 | release ${joined_args} 43 | ''' 44 | 45 | [tasks.build] 46 | description = """Builds a single rust package. 47 | 48 | Customizations: 49 | -p [development|release]: Builds in debug or release. Default: development 50 | -e ARCH=[IA32|X64|AARCH64|LOCAL]: Builds with specifed arch. Default: X64 51 | -e FEATURES=[feature,...]: Builds with the specified features. Default: none 52 | 53 | Example: 54 | `cargo make build RustModule` 55 | `cargo make -p release build RustModule` 56 | `cargo make -e ARCH=IA32 build RustLib` 57 | `cargo make -e FEATURES=feature1,feature2 build RustLib` 58 | """ 59 | clear = true 60 | command = "cargo" 61 | args = ["build", "@@split(INDIVIDUAL_PACKAGE_TARGETS, )", "@@split(BUILD_FLAGS, )", "@@split(CARGO_FEATURES_FLAG, ,remove-empty)"] 62 | dependencies = ["individual-package-targets"] 63 | 64 | [tasks.check] 65 | description = "Checks rust code for errors. Example `cargo make check`" 66 | clear = true 67 | command = "cargo" 68 | args = ["check", "@@split(INDIVIDUAL_PACKAGE_TARGETS, )", "@@split(BUILD_FLAGS, )"] 69 | dependencies = ["individual-package-targets"] 70 | 71 | [tasks.check_json] 72 | description = "Checks rust code for errors with results in JSON. Example `cargo make check_json`" 73 | clear = true 74 | command = "cargo" 75 | args = ["check", "@@split(INDIVIDUAL_PACKAGE_TARGETS, )", "@@split(BUILD_FLAGS, )", "--message-format=json"] 76 | dependencies = ["individual-package-targets"] 77 | 78 | [tasks.test] 79 | description = "Builds all rust tests in the workspace. Example `cargo make test`" 80 | clear = true 81 | command = "cargo" 82 | args = ["test", "@@split(INDIVIDUAL_PACKAGE_TARGETS, )", "@@split(TEST_FLAGS, )"] 83 | dependencies = ["individual-package-targets"] 84 | 85 | [tasks.coverage] 86 | description = "Build and run all tests and calculate coverage." 87 | clear = true 88 | command = "cargo" 89 | args = ["tarpaulin", "@@split(INDIVIDUAL_PACKAGE_TARGETS, )", "@@split(COV_FLAGS, )", "--output-dir", "${CARGO_MAKE_WORKSPACE_WORKING_DIRECTORY}/target"] 90 | dependencies = ["individual-package-targets"] 91 | 92 | [tasks.clippy] 93 | description = "Run cargo clippy." 94 | clear = true 95 | command = "cargo" 96 | args = ["clippy", "--all-targets", "--", "-D", "warnings"] 97 | -------------------------------------------------------------------------------- /.sync/rust_config/config.toml: -------------------------------------------------------------------------------- 1 | [target.x86_64-unknown-uefi] 2 | rustflags = [ 3 | "-C", "link-arg=/base:0x0", 4 | "-C", "link-arg=/subsystem:efi_boot_service_driver", 5 | ] 6 | 7 | [target.i686-unknown-uefi] 8 | rustflags = [ 9 | "-C", "link-arg=/base:0x0", 10 | "-C", "link-arg=/subsystem:efi_boot_service_driver", 11 | ] 12 | 13 | [target.aarch64-unknown-uefi] 14 | rustflags = [ 15 | "-C", "link-arg=/base:0x0", 16 | "-C", "link-arg=/subsystem:efi_boot_service_driver", 17 | ] 18 | -------------------------------------------------------------------------------- /.sync/rust_config/rust-toolchain.toml: -------------------------------------------------------------------------------- 1 | {% import '../Version.njk' as sync_version -%} 2 | 3 | [toolchain] 4 | channel = "{{ sync_version.rust_toolchain }}" 5 | 6 | [tools] 7 | cargo-make = "{{ sync_version.cargo_make }}" 8 | cargo-tarpaulin = "{{ sync_version.cargo_tarpaulin }}" 9 | cargo-release = "{{ sync_version.cargo_release }}" 10 | -------------------------------------------------------------------------------- /.sync/rust_config/rustfmt.toml: -------------------------------------------------------------------------------- 1 | # rustfmt (and cargo fmt) will automatically pick up this config when run in the workspace. 2 | 3 | # Note that some items are included here set to their default values. This is to explicitly 4 | # reveal settings for more common options. 5 | 6 | # Keep these options sorted in ascending order to ease lookup with rustfmt documentation. 7 | 8 | edition = "2021" # This would normally be picked up from Cargo.toml if not specified here 9 | enum_discrim_align_threshold = 8 # Vertically align enum discriminants 10 | force_explicit_abi = true # Always print the ABI for extern items (e.g. extern {... will become extern "C" {...) 11 | hard_tabs = false # Always uses spaces for indentation and alignment 12 | max_width = 120 # The maximum width of each line 13 | merge_derives = false # Do not merge derives into a single line (leave to author discretion). 14 | imports_granularity = "Crate" # Merge imports from a single crate into separate statements. 15 | newline_style = "Windows" # Always use Windows line endings '\r\n' 16 | reorder_impl_items = false # Do not force where type and const before macros and methods in impl blocks. 17 | reorder_imports = true # Do reorder import and extern crate statements alphabetically for readability. 18 | reorder_modules = true # Do reorder mod declarations alphabetically for readability. 19 | struct_field_align_threshold = 8 # Vertically align struct fields 20 | tab_spaces = 4 # Use 4 spaces for indentation (Rust default). 21 | unstable_features = false # Do not use unstable rustfmt features. 22 | use_small_heuristics = "Max" # Set all granular width settings to the same as max_width (do not use heuristics) 23 | wrap_comments = false # Leave comment formatting to author's discretion 24 | -------------------------------------------------------------------------------- /.sync/workflows/config/label-issues/file-paths.yml: -------------------------------------------------------------------------------- 1 | # Specifies labels to apply to issues and pull requests based on file path patterns in Project Mu repositories. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | # For more information, see: 13 | # https://github.com/actions/labeler 14 | 15 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. 16 | 17 | language:python: 18 | - '**/*.py' 19 | -------------------------------------------------------------------------------- /.sync/workflows/config/label-issues/regex-pull-requests.yml: -------------------------------------------------------------------------------- 1 | # Specifies labels to apply to pull requests in Project Mu repositories based on regular expressions. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | # For more information, see: 13 | # https://github.com/srvaroa/labeler 14 | 15 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. 16 | version: 1 17 | issues: False 18 | 19 | labels: 20 | - label: type:backport 21 | type: "pull_request" 22 | body: '\s*\[\s*(x|X){1}\s*\]\s*Backport to release branch\?' 23 | 24 | - label: type:backport 25 | type: "pull_request" 26 | authors: ["mu-automation[bot]"] 27 | branch : "repo-sync/mu_devops/default" 28 | base-branch: "dev/20[0-9]{4}" 29 | 30 | - label: type:backport 31 | type: "pull_request" 32 | authors: ["dependabot[bot]"] 33 | branch : "dependabot/*" 34 | base-branch: "dev/20[0-9]{4}" 35 | 36 | - label: impact:breaking-change 37 | type: "pull_request" 38 | body: '\s*\[\s*(x|X){1}\s*\]\s*Breaking\s*change\?' 39 | 40 | - label: type:documentation 41 | type: "pull_request" 42 | body: '\s*\[\s*(x|X){1}\s*\]\s*Includes\s*documentation\?' 43 | 44 | - label: impact:non-functional 45 | type: "pull_request" 46 | body: '\s*\[\s*\]\s*Impacts\s*functionality\?' 47 | 48 | - label: impact:security 49 | type: "pull_request" 50 | body: '\s*\[\s*(x|X){1}\s*\]\s*Impacts\s*security\?' 51 | 52 | - label: impact:testing 53 | type: "pull_request" 54 | body: '\[\s*(x|X){1}\s*\]\s*Includes\s*tests\?' 55 | -------------------------------------------------------------------------------- /.sync/workflows/config/release-draft/release-draft-config.yml: -------------------------------------------------------------------------------- 1 | # Defines the configuration used for drafting new releases. 2 | # 3 | # IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. 4 | # 5 | # NOTE: `semver:major`, `semver:minor`, and `semver:patch` can be used to force that 6 | # version to roll regardless of other labels. 7 | # 8 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 9 | # instead of the file in this repo. 10 | # 11 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 12 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 13 | # 14 | # Copyright (c) Microsoft Corporation. 15 | # SPDX-License-Identifier: BSD-2-Clause-Patent 16 | # 17 | # For more information, see: 18 | # https://github.com/release-drafter/release-drafter 19 | 20 | {% import '../../../Version.njk' as sync_version -%} 21 | 22 | {%- if release_branch %} 23 | name-template: 'dev-v$RESOLVED_VERSION' 24 | tag-template: 'dev-v$RESOLVED_VERSION' 25 | {% else %} 26 | name-template: 'v$RESOLVED_VERSION' 27 | tag-template: 'v$RESOLVED_VERSION' 28 | {% endif %} 29 | 30 | {# `release_branch` applies a commitish. `latest` then determines the branch to use. -#} 31 | {# If a commitish is not specified, then the `github.ref` value is implicitly used. -#} 32 | {%- if release_branch %} 33 | {%- set latest_mu_dev_branch = "refs/heads/" + (sync_version.latest_mu_release_branch | replace("release", "dev")) %} 34 | {%- set previous_mu_dev_branch = "refs/heads/" + (sync_version.previous_mu_release_branch | replace("release", "dev")) %} 35 | {%- set actual_branch = latest_mu_dev_branch if latest else previous_mu_dev_branch %} 36 | commitish: {{ actual_branch }} 37 | filter-by-commitish: true 38 | {% if filter_to_backport %} 39 | include-labels: ["type:backport"] 40 | {% endif %} 41 | {% endif %} 42 | 43 | template: | 44 | # What's Changed 45 | 46 | $CHANGES 47 | 48 | {% if release_branch %} 49 | **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...dev-v$RESOLVED_VERSION 50 | {% else %} 51 | **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION 52 | {% endif %} 53 | 54 | categories: 55 | - title: '⚠️ Breaking Changes' 56 | labels: 57 | - 'impact:breaking-change' 58 | - title: '🚀 Features & ✨ Enhancements' 59 | labels: 60 | - 'type:design-change' 61 | - 'type:enhancement' 62 | - 'type:feature-request' 63 | - title: '🐛 Bug Fixes' 64 | labels: 65 | - 'type:bug' 66 | - title: '🔐 Security Impacting' 67 | labels: 68 | - 'impact:security' 69 | - title: '📖 Documentation Updates' 70 | labels: 71 | - 'type:documentation' 72 | - title: '🛠️ Submodule Updates' 73 | labels: 74 | - 'type:submodules' 75 | 76 | change-template: >- 77 | <ul> 78 | <li> 79 | $TITLE @$AUTHOR (#$NUMBER) 80 | <br> 81 | <details> 82 | <summary>Change Details</summary> 83 | <blockquote> 84 | <!-- Non-breaking space to have content if body is empty --> 85 |   $BODY 86 | </blockquote> 87 | <hr> 88 | </details> 89 | </li> 90 | </ul> 91 | 92 | change-title-escapes: '\<*_&@' # Note: @ is added to disable mentions 93 | 94 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. 95 | version-resolver: 96 | major: 97 | labels: 98 | - 'impact:breaking-change' 99 | - 'semver:major' 100 | minor: 101 | labels: 102 | - 'semver:minor' 103 | - 'type:design-change' 104 | - 'type:enhancement' 105 | - 'type:feature-request' 106 | patch: 107 | labels: 108 | - 'impact:non-functional' 109 | - 'semver:patch' 110 | - 'type:bug' 111 | - 'type:documentation' 112 | default: patch 113 | 114 | exclude-labels: 115 | - 'type:dependabot' 116 | - 'type:file-sync' 117 | - 'type:notes' 118 | - 'type:question' 119 | 120 | exclude-contributors: 121 | - 'uefibot' 122 | -------------------------------------------------------------------------------- /.sync/workflows/config/triage-issues/advanced-issue-labeler.yml: -------------------------------------------------------------------------------- 1 | # Defines the mappings between GitHub issue responses and labels applied to the issue 2 | # for Project Mu repos. 3 | # 4 | # IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. 5 | # 6 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 7 | # instead of the file in this repo. 8 | # 9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 11 | # 12 | # Copyright (c) Microsoft Corporation. 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | # 15 | # For more information, see: 16 | # https://github.com/redhat-plumbers-in-action/advanced-issue-labeler 17 | 18 | policy: 19 | - section: 20 | 21 | # Issue Template - Urgency Dropdown 22 | - id: ['urgency'] 23 | block-list: [] 24 | label: 25 | - name: 'urgency:low' 26 | keys: ['Low'] 27 | - name: 'urgency:medium' 28 | keys: ['Medium'] 29 | - name: 'urgency:high' 30 | keys: ['High'] 31 | 32 | # Issue Template - Fix Owner Dropdown 33 | - id: ['fix_owner', 'request_owner'] 34 | block-list: [] 35 | label: 36 | - name: 'state:needs-owner' 37 | keys: [ 38 | 'Someone else needs to fix it', 39 | 'Someone else needs to make the change', 40 | 'Someone else needs to implement the feature' 41 | ] 42 | - name: 'state:needs-triage' 43 | keys: [ 44 | 'Someone else needs to fix it', 45 | 'Someone else needs to make the change', 46 | 'Someone else needs to implement the feature' 47 | ] 48 | 49 | # Issue Template - Needs Maintainer Feedback Dropdown 50 | - id: ['needs_maintainer_feedback'] 51 | block-list: [] 52 | label: 53 | - name: 'state:needs-maintainer-feedback' 54 | keys: ['Maintainer feedback requested'] 55 | -------------------------------------------------------------------------------- /.sync/workflows/leaf/issue-assignment.yml: -------------------------------------------------------------------------------- 1 | # This workflow provides actions that should be applied when an issue is assigned. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | {% import '../../Version.njk' as sync_version -%} 14 | 15 | name: React to Issue Assignment 16 | 17 | on: 18 | issues: 19 | types: assigned 20 | 21 | jobs: 22 | apply: 23 | 24 | permissions: 25 | contents: read 26 | issues: write 27 | 28 | uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@{{ sync_version.mu_devops }} 29 | -------------------------------------------------------------------------------- /.sync/workflows/leaf/label-issues.yml: -------------------------------------------------------------------------------- 1 | # This workflow automatically applies labels to GitHub issues and pull requests based on the 2 | # file paths in a pull request or content in the body of an issue or pull request. 3 | # 4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 5 | # instead of the file in this repo. 6 | # 7 | # NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made 8 | # in the common/reusable workflow. 9 | # 10 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 11 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 12 | # 13 | # Copyright (c) Microsoft Corporation. 14 | # SPDX-License-Identifier: BSD-2-Clause-Patent 15 | # 16 | 17 | {% import '../../Version.njk' as sync_version -%} 18 | 19 | name: Apply Issue and PR Labels 20 | 21 | on: 22 | issues: 23 | types: 24 | - edited 25 | - opened 26 | pull_request_target: 27 | types: 28 | - edited 29 | - opened 30 | - reopened 31 | - synchronize 32 | workflow_dispatch: 33 | 34 | jobs: 35 | apply: 36 | 37 | permissions: 38 | contents: read 39 | pull-requests: write 40 | 41 | uses: microsoft/mu_devops/.github/workflows/Labeler.yml@{{ sync_version.mu_devops }} 42 | -------------------------------------------------------------------------------- /.sync/workflows/leaf/label-sync.yml: -------------------------------------------------------------------------------- 1 | # This workflow syncs GitHub labels to the common set of labels defined in Mu DevOps. 2 | # 3 | # All repos should sync at the same time. 4 | # '0 0,12 * * *'' 5 | # 6 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 7 | # instead of the file in this repo. 8 | # 9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 11 | # 12 | # Copyright (c) Microsoft Corporation. 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | # 15 | 16 | {% import '../../Version.njk' as sync_version -%} 17 | 18 | name: Sync GitHub Labels 19 | 20 | on: 21 | schedule: 22 | # At minute 0 past hour 0 and 12 23 | # https://crontab.guru/#0_0,12_*_*_* 24 | - cron: '0 0,12 * * *' 25 | workflow_dispatch: 26 | 27 | jobs: 28 | sync: 29 | 30 | permissions: 31 | issues: write 32 | 33 | uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@{{ sync_version.mu_devops }} 34 | -------------------------------------------------------------------------------- /.sync/workflows/leaf/publish-release.yml: -------------------------------------------------------------------------------- 1 | # @file publish-release.yml 2 | # 3 | # A Github workflow that publishes all crates in a repository to crates.io and creates a release on 4 | # GitHub. 5 | # 6 | # Copyright (c) Microsoft Corporation. 7 | # SPDX-License-Identifier: BSD-2-Clause-Patent 8 | ## 9 | 10 | name: Publish Release 11 | 12 | on: 13 | workflow_dispatch: 14 | 15 | jobs: 16 | validate_branch: 17 | name: Validate Branch 18 | runs-on: ubuntu-latest 19 | 20 | steps: 21 | - name: Checkout Repository 22 | uses: actions/checkout@v4 23 | 24 | - name: Validate Branch 25 | run: | 26 | if [ "${GITHUB_REF}" != "refs/heads/main" ]; then 27 | echo "This workflow can only be run on the main branch." 28 | exit 1 29 | fi 30 | 31 | release: 32 | name: Release 33 | needs: validate_branch 34 | uses: microsoft/mu_devops/.github/workflows/ReleaseWorkflow.yml@main 35 | secrets: 36 | CRATES_IO_TOKEN: ${{ secrets.CRATES_IO_TOKEN }} 37 | permissions: 38 | contents: write 39 | actions: read 40 | -------------------------------------------------------------------------------- /.sync/workflows/leaf/pull-request-formatting-validator.yml: -------------------------------------------------------------------------------- 1 | # This workflow validates basic pull request formatting requirements are met. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | name: Validate Pull Request Formatting 14 | 15 | on: 16 | pull_request_target: 17 | types: 18 | - edited 19 | - opened 20 | - reopened 21 | - synchronize 22 | 23 | jobs: 24 | validate_pr: 25 | runs-on: ubuntu-latest 26 | 27 | permissions: 28 | contents: read 29 | pull-requests: write 30 | 31 | steps: 32 | - run: | 33 | prTitle="$(gh api graphql -F owner=$OWNER -F name=$REPO -F pr_number=$PR_NUMBER -f query=' 34 | query($name: String!, $owner: String!, $pr_number: Int!) { 35 | repository(owner: $owner, name: $name) { 36 | pullRequest(number: $pr_number) { 37 | title 38 | } 39 | } 40 | }')" 41 | 42 | if [[ "${prTitle}" == *"Personal/"* ]]; then 43 | gh pr comment $PR_URL --body "⚠️ Please add a meaningful PR title (remove the 'Personal/' prefix from the title)." 44 | echo 'VALIDATION_ERROR=true' >> $GITHUB_ENV 45 | fi 46 | 47 | env: 48 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 49 | OWNER: ${{ github.repository_owner }} 50 | PR_NUMBER: ${{ github.event.number }} 51 | PR_URL: ${{ github.event.pull_request.html_url }} 52 | REPO: ${{ github.event.repository.name }} 53 | 54 | - name: Check for Validation Errors 55 | if: env.VALIDATION_ERROR 56 | uses: actions/github-script@v7 57 | with: 58 | script: | 59 | core.setFailed('PR Formatting Validation Check Failed!') 60 | -------------------------------------------------------------------------------- /.sync/workflows/leaf/release-draft.yml: -------------------------------------------------------------------------------- 1 | # This workflow automatically drafts new project releases so it is obvious 2 | # what a current release will look like at any time. 3 | # 4 | # It takes advantage of the labels used in Project Mu to automatically categorize 5 | # the types of changes in a given release. In addition, the semantic version of 6 | # the code is constantly maintained based on Project Mu label conventions to ensure 7 | # semantic versioning is followed and a release version is always ready. 8 | # 9 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 10 | # instead of the file in this repo. 11 | # 12 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 13 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 14 | # 15 | # Copyright (c) Microsoft Corporation. 16 | # SPDX-License-Identifier: BSD-2-Clause-Patent 17 | # 18 | # For more information, see: 19 | # https://github.com/release-drafter/release-drafter 20 | 21 | {% import '../../Version.njk' as sync_version -%} 22 | 23 | name: Update Release Draft 24 | 25 | on: 26 | {% if depend_on_backport %} 27 | workflow_run: 28 | workflows: ["Backport Commits to Release Branch"] 29 | branches: [{{ trigger_branch_name if trigger_branch_name else sync_version.latest_mu_release_branch | replace ("release", "dev") }}] 30 | types: 31 | - completed 32 | {% else %} 33 | push: 34 | branches: 35 | - {{ trigger_branch_name if trigger_branch_name else sync_version.latest_mu_release_branch | replace ("release", "dev") }} 36 | {% endif %} 37 | 38 | jobs: 39 | draft: 40 | name: Draft Releases 41 | 42 | permissions: 43 | contents: write 44 | pull-requests: write 45 | 46 | uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@{{ sync_version.mu_devops }} 47 | secrets: inherit 48 | -------------------------------------------------------------------------------- /.sync/workflows/leaf/scheduled-maintenance.yml: -------------------------------------------------------------------------------- 1 | # This workflow performs scheduled maintenance tasks. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # NOTE: This file uses reusable workflows. Do not make changes to the file that should be made 7 | # in the common/reusable workflows. 8 | # 9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 11 | # 12 | # Copyright (c) Microsoft Corporation. 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | # 15 | 16 | name: Scheduled Maintenance 17 | 18 | on: 19 | schedule: 20 | # * is a special character in YAML so you have to quote this string 21 | # Run every hour - https://crontab.guru/#0_*_*_*_* 22 | - cron: '0 * * * *' 23 | 24 | jobs: 25 | repo_cleanup: 26 | runs-on: ubuntu-latest 27 | 28 | permissions: 29 | pull-requests: write 30 | issues: write 31 | 32 | steps: 33 | - name: Get Repository Info 34 | run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV 35 | 36 | - name: Prune Won't Fix Pull Requests 37 | env: 38 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 39 | REPOSITORY: ${{ env.REPOSITORY_NAME }} 40 | run: | 41 | gh api \ 42 | -H "Accept: application/vnd.github+json" \ 43 | /repos/microsoft/${REPOSITORY}/pulls | jq -r '.[]' | jq -rc '.html_url,.labels' | \ 44 | while read -r html_url ; do 45 | read -r labels 46 | if [[ $labels == *"state:wont-fix"* ]]; then 47 | gh pr close $html_url -c "Closed due to being marked as wont fix" --delete-branch 48 | fi 49 | done 50 | 51 | - name: Prune Won't Fix Issues 52 | env: 53 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 54 | REPOSITORY: ${{ env.REPOSITORY_NAME }} 55 | run: | 56 | gh api \ 57 | -H "Accept: application/vnd.github+json" \ 58 | /repos/microsoft/${REPOSITORY}/issues | jq -r '.[]' | jq -rc '.html_url,.labels' | \ 59 | while read -r html_url ; do 60 | read -r labels 61 | if [[ $labels == *"state:wont-fix"* ]]; then 62 | gh issue close $html_url -c "Closed due to being marked as wont fix" -r "not planned" 63 | fi 64 | done 65 | -------------------------------------------------------------------------------- /.sync/workflows/leaf/stale.yml: -------------------------------------------------------------------------------- 1 | # This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | # You can adjust the behavior by modifying this file. 13 | # For more information, see: 14 | # https://github.com/actions/stale 15 | 16 | {% import '../../Version.njk' as sync_version -%} 17 | 18 | name: Check for Stale Issues and Pull Requests 19 | 20 | on: 21 | schedule: 22 | # At 23:35 on every day-of-week from Sunday through Saturday 23 | # https://crontab.guru/#35_23_*_*_0-6 24 | - cron: '35 23 * * 0-6' 25 | workflow_dispatch: 26 | 27 | jobs: 28 | check: 29 | 30 | permissions: 31 | issues: write 32 | pull-requests: write 33 | 34 | uses: microsoft/mu_devops/.github/workflows/Stale.yml@{{ sync_version.mu_devops }} 35 | -------------------------------------------------------------------------------- /.sync/workflows/leaf/submodule-release-update.yml: -------------------------------------------------------------------------------- 1 | # This workflow automatically creates a pull request for any submodule in the repo 2 | # that has a new GitHub release available. The release must follow semantic versioning. 3 | # 4 | # The GitHub App ID and private key should be stored in the repository as a variable named `MU_ACCESS_APP_ID` and a 5 | # secret named `MU_ACCESS_APP_PRIVATE_KEY` respectively. 6 | # 7 | # The GitHub App must grant the following permissions: 8 | # - Read and write access to repository contents 9 | # - Read and write access to pull requests 10 | # 11 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 12 | # instead of the file in this repo. 13 | # 14 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 15 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 16 | # 17 | # Copyright (c) Microsoft Corporation. 18 | # SPDX-License-Identifier: BSD-2-Clause-Patent 19 | # 20 | 21 | {% import '../../Version.njk' as sync_version -%} 22 | 23 | name: Update Submodules to Latest Release 24 | 25 | on: 26 | schedule: 27 | - cron: '0 0 * * *' # https://crontab.guru/every-day 28 | workflow_dispatch: 29 | 30 | jobs: 31 | repo_submodule_update: 32 | name: Check for Submodule Releases 33 | runs-on: ubuntu-latest 34 | 35 | permissions: 36 | contents: write 37 | pull-requests: write 38 | 39 | steps: 40 | - name: Generate Token 41 | id: app-token 42 | uses: actions/create-github-app-token@v2 43 | with: 44 | app-id: {% raw %}${{ vars.MU_ACCESS_APP_ID }}{% endraw %} 45 | private-key: {% raw %}${{ secrets.MU_ACCESS_APP_PRIVATE_KEY }}{% endraw %} 46 | 47 | - name: Update Submodules to Latest Release 48 | uses: microsoft/mu_devops/.github/actions/submodule-release-updater@{{ sync_version.mu_devops }} 49 | with: 50 | GH_PAT: {% raw %}${{ steps.app-token.outputs.token }}{% endraw %} 51 | GH_USER: "ProjectMuBot" 52 | GIT_EMAIL: "mubot@microsoft.com" 53 | GIT_NAME: "Project Mu Bot" 54 | -------------------------------------------------------------------------------- /.sync/workflows/leaf/triage-issues.yml: -------------------------------------------------------------------------------- 1 | # This workflow assists with initial triage of new issues by applying 2 | # labels based on data provided in the issue. 3 | # 4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 5 | # instead of the file in this repo. 6 | # 7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 9 | # 10 | # Copyright (c) Microsoft Corporation. 11 | # SPDX-License-Identifier: BSD-2-Clause-Patent 12 | # 13 | 14 | {% import '../../Version.njk' as sync_version -%} 15 | 16 | name: Initial Triage for New Issue 17 | 18 | on: 19 | issues: 20 | types: [ opened ] 21 | 22 | jobs: 23 | triage: 24 | 25 | permissions: 26 | issues: write 27 | 28 | uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@{{ sync_version.mu_devops }} 29 | -------------------------------------------------------------------------------- /Containers/Readme.md: -------------------------------------------------------------------------------- 1 | # Mu Devops Containers 2 | 3 | Project Mu uses containers to build on Linux. These containers come with all of 4 | the tools expected for CI and virtual platform pipelines and local development. 5 | Containers can be pulled. For more details see the [mu_devops packages page](https://github.com/orgs/microsoft/packages?repo_name=mu_devops). 6 | 7 | ## Ubuntu-24 _(Recommended)_ 8 | 9 | The Mu Ubuntu container provides the following layers. Ubuntu-24 is the recommended 10 | container image because it best aligns with existing development flows and provides 11 | tools needed to cross compile both kernel and user mode components needed in Mu. 12 | 13 | ## Ubuntu-22 14 | 15 | Ubuntu-22 is the previous Ubuntu container image used in Mu CI from May 2023 until 16 | February 2025. It is still available for use, but is not recommended for new projects 17 | and other CI dependencies and worfklows may not be supported with it. 18 | 19 | It will be deprecated soon. Users should migrate to Ubuntu-24 as soon as possible. 20 | 21 | --- 22 | 23 | | Name | Description | Package | 24 | |-------|--------------------------------------|---------| 25 | | Build | Used for CI pipeline builds. | [ubuntu-24-build](https://github.com/microsoft/mu_devops/pkgs/container/mu_devops%2Fubuntu-24-build) | 26 | | Test | Used for virtual platform pipelines. | [ubuntu-24-test](https://github.com/microsoft/mu_devops/pkgs/container/mu_devops%2Fubuntu-24-test) | 27 | | Dev | Used local development. | [ubuntu-24-dev](https://github.com/microsoft/mu_devops/pkgs/container/mu_devops%2Fubuntu-24-dev) | 28 | | Build | Ubuntu 22 (older) pipeline build. | [ubuntu-22-build](https://github.com/microsoft/mu_devops/pkgs/container/mu_devops%2Fubuntu-22-build) | 29 | | Test | Ubuntu 22 (older) virt plat image. | [ubuntu-22-test](https://github.com/microsoft/mu_devops/pkgs/container/mu_devops%2Fubuntu-22-test) | 30 | | Dev | Ubuntu 22 (older) local dev image | [ubuntu-22-dev](https://github.com/microsoft/mu_devops/pkgs/container/mu_devops%2Fubuntu-22-dev) | 31 | -------------------------------------------------------------------------------- /Jobs/CreateBuildMatrix.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Mu DevOps template file to produce a build matrix according to the given 3 | # package and build target parameters. 4 | # 5 | # Copyright (c) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | ## 8 | 9 | parameters: 10 | # An optional job dependency for this job to start. 11 | - name: dependency 12 | displayName: Job Dependency 13 | type: string 14 | default: '' 15 | # A group package list is not split to a separate package per job in the matrix. 16 | - name: group_package_list 17 | displayName: Group Package List (Optional - Will be Built Together) 18 | type: string 19 | default: '' 20 | # Each package in an individual package list is split to a separate job per package in the matrix. 21 | - name: individual_package_list 22 | displayName: Individual Package List (Required - Will be Built Individually) 23 | type: string 24 | default: '' 25 | # The targets that need be supported. These are kept as a list in the output of the matrix. 26 | - name: target_list 27 | displayName: Targets (e.g. DEBUG, RELEASE) 28 | type: string 29 | default: '' 30 | 31 | jobs: 32 | 33 | - job: CreateBuildMatrix 34 | displayName: Create Build Matrix 35 | dependsOn: ${{ parameters.dependency }} 36 | 37 | steps: 38 | - checkout: none 39 | fetchDepth: 0 40 | 41 | - task: PowerShell@2 42 | name: CalculateMatrix 43 | displayName: Calculate Matrix 44 | inputs: 45 | targetType: 'inline' 46 | script: | 47 | $configs = @{} 48 | '${{ parameters.target_list }}'.split(',').Trim() | % { 49 | $t = $_ 50 | if (![string]::IsNullOrEmpty('${{ parameters.individual_package_list }}')) { 51 | '${{ parameters.individual_package_list }}'.split(',').Trim() | % { 52 | $p = $_ 53 | $configs["${p} ${t}"] = @{ 54 | 'package' = $p 55 | 'target' = $t 56 | } 57 | } 58 | } 59 | if (![string]::IsNullOrEmpty('${{ parameters.group_package_list }}')) { 60 | $configs["Non-Platform Package(s) ${t}"] = @{ 61 | 'package' = '${{ parameters.group_package_list }}'.Trim() 62 | 'target' = $t 63 | } 64 | } 65 | } 66 | $c = $configs | ConvertTo-Json -Depth 10 -Compress 67 | Write-Host "##vso[task.setvariable variable=Matrix;isOutput=true;]$c" 68 | 69 | -------------------------------------------------------------------------------- /Jobs/GenerateTag.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Template file used to generate tags on ADO. This template requires that the 3 | # consumer specifies this repository as a resource named mu_devops. 4 | # 5 | # Copyright (c) Microsoft Corporation. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | ## 8 | 9 | parameters: 10 | - name: major_version 11 | displayName: The major version. 12 | type: string 13 | default: "" 14 | - name: git_name 15 | displayName: Name to use for creating tag. 16 | type: string 17 | default: "" 18 | - name: git_email 19 | displayName: Email to use for creating tag. 20 | type: string 21 | default: "" 22 | - name: notes_file 23 | displayName: Path to the notes file to generate. 24 | type: string 25 | default: "ReleaseNotes.md" 26 | - name: extra_prepare_steps 27 | displayName: Extra Prepare Steps 28 | type: stepList 29 | default: 30 | - script: echo No extra prepare steps provided 31 | 32 | jobs: 33 | - job: Create_Release_Tag 34 | steps: 35 | - checkout: self 36 | clean: true 37 | fetchTags: true 38 | persistCredentials: true 39 | path: "target" 40 | fetchDepth: 0 41 | 42 | - checkout: mu_devops 43 | path: "mu_devops" 44 | fetchDepth: 1 45 | 46 | - template: ../Steps/SetupPythonPreReqs.yml 47 | parameters: 48 | install_pip_modules: false 49 | 50 | - script: | 51 | python -m pip install --upgrade pip 52 | pip install GitPython 53 | displayName: "Install Dependencies" 54 | 55 | - ${{ parameters.extra_prepare_steps }} 56 | 57 | # Checking the parameters should occur after extra_prepare_steps in case 58 | # the caller is using those steps to initialize a consumed variable. 59 | - script: | 60 | if [ -z "${{ parameters.major_version }}"] || \ 61 | [ -z "${{ parameters.git_name }}"] || \ 62 | [ -z "${{ parameters.git_email }}"] 63 | then 64 | echo "##vso[task.complete result=Failed;]" 65 | fi 66 | displayName: "Check Parameters" 67 | 68 | - script: | 69 | git config --global user.name "${{ parameters.git_name }}" 70 | git config --global user.email "${{ parameters.git_email }}" 71 | displayName: "Setup Git" 72 | 73 | - script: | 74 | python mu_devops/Scripts/TagGenerator/TagGenerator.py -r target/ --major ${{ parameters.major_version }} -v --printadovar tag_name --notes target/${{ parameters.notes_file }} --url $(Build.Repository.Uri) 75 | displayName: "Run Tag Generator" 76 | workingDirectory: $(Agent.BuildDirectory) 77 | 78 | - script: | 79 | set -e 80 | git branch 81 | git add ${{ parameters.notes_file }} 82 | git commit -m "Release notes for $(tag_name)" 83 | git tag $(tag_name) 84 | git push origin HEAD:$(Build.SourceBranchName) 85 | git push origin $(tag_name) 86 | continueOnError: false 87 | displayName: "Create Tag" 88 | workingDirectory: $(Agent.BuildDirectory)/target 89 | -------------------------------------------------------------------------------- /Jobs/PrGate.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Template file used to build supported packages. 3 | # 4 | # To upload coverage results, set `coverage_upload_target` to `ado` or `codecov`. 5 | # 6 | # Copyright (c) Microsoft Corporation. All rights reserved. 7 | # Copyright (c) 2020 - 2021, ARM Limited. All rights reserved.<BR> 8 | # SPDX-License-Identifier: BSD-2-Clause-Patent 9 | ## 10 | 11 | parameters: 12 | - name: build_file 13 | displayName: Stuart Build File 14 | type: string 15 | default: ".pytool/CISettings.py" 16 | - name: container_build 17 | displayName: Use Container for Build 18 | type: boolean 19 | default: false 20 | - name: do_ci_build 21 | displayName: Perform Stuart CI Build 22 | type: boolean 23 | default: true 24 | - name: do_ci_setup 25 | displayName: Perform Stuart CI Setup 26 | type: boolean 27 | default: true 28 | - name: do_non_ci_build 29 | displayName: Perform non-CI Stuart Build 30 | type: boolean 31 | default: false 32 | - name: do_non_ci_setup 33 | displayName: Perform non-CI Stuart Setup 34 | type: boolean 35 | default: false 36 | - name: do_pr_eval 37 | displayName: Perform Stuart PR Evaluation 38 | type: boolean 39 | default: true 40 | - name: extra_build_args 41 | displayName: Extra Build Command Arguments 42 | type: string 43 | default: 'CODE_COVERAGE=TRUE CC_FLATTEN=TRUE CC_FULL=TRUE' 44 | - name: extra_pre_build_steps 45 | displayName: Extra Pre-Build Steps 46 | type: stepList 47 | default: [] 48 | - name: extra_post_build_steps 49 | displayName: Extra Post-Build Steps 50 | type: stepList 51 | default: [] 52 | - name: extra_steps 53 | displayName: Extra Steps 54 | type: stepList 55 | default: 56 | - script: echo No extra steps provided 57 | - name: linux_container_image 58 | displayName: Linux Container Image 59 | type: string 60 | default: '' 61 | - name: linux_container_options 62 | displayName: Linux Container Options 63 | type: string 64 | default: '' 65 | - name: packages 66 | displayName: Packages 67 | type: string 68 | default: '' 69 | - name: target_list 70 | displayName: Targets (e.g. DEBUG, RELEASE) 71 | type: string 72 | default: '' 73 | - name: tool_chain_tag 74 | displayName: Tool Chain (e.g. VS2022) 75 | type: string 76 | default: '' 77 | - name: vm_image 78 | displayName: Virtual Machine Image (e.g. windows-latest) 79 | type: string 80 | default: 'windows-latest' 81 | - name: extra_install_step 82 | displayName: Extra Install Steps 83 | type: stepList 84 | default: [] 85 | - name: pool_name 86 | displayName: Variable name that hosts pool name to be used for self-hosted agents 87 | type: string 88 | default: '' 89 | - name: artifacts_binary 90 | displayName: Binary Artifacts to Publish 91 | type: string 92 | default: '' 93 | - name: artifacts_other 94 | displayName: Other Artifacts to Publish 95 | type: string 96 | default: '' 97 | - name: os_type 98 | displayName: OS type on the self-hosted agent pools 99 | type: string 100 | values: 101 | - Windows_NT 102 | - Linux 103 | default: Windows_NT 104 | - name: build_matrix 105 | type: object 106 | # Each element in the matrix will be used in a separate job 107 | # Required fields: 108 | # Pkgs: Specify what packages in the target repo are to be built for this job 109 | # Targets: Specify which targets are to be built in this job, i.e. DEBUG, 110 | # RELEASE, NO-TARGET, NOOPT. The acceptable values depend on the 111 | # Pkgs to be built. 112 | # ArchList: List of architectures to be supported by the packages (e.g. IA32, X64) 113 | # Optional fields: 114 | # SelfHostAgent: A boolean indicating whether this job should be run on the selfhosted 115 | # "pool_name". If the matrix entry does not specify this element, it 116 | # will be treated as false. 117 | # Example: 118 | # TARGET_MDEMODULE_DEBUG: 119 | # Pkgs: 'MdeModulePkg' 120 | # Targets: 'DEBUG,NOOPT' 121 | # ArchList: 'IA32,X64,AARCH64' 122 | # TARGET_TEST_POLICY_ARM: 123 | # Pkgs: 'UnitTestFrameworkPkg,PolicyServicePkg' 124 | # Targets: 'DEBUG,RELEASE,NO-TARGET,NOOPT' 125 | # ArchList: 'IA32,X64' 126 | # SelfHostAgent: true 127 | - name: rust_build 128 | displayName: Whether Rust code is being built 129 | type: boolean 130 | default: false 131 | 132 | # Build step 133 | jobs: 134 | 135 | - ${{ each item in parameters.build_matrix }}: 136 | - job: Build_${{ item.Key }} 137 | timeoutInMinutes: 120 138 | condition: | 139 | and(not(Canceled()), 140 | or(${{ ne(item.Value.SelfHostAgent, true) }}, ne(variables['${{ parameters.pool_name }}'], ''))) 141 | 142 | workspace: 143 | clean: all 144 | 145 | ${{ if eq(item.Value.SelfHostAgent, true) }}: 146 | pool: 147 | name: $(${{ parameters.pool_name }}) 148 | demands: 149 | - Agent.OS -equals ${{ parameters.os_type }} 150 | ${{ else }}: 151 | pool: 152 | vmImage: ${{ parameters.vm_image }} 153 | 154 | # Use a container if one was specified. 155 | ${{ if and(eq(parameters.container_build, true), not(contains(parameters.vm_image, 'windows')), ne(item.Value.SelfHostAgent, true)) }}: 156 | container: 157 | image: ${{ parameters.linux_container_image }} 158 | options: --name mu_devops_build_container ${{ parameters.linux_container_options }} 159 | 160 | steps: 161 | - ${{ if and(eq(parameters.rust_build, true), ne(item.Value.SelfHostAgent, true)) }}: 162 | - template: ../Steps/RustSetupSteps.yml 163 | - ${{ if and(contains(parameters.tool_chain_tag, 'CLANGPDB'), ne(item.Value.SelfHostAgent, true)) }}: 164 | - template: ../Steps/SetupToolChainTagPreReqs.yml 165 | - ${{ parameters.extra_steps }} 166 | - template: ../Steps/PrGate.yml 167 | parameters: 168 | artifacts_identifier: '${{ item.Key }} ${{ item.Value.Targets }}' 169 | artifacts_binary: ${{ parameters.artifacts_binary }} 170 | artifacts_other: ${{ parameters.artifacts_other }} 171 | build_file: ${{ parameters.build_file }} 172 | build_pkgs: ${{ item.Value.Pkgs }} 173 | build_targets: ${{ item.Value.Targets }} 174 | build_archs: ${{ item.Value.ArchList }} 175 | do_ci_build: ${{ parameters.do_ci_build }} 176 | do_ci_setup: ${{ parameters.do_ci_setup }} 177 | do_non_ci_build: ${{ parameters.do_non_ci_build }} 178 | do_non_ci_setup: ${{ parameters.do_non_ci_setup }} 179 | do_pr_eval: ${{ parameters.do_pr_eval }} 180 | tool_chain_tag: ${{ parameters.tool_chain_tag }} 181 | install_tools: ${{ and(not(eq(item.Value.SelfHostAgent, true)), not(parameters.container_build)) }} 182 | extra_install_step: ${{ parameters.extra_install_step }} 183 | extra_pre_build_steps: ${{ parameters.extra_pre_build_steps }} 184 | extra_post_build_steps: ${{ parameters.extra_post_build_steps }} 185 | # This is to handle the matrices that do not specify this. 186 | ${{ if eq(item.Value.SelfHostAgent, true) }}: 187 | self_host_agent: true 188 | ${{ else }}: 189 | self_host_agent: false 190 | extra_build_args: ${{ parameters.extra_build_args }} 191 | -------------------------------------------------------------------------------- /Jobs/Python/RunDevTests.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines job template to run Python developer tests. 3 | # 4 | # Copyright (c) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | parameters: 9 | - name: code_cov_enabled 10 | displayName: Enable Code Coverage 11 | type: boolean 12 | default: false 13 | - name: custom_job_name 14 | displayName: Custom Job name 15 | type: string 16 | default: '' 17 | - name: extra_steps 18 | displayName: Extra Steps 19 | type: stepList 20 | default: 21 | - script: echo No extra steps provided 22 | - name: pypi_auth_feed 23 | displayName: PyPI Authorization Feed (Set For Release) 24 | type: string 25 | default: '' 26 | - name: root_package_folder 27 | displayName: Root Package Folder 28 | type: string 29 | default: '' 30 | - name: vm_image 31 | displayName: Virtual Machine Image (e.g. windows-latest) 32 | type: string 33 | default: 'windows-latest' 34 | 35 | jobs: 36 | 37 | - job: Build_and_Test 38 | 39 | workspace: 40 | clean: all 41 | 42 | pool: 43 | vmImage: ${{ parameters.vm_image }} 44 | 45 | steps: 46 | - template: ../../Steps/SetNodeVersion.yml 47 | - template: ../../Steps/SetupPythonPreReqs.yml 48 | parameters: 49 | pip_requirement_files: -r pip-requirements.txt -r py-requirements.txt 50 | - ${{ parameters.extra_steps }} 51 | - template: ../../Steps/Python/RunPytest.yml 52 | parameters: 53 | root_package_folder: ${{parameters.root_package_folder}} 54 | code_cov_enabled: ${{parameters.code_cov_enabled}} 55 | 56 | - template: ../../Steps/Python/RunFlake8Tests.yml 57 | 58 | - template: ../../Steps/InstallSpellCheck.yml 59 | - template: ../../Steps/RunSpellCheck.yml 60 | 61 | - template: ../../Steps/InstallMarkdownLint.yml 62 | - template: ../../Steps/RunMarkdownLint.yml 63 | 64 | - task: PythonScript@0 65 | inputs: 66 | scriptSource: 'filePath' 67 | scriptPath: 'BasicDevTests.py' 68 | displayName: 'Check Basic File and Folder Tests' 69 | condition: succeededOrFailed() 70 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | BSD-2-Clause-Patent License 2 | 3 | Copyright (C) Microsoft Corporation. All rights reserved. 4 | SPDX-License-Identifier: BSD-2-Clause-Patent 5 | -------------------------------------------------------------------------------- /Notebooks/MyPullRequests.github-issues: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "kind": 1, 4 | "language": "markdown", 5 | "value": "# Project Mu GitHub Personal Dashboard\r\n\r\nThis notebook displays your issue & personal pull request status across [Project Mu](https://microsoft.github.io/mu/)\r\nrepos." 6 | }, 7 | { 8 | "kind": 2, 9 | "language": "github-issues", 10 | "value": "// list of project mu repos\r\n$repos=repo:microsoft/mu repo:microsoft/mu_basecore repo:microsoft/mu_tiano_plus repo:microsoft/mu_plus repo:microsoft/mu_oem_sample repo:microsoft/mu_pip_python_library repo:microsoft/mu_silicon_arm_tiano repo:microsoft/mu_silicon_intel_tiano repo:microsoft/mu_tiano_platforms repo:microsoft/mu_pip_environment repo:microsoft/mu_pip_build repo:microsoft/mu_devops repo:microsoft/mu_feature_config repo:microsoft/mu_feature_debugger repo:microsoft/mu_feature_dfci repo:microsoft/mu_feature_ipmi repo:microsoft/mu_common_intel_min_platform repo:microsoft/mu_feature_mm_supv repo:microsoft/mu_common_intel_adv_features repo:microsoft/mu_feature_uefi_variable repo:microsoft/mu_crypto_release repo:microsoft/mu_rust_hid repo:microsoft/mu_rust_pi repo:microsoft/mu_rust_helpers repo:microsoft/secureboot_objects repo:microsoft/mu_feature_ffa" 11 | }, 12 | { 13 | "kind": 1, 14 | "language": "markdown", 15 | "value": "## Pull Requests" 16 | }, 17 | { 18 | "kind": 1, 19 | "language": "markdown", 20 | "value": "✶ All My Pull Requests" 21 | }, 22 | { 23 | "kind": 2, 24 | "language": "github-issues", 25 | "value": "$repos author:@me is:open type:pr" 26 | }, 27 | { 28 | "kind": 1, 29 | "language": "markdown", 30 | "value": "✅ Approved" 31 | }, 32 | { 33 | "kind": 2, 34 | "language": "github-issues", 35 | "value": "$repos author:@me is:open type:pr review:approved" 36 | }, 37 | { 38 | "kind": 1, 39 | "language": "markdown", 40 | "value": "⌛ Pending Approval" 41 | }, 42 | { 43 | "kind": 2, 44 | "language": "github-issues", 45 | "value": "$repos author:@me is:open is:pr review:required" 46 | }, 47 | { 48 | "kind": 1, 49 | "language": "markdown", 50 | "value": "## Issues" 51 | }, 52 | { 53 | "kind": 1, 54 | "language": "markdown", 55 | "value": "✶ All My Issues" 56 | }, 57 | { 58 | "kind": 2, 59 | "language": "github-issues", 60 | "value": "$repos assignee:@me is:open" 61 | }, 62 | { 63 | "kind": 1, 64 | "language": "markdown", 65 | "value": "🐛 My Open Bugs" 66 | }, 67 | { 68 | "kind": 2, 69 | "language": "github-issues", 70 | "value": "$repos assignee:@me is:open label:bug" 71 | }, 72 | { 73 | "kind": 1, 74 | "language": "markdown", 75 | "value": "✨ My Enhancements" 76 | }, 77 | { 78 | "kind": 2, 79 | "language": "github-issues", 80 | "value": "$repos assignee:@me is:open label:enhancement" 81 | } 82 | ] -------------------------------------------------------------------------------- /Notebooks/OpenIssues.github-issues: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "kind": 1, 4 | "language": "markdown", 5 | "value": "# Project Mu GitHub Open Issue Dashboard\r\n\r\nThis notebook displays [Project Mu](https://microsoft.github.io/mu/) open issues." 6 | }, 7 | { 8 | "kind": 2, 9 | "language": "github-issues", 10 | "value": "" 11 | }, 12 | { 13 | "kind": 2, 14 | "language": "github-issues", 15 | "value": "// list of project mu repos\r\n$repos=repo:repo:microsoft/mu repo:microsoft/mu_basecore repo:microsoft/mu_plus repo:microsoft/mu_tiano_plus repo:microsoft/mu_oem_sample repo:microsoft/mu_tiano_platforms repo:microsoft/mu_silicon_arm_tiano repo:microsoft/mu_silicon_intel_tiano repo:microsoft/mu_common_intel_min_platform repo:microsoft/mu_devops repo:microsoft/mu_feature_config repo:microsoft/mu_feature_debugger repo:microsoft/mu_feature_dfci repo:microsoft/mu_feature_mm_supv repo:microsoft/mu_feature_ipmi repo:microsoft/mu_feature_uefi_variable repo:microsoft/mu_crypto_release repo:microsoft/mu_pip_environment repo:microsoft/mu_pip_python_library repo:microsoft/mu_pip_build repo:microsoft/mu_build repo:microsoft/mu_common_intel_adv_features repo:microsoft/mu_rust_hid repo:microsoft/mu_rust_pi repo:microsoft/mu_rust_helpers repo:microsoft/secureboot_objects repo:microsoft/mu_feature_ffa" 16 | }, 17 | { 18 | "kind": 1, 19 | "language": "markdown", 20 | "value": "📬 All Open Issues" 21 | }, 22 | { 23 | "kind": 2, 24 | "language": "github-issues", 25 | "value": "$repos is:open is:issue archived:false" 26 | }, 27 | { 28 | "kind": 1, 29 | "language": "markdown", 30 | "value": "All Open Issues with no labels" 31 | }, 32 | { 33 | "kind": 2, 34 | "language": "github-issues", 35 | "value": "$repos is:open is:issue archived:false no:label" 36 | }, 37 | { 38 | "kind": 1, 39 | "language": "markdown", 40 | "value": "All Open Issues with no assignee" 41 | }, 42 | { 43 | "kind": 2, 44 | "language": "github-issues", 45 | "value": "$repos is:open is:issue archived:false no:assignee" 46 | }, 47 | { 48 | "kind": 1, 49 | "language": "markdown", 50 | "value": "All Open Issues with needs-owner label" 51 | }, 52 | { 53 | "kind": 2, 54 | "language": "github-issues", 55 | "value": "$repos is:open is:issue archived:false label:state:needs-owner" 56 | }, 57 | { 58 | "kind": 1, 59 | "language": "markdown", 60 | "value": "All Open Issues marked stale" 61 | }, 62 | { 63 | "kind": 2, 64 | "language": "github-issues", 65 | "value": "$repos is:open is:issue archived:false label:state:stale" 66 | } 67 | ] -------------------------------------------------------------------------------- /Notebooks/PullRequests.github-issues: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "kind": 1, 4 | "language": "markdown", 5 | "value": "# Project Mu GitHub PR Dashboard\r\n\r\nThis notebook displays [Project Mu](https://microsoft.github.io/mu/) pull request status." 6 | }, 7 | { 8 | "kind": 2, 9 | "language": "github-issues", 10 | "value": "// list of project mu repos\r\n$repos=repo:microsoft/mu repo:microsoft/mu_basecore repo:microsoft/mu_tiano_plus repo:microsoft/mu_plus repo:microsoft/mu_oem_sample repo:microsoft/mu_pip_python_library repo:microsoft/mu_silicon_arm_tiano repo:microsoft/mu_silicon_intel_tiano repo:microsoft/mu_tiano_platforms repo:microsoft/mu_pip_environment repo:microsoft/mu_pip_build repo:microsoft/mu_devops repo:microsoft/mu_feature_config repo:microsoft/mu_feature_debugger repo:microsoft/mu_feature_dfci repo:microsoft/mu_feature_ipmi repo:microsoft/mu_common_intel_min_platform repo:microsoft/mu_feature_mm_supv repo:microsoft/mu_common_intel_adv_features repo:microsoft/mu_feature_uefi_variable repo:microsoft/mu_crypto_release repo:microsoft/mu_rust_hid repo:microsoft/mu_rust_pi repo:microsoft/mu_rust_helpers repo:microsoft/secureboot_objects repo:microsoft/mu_feature_ffa" 11 | }, 12 | { 13 | "kind": 1, 14 | "language": "markdown", 15 | "value": "📬 All Open PRs" 16 | }, 17 | { 18 | "kind": 2, 19 | "language": "github-issues", 20 | "value": "$repos is:open type:pr" 21 | }, 22 | { 23 | "kind": 1, 24 | "language": "markdown", 25 | "value": "📬 - 🤖 = Opened by Humans" 26 | }, 27 | { 28 | "kind": 2, 29 | "language": "github-issues", 30 | "value": "$repos is:open type:pr -author:app/dependabot -author:app/dependabot-preview -author:app/microsoft-github-policy-service -author:mu-automation[bot] -author:uefibot -author:ProjectMuBot" 31 | }, 32 | { 33 | "kind": 1, 34 | "language": "markdown", 35 | "value": "✅ All Approved PRs" 36 | }, 37 | { 38 | "kind": 2, 39 | "language": "github-issues", 40 | "value": "$repos is:open type:pr review:approved" 41 | }, 42 | { 43 | "kind": 1, 44 | "language": "markdown", 45 | "value": "🏁 All Completed PRs" 46 | }, 47 | { 48 | "kind": 2, 49 | "language": "github-issues", 50 | "value": "// This needs to be bumped very occassionally (annually likely) to prevent\r\n// the maximum allowed number of results from being reached.\r\n$since=2023-01-01\r\n\r\n$repos is:closed type:pr sort:created-desc closed:>$since" 51 | }, 52 | { 53 | "kind": 1, 54 | "language": "markdown", 55 | "value": "All Stale PRs" 56 | }, 57 | { 58 | "kind": 2, 59 | "language": "github-issues", 60 | "value": "$repos is:open is:pr archived:false label:state:stale" 61 | } 62 | ] 63 | -------------------------------------------------------------------------------- /Notebooks/ReadMe.md: -------------------------------------------------------------------------------- 1 | # Project Mu VS Code Notebooks 2 | 3 | These notebooks summarize Project Mu information across all of the Project Mu repos. 4 | 5 | ## How to Use 6 | 7 | 1. Install [Visual Studio Code (VS Code)](https://code.visualstudio.com/) 8 | 2. Install the `GitHub Issue Notebooks` VS Code extension 9 | - Extension ID: ms-vscode.vscode-github-issue-notebooks 10 | - [Marketplace link](https://marketplace.visualstudio.com/items?itemName=ms-vscode.vscode-github-issue-notebooks) 11 | 3. Open a notebook file (e.g. `PullRequests.github-issues`) 12 | 4. Click `Run All` at the top of the file to run all the queries 13 | 14 | ## How to View Dashboard in Web Browser 15 | 16 | Since VS Code can run in your Web browser, you can treat this dashboard as a Web page rather than a file that you open 17 | locally. 18 | 19 | To view the file in the Web version of VS Code, simply open the file in GitHub and replace `github.com` with 20 | `github.dev` in the URL. 21 | 22 | - [Project Mu Pull Request Dashboard](https://github.dev/microsoft/mu_devops/blob/main/Notebooks/PullRequests.github-issues) 23 | - [Project Mu Personal Issue & Pull Request Dashboard](https://github.dev/microsoft/mu_devops/blob/main/Notebooks/MyPullRequests.github-issues) 24 | - [Project Mu Issue Dashboard](https://github.Dev/microsoft/mu_devops/blob/main/Notebooks/OpenIssues.github-issues) 25 | 26 | Once opened, run the same steps in [How to Use](#how-to-use) to install the extension and view the file. You can then 27 | save the page to your bookmarks so you can easily load it in the future. 28 | -------------------------------------------------------------------------------- /RepoDetails.md: -------------------------------------------------------------------------------- 1 | # Project MU Developer Operations (DevOps) Repository 2 | 3 | ??? info "Git Details" 4 | Repository Url: {{mu_devops.url}} 5 | Branch: {{mu_devops.branch}} 6 | Commit: [{{mu_devops.commit}}]({{mu_devops.commitlink}}) 7 | Commit Date: {{mu_devops.date}} 8 | 9 | ## Repository Philosophy 10 | 11 | Todo 12 | 13 | ## Integration Instruction 14 | 15 | Todo 16 | 17 | ## Code of Conduct 18 | 19 | This project has adopted the Microsoft Open Source Code of Conduct https://opensource.microsoft.com/codeofconduct/ 20 | 21 | For more information see the Code of Conduct FAQ https://opensource.microsoft.com/codeofconduct/faq/ 22 | or contact `opencode@microsoft.com <mailto:opencode@microsoft.com>`_. with any additional questions or comments. 23 | 24 | ## Contributions 25 | 26 | Contributions are always welcome and encouraged! 27 | Please open any issues in the Project Mu GitHub tracker and read https://microsoft.github.io/mu/How/contributing/ 28 | 29 | * [Code Requirements](https://microsoft.github.io/mu/CodeDevelopment/requirements/) 30 | * [Doc Requirements](https://microsoft.github.io/mu/DeveloperDocs/requirements/) 31 | 32 | ## Issues 33 | 34 | Please open any issues in the Project Mu GitHub tracker. [More 35 | Details](https://microsoft.github.io/mu/How/contributing/) 36 | 37 | 38 | ## Builds 39 | 40 | Please follow the steps in the Project Mu docs to build for CI and local 41 | testing. [More Details](https://microsoft.github.io/mu/CodeDevelopment/compile/) 42 | 43 | ## Copyright 44 | 45 | Copyright (C) Microsoft Corporation. All rights reserved. 46 | SPDX-License-Identifier: BSD-2-Clause-Patent 47 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Project Mu Security Policy 2 | 3 | Project Mu is an open source firmware project that is leveraged by and combined into 4 | other projects to build the firmware for a given product. We build and maintain this 5 | code with the intent that any consuming projects can use this code as-is. If features 6 | or fixes are necessary we ask that they contribute them back to the project. **But**, that 7 | said, in the firmware ecosystem there is a lot of variation and differentiation, and 8 | the license in this project allows flexibility for use without contribution back to 9 | Project Mu. Therefore, any issues found here may or may not exist in products using Project Mu. 10 | 11 | ## Supported Versions 12 | 13 | Due to the usage model we generally only supply fixes to the most recent release branch (or main). 14 | For a serious vulnerability we may patch older release branches. 15 | 16 | ## Additional Notes 17 | 18 | Project Mu contains code that is available and/or originally authored in other 19 | repositories (see <https://github.com/tianocore/edk2> as one such example). For any 20 | vulnerability found, we may be subject to their security policy and may need to work 21 | with those groups to resolve amicably and patch the "upstream". This might involve 22 | additional time to release and/or additional confidentiality requirements. 23 | 24 | ## Reporting a Vulnerability 25 | 26 | **Please do not report security vulnerabilities through public GitHub issues.** 27 | 28 | Instead please use **Github Private vulnerability reporting**, which is enabled for each Project Mu 29 | repository. This process is well documented by github in their documentation [here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability). 30 | 31 | This process will allow us to privately discuss the issue, collaborate on a solution, and then disclose the vulnerability. 32 | 33 | ## Preferred Languages 34 | 35 | We prefer all communications to be in English. 36 | 37 | ## Policy 38 | 39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd). 40 | -------------------------------------------------------------------------------- /Scripts/DownloadCargoBinaryFromGitHub/DownloadCargoBinaryFromGitHub.py: -------------------------------------------------------------------------------- 1 | # @file DownloadCargoBinaryFromGitHub.py 2 | # 3 | # A script used in pipelines to download Cargo binaries from a given GitHub 4 | # repo. 5 | # 6 | # See the accompanying script readme for more details. 7 | # 8 | # The environment variables are (name and example value): 9 | # - `BINARIES_DIR` - `$(Build.BinariesDirectory)` 10 | # - `BINARY_NAME` - `cargo-make` 11 | # - `DOWNLOAD_DIR` - `$(Build.ArtifactStagingDirectory)` 12 | # - `REPO_URL` - `https://api.github.com/repos/sagiegurari/cargo-make/releases` 13 | # 14 | # Copyright (c) Microsoft Corporation. All rights reserved. 15 | # SPDX-License-Identifier: BSD-2-Clause-Patent 16 | ## 17 | 18 | import os 19 | import requests 20 | import shutil 21 | import tarfile 22 | import zipfile 23 | from pathlib import Path 24 | from typing import Iterable 25 | 26 | BINARY_NAME = os.environ["BINARY_NAME"] 27 | REPO_URL = os.environ["REPO_URL"] 28 | BINARIES_DIR = Path(os.environ["BINARIES_DIR"]) 29 | DOWNLOAD_DIR = Path(os.environ["DOWNLOAD_DIR"], "archives") 30 | 31 | # Ensure the directories exist 32 | BINARIES_DIR.mkdir(parents=True, exist_ok=True) 33 | DOWNLOAD_DIR.mkdir(parents=True, exist_ok=True) 34 | 35 | # Fetch the list of assets from the GitHub releases 36 | response = requests.get(REPO_URL) 37 | response.raise_for_status() 38 | releases = response.json() 39 | 40 | if len(releases) == 0: 41 | print("Failed to find a release.") 42 | exit(1) 43 | 44 | linux_found, windows_found = False, False 45 | 46 | # Download assets 47 | for release in releases: 48 | for asset in release['assets']: 49 | name = asset['name'].lower() 50 | if (("x86_64-pc-windows-msvc" in name or "x86_64-unknown-linux-gnu" in name) 51 | and asset['name'].endswith(('.zip', '.tar.gz', '.tgz'))): 52 | linux_found = linux_found or "x86_64-unknown-linux-gnu" in name 53 | windows_found = windows_found or "x86_64-pc-windows-msvc" in name 54 | filepath = DOWNLOAD_DIR / asset['name'] 55 | print(f"Downloading {asset['name']}...") 56 | with requests.get(asset['browser_download_url'], stream=True) as r: 57 | with filepath.open('wb') as f: 58 | for chunk in r.iter_content(chunk_size=8192): 59 | f.write(chunk) 60 | if linux_found and windows_found: 61 | break 62 | 63 | # Extract files 64 | for filename in DOWNLOAD_DIR.iterdir(): 65 | extracted_dir = DOWNLOAD_DIR / filename.stem 66 | 67 | print(f"Extracting {filename.name}...") 68 | if filename.name.endswith('.zip'): 69 | with zipfile.ZipFile(filename, 'r') as zip_ref: 70 | zip_ref.extractall(extracted_dir) 71 | elif filename.name.endswith(('.tar.gz', '.tgz')): 72 | with tarfile.open(filename, 'r:gz') as tar: 73 | tar.extractall(path=extracted_dir) 74 | 75 | def flatten_copy(src: Path, dst: Path, names: Iterable = ("",)): 76 | if not dst.exists(): 77 | dst.mkdir(parents=True) 78 | 79 | for item in src.iterdir(): 80 | print(f"item is {item}") 81 | if item.is_dir(): 82 | flatten_copy(item, dst, names) 83 | elif any(name.lower() in item.name.lower() for name in names): 84 | shutil.copy2(item, dst) 85 | 86 | # Copy extracted files to the binaries directory 87 | flatten_copy(extracted_dir, BINARIES_DIR, (BINARY_NAME, "license")) 88 | -------------------------------------------------------------------------------- /Scripts/DownloadCargoBinaryFromGitHub/Readme.md: -------------------------------------------------------------------------------- 1 | # Download Cargo Binary From GitHub Script 2 | 3 | [DownloadCargoBinaryFromGitHub.py](./DownloadCargoBinaryFromGitHub.py) is a script used in pipelines to download Cargo 4 | binaries from a given GitHub repo. 5 | 6 | ## Responsibilities 7 | 8 | The script manages: 9 | 10 | - Downloading the binary onto the agent 11 | - Extracting relevant binaries 12 | - Currently Windows and Linux GNU x86_64 binaries 13 | - Placing the binaries in the given binaries directory 14 | 15 | ## Background 16 | 17 | This is intended to provide more fine grained control over the process (as opposed to built-in GitHub release download 18 | tasks), to optimize file filtering, and accommodate future adjustments such as expanding support for additional file 19 | checks or archive formats, etc. while also being portable between CI environments. For example, it can be directly 20 | reused between Azure Pipelines and GitHub workflows without swapping out tasks, changing service connection details, 21 | and so on while also encasing operations like file extraction. 22 | 23 | ## Inputs 24 | 25 | Because this script is only intended to run in pipelines, it does not present a user-facing command-line parameter 26 | interface and accepts its input as environment variables that are expected to be passed in the environment variable 27 | section of the task that invokes the script. 28 | 29 | The environment variables are (name and example value): 30 | 31 | - `BINARIES_DIR` - `$(Build.BinariesDirectory)` 32 | - `BINARY_NAME` - `cargo-make` 33 | - `DOWNLOAD_DIR` - `$(Build.ArtifactStagingDirectory)` 34 | - `REPO_URL` - `https://api.github.com/repos/sagiegurari/cargo-make/releases` 35 | -------------------------------------------------------------------------------- /Scripts/TagGenerator/Readme.md: -------------------------------------------------------------------------------- 1 | # Tag Generator Script 2 | 3 | [TagGenerator.py](./TagGenerator.py) will automatically generate the next version tag 4 | and add notes to a release notes file for the current git HEAD. The Tag Generator 5 | script is primarily intended for use by the [Generate Tag Pipeline](../../Jobs/GenerateTag.yml) 6 | but can be used locally as well. This script is intended to be used for ADO repositories, 7 | but may be used for GitHub, though certain features may not work in their current 8 | form such as PR links in tag notes. 9 | 10 | ## Versioning Scheme 11 | 12 | This script uses the `major.minor.patch` versioning scheme, but diverges from semantic 13 | versioning in some significant ways. 14 | 15 | - `major version` - Indicates the EDKII release tag that the repo is compiled against, e.g. `202405`. 16 | - `minor version` - Indicates the breaking change number since the last major version change. 17 | - `patch version` - Indicates the number of non-breaking changes since the last minor version. 18 | 19 | ## Repro Requirements 20 | 21 | For this script to work properly it makes assumptions about the repository and 22 | project structure for tag history and generating notes. 23 | 24 | ### Pull Request Template 25 | 26 | To determine what kind of change each commit is, this script expects certain strings 27 | exists in the commit message. It is recommended consumers include these in the PR 28 | templates for the repository. The script expects `[x] Breaking Change` for breaking 29 | changes, `[x] Security Fix` for security changes, and `[x] New Feature` for new 30 | features. The template forms of these are provided below. 31 | 32 | ```md 33 | - [ ] Breaking Change 34 | - [ ] Security Fix 35 | - [ ] New Feature 36 | ``` 37 | -------------------------------------------------------------------------------- /Steps/BinaryCopyAndPublish.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to publish binary files specified in the template 3 | # parameters as build artifacts. 4 | # 5 | # Copyright (c) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | ## 8 | 9 | parameters: 10 | - name: artifacts_binary 11 | displayName: Binary Artifacts to Publish 12 | type: string 13 | default: '' 14 | - name: artifacts_identifier 15 | displayName: Artifacts Identifier 16 | type: string 17 | default: 'Artifacts' 18 | - name: publish_artifacts 19 | displayName: Publish Artifacts 20 | type: boolean 21 | default: true 22 | 23 | steps: 24 | - bash: | 25 | artifacts_str=$(echo "${{ parameters.artifacts_binary }}" | tr -d '[:space:]') 26 | if [[ -z "$artifacts_str" ]]; then 27 | echo "##vso[task.setvariable variable=artifacts_present]false" 28 | else 29 | echo "##vso[task.setvariable variable=artifacts_present]true" 30 | fi 31 | condition: succeededOrFailed() 32 | 33 | # Copy binaries to the artifact staging directory 34 | - task: CopyFiles@2 35 | displayName: Copy Build Binaries 36 | inputs: 37 | targetFolder: "$(Build.ArtifactStagingDirectory)/Binaries" 38 | SourceFolder: "Build" 39 | contents: | 40 | ${{ parameters.artifacts_binary }} 41 | flattenFolders: true 42 | condition: and(succeededOrFailed(), eq(variables.artifacts_present, 'true')) 43 | 44 | # Publish build artifacts to Azure Artifacts/TFS or a file share 45 | - ${{ if eq(parameters.publish_artifacts, true) }}: 46 | - task: PublishPipelineArtifact@1 47 | continueOnError: true 48 | displayName: Publish Build Binaries 49 | inputs: 50 | targetPath: "$(Build.ArtifactStagingDirectory)/Binaries" 51 | artifactName: "Binaries ${{ parameters.artifacts_identifier }}" 52 | condition: and(succeededOrFailed(), eq(variables.artifacts_present, 'true')) 53 | -------------------------------------------------------------------------------- /Steps/BuildBaseTools.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to build BaseTools. 3 | # 4 | # Copyright (c) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | parameters: 9 | - name: extra_parameters 10 | displayName: Extra Edk2ToolsBuild.py Parameters 11 | type: string 12 | default: '' 13 | - name: tool_chain_tag 14 | displayName: Tool Chain (e.g. VS2022) 15 | type: string 16 | default: '' 17 | 18 | steps: 19 | - ${{ if contains(parameters.tool_chain_tag, 'GCC') }}: 20 | - bash: sudo apt-get update 21 | displayName: Update apt 22 | condition: and(gt(variables.pkg_count, 0), succeeded()) 23 | 24 | - bash: sudo apt-get install gcc g++ make uuid-dev 25 | displayName: Install required tools 26 | condition: and(gt(variables.pkg_count, 0), succeeded()) 27 | 28 | - task: CmdLine@2 29 | displayName: Build Base Tools from source 30 | inputs: 31 | script: python BaseTools/Edk2ToolsBuild.py -t ${{ parameters.tool_chain_tag }} ${{ parameters.extra_parameters }} 32 | condition: and(gt(variables.pkg_count, 0), succeeded()) 33 | 34 | - task: CopyFiles@2 35 | displayName: "Copy base tools build log" 36 | inputs: 37 | targetFolder: '$(Build.ArtifactStagingDirectory)/Logs' 38 | SourceFolder: 'BaseTools/BaseToolsBuild' 39 | contents: | 40 | BASETOOLS_BUILD*.* 41 | flattenFolders: true 42 | condition: and(gt(variables.pkg_count, 0), succeededOrFailed()) 43 | -------------------------------------------------------------------------------- /Steps/BuildPlatform.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to build a platform. 3 | # 4 | # Copyright (c) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | parameters: 9 | - name: artifacts_binary 10 | displayName: Binary Artifacts to Publish 11 | type: string 12 | default: '' 13 | - name: artifacts_identifier 14 | displayName: Artifacts Identifier 15 | type: string 16 | default: 'Artifacts' 17 | - name: artifacts_other 18 | displayName: Other Artifacts to Publish 19 | type: string 20 | default: '' 21 | - name: build_base_tools 22 | displayName: Build BaseTools 23 | type: boolean 24 | default: false 25 | - name: do_pr_eval 26 | displayName: Perform Stuart PR Evaluation 27 | type: boolean 28 | default: true 29 | - name: build_file 30 | displayName: Build File 31 | type: string 32 | default: '' 33 | - name: build_flags 34 | displayName: Build Flags 35 | type: string 36 | default: '' 37 | - name: build_pkg 38 | displayName: Build Package 39 | type: string 40 | default: '' 41 | - name: build_target 42 | displayName: Build Target (e.g. DEBUG, RELEASE) 43 | type: string 44 | default: '' 45 | - name: extra_install_step 46 | displayName: Extra Install Steps 47 | type: stepList 48 | default: [] 49 | - name: run_flags 50 | displayName: Run Flags 51 | type: string 52 | default: '' 53 | - name: run_timeout 54 | displayName: Run Timeout (in minutes) 55 | type: number 56 | default: 5 57 | - name: install_tools 58 | displayName: Install Build Tools 59 | type: boolean 60 | default: true 61 | - name: install_pip_modules 62 | displayName: Install PIP Modules 63 | type: boolean 64 | default: true 65 | - name: tool_chain_tag 66 | displayName: Tool Chain (e.g. VS2022) 67 | type: string 68 | default: '' 69 | - name: checkout_self 70 | displayName: Perform self checkout step 71 | type: boolean 72 | default: true 73 | - name: publish_artifacts 74 | displayName: Publish Artifacts 75 | type: boolean 76 | default: true 77 | 78 | steps: 79 | - ${{ if eq(parameters.checkout_self, true) }}: 80 | - checkout: self 81 | clean: true 82 | fetchDepth: 0 83 | # Note: Depth cannot be limited if PR Eval is used. A pipeline may choose 84 | # to use a shallow checkout if PR eval is not used. 85 | 86 | - template: SetupPythonPreReqs.yml 87 | parameters: 88 | install_python: ${{ parameters.install_tools }} 89 | install_pip_modules: ${{ parameters.install_pip_modules }} 90 | 91 | # Set default 92 | - bash: echo "##vso[task.setvariable variable=pkg_count]${{ 1 }}" 93 | 94 | # trim the package list if this is a PR 95 | - ${{ if eq(parameters.do_pr_eval, true) }}: 96 | - powershell: 97 | $TargetBranch = "$(System.PullRequest.targetBranch)".replace('refs/heads/', ''); 98 | Write-Host "##vso[task.setvariable variable=pr_compare_branch]origin/$TargetBranch"; 99 | displayName: Workaround for Branch Names 100 | condition: eq(variables['Build.Reason'], 'PullRequest') 101 | - task: CmdLine@2 102 | displayName: Check if ${{ parameters.build_pkg }} Needs Testing 103 | inputs: 104 | script: stuart_pr_eval -c ${{ parameters.build_file }} -t ${{ parameters.build_target}} --pr-target $(pr_compare_branch) --output-count-format-string "##vso[task.setvariable variable=pkg_count]{pkgcount}" 105 | condition: eq(variables['Build.Reason'], 'PullRequest') 106 | 107 | # Setup repo 108 | - task: CmdLine@2 109 | displayName: Setup 110 | inputs: 111 | script: stuart_setup -c ${{ parameters.build_file }} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}} -t ${{ parameters.build_target}} ${{ parameters.build_flags}} 112 | condition: and(gt(variables.pkg_count, 0), succeeded()) 113 | 114 | # Stuart Update 115 | - task: CmdLine@2 116 | displayName: Update 117 | inputs: 118 | script: stuart_update -c ${{ parameters.build_file }} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}} -t ${{ parameters.build_target}} ${{ parameters.build_flags}} 119 | condition: and(gt(variables.pkg_count, 0), succeeded()) 120 | 121 | # build basetools 122 | # do this after setup and update so that code base dependencies 123 | # are all resolved. 124 | - ${{ if eq(parameters.build_base_tools, true) }}: 125 | - template: BuildBaseTools.yml 126 | parameters: 127 | tool_chain_tag: ${{ parameters.tool_chain_tag }} 128 | 129 | # Potential Extra steps 130 | - ${{ parameters.extra_install_step }} 131 | 132 | # Build 133 | - task: CmdLine@2 134 | displayName: Build 135 | inputs: 136 | script: stuart_build -c ${{ parameters.build_file }} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}} TARGET=${{ parameters.build_target}} ${{ parameters.build_flags}} 137 | condition: and(gt(variables.pkg_count, 0), succeeded()) 138 | 139 | # Run 140 | - task: CmdLine@2 141 | displayName: Run to Shell 142 | inputs: 143 | script: stuart_build -c ${{ parameters.build_file }} TOOL_CHAIN_TAG=${{ parameters.tool_chain_tag}} TARGET=${{ parameters.build_target}} ${{ parameters.build_flags}} ${{ parameters.run_flags }} --FlashOnly 144 | condition: and(and(gt(variables.pkg_count, 0), succeeded()), eq(variables['Run'], true)) 145 | timeoutInMinutes: ${{ parameters.run_timeout }} 146 | 147 | # Copy build logs to the artifact staging directory 148 | - template: CommonLogCopyAndPublish.yml 149 | parameters: 150 | artifacts_identifier: ${{ parameters.artifacts_identifier }} 151 | publish_artifacts: ${{ parameters.publish_artifacts }} 152 | 153 | # Copy build binaries to the artifact staging directory 154 | - template: BinaryCopyAndPublish.yml 155 | parameters: 156 | artifacts_binary: ${{ parameters.artifacts_binary }} 157 | artifacts_identifier: ${{ parameters.artifacts_identifier }} 158 | publish_artifacts: ${{ parameters.publish_artifacts }} 159 | 160 | # Copy other files to the artifact staging directory 161 | - template: OtherCopyAndPublish.yml 162 | parameters: 163 | artifacts_other: ${{ parameters.artifacts_other }} 164 | artifacts_identifier: ${{ parameters.artifacts_identifier }} 165 | publish_artifacts: ${{ parameters.publish_artifacts }} 166 | -------------------------------------------------------------------------------- /Steps/CommonLogCopyAndPublish.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to copy the common log files produced 3 | # by an edk2 firmware build. 4 | # 5 | # Copyright (c) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | ## 8 | 9 | parameters: 10 | - name: artifacts_identifier 11 | displayName: Artifacts Identifier 12 | type: string 13 | default: 'Artifacts' 14 | - name: publish_artifacts 15 | displayName: Publish Artifacts 16 | type: boolean 17 | default: true 18 | 19 | steps: 20 | - task: CopyFiles@2 21 | displayName: Copy Build Logs 22 | inputs: 23 | targetFolder: "$(Build.ArtifactStagingDirectory)/Logs" 24 | SourceFolder: "Build" 25 | contents: | 26 | **/*coverage.xml 27 | **/BUILD_REPORT.TXT 28 | **/BUILD_TOOLS_REPORT.html 29 | **/BUILD_TOOLS_REPORT.json 30 | **/FD_REPORT.HTML 31 | **/OVERRIDELOG.TXT 32 | BASETOOLS_BUILD*.* 33 | BUILDLOG_*.md 34 | BUILDLOG_*.txt 35 | CI_*.md 36 | CI_*.txt 37 | CISETUP.txt 38 | PREVALLOG.txt 39 | SETUPLOG.txt 40 | TestSuites.xml 41 | UPDATE_LOG.txt 42 | flattenFolders: true 43 | condition: succeededOrFailed() 44 | 45 | - ${{ if eq(parameters.publish_artifacts, true) }}: 46 | - task: PublishPipelineArtifact@1 47 | continueOnError: true 48 | displayName: Publish Build Logs 49 | inputs: 50 | targetPath: '$(Build.ArtifactStagingDirectory)/Logs' 51 | artifactName: 'Logs ${{ parameters.artifacts_identifier }}' 52 | condition: succeededOrFailed() 53 | -------------------------------------------------------------------------------- /Steps/DownloadAzurePipelineArtifact.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to download Azure Pipeline artifacts. 3 | # 4 | # Copyright (c) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | parameters: 9 | - name: artifact_name 10 | displayName: Artifact Name 11 | type: string 12 | default: 'Binaries' 13 | - name: azure_org_name 14 | displayName: Azure Org Name 15 | type: string 16 | default: 'projectmu' 17 | - name: azure_proj_name 18 | displayName: Azure Project Name 19 | type: string 20 | default: 'mu' 21 | - name: azure_pipeline_def_id 22 | displayName: Azure Pipeline Definition ID 23 | type: string 24 | default: '0' 25 | - name: file_pattern 26 | displayName: File Pattern 27 | type: string 28 | default: '*' 29 | - name: target_dir 30 | displayName: Target Directory 31 | type: string 32 | default: '' 33 | - name: target_os 34 | displayName: Target OS For Task to Run 35 | type: string 36 | default: 'Windows_NT,Darwin,Linux' 37 | - name: task_display_name 38 | displayName: Task Display Name 39 | type: string 40 | default: 'Download Pipeline Artifact' 41 | - name: work_dir 42 | displayName: Work Directory 43 | type: string 44 | default: '' 45 | 46 | steps: 47 | 48 | - task: PythonScript@0 49 | displayName: ${{ parameters.task_display_name }} 50 | env: 51 | ARTIFACT_NAME: ${{ parameters.artifact_name }} 52 | AZURE_ORG_NAME: ${{ parameters.azure_org_name }} 53 | AZURE_PROJ_NAME: ${{ parameters.azure_proj_name }} 54 | AZURE_PIPELINE_DEF_ID: ${{ parameters.azure_pipeline_def_id }} 55 | FILE_PATTERN: ${{ parameters.file_pattern }} 56 | TARGET_DIR: ${{ parameters.target_dir }} 57 | WORK_DIR: ${{ parameters.work_dir }} 58 | inputs: 59 | scriptSource: inline 60 | workingDirectory: $(Agent.BuildDirectory) 61 | script: | 62 | import os 63 | import requests 64 | import shutil 65 | import zipfile 66 | from pathlib import Path 67 | 68 | ARTIFACT_NAME = os.environ["ARTIFACT_NAME"] 69 | AZURE_ORG_NAME = os.environ["AZURE_ORG_NAME"] 70 | AZURE_PROJ_NAME = os.environ["AZURE_PROJ_NAME"] 71 | AZURE_PIPELINE_DEF_ID = os.environ["AZURE_PIPELINE_DEF_ID"] 72 | FILE_PATTERN = os.environ["FILE_PATTERN"] 73 | TARGET_DIR = Path(os.environ["TARGET_DIR"]) 74 | WORK_DIR = os.environ["WORK_DIR"] 75 | 76 | build_id_url = f"https://dev.azure.com/{AZURE_ORG_NAME}/{AZURE_PROJ_NAME}/_apis/build/builds?definitions={AZURE_PIPELINE_DEF_ID}&$top=1&api-version=6.0" 77 | 78 | # Fetch the list of assets from the GitHub releases 79 | response = requests.get(build_id_url) 80 | response.raise_for_status() 81 | latest_build_id = response.json()["value"][0]["id"] 82 | 83 | artifact_url = f"https://dev.azure.com/{AZURE_ORG_NAME}/{AZURE_PROJ_NAME}/_apis/build/builds/{latest_build_id}/artifacts?artifactName={ARTIFACT_NAME}&api-version=6.0" 84 | response = requests.get(artifact_url) 85 | response.raise_for_status() 86 | download_url = response.json()["resource"]["downloadUrl"] 87 | 88 | print(f"Latest Build ID: {latest_build_id}") 89 | print(f"Artifact Download URL: {download_url}") 90 | 91 | download_path = Path(WORK_DIR, "artifact_download", ARTIFACT_NAME).with_suffix(".zip") 92 | download_path.parent.mkdir(parents=True) 93 | with requests.get(download_url, stream=True) as r: 94 | with download_path.open('wb') as f: 95 | for chunk in r.iter_content(chunk_size=8192): 96 | f.write(chunk) 97 | 98 | with zipfile.ZipFile(download_path, 'r') as zip_ref: 99 | zip_ref.extractall(download_path.parent) 100 | 101 | unzip_path = download_path.parent / ARTIFACT_NAME 102 | 103 | 104 | def flatten_copy(src: Path, dst: Path, pattern: str): 105 | if not dst.exists(): 106 | dst.mkdir(parents=True) 107 | 108 | for item in src.rglob(pattern): 109 | print(f"Current item is {item}") 110 | if item.is_dir(): 111 | flatten_copy(item, dst, pattern) 112 | else: 113 | shutil.copy2(item, dst) 114 | 115 | 116 | TARGET_DIR.mkdir(parents=True, exist_ok=True) 117 | flatten_copy(unzip_path, TARGET_DIR, FILE_PATTERN) 118 | shutil.rmtree(download_path.parent) 119 | condition: and(succeeded(), contains('${{ parameters.target_os}}', variables['Agent.OS'])) 120 | -------------------------------------------------------------------------------- /Steps/FetchGitHubFile.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to fetch a single file 3 | # from the top of a given branch in a public GitHub repo. 4 | # 5 | # Copyright (c) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | ## 8 | 9 | parameters: 10 | - name: dest_file_path 11 | displayName: Destination File Path 12 | type: string 13 | default: '' 14 | - name: display_name 15 | displayName: Display Name 16 | type: string 17 | default: Fetch GitHub File 18 | - name: github_repo 19 | displayName: GitHub Repo 20 | type: string 21 | default: '' 22 | - name: source_branch 23 | displayName: Source Branch 24 | type: string 25 | default: '' 26 | - name: source_file_path 27 | displayName: Source File Path 28 | type: string 29 | default: '' 30 | 31 | steps: 32 | 33 | - powershell: 34 | $branch_url = '${{ parameters.source_branch }}'.replace('refs/heads/', ''); 35 | $fetch_source = 'https://raw.githubusercontent.com/${{ parameters.github_repo }}/'+$branch_url+'/${{ parameters.source_file_path }}'; 36 | Write-Host $fetch_source; 37 | (New-Object System.Net.WebClient).DownloadFile($fetch_source, '${{ parameters.dest_file_path }}'); 38 | displayName: ${{ parameters.display_name }} 39 | condition: succeeded() 40 | -------------------------------------------------------------------------------- /Steps/InstallCoverageTools.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to install code coverage tools. 3 | # 4 | # Copyright (c) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | steps: 9 | 10 | - powershell: | 11 | Invoke-WebRequest -Uri https://github.com/OpenCppCoverage/OpenCppCoverage/releases/download/release-0.9.9.0/OpenCppCoverageSetup-x64-0.9.9.0.exe -OutFile $(Agent.TempDirectory)\OpenCppCoverageInstall.exe 12 | start-process -FilePath "$(Agent.TempDirectory)\OpenCppCoverageInstall.exe" -ArgumentList "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-" -NoNewWindow -Wait 13 | Write-Host "##vso[task.prependpath]C:\Program Files\OpenCppCoverage" 14 | displayName: Install Windows Code Coverage Tools 15 | condition: eq( variables['Agent.OS'], 'Windows_NT' ) 16 | -------------------------------------------------------------------------------- /Steps/InstallMarkdownLint.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to install markdownlint. 3 | # 4 | # Copyright (c) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | parameters: 8 | - name: extra_npm_args 9 | displayName: Extra npm arguments 10 | type: string 11 | default: '' 12 | 13 | steps: 14 | 15 | - script: npm install -g markdownlint-cli@0.32.2 ${{ parameters.extra_npm_args }} 16 | displayName: Install Markdown Linter 17 | condition: succeeded() 18 | -------------------------------------------------------------------------------- /Steps/InstallSpellCheck.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to install spell check (cspell). 3 | # 4 | # Copyright (c) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | parameters: 8 | - name: extra_npm_args 9 | displayName: Extra npm arguments 10 | type: string 11 | default: '' 12 | 13 | steps: 14 | 15 | - script: npm install -g cspell@5.20.0 ${{ parameters.extra_npm_args }} 16 | displayName: Install cspell npm 17 | condition: succeeded() 18 | -------------------------------------------------------------------------------- /Steps/OtherCopyAndPublish.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to publish miscellaneous (other) files specified in the template 3 | # parameters as build artifacts. 4 | # 5 | # Copyright (c) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | ## 8 | 9 | parameters: 10 | - name: artifacts_identifier 11 | displayName: Artifacts Identifier 12 | type: string 13 | default: 'Artifacts' 14 | - name: artifacts_other 15 | displayName: Other Artifacts to Publish 16 | type: string 17 | default: '' 18 | - name: publish_artifacts 19 | displayName: Publish Artifacts 20 | type: boolean 21 | default: true 22 | 23 | steps: 24 | - bash: | 25 | artifacts_str=$(echo "${{ parameters.artifacts_other }}" | tr -d '[:space:]') 26 | if [[ -z "$artifacts_str" ]]; then 27 | echo "##vso[task.setvariable variable=artifacts_present]false" 28 | else 29 | echo "##vso[task.setvariable variable=artifacts_present]true" 30 | fi 31 | condition: succeededOrFailed() 32 | 33 | # Copy other files to the artifact staging directory 34 | - task: CopyFiles@2 35 | displayName: Copy Other Files from Build 36 | inputs: 37 | targetFolder: "$(Build.ArtifactStagingDirectory)/Other" 38 | SourceFolder: "Build" 39 | contents: | 40 | ${{ parameters.artifacts_other }} 41 | flattenFolders: true 42 | condition: and(succeededOrFailed(), eq(variables.artifacts_present, 'true')) 43 | 44 | # Publish build artifacts to Azure Artifacts/TFS or a file share 45 | - ${{ if eq(parameters.publish_artifacts, true) }}: 46 | - task: PublishPipelineArtifact@1 47 | continueOnError: true 48 | displayName: Publish Other Files 49 | inputs: 50 | targetPath: "$(Build.ArtifactStagingDirectory)/Other" 51 | artifactName: "Other ${{ parameters.artifacts_identifier }}" 52 | condition: and(succeededOrFailed(), eq(variables.artifacts_present, 'true')) 53 | -------------------------------------------------------------------------------- /Steps/PublishCodeCoverage.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to merge and publish all code coverage results. 3 | # 4 | # Copyright (c) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | parameters: 9 | - name: checkout_self 10 | displayName: Perform self checkout step 11 | type: boolean 12 | default: true 13 | - name: setup_python 14 | displayName: Setup Python 15 | type: boolean 16 | default: true 17 | 18 | steps: 19 | - ${{ if eq(parameters.checkout_self, true) }}: 20 | - checkout: self 21 | clean: true 22 | fetchDepth: 1 23 | 24 | - ${{ if eq(parameters.setup_python, true ) }}: 25 | - template: SetupPythonPreReqs.yml 26 | parameters: 27 | install_python: true 28 | # 29 | # Download the build 30 | # 31 | - task: DownloadPipelineArtifact@2 32 | name: DownloadBuildLogArtifacts 33 | displayName: Download Log Artifacts 34 | inputs: 35 | buildType: 'current' 36 | targetPath: '$(Build.ArtifactStagingDirectory)/coverage/' 37 | itemPattern: "**/*_coverage.xml" 38 | 39 | - powershell: | 40 | $coverage_file_count=(Get-ChildItem $(Build.ArtifactStagingDirectory)/coverage/ -Recurse -Include *_coverage.xml).count 41 | Write-Host echo "##vso[task.setvariable variable=coverage_file_count]$coverage_file_count" 42 | displayName: Check For Coverage Files 43 | 44 | - task: CmdLine@2 45 | displayName: Merge Coverage Reports 46 | inputs: 47 | script: | 48 | dotnet tool install -g dotnet-reportgenerator-globaltool 49 | reportgenerator -reports:$(Build.ArtifactStagingDirectory)/coverage/**/*_coverage.xml -targetdir:$(Build.ArtifactStagingDirectory)/Coverage -reporttypes:Cobertura 50 | condition: gt(variables.coverage_file_count, 0) 51 | 52 | - task: PublishCodeCoverageResults@1 53 | displayName: Publish Code Coverage 54 | inputs: 55 | codeCoverageTool: Cobertura 56 | summaryFileLocation: '$(Build.ArtifactStagingDirectory)/Coverage/Cobertura.xml' 57 | condition: gt(variables.coverage_file_count, 0) 58 | -------------------------------------------------------------------------------- /Steps/Python/RunFlake8Tests.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to run flake8 and publish 3 | # an error log if any errors occur. 4 | # 5 | # Copyright (c) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | ## 8 | 9 | steps: 10 | - script: flake8 . 11 | displayName: 'Run flake8' 12 | condition: succeededOrFailed() 13 | 14 | # Only capture and archive the lint log on failures. 15 | - script: flake8 . > flake8.err.log 16 | displayName: 'Capture flake8 Failures' 17 | condition: Failed() 18 | 19 | - task: PublishBuildArtifacts@1 20 | inputs: 21 | pathtoPublish: 'flake8.err.log' 22 | artifactName: 'Flake8 Error Log File' 23 | continueOnError: true 24 | condition: Failed() 25 | -------------------------------------------------------------------------------- /Steps/Python/RunPytest.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to run pytest. 3 | # 4 | # Copyright (c) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | parameters: 9 | - name: code_cov_enabled 10 | displayName: Enable Code Coverage 11 | type: boolean 12 | default: false 13 | - name: root_package_folder 14 | displayName: Root Package Folder 15 | type: string 16 | default: '' 17 | 18 | steps: 19 | - script: pytest -v --junitxml=test.junit.xml --html=pytest_report.html --self-contained-html --cov=${{ parameters.root_package_folder }} --cov-report html:cov_html --cov-report xml:cov.xml --cov-config .coveragerc 20 | displayName: 'Run pytest Unit Tests' 21 | 22 | # Publish Test Results to Azure Pipelines/TFS 23 | - task: PublishTestResults@2 24 | displayName: 'Publish junit Test Results' 25 | continueOnError: true 26 | condition: succeededOrFailed() 27 | inputs: 28 | testResultsFormat: 'JUnit' # Options: JUnit, NUnit, VSTest, xUnit 29 | testResultsFiles: 'test.junit.xml' 30 | mergeTestResults: true # Optional 31 | publishRunAttachments: true # Optional 32 | 33 | # Publish build artifacts to Azure Pipelines 34 | - task: PublishBuildArtifacts@1 35 | inputs: 36 | pathtoPublish: 'pytest_report.html' 37 | artifactName: 'unit test report' 38 | continueOnError: true 39 | condition: succeededOrFailed() 40 | 41 | - script: | 42 | curl -s https://codecov.io/bash | bash -s -- -C $(Build.SourceVersion) -F $(Agent.OS) 43 | displayName: 'Upload to codecov.io' 44 | continueOnError: true 45 | condition: ${{parameters.code_cov_enabled}} 46 | 47 | # Publish Cobertura code coverage results 48 | - task: PublishCodeCoverageResults@1 49 | inputs: 50 | codeCoverageTool: 'cobertura' # Options: cobertura, jaCoCo 51 | summaryFileLocation: $(System.DefaultWorkingDirectory)/cov.xml 52 | reportDirectory: $(System.DefaultWorkingDirectory)/cov_html 53 | condition: succeededOrFailed() 54 | -------------------------------------------------------------------------------- /Steps/RunMarkdownLint.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step to lint markdown files 3 | # in the repository. 4 | # 5 | # markdownlint should be installed on the system 6 | # prior to invoking this template. 7 | # 8 | # Copyright (c) Microsoft Corporation. All rights reserved. 9 | # SPDX-License-Identifier: BSD-2-Clause-Patent 10 | ## 11 | 12 | steps: 13 | 14 | - script: markdownlint "**/*.md" 15 | displayName: Lint MD Files 16 | condition: succeeded() 17 | -------------------------------------------------------------------------------- /Steps/RunPatchCheck.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step to evaluate the patch series in a PR by 3 | # running BaseTools/Scripts/PatchCheck.py. 4 | # 5 | # NOTE: This example monitors pull requests against the edk2-ci branch. Most 6 | # environments would replace 'edk2-ci' with 'master'. 7 | # 8 | # Copyright (c) 2019 - 2020, Intel Corporation. All rights reserved.<BR> 9 | # Copyright (c) Microsoft Corporation. All rights reserved. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | # https://github.com/tianocore 13 | # 14 | ## 15 | 16 | trigger: none 17 | 18 | pr: 19 | - main 20 | 21 | pool: 22 | vmImage: 'ubuntu-latest' 23 | 24 | steps: 25 | - checkout: self 26 | clean: true 27 | fetchDepth: 0 28 | 29 | - template: Steps/SetupPythonPreReqs.yml 30 | - script: | 31 | git fetch origin $(System.PullRequest.TargetBranch):$(System.PullRequest.TargetBranch) 32 | python BaseTools/Scripts/PatchCheck.py $(System.PullRequest.TargetBranch)..$(System.PullRequest.SourceCommitId) 33 | displayName: Use PatchCheck.py to Verify Patch Series in Pull Request 34 | condition: succeeded() 35 | -------------------------------------------------------------------------------- /Steps/RunSpellCheck.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step to run spell check against 3 | # a set of files. 4 | # 5 | # cspell should be installed on the system 6 | # prior to invoking this template. 7 | # 8 | # Copyright (c) Microsoft Corporation. All rights reserved. 9 | # SPDX-License-Identifier: BSD-2-Clause-Patent 10 | ## 11 | 12 | parameters: 13 | - name: spell_check_parameters 14 | displayName: Spell Check (cspell) Parameters 15 | type: string 16 | default: "-c .cspell.json **/*.py" 17 | 18 | steps: 19 | 20 | - script: cspell ${{ parameters.spell_check_parameters }} 21 | displayName: Run Spell Check Test 22 | condition: succeeded() 23 | -------------------------------------------------------------------------------- /Steps/RustCargoSteps.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step to run common Cargo commands. 3 | # 4 | # Cargo should be installed on the system prior to invoking this template. 5 | # 6 | # Copyright (c) Microsoft Corporation. All rights reserved. 7 | # SPDX-License-Identifier: BSD-2-Clause-Patent 8 | ## 9 | 10 | parameters: 11 | - name: format_command 12 | displayName: Rust Format Command 13 | type: string 14 | default: "cargo fmt --all --check" 15 | - name: test_command 16 | displayName: Rust Test Command 17 | type: string 18 | default: "cargo make test" 19 | - name: build_command 20 | displayName: Rust Build Command 21 | type: string 22 | default: "cargo make build" 23 | - name: container_build 24 | displayName: Flag for whether a container is being used 25 | type: boolean 26 | default: false 27 | 28 | steps: 29 | 30 | - task: CmdLine@2 31 | displayName: Setup Cargo Dir Permissions (Linux) 32 | target: host 33 | inputs: 34 | script: | 35 | /usr/bin/docker exec mu_devops_build_container chown -R vsts_azpcontainer:docker_azpcontainer /.cargo 36 | /usr/bin/docker exec mu_devops_build_container chmod -R ug+rw /.cargo 37 | /usr/bin/docker exec mu_devops_build_container chown -R vsts_azpcontainer:docker_azpcontainer /.rustup 38 | /usr/bin/docker exec mu_devops_build_container chmod -R ug+rw /.rustup 39 | condition: and(eq('${{ parameters.container_build }}', 'true'), eq(variables['Agent.OS'], 'Linux')) 40 | 41 | - task: CmdLine@2 42 | displayName: cargo fmt 43 | inputs: 44 | script: ${{ parameters.format_command }} 45 | workingDirectory: '$(System.DefaultWorkingDirectory)' 46 | failOnStandardError: true 47 | condition: succeeded() 48 | 49 | - task: CmdLine@2 50 | displayName: cargo make test 51 | inputs: 52 | script: ${{ parameters.test_command }} 53 | workingDirectory: '$(System.DefaultWorkingDirectory)' 54 | failOnStandardError: true 55 | condition: succeeded() 56 | 57 | - task: CmdLine@2 58 | displayName: cargo make build 59 | inputs: 60 | script: ${{ parameters.build_command }} 61 | workingDirectory: '$(System.DefaultWorkingDirectory)' 62 | failOnStandardError: true 63 | condition: succeeded() 64 | -------------------------------------------------------------------------------- /Steps/RustSetupSteps.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step to run common Rust steps. 3 | # 4 | # Cargo should be installed on the system prior to invoking this template. 5 | # 6 | # Copyright (c) Microsoft Corporation. All rights reserved. 7 | # SPDX-License-Identifier: BSD-2-Clause-Patent 8 | ## 9 | 10 | # NOTE: Because this pipeline YAML file is a Nunjucks template, the pipeline syntax of `{{}}` will conflict with 11 | # Nunjucks style. Surround pipeline YAML code that uses `{{}}` within `raw` and `endraw` tags 12 | # to allow it to pass through Nunjucks processing. 13 | 14 | 15 | steps: 16 | 17 | # Note: This uses a local lookup table as opposed to `rustc -vV` since this is a Rust setup 18 | # template that tries to minimize assumptions about Rust tools already on a system. 19 | - task: PythonScript@0 20 | displayName: Get Host Rust Target Triple 21 | inputs: 22 | scriptSource: inline 23 | workingDirectory: $(Agent.BuildDirectory) 24 | script: | 25 | import os 26 | import platform 27 | 28 | system = platform.system() 29 | arch = platform.machine() 30 | 31 | rust_targets = { 32 | ('Windows', 'x86_64'): 'x86_64-pc-windows-msvc', 33 | ('Windows', 'AMD64'): 'x86_64-pc-windows-msvc', 34 | ('Windows', 'i386'): 'i686-pc-windows-msvc', 35 | ('Windows', 'i686'): 'i686-pc-windows-msvc', 36 | ('Linux', 'x86_64'): 'x86_64-unknown-linux-gnu', 37 | ('Linux', 'AMD64'): 'x86_64-unknown-linux-gnu', 38 | ('Linux', 'aarch64'): 'aarch64-unknown-linux-gnu', 39 | ('Linux', 'i386'): 'i686-unknown-linux-gnu', 40 | ('Linux', 'i686'): 'i686-unknown-linux-gnu', 41 | } 42 | 43 | print(f'System type = {system}') 44 | print(f'Architecture = {arch}') 45 | 46 | try: 47 | print(f'##vso[task.setvariable variable=rust_target_triple]{rust_targets[(system, arch)]}') 48 | except KeyError: 49 | print(f'##[error]Unsupported Host Combination! OS = {system}. Architecture = {arch}.') 50 | print(f'##vso[task.complete result=Failed;]Unsupported Host Combination! OS = {system}. Architecture = {arch}.') 51 | 52 | - script: | 53 | python -c "import os; print('##vso[task.setvariable variable=cargoBinPath]{}'.format(os.path.join(os.environ['USERPROFILE'], '.cargo', 'bin')))" 54 | displayName: Get Cargo bin Path (Windows) 55 | condition: eq(variables['Agent.OS'], 'Windows_NT') 56 | 57 | - script: | 58 | python -c "import os; print('##vso[task.setvariable variable=cargoBinPath]/.cargo/bin')" 59 | displayName: Get Cargo bin Path (Linux) 60 | condition: eq(variables['Agent.OS'], 'Linux') 61 | 62 | - task: CmdLine@2 63 | displayName: Setup Cargo Dir Permissions (Linux) 64 | target: host 65 | inputs: 66 | script: | 67 | /usr/bin/docker exec mu_devops_build_container chown -R vsts_azpcontainer:docker_azpcontainer /.cargo 68 | /usr/bin/docker exec mu_devops_build_container chmod -R ug+rw /.cargo 69 | /usr/bin/docker exec mu_devops_build_container chown -R vsts_azpcontainer:docker_azpcontainer /.rustup 70 | /usr/bin/docker exec mu_devops_build_container chmod -R ug+rw /.rustup 71 | condition: eq(variables['Agent.OS'], 'Linux') 72 | 73 | # 74 | # Linux will use a container image pre-loaded with the designated Rust version. Windows does not use a container 75 | # image, but will have a VM image with a very recent version of Rust installed. This step installs the same toolchain 76 | # version used in the Linux container for consistency between the two. The cargo-make and cargo-tarpaulin versions 77 | # placed in the container image are the latest at the time the image is built. That should be equal to or less than 78 | # the latest version available when the pipeline is run. Get the latest available in the cache pipelines and use 79 | # those on both Linux and Windows agents for consistency in the pipeline runs. 80 | # 81 | - script: | 82 | rustup install --no-self-update 1.85.0 83 | displayName: Install Rust 1.85.0 (Windows) 84 | condition: eq(variables['Agent.OS'], 'Windows_NT') 85 | 86 | - script: | 87 | rustup default 1.85.0 88 | displayName: Set Rust 1.85.0 (Windows) 89 | condition: eq(variables['Agent.OS'], 'Windows_NT') 90 | 91 | - script: pip install requests --upgrade 92 | displayName: Install and Upgrade requests PIP Module 93 | condition: succeeded() 94 | 95 | - template: DownloadAzurePipelineArtifact.yml 96 | parameters: 97 | task_display_name: Download Cargo Binstall (Windows) 98 | artifact_name: Binaries 99 | azure_pipeline_def_id: 169 100 | file_pattern: "**/cargo-binstall.exe" 101 | target_dir: "$(cargoBinPath)" 102 | target_os: "Windows_NT" 103 | work_dir: "$(Agent.TempDirectory)" 104 | 105 | - template: DownloadAzurePipelineArtifact.yml 106 | parameters: 107 | task_display_name: Download Cargo Binstall (Linux) 108 | artifact_name: Binaries 109 | azure_pipeline_def_id: 169 110 | file_pattern: "**/cargo-binstall" 111 | target_dir: "$(Agent.TempDirectory)" 112 | target_os: "Linux" 113 | work_dir: "$(Agent.TempDirectory)" 114 | 115 | - script: | 116 | cp $AGENT_TEMPDIRECTORY/cargo-binstall /.cargo/bin 117 | displayName: Copy cargo-binstall 118 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux')) 119 | 120 | - script: | 121 | sudo chmod +x /.cargo/bin/cargo-binstall 122 | displayName: Make cargo-binstall executable 123 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux')) 124 | 125 | - script: | 126 | cargo binstall -y cargo-make --version 0.37.24 127 | displayName: Install cargo-make 128 | 129 | - script: | 130 | cargo binstall -y cargo-tarpaulin --version 0.31.5 131 | displayName: Install cargo-tarpaulin 132 | 133 | - script: rustup component add rustfmt rust-src --toolchain 1.85.0-$(rust_target_triple) 134 | displayName: rustup add rust-src 135 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT')) 136 | -------------------------------------------------------------------------------- /Steps/SetNodeVersion.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template to set the Node version. 3 | # 4 | # Copyright (c) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | steps: 9 | 10 | - task: NodeTool@0 11 | inputs: 12 | versionSpec: '19.x' 13 | condition: succeeded() 14 | -------------------------------------------------------------------------------- /Steps/SetupPythonPreReqs.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step to setup Python pre-requisites. 3 | # 4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 5 | # instead of the file in this repo. 6 | # 7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 9 | # 10 | # Copyright (c) Microsoft Corporation. All rights reserved. 11 | # SPDX-License-Identifier: BSD-2-Clause-Patent 12 | ## 13 | 14 | # NOTE: Because this pipeline YAML file is a Nunjucks template, the pipeline syntax of `{{}}` will conflict with 15 | # Nunjucks style. Surround pipeline YAML code that uses `{{}}` within `raw` and `endraw` tags 16 | # to allow it to pass through Nunjucks processing. 17 | 18 | parameters: 19 | - name: install_pip_modules 20 | displayName: Install PIP Modules 21 | type: boolean 22 | default: true 23 | - name: install_python 24 | displayName: Install Python 25 | type: boolean 26 | default: true 27 | - name: pip_requirement_files 28 | displayName: Pip Requirement Files 29 | type: string 30 | default: -r pip-requirements.txt 31 | 32 | steps: 33 | 34 | - ${{ if eq(parameters.install_python, true) }}: 35 | - task: UsePythonVersion@0 36 | inputs: 37 | versionSpec: 3.12 38 | architecture: x64 39 | 40 | - ${{ if eq(parameters.install_pip_modules, true) }}: 41 | - script: python -m pip install --upgrade pip setuptools wheel 42 | displayName: Install Wheel and SetupTools 43 | condition: succeeded() 44 | 45 | - script: pip install ${{ parameters.pip_requirement_files }} --upgrade 46 | displayName: Install and Upgrade pip Modules 47 | condition: succeeded() 48 | -------------------------------------------------------------------------------- /Steps/SetupToolChainTagPreReqs.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step to setup Python pre-requisites. 3 | # 4 | # Copyright (c) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | steps: 9 | - powershell: 10 | wget https://apt.llvm.org/llvm.sh; 11 | chmod +x llvm.sh; 12 | sudo ./llvm.sh 18; 13 | displayName: Install LLVM 18 on Linux; 14 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Linux')) 15 | 16 | - powershell: 17 | choco install make --force; Write-Host "##vso[task.prependpath]$env:ChocolateyInstall\bin\"; 18 | choco install llvm --version=18.1.5 --install-arguments="'/NCRC /S /D=$(Agent.TempDirectory)\LLVM'" --force; Write-Host "##vso[task.prependpath]$(Agent.TempDirectory)\LLVM\bin\"; 19 | displayName: Install LLVM 18 on Windows 20 | condition: and(succeeded(), eq(variables['Agent.OS'], 'Windows_NT')) 21 | -------------------------------------------------------------------------------- /Steps/UploadCodeCoverage.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipelines step template upload code coverage to codecov.io 3 | # 4 | # Set `coverage_upload_target` to `codecov` or `ado` rather than passing it 5 | # as a parameter to this template. 6 | # 7 | # Follows the codecov.io documentation for uploading code coverage reports: 8 | # https://docs.codecov.com/docs/codecov-uploader 9 | # 10 | # Copyright (c) Microsoft Corporation. All rights reserved. 11 | # SPDX-License-Identifier: BSD-2-Clause-Patent 12 | ## 13 | 14 | parameters: 15 | - name: report_dir 16 | displayName: Code Coverage Report 17 | type: string 18 | default: '' 19 | - name: flag 20 | displayName: Use Package Flags 21 | type: string 22 | default: '' 23 | - name: install_dependencies 24 | displayName: Install Pypi Dependencies 25 | type: boolean 26 | default: true 27 | 28 | steps: 29 | - task: PythonScript@0 30 | displayName: Detect Code Coverage Target and Files 31 | env: 32 | UPLOAD_TARGET: $(coverage_upload_target) 33 | REPORT_DIR: ${{ parameters.report_dir }} 34 | inputs: 35 | scriptSource: inline 36 | script: | 37 | import os 38 | from pathlib import Path 39 | 40 | UPLOAD_TARGET = os.environ['UPLOAD_TARGET'] 41 | REPORT_DIR = os.environ['REPORT_DIR'] 42 | 43 | print(f'##vso[task.setvariable variable=upload_target]{UPLOAD_TARGET}') 44 | print(f'Code Coverage Upload Target: {UPLOAD_TARGET}') 45 | 46 | print(f'##vso[task.setvariable variable=coverage_file_count]{len(list(Path(REPORT_DIR).rglob("*coverage.xml")))}') 47 | print(f'Code Coverage Files: {list(Path(REPORT_DIR).rglob("*coverage.xml"))}') 48 | # 49 | # Steps to upload to Azure DevOps 50 | # 51 | - task: PublishCodeCoverageResults@2 52 | displayName: "Coverage ADO ${{ parameters.flag }}: Publish" 53 | inputs: 54 | summaryFileLocation: '${{ parameters.report_dir }}/**/*coverage.xml' 55 | condition: and(eq(variables['upload_target'] , 'ado'), gt(variables.coverage_file_count, 0)) 56 | # 57 | # All Steps to upload to codecov.io 58 | # 59 | - ${{ if eq(parameters.install_dependencies, true) }}: 60 | - script: | 61 | pip install requests 62 | displayName: "Coverage CodeCov ${{ parameters.flag }}: Install Python Dependencies" 63 | condition: and(eq(variables['upload_target'] , 'codecov'), gt(variables.coverage_file_count, 0)) 64 | 65 | - task: PythonScript@0 66 | displayName: "Coverage CodeCov ${{ parameters.flag }}: Download and Verify Codecov Uploader" 67 | condition: and(eq(variables['upload_target'] , 'codecov'), gt(variables.coverage_file_count, 0)) 68 | inputs: 69 | scriptSource: inline 70 | script: | 71 | import platform 72 | import requests 73 | import hashlib 74 | import os 75 | 76 | system = platform.system() 77 | 78 | if system == 'Windows': 79 | url = 'https://uploader.codecov.io/latest/windows/codecov.exe' 80 | filename = 'codecov.exe' 81 | checksum_url = 'https://uploader.codecov.io/latest/windows/codecov.exe.SHA256SUM' 82 | checksum_filename = 'codecov.exe.SHA256SUM' 83 | print(f'##vso[task.setvariable variable=codecov_uploader_cmd].\{filename}') 84 | elif system == 'Linux': 85 | url = 'https://uploader.codecov.io/latest/linux/codecov' 86 | filename = 'codecov' 87 | checksum_url = 'https://uploader.codecov.io/latest/linux/codecov.SHA256SUM' 88 | checksum_filename = 'codecov.SHA256SUM' 89 | print(f'##vso[task.setvariable variable=codecov_uploader_cmd]./{filename}') 90 | else: 91 | print(f'##[error]Unsupported Host System! System = {system}.') 92 | print(f'##vso[task.complete result=Failed;]Unsupported Host System! System = {system}.') 93 | 94 | response = requests.get(url) 95 | if response.status_code == 200: 96 | with open(filename, 'wb') as f: 97 | f.write(response.content) 98 | else: 99 | print(f'##[error]Failed to download Uploader. Error code: {response.status_code}.') 100 | print(f'##vso[task.complete result=Failed;]Failed to download Uploader. Error code: {response.status_code}.') 101 | 102 | response = requests.get(checksum_url) 103 | if response.status_code == 200: 104 | with open(checksum_filename, 'wb') as f: 105 | f.write(response.content) 106 | else: 107 | print(f'##[error]Failed to download Checksum file. Error code: {response.status_code}.') 108 | print(f'##vso[task.complete result=Failed;]Failed to download Checksum file. Error code: {response.status_code}.') 109 | 110 | with open(checksum_filename, 'r') as f: 111 | expected_hash = f.read().split(' ')[0] 112 | 113 | actual_hash = hashlib.new('sha256') 114 | with open(filename, 'rb') as f: 115 | for chunk in iter(lambda: f.read(4096), b''): 116 | actual_hash.update(chunk) 117 | 118 | if expected_hash != actual_hash.hexdigest(): 119 | print(f'##[error]Checksum did not match. Expected: {expected_hash}; Actual: {actual_hash.hexdigest()}.') 120 | print(f'##vso[task.complete result=Failed;]Hash Mismatch.') 121 | 122 | if system == 'Linux': 123 | os.chmod(filename, 0o755) 124 | 125 | - task: PythonScript@0 126 | displayName: "Coverage CodeCov ${{ parameters.flag }}: Upload Results" 127 | condition: and(eq(variables['upload_target'] , 'codecov'), gt(variables.coverage_file_count, 0)) 128 | env: 129 | COV_FLAG: ${{ parameters.flag }} 130 | REPORT_DIR: ${{ parameters.report_dir }} 131 | UPLOAD_CMD: $(codecov_uploader_cmd) 132 | inputs: 133 | scriptSource: inline 134 | script: | 135 | from pathlib import Path 136 | import io 137 | import os 138 | import subprocess 139 | 140 | COV_FLAG = os.environ['COV_FLAG'] 141 | REPORT_DIR = os.environ['REPORT_DIR'] 142 | UPLOAD_CMD = os.environ['UPLOAD_CMD'] 143 | 144 | for cov_file in Path(REPORT_DIR).rglob('*coverage.xml'): 145 | cmd = f'{UPLOAD_CMD} -f {cov_file} -Z' 146 | if COV_FLAG: 147 | cmd += f' -F {COV_FLAG}' 148 | process = subprocess.Popen( 149 | cmd, 150 | stdout=subprocess.PIPE, 151 | stderr=subprocess.PIPE, 152 | shell=True) 153 | output, error = process.communicate() 154 | print(f"##[debug]{output.decode('utf-8')}") 155 | if process.returncode != 0: 156 | print(f"##[error]{error.decode('utf-8')}") 157 | raise Exception(f"{UPLOAD_CMD} failed with Return Code: " 158 | f"{process.returncode}.") 159 | --------------------------------------------------------------------------------