From c15125f131806548e314e5dad6f3fd292c047d19 Mon Sep 17 00:00:00 2001 From: "Project Mu UEFI Bot [bot]" <45776386+uefibot@users.noreply.github.com> Date: Mon, 20 Nov 2023 22:21:11 -0500 Subject: [PATCH] [REBASE&FF] Repo File Sync: Enable code coverage uploads to codecov (#214) --- .azurepipelines/Matrix-Build-Job.yml | 75 --- .azurepipelines/MuDevOpsWrapper.yml | 121 +++++ .azurepipelines/Ubuntu-GCC5.yml | 68 +-- .azurepipelines/Windows-VS.yml | 60 ++- .devcontainer/devcontainer.json | 12 + .gitattributes | 1 + .github/ISSUE_TEMPLATE/bug_report.yml | 155 ++++++ .github/ISSUE_TEMPLATE/config.yml | 16 + .../ISSUE_TEMPLATE/documentation_request.yml | 65 +++ .github/ISSUE_TEMPLATE/feature_request.yml | 108 ++++ .github/advanced-issue-labeler.yml | 54 ++ .github/codecov.yml | 12 + .github/dependabot.yml | 66 ++- .github/pull_request_template.md | 42 ++ .github/release-draft-config-n-1.yml | 100 ++++ .github/release-draft-config-n.yml | 100 ++++ .github/workflows/auto-approve.yml | 33 ++ .github/workflows/auto-merge.yml | 36 ++ .github/workflows/codeql.yml | 478 ++++++++++++++++++ .github/workflows/issue-assignment.yml | 26 + .github/workflows/label-issues.yml | 39 ++ .github/workflows/label-issues/file-paths.yml | 18 + .../label-issues/regex-pull-requests.yml | 30 ++ .github/workflows/label-sync.yml | 12 +- .../pull-request-formatting-validator.yml | 59 +++ .github/workflows/release-draft.yml | 36 ++ .github/workflows/scheduled-maintenance.yml | 5 + .github/workflows/stale.yml | 13 +- .github/workflows/triage-issues.yml | 26 + .markdownlint.yaml | 35 +- .pytool/CISettings.py | 36 +- CONTRIBUTING.md | 102 ++++ License.txt | 102 ++-- SECURITY.md | 39 ++ pip-requirements.txt | 2 +- 35 files changed, 1941 insertions(+), 241 deletions(-) delete mode 100644 .azurepipelines/Matrix-Build-Job.yml create mode 100644 .azurepipelines/MuDevOpsWrapper.yml create mode 100644 .devcontainer/devcontainer.json create mode 100644 .gitattributes create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/documentation_request.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml create mode 100644 .github/advanced-issue-labeler.yml create mode 100644 .github/codecov.yml create mode 100644 .github/pull_request_template.md create mode 100644 .github/release-draft-config-n-1.yml create mode 100644 .github/release-draft-config-n.yml create mode 100644 .github/workflows/auto-approve.yml create mode 100644 .github/workflows/auto-merge.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/issue-assignment.yml create mode 100644 .github/workflows/label-issues.yml create mode 100644 .github/workflows/label-issues/file-paths.yml create mode 100644 .github/workflows/label-issues/regex-pull-requests.yml create mode 100644 .github/workflows/pull-request-formatting-validator.yml create mode 100644 .github/workflows/release-draft.yml create mode 100644 .github/workflows/triage-issues.yml create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md diff --git a/.azurepipelines/Matrix-Build-Job.yml b/.azurepipelines/Matrix-Build-Job.yml deleted file mode 100644 index 7b3bbc69dd..0000000000 --- a/.azurepipelines/Matrix-Build-Job.yml +++ /dev/null @@ -1,75 +0,0 @@ -## @file -# Template file for generating a build job matrix for the packages currently supported for -# build in Mu Common Intel MinPlatform. -# -# Copyright (c) Microsoft Corporation. -# Copyright (c) 2020 - 2021, ARM Limited. All rights reserved.
-# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -parameters: -- name: arch_list - displayName: Architectures (e.g. IA32, X64) - type: string - default: '' -- name: extra_build_args - displayName: Extra Build Command Arguments - type: string - default: '' -- name: extra_install_step - displayName: Extra Install Steps - type: stepList - default: - - script: echo No extra steps provided -- name: tool_chain_tag - displayName: Tool Chain (e.g. VS2022) - type: string - default: '' -- name: vm_image - displayName: Virtual Machine Image (e.g. windows-latest) - type: string - default: 'windows-latest' -- name: container_image - displayName: Container Image - type: string - default: '' - -jobs: - -- job: Build - timeoutInMinutes: 120 - # Use matrix to speed up the build process - strategy: - matrix: - TARGET_MinPlatform: - Build.Pkgs: 'MinPlatformPkg' - Build.Targets: 'DEBUG,RELEASE,NO-TARGET,NOOPT' - - workspace: - clean: all - - ${{ if ne(parameters.container_image, '') }}: - container: ${{ parameters.container_image }} - - pool: - vmImage: ${{ parameters.vm_image }} - - steps: - - ${{ if and(ne(parameters.container_image, ''), not(contains(parameters.vm_image, 'windows'))) }}: - - script: echo "##vso[task.prependpath]/home/vsts_azpcontainer/.local/bin" - displayName: Add User Local Bin to Path - - template: Steps/PrGate.yml@mu_devops - parameters: - artifacts_identifier: '$(Build.Pkgs) $(Build.Targets)' - build_archs: ${{ parameters.arch_list }} - build_pkgs: $(Build.Pkgs) - build_targets: $(Build.Targets) - do_ci_build: true - do_ci_setup: true - do_non_ci_build: false - do_non_ci_setup: true - do_pr_eval: true - extra_build_args: ${{ parameters.extra_build_args }} - extra_install_step: ${{ parameters.extra_install_step }} - tool_chain_tag: ${{ parameters.tool_chain_tag }} - install_tools: ${{ eq(parameters.container_image, '') }} diff --git a/.azurepipelines/MuDevOpsWrapper.yml b/.azurepipelines/MuDevOpsWrapper.yml new file mode 100644 index 0000000000..e838283829 --- /dev/null +++ b/.azurepipelines/MuDevOpsWrapper.yml @@ -0,0 +1,121 @@ +## @file +# Azure Pipeline build file for a build using mu_devops. +# +# To upload coverage results, set `coverage_upload_target` to `ado` or `codecov`. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +resources: + repositories: + - repository: mu_devops + type: github + endpoint: microsoft + name: microsoft/mu_devops + ref: refs/tags/v10.0.0 + +parameters: +- name: do_ci_build + displayName: Perform Stuart CI Build + type: boolean + default: true +- name: do_ci_setup + displayName: Perform Stuart CI Setup + type: boolean + default: true +- name: do_non_ci_build + displayName: Perform non-CI Stuart Build + type: boolean + default: false +- name: do_non_ci_setup + displayName: Perform non-CI Stuart Setup + type: boolean + default: false +- name: do_pr_eval + displayName: Perform Stuart PR Evaluation + type: boolean + default: true +- name: container_build + displayName: Flag for whether this repo should do stuart_setup + type: boolean + default: false +- name: os_type + displayName: OS type on the self-hosted agent pools + type: string + values: + - Windows_NT + - Linux + default: Windows_NT +- name: build_matrix + displayName: Build matrix for this repository + type: object +- name: pool_name + displayName: Variable name that hosts pool name to be used for self-hosted agents + type: string + default: pool_name +- name: extra_install_step + displayName: Extra Install Steps + type: stepList + default: + - script: echo No extra steps provided +- name: extra_jobs + displayName: Extra Jobs to be run after build + type: jobList + default: [] +- name: rust_build + displayName: Whether Rust code is being built + type: boolean + default: false +- name: extra_cargo_steps + displayName: Extra Steps to Run Before Standard Cargo Steps + type: stepList + default: + - script: echo No extra cargo steps provided + +jobs: +- template: Jobs/PrGate.yml@mu_devops + parameters: + linux_container_image: ghcr.io/microsoft/mu_devops/ubuntu-22-build:0e124c1 + ${{ if eq(parameters.rust_build, true) }}: + linux_container_options: --security-opt seccomp=unconfined + do_ci_build: ${{ parameters.do_ci_build }} + do_ci_setup: ${{ parameters.do_ci_setup }} + do_pr_eval: ${{ parameters.do_pr_eval }} + do_non_ci_setup: ${{ parameters.do_non_ci_setup }} + do_non_ci_build: ${{ parameters.do_non_ci_build }} + build_matrix: ${{ parameters.build_matrix }} + os_type: ${{ parameters.os_type }} + pool_name: ${{ parameters.pool_name }} + extra_install_step: ${{ parameters.extra_install_step }} + tool_chain_tag: $(tool_chain_tag) + vm_image: $(vm_image) + container_build: ${{ parameters.container_build }} + rust_build: ${{ parameters.rust_build }} + +- ${{ if eq(parameters.rust_build, true) }}: + - job: CargoCmds + displayName: Workspace Cargo Commands + + container: + + image: ghcr.io/microsoft/mu_devops/ubuntu-22-build:0e124c1 + options: --user root --name mu_devops_build_container --security-opt seccomp=unconfined + + steps: + - checkout: self + fetchDepth: 1 + clean: true + - ${{ parameters.extra_cargo_steps }} + - template: Steps/RustCargoSteps.yml@mu_devops + parameters: + container_build: true + +- ${{ parameters.extra_jobs }} + diff --git a/.azurepipelines/Ubuntu-GCC5.yml b/.azurepipelines/Ubuntu-GCC5.yml index 367e414499..e299a2d476 100644 --- a/.azurepipelines/Ubuntu-GCC5.yml +++ b/.azurepipelines/Ubuntu-GCC5.yml @@ -1,32 +1,36 @@ -## @file -# Azure Pipeline build file for a build using Ubuntu and GCC. -# -# Copyright (c) Microsoft Corporation. -# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.
-# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -resources: - repositories: - - repository: mu_devops - type: github - endpoint: microsoft - name: microsoft/mu_devops - ref: main - -variables: -- group: architectures-arm-64-x86-64 -- group: tool-chain-ubuntu-gcc - -jobs: -- template: Matrix-Build-Job.yml - parameters: - arch_list: $(arch_list) - extra_build_args: CODE_COVERAGE=TRUE CC_HTML=TRUE - extra_install_step: - - script: | - sudo apt-get install -y mingw-w64 lcov - pip install lcov_cobertura pycobertura - displayName: Install Windows Resource Compiler for Linux & Code Coverage Tools - tool_chain_tag: $(tool_chain_tag) - vm_image: $(vm_image) +## @file +# Azure Pipeline build file for a build using Ubuntu and GCC. +# +# IMPORTANT: This file requires the local repo to contain a .azurepipelines/Matrix-Build-Job.yml file that +# performs the actual build steps for the configurations and packages supported by the repo. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +variables: +- group: architectures-arm-64-x86-64 +- group: tool-chain-ubuntu-gcc +- group: coverage + +extends: + template: MuDevOpsWrapper.yml + parameters: + do_ci_build: true + do_ci_setup: true + do_non_ci_build: false + do_non_ci_setup: true + do_pr_eval: true + container_build: true + os_type: Linux + build_matrix: + TARGET_MinPlatform: + Pkgs: 'MinPlatformPkg' + Targets: 'DEBUG,RELEASE,NO-TARGET,NOOPT' + ArchList: $(arch_list) diff --git a/.azurepipelines/Windows-VS.yml b/.azurepipelines/Windows-VS.yml index d291ebf2b4..0bc7e1fd4d 100644 --- a/.azurepipelines/Windows-VS.yml +++ b/.azurepipelines/Windows-VS.yml @@ -1,25 +1,35 @@ -## @file -# Azure Pipeline build file for a build using Windows and the latest Visual Studio toolchain supported. -# -# Copyright (c) Microsoft Corporation. -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -resources: - repositories: - - repository: mu_devops - type: github - endpoint: microsoft - name: microsoft/mu_devops - ref: main - -variables: -- group: architectures-x86-64 -- group: tool-chain-windows-visual-studio-latest - -jobs: -- template: Matrix-Build-Job.yml - parameters: - arch_list: $(arch_list) - tool_chain_tag: $(tool_chain_tag) - vm_image: $(vm_image) +## @file +# Azure Pipeline build file for a build using Windows and the latest Visual Studio toolchain supported. +# +# IMPORTANT: This file requires the local repo to contain a .azurepipelines/Matrix-Build-Job.yml file that +# performs the actual build steps for the configurations and packages supported by the repo. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +variables: +- group: architectures-x86-64 +- group: tool-chain-windows-visual-studio-latest +- group: coverage + +extends: + template: MuDevOpsWrapper.yml + parameters: + do_ci_build: true + do_ci_setup: true + do_non_ci_build: false + do_non_ci_setup: true + do_pr_eval: true + os_type: Windows_NT + build_matrix: + TARGET_MinPlatform: + Pkgs: 'MinPlatformPkg' + Targets: 'DEBUG,RELEASE,NO-TARGET,NOOPT' + ArchList: $(arch_list) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000000..b0bc4640af --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,12 @@ +{ + "image": "ghcr.io/microsoft/mu_devops/ubuntu-22-dev:latest", + "postCreateCommand": "git config --global --add safe.directory '*' && git config --global --add core.autocrlf false && pip install --upgrade -r pip-requirements.txt", + "customizations": { + "vscode": { + "extensions": [ + "ms-vscode.cpptools", + "DavidAnson.vscode-markdownlint" + ] + } + } +} diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000..625449502b --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +* -text diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000000..9b8fc3118b --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,155 @@ +# Project Mu GitHub Bug Report Template +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: 🐛 Bug Report +description: File a bug report +title: "[Bug]: " +labels: ["type:bug", "state:needs-triage"] + +body: + - type: markdown + attributes: + value: | + 👋 Thanks for taking the time to fill out this bug report! + + - type: checkboxes + attributes: + label: Is there an existing issue for this? + description: Please search to see if an issue already exists for the bug you encountered. + options: + - label: I have searched existing issues + required: true + + - type: textarea + id: current_behavior + attributes: + label: Current Behavior + description: A concise description of the bug that you're experiencing. + validations: + required: true + + - type: textarea + id: expected_behavior + attributes: + label: Expected Behavior + description: A concise description of what you expected to happen. + validations: + required: true + + - type: textarea + id: steps_to_reproduce + attributes: + label: Steps To Reproduce + description: Steps to reproduce the behavior. + placeholder: | + <example> + 1. In this environment... + 2. With this config... + 3. Boot to '...' + 4. Change option '...' + 4. See error... + validations: + required: true + + - type: textarea + id: build_environment + attributes: + label: Build Environment + description: | + examples: + - **OS**: Ubuntu 20.04 or Windows 11... + - **Tool Chain**: GCC5 or VS2022 or CLANGPDB... + - **Targets Impacted**: RELEASE, DEBUG, NO-TARGET, NOOPT... + value: | + - OS(s): + - Tool Chain(s): + - Targets Impacted: + render: markdown + validations: + required: true + + - type: textarea + id: version_info + attributes: + label: Version Information + description: What version of this repo reproduces the problem? + placeholder: | + Commit: <SHA> + -or- + Tag: <Tag> + render: text + validations: + required: true + + - type: markdown + attributes: + value: | + **Urgency Key** + - 🟢 **Low** + - A minor change with little to no important functional impact + - It is not important to fix this in a specific time frame + - 🟡 **Medium** + - An important change with a functional impact + - Will be prioritized above *low* issues in the normal course of development + - 🔥 **High** + - A critical change that has a significant functional impact + - Must be fixed immediately + + - type: dropdown + id: urgency + attributes: + label: Urgency + description: How urgent is it to fix this bug? + multiple: false + options: + - Low + - Medium + - High + validations: + required: true + + - type: dropdown + id: fix_owner + attributes: + label: Are you going to fix this? + description: Indicate if you are going to fix this or requesting someone else fix it. + multiple: false + options: + - I will fix it + - Someone else needs to fix it + validations: + required: true + + - type: dropdown + id: needs_maintainer_feedback + attributes: + label: Do you need maintainer feedback? + description: Indicate if you would like a maintainer to provide feedback on this submission. + multiple: false + options: + - No maintainer feedback needed + - Maintainer feedback requested + validations: + required: true + + - type: textarea + id: anything_else + attributes: + label: Anything else? + description: | + Links? References? Anything that will give us more context about the issue you are encountering. + + Serial debug logs and/or debugger logs are especially helpful! + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000000..12ad7f8200 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,16 @@ +# Project Mu GitHub Issue Configuration File +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +contact_links: + - name: 📃 Project Mu Documentation + url: https://microsoft.github.io/mu/ + about: Goals, principles, repo layout, build instructions, and more. diff --git a/.github/ISSUE_TEMPLATE/documentation_request.yml b/.github/ISSUE_TEMPLATE/documentation_request.yml new file mode 100644 index 0000000000..66ccab2244 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/documentation_request.yml @@ -0,0 +1,65 @@ +# Project Mu GitHub Documentation Request Template +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: 📖 Documentation Request +description: Request a documentation change +title: "[Documentation]: <title>" +labels: ["type:documentation", "state:needs-triage"] + +body: + - type: markdown + attributes: + value: | + 👋 Thanks for taking the time to help us improve our documentation! + + - type: textarea + id: request_description + attributes: + label: Request Description + description: A clear and concise description of what needs to change. + validations: + required: true + + - type: dropdown + id: request_owner + attributes: + label: Are you going to make the change? + description: Indicate if you are going to make this change or requesting someone else make it. + multiple: false + options: + - I will make the change + - Someone else needs to make the change + validations: + required: true + + - type: dropdown + id: needs_maintainer_feedback + attributes: + label: Do you need maintainer feedback? + description: Indicate if you would like a maintainer to provide feedback on this submission. + multiple: false + options: + - No maintainer feedback needed + - Maintainer feedback requested + validations: + required: true + + - type: textarea + id: anything_else + attributes: + label: Anything else? + description: | + Links? References? Anything that will give us more context about the request. + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000000..f5201028d1 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,108 @@ +# Project Mu GitHub Feature Request Template +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: 🚀 Feature Request +description: Request a feature change +title: "[Feature]: <title>" +labels: ["type:feature-request", "state:needs-triage"] + +body: + - type: markdown + attributes: + value: | + 👋 Thanks for taking the time to help us improve our features! + + - type: textarea + id: feature_overview + attributes: + label: Feature Overview + description: Provide a high-level summary of your feature request. + validations: + required: true + + - type: textarea + id: solution_overview + attributes: + label: Solution Overview + description: Give a clear and concise description of what you want to happen. + validations: + required: true + + - type: textarea + id: alternatives_considered + attributes: + label: Alternatives Considered + description: Describe alternatives you've considered. + validations: + required: false + + - type: markdown + attributes: + value: | + **Urgency Key** + - 🟢 **Low** + - A minor enhancement + - It is not important to address this request in a specific time frame + - 🟡 **Medium** + - An important enhancement + - Will be prioritized above *low* requests in the normal course of development + - 🔥 **High** + - A critical enhancement with significant value + - Should be prioritized above *low* and *medium* requests + + - type: dropdown + id: urgency + attributes: + label: Urgency + description: How urgent is it to resolve this feature request? + multiple: false + options: + - Low + - Medium + - High + validations: + required: true + + - type: dropdown + id: request_owner + attributes: + label: Are you going to implement the feature request? + description: Indicate if you are going to do the work to close this feature request. + multiple: false + options: + - I will implement the feature + - Someone else needs to implement the feature + validations: + required: true + + - type: dropdown + id: needs_maintainer_feedback + attributes: + label: Do you need maintainer feedback? + description: Indicate if you would like a maintainer to provide feedback on this submission. + multiple: false + options: + - No maintainer feedback needed + - Maintainer feedback requested + validations: + required: true + + - type: textarea + id: anything_else + attributes: + label: Anything else? + description: | + Links? References? Anything that will give us more context about the feature you are requesting. + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + validations: + required: false diff --git a/.github/advanced-issue-labeler.yml b/.github/advanced-issue-labeler.yml new file mode 100644 index 0000000000..fa3977d8e5 --- /dev/null +++ b/.github/advanced-issue-labeler.yml @@ -0,0 +1,54 @@ +# Defines the mappings between GitHub issue responses and labels applied to the issue +# for Project Mu repos. +# +# IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/redhat-plumbers-in-action/advanced-issue-labeler + +policy: + - section: + + # Issue Template - Urgency Dropdown + - id: ['urgency'] + block-list: [] + label: + - name: 'urgency:low' + keys: ['Low'] + - name: 'urgency:medium' + keys: ['Medium'] + - name: 'urgency:high' + keys: ['High'] + + # Issue Template - Fix Owner Dropdown + - id: ['fix_owner', 'request_owner'] + block-list: [] + label: + - name: 'state:needs-owner' + keys: [ + 'Someone else needs to fix it', + 'Someone else needs to make the change', + 'Someone else needs to implement the feature' + ] + - name: 'state:needs-triage' + keys: [ + 'Someone else needs to fix it', + 'Someone else needs to make the change', + 'Someone else needs to implement the feature' + ] + + # Issue Template - Needs Maintainer Feedback Dropdown + - id: ['needs_maintainer_feedback'] + block-list: [] + label: + - name: 'state:needs-maintainer-feedback' + keys: ['Maintainer feedback requested'] diff --git a/.github/codecov.yml b/.github/codecov.yml new file mode 100644 index 0000000000..eb8db8257a --- /dev/null +++ b/.github/codecov.yml @@ -0,0 +1,12 @@ +## @file +# codecov upload configuration file to carryforward coverage results of +# packages that do not upload coverage results for a given pull request. +## +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## +flags: + BoardModulePkg: + carryforward: true + MinPlatformPkg: + carryforward: true diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 51a7e915cf..7492698280 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -2,18 +2,72 @@ # Dependabot configuration file to enable GitHub services for managing and updating # dependencies. # -# Copyright (c) Microsoft Corporation. All rights reserved. +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# This dependabot file is limited to syncing the following type of dependencies. Other files +# are already available in Mu DevOps to sync other dependency types. +# - Rust Crate Dependencies (`cargo`) +# - GitHub Actions (`github-actions`) +# - Python PIP Modules (`pip`) +# +# Dependabot does not update the microsoft/mu_devops version because that is updated once in mu_devops +# and then synced to all repos when the file sync occurs. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # -# Please see the documentation for all configuration options: +# Please see the documentation for all dependabot configuration options: # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates ## + version: 2 + updates: - - package-ecosystem: "pip" # See documentation for possible values - directory: "/" # Location of package manifests + - package-ecosystem: "cargo" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + timezone: "America/Los_Angeles" + time: "03:00" + commit-message: + prefix: "Rust Dependency" + labels: + - "type:dependencies" + - "type:dependabot" + rebase-strategy: "disabled" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + timezone: "America/Los_Angeles" + time: "06:00" + ignore: + - dependency-name: "microsoft/mu_devops" + commit-message: + prefix: "GitHub Action" + labels: + - "type:dependencies" + - "type:dependabot" + rebase-strategy: "disabled" + + - package-ecosystem: "pip" + directory: "/" schedule: - interval: "daily" + interval: "weekly" + day: "wednesday" + timezone: "America/Los_Angeles" + time: "01:00" commit-message: - # Prefix all commit messages with "pip" prefix: "pip" + labels: + - "language:python" + - "type:dependencies" + - "type:dependabot" + rebase-strategy: "disabled" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000000..0f216b6d50 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,42 @@ +# Preface + +Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior +to submitting the pull request. In particular, +[pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). + +## Description + +<_Please include a description of the change and why this change was made._> + +For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. +_(you can also check items in the GitHub UI)_ + +- [ ] Impacts functionality? + - **Functionality** - Does the change ultimately impact how firmware functions? + - Examples: Add a new library, publish a new PPI, update an algorithm, ... +- [ ] Impacts security? + - **Security** - Does the change have a direct security impact on an application, + flow, or firmware? + - Examples: Crypto algorithm change, buffer overflow fix, parameter + validation improvement, ... +- [ ] Breaking change? + - **Breaking change** - Will anyone consuming this change experience a break + in build or boot behavior? + - Examples: Add a new library class, move a module to a different repo, call + a function in a new library class in a pre-existing module, ... +- [ ] Includes tests? + - **Tests** - Does the change include any explicit test code? + - Examples: Unit tests, integration tests, robot tests, ... +- [ ] Includes documentation? + - **Documentation** - Does the change contain explicit documentation additions + outside direct code modifications (and comments)? + - Examples: Update readme file, add feature readme file, link to documentation + on an a separate Web page, ... + +## How This Was Tested + +<_Please describe the test(s) that were run to verify the changes._> + +## Integration Instructions + +<_Describe how these changes should be integrated. Use N/A if nothing is required._> diff --git a/.github/release-draft-config-n-1.yml b/.github/release-draft-config-n-1.yml new file mode 100644 index 0000000000..8609c62bb9 --- /dev/null +++ b/.github/release-draft-config-n-1.yml @@ -0,0 +1,100 @@ +# Defines the configuration used for drafting new releases. +# +# IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. +# +# NOTE: `semver:major`, `semver:minor`, and `semver:patch` can be used to force that +# version to roll regardless of other labels. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/release-drafter/release-drafter + +name-template: 'v$RESOLVED_VERSION' +tag-template: 'v$RESOLVED_VERSION' + +commitish: refs/heads/release/202302 +filter-by-commitish: true + +template: | + # What's Changed + + $CHANGES + + **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION + +categories: + - title: '⚠️ Breaking Changes' + labels: + - 'impact:breaking-change' + - title: '🚀 Features & ✨ Enhancements' + labels: + - 'type:design-change' + - 'type:enhancement' + - 'type:feature-request' + - title: '🐛 Bug Fixes' + labels: + - 'type:bug' + - title: '🔐 Security Impacting' + labels: + - 'impact:security' + - title: '📖 Documentation Updates' + labels: + - 'type:documentation' + - title: '🛠️ Submodule Updates' + labels: + - 'type:submodules' + +change-template: >- + <ul> + <li> + $TITLE @$AUTHOR (#$NUMBER) + <br> + <details> + <summary>Change Details</summary> + <blockquote> + <!-- Non-breaking space to have content if body is empty --> +   $BODY + </blockquote> + <hr> + </details> + </li> + </ul> + +change-title-escapes: '\<*_&@' # Note: @ is added to disable mentions + +# Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. +version-resolver: + major: + labels: + - 'impact:breaking-change' + - 'semver:major' + minor: + labels: + - 'semver:minor' + - 'type:design-change' + - 'type:enhancement' + - 'type:feature-request' + patch: + labels: + - 'impact:non-functional' + - 'semver:patch' + - 'type:bug' + - 'type:documentation' + default: patch + +exclude-labels: + - 'type:dependabot' + - 'type:file-sync' + - 'type:notes' + - 'type:question' + +exclude-contributors: + - 'uefibot' diff --git a/.github/release-draft-config-n.yml b/.github/release-draft-config-n.yml new file mode 100644 index 0000000000..fcf38acfbd --- /dev/null +++ b/.github/release-draft-config-n.yml @@ -0,0 +1,100 @@ +# Defines the configuration used for drafting new releases. +# +# IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. +# +# NOTE: `semver:major`, `semver:minor`, and `semver:patch` can be used to force that +# version to roll regardless of other labels. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/release-drafter/release-drafter + +name-template: 'v$RESOLVED_VERSION' +tag-template: 'v$RESOLVED_VERSION' + +commitish: refs/heads/release/202311 +filter-by-commitish: true + +template: | + # What's Changed + + $CHANGES + + **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION + +categories: + - title: '⚠️ Breaking Changes' + labels: + - 'impact:breaking-change' + - title: '🚀 Features & ✨ Enhancements' + labels: + - 'type:design-change' + - 'type:enhancement' + - 'type:feature-request' + - title: '🐛 Bug Fixes' + labels: + - 'type:bug' + - title: '🔐 Security Impacting' + labels: + - 'impact:security' + - title: '📖 Documentation Updates' + labels: + - 'type:documentation' + - title: '🛠️ Submodule Updates' + labels: + - 'type:submodules' + +change-template: >- + <ul> + <li> + $TITLE @$AUTHOR (#$NUMBER) + <br> + <details> + <summary>Change Details</summary> + <blockquote> + <!-- Non-breaking space to have content if body is empty --> +   $BODY + </blockquote> + <hr> + </details> + </li> + </ul> + +change-title-escapes: '\<*_&@' # Note: @ is added to disable mentions + +# Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. +version-resolver: + major: + labels: + - 'impact:breaking-change' + - 'semver:major' + minor: + labels: + - 'semver:minor' + - 'type:design-change' + - 'type:enhancement' + - 'type:feature-request' + patch: + labels: + - 'impact:non-functional' + - 'semver:patch' + - 'type:bug' + - 'type:documentation' + default: patch + +exclude-labels: + - 'type:dependabot' + - 'type:file-sync' + - 'type:notes' + - 'type:question' + +exclude-contributors: + - 'uefibot' diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml new file mode 100644 index 0000000000..23b9389ffe --- /dev/null +++ b/.github/workflows/auto-approve.yml @@ -0,0 +1,33 @@ +# This workflow automatically approves pull requests under certain conditions. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made +# in the common/reusable workflow. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Auto Approve Pull Request + +on: + pull_request_target: + types: + - opened + - reopened + +jobs: + approval_check: + + permissions: + pull-requests: write + + if: | + github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' + uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v10.0.0 + secrets: inherit diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml new file mode 100644 index 0000000000..4f37dd5f5a --- /dev/null +++ b/.github/workflows/auto-merge.yml @@ -0,0 +1,36 @@ +# This workflow automatically merges pull requests under certain conditions. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made +# in the common/reusable workflow. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Auto Merge Pull Request + +on: + pull_request_target: + types: + - opened + - reopened + - synchronize + +jobs: + merge_check: + + permissions: + contents: read + pull-requests: write + issues: write + + if: | + github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' + uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v10.0.0 + secrets: inherit diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..46bdd4fbee --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,478 @@ +# This workflow runs CodeQL against the repository. +# +# Results are uploaded to GitHub Code Scanning. +# +# Note: Important: This file only works with "CI" builds. "Platform" builds are +# supported with the codeql-platform.yml file. +# +# Note: This workflow only supports Windows as CodeQL CLI has confirmed issues running +# against edk2-style codebases on Linux (only tested on Ubuntu). Therefore, this +# workflow is written only for Windows but could easily be adapted to run on Linux +# in the future if needed (e.g. swap out "windows" with agent OS var value, etc.). +# +# For details about the Linux issue see: https://github.com/github/codeql-action/issues/1338 +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent + + +name: "CodeQL" + +on: + push: + branches: + - main + - release/* + pull_request: + branches: + - main + - release/* + paths-ignore: + - '!**.c' + - '!**.h' + +jobs: + gather_packages: + name: Gather Repo Packages + runs-on: ubuntu-latest + outputs: + packages: ${{ steps.generate_matrix.outputs.packages }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Python + uses: actions/setup-python@v5 + with: + python-version: '3.12' + + - name: Generate Package Matrix + id: generate_matrix + shell: python + run: | + import os + import json + + packages = [d for d in os.listdir() if d.strip().lower().endswith('pkg')] + + # Ensure the package can actually be built + for package in packages: + if not any(file.endswith('.dsc') for file in os.listdir(package)): + packages.remove(package) + + packages.sort() + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'packages={json.dumps(packages)}', file=fh) + + analyze: + name: Analyze + runs-on: windows-2022 + needs: + - gather_packages + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + package: ${{ fromJson(needs.gather_packages.outputs.packages) }} + include: + - archs: IA32,X64 + - tool_chain_tag: VS2022 + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Python + uses: actions/setup-python@v5 + with: + python-version: '3.12' + cache: 'pip' + cache-dependency-path: 'pip-requirements.txt' + + - name: Use Git Long Paths on Windows + if: runner.os == 'Windows' + shell: pwsh + run: | + git config --system core.longpaths true + + - name: Install/Upgrade pip Modules + run: pip install -r pip-requirements.txt --upgrade requests + + - name: Determine CI Settings File Supported Operations + id: get_ci_file_operations + shell: python + run: | + import importlib + import os + import sys + from pathlib import Path + from edk2toolext.invocables.edk2_ci_setup import CiSetupSettingsManager + from edk2toolext.invocables.edk2_setup import SetupSettingsManager + + # Find the CI Settings file (usually in .pytool/CISettings.py) + ci_settings_file = list(Path(os.environ['GITHUB_WORKSPACE']).rglob('.pytool/CISettings.py')) + + # Note: At this point, submodules have not been pulled, only one CI Settings file should exist + if len(ci_settings_file) != 1 or not ci_settings_file[0].is_file(): + print("::error title=Workspace Error!::Failed to find CI Settings file!") + sys.exit(1) + + ci_settings_file = ci_settings_file[0] + + # Try Finding the Settings class in the file + module_name = 'ci_settings' + + spec = importlib.util.spec_from_file_location(module_name, ci_settings_file) + module = importlib.util.module_from_spec(spec) + spec.loader.exec_module(module) + + try: + settings = getattr(module, 'Settings') + except AttributeError: + print("::error title=Workspace Error!::Failed to find Settings class in CI Settings file!") + sys.exit(1) + + # Determine Which Operations Are Supported by the Settings Class + ci_setup_supported = issubclass(settings, CiSetupSettingsManager) + setup_supported = issubclass(settings, SetupSettingsManager) + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'ci_setup_supported={str(ci_setup_supported).lower()}', file=fh) + print(f'setup_supported={str(setup_supported).lower()}', file=fh) + + + + - name: Get Cargo Tool Details + id: get_cargo_tool_details + shell: python + run: | + import os + import requests + import sys + import time + + def get_response_with_retries(url, retries=5, wait_time=10): + for attempt in range(retries): + response = requests.get(url) + if response.status_code == 200: + return response + print(f"::warning title=GitHub API Access Error!::Attempt {attempt + 1} failed. Retrying in {wait_time} seconds...") + time.sleep(wait_time) + return response + + GITHUB_REPO = "sagiegurari/cargo-make" + api_url = f"https://api.github.com/repos/{GITHUB_REPO}/releases/tags/0.37.9" + + response = get_response_with_retries(api_url) + if response.status_code == 200: + build_release_id = response.json()["id"] + else: + print("::error title=GitHub Release Error!::Failed to get cargo-make release ID!") + sys.exit(1) + + api_url = f"https://api.github.com/repos/{GITHUB_REPO}/releases/{build_release_id}" + + response = get_response_with_retries(api_url) + if response.status_code == 200: + latest_cargo_make_version = response.json()["tag_name"] + else: + print("::error title=GitHub Release Error!::Failed to get cargo-make!") + sys.exit(1) + + cache_key = f'cargo-make-{latest_cargo_make_version}' + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'cargo_bin_path={os.path.join(os.environ["USERPROFILE"], ".cargo", "bin")}', file=fh) + print(f'cargo_make_cache_key={cache_key}', file=fh) + print(f'cargo_make_version={latest_cargo_make_version}', file=fh) + + + - name: Attempt to Load cargo-make From Cache + id: cargo_make_cache + uses: actions/cache@v4 + with: + path: ${{ steps.get_cargo_tool_details.outputs.cargo_bin_path }} + key: ${{ steps.get_cargo_tool_details.outputs.cargo_make_cache_key }} + + - name: Download cargo-make + if: steps.cargo_make_cache.outputs.cache-hit != 'true' + uses: robinraju/release-downloader@v1.11 + with: + repository: 'sagiegurari/cargo-make' + tag: '${{ steps.get_cargo_tool_details.outputs.cargo_make_version }}' + fileName: 'cargo-make-v${{ steps.get_cargo_tool_details.outputs.cargo_make_version }}-x86_64-pc-windows-msvc.zip' + out-file-path: 'cargo-make-download' + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract cargo-make + if: steps.cargo_make_cache.outputs.cache-hit != 'true' + env: + CARGO_MAKE_VERSION: ${{ steps.get_cargo_tool_details.outputs.cargo_make_version }} + DEST_DIR: ${{steps.get_cargo_tool_details.outputs.cargo_bin_path }} + shell: python + run: | + import os + import shutil + import zipfile + from pathlib import Path + + DOWNLOAD_DIR = Path(os.environ["GITHUB_WORKSPACE"], "cargo-make-download") + ZIP_FILE_NAME = f"cargo-make-v{os.environ['CARGO_MAKE_VERSION']}-x86_64-pc-windows-msvc.zip" + ZIP_FILE_PATH = Path(DOWNLOAD_DIR, ZIP_FILE_NAME) + EXTRACT_DIR = Path(DOWNLOAD_DIR, "cargo-make-contents") + + with zipfile.ZipFile(ZIP_FILE_PATH, 'r') as zip_ref: + zip_ref.extractall(EXTRACT_DIR) + + for extracted_file in EXTRACT_DIR.iterdir(): + if extracted_file.name == "cargo-make.exe": + shutil.copy2(extracted_file, os.environ["DEST_DIR"]) + break + + - name: Rust Prep + run: rustup component add rust-src + + - name: Setup + if: steps.get_ci_file_operations.outputs.setup_supported == 'true' + run: stuart_setup -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }} + + - name: Upload Setup Log As An Artifact + uses: actions/upload-artifact@v4 + if: (success() || failure()) && steps.get_ci_file_operations.outputs.setup_supported == 'true' + with: + name: ${{ matrix.package }}-Setup-Log + path: | + **/SETUPLOG.txt + retention-days: 7 + if-no-files-found: ignore + + - name: CI Setup + if: steps.get_ci_file_operations.outputs.ci_setup_supported == 'true' + run: stuart_ci_setup -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }} + + - name: Upload CI Setup Log As An Artifact + uses: actions/upload-artifact@v4 + if: (success() || failure()) && steps.get_ci_file_operations.outputs.ci_setup_supported == 'true' + with: + name: ${{ matrix.package }}-CI-Setup-Log + path: | + **/CISETUP.txt + retention-days: 7 + if-no-files-found: ignore + + - name: Update + run: stuart_update -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }} + + - name: Upload Update Log As An Artifact + uses: actions/upload-artifact@v4 + if: success() || failure() + with: + name: ${{ matrix.package }}-Update-Log + path: | + **/UPDATE_LOG.txt + retention-days: 7 + if-no-files-found: ignore + + - name: Find CodeQL Plugin Directory + id: find_dir + shell: python + run: | + import os + import sys + from pathlib import Path + + # + # Find the plugin directory that contains the CodeQL plugin. + # + # Prior to Mu Basecore 202311, the CodeQL plugin was located in .pytool. After it + # is located in BaseTools. First check BaseTools, but consider .pytool as a backup + # for backward compatibility. The .pytool backup can be removed when no longer needed + # for supported branches. + # + plugin_dir = list(Path(os.environ['GITHUB_WORKSPACE']).rglob('BaseTools/Plugin/CodeQL')) + if not plugin_dir: + plugin_dir = list(Path(os.environ['GITHUB_WORKSPACE']).rglob('.pytool/Plugin/CodeQL')) + + # This should only be found once + if len(plugin_dir) == 1: + plugin_dir = str(plugin_dir[0]) + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'codeql_plugin_dir={plugin_dir}', file=fh) + else: + print("::error title=Workspace Error!::Failed to find Mu Basecore plugin directory!") + sys.exit(1) + + - name: Get CodeQL CLI Cache Data + id: cache_key_gen + env: + CODEQL_PLUGIN_DIR: ${{ steps.find_dir.outputs.codeql_plugin_dir }} + shell: python + run: | + import os + import yaml + + codeql_cli_ext_dep_name = 'codeqlcli_windows_ext_dep' + codeql_plugin_file = os.path.join(os.environ['CODEQL_PLUGIN_DIR'], codeql_cli_ext_dep_name + '.yaml') + + with open (codeql_plugin_file) as pf: + codeql_cli_ext_dep = yaml.safe_load(pf) + + cache_key_name = codeql_cli_ext_dep['name'] + cache_key_version = codeql_cli_ext_dep['version'] + cache_key = f'{cache_key_name}-{cache_key_version}' + + codeql_plugin_cli_ext_dep_dir = os.path.join(os.environ['CODEQL_PLUGIN_DIR'], codeql_cli_ext_dep['name'].strip() + '_extdep') + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'codeql_cli_cache_key={cache_key}', file=fh) + print(f'codeql_cli_ext_dep_dir={codeql_plugin_cli_ext_dep_dir}', file=fh) + + - name: Attempt to Load CodeQL CLI From Cache + id: codeqlcli_cache + uses: actions/cache@v4 + with: + path: ${{ steps.cache_key_gen.outputs.codeql_cli_ext_dep_dir }} + key: ${{ steps.cache_key_gen.outputs.codeql_cli_cache_key }} + + - name: Download CodeQL CLI + if: steps.codeqlcli_cache.outputs.cache-hit != 'true' + run: stuart_update -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }} --codeql + + - name: Find pytool Plugin Directory + id: find_pytool_dir + shell: python + run: | + import os + import sys + from pathlib import Path + + # Find the plugin directory that contains the Compiler plugin + plugin_dir = list(Path(os.environ['GITHUB_WORKSPACE']).rglob('.pytool/Plugin/CompilerPlugin')) + + # This should only be found once + if len(plugin_dir) == 1: + # If the directory is found get the parent Plugin directory + plugin_dir = str(plugin_dir[0].parent) + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'pytool_plugin_dir={plugin_dir}', file=fh) + else: + print("::error title=Workspace Error!::Failed to find Mu Basecore .pytool/Plugin directory!") + sys.exit(1) + + - name: Remove CI Plugins Irrelevant to CodeQL + shell: python + env: + PYTOOL_PLUGIN_DIR: ${{ steps.find_pytool_dir.outputs.pytool_plugin_dir }} + run: | + import os + import shutil + from pathlib import Path + + # Only these two plugins are needed for CodeQL. + # + # CodeQL build time is reduced by removing other plugins that are not needed for the CodeQL + # build in the .pytool directory. The CompilerPlugin is required to compile code for CodeQL + # to extract results from and the CodeQL plugin is necessary to to analyze the results and + # build the CodeQL database from them. The CodeQL plugin should be in BaseTools moving forward + # but still might be in .pytool in older branches so it is kept here as an exception. + # + plugins_to_keep = ['CodeQL', 'CompilerPlugin'] + + plugin_dir = Path(os.environ['PYTOOL_PLUGIN_DIR']).absolute() + if plugin_dir.is_dir(): + for dir in plugin_dir.iterdir(): + if str(dir.stem) not in plugins_to_keep: + shutil.rmtree(str(dir.absolute()), ignore_errors=True) + + - name: CI Build + env: + RUST_ENV_CHECK_TOOL_EXCLUSIONS: "cargo fmt, cargo tarpaulin" + STUART_CODEQL_PATH: ${{ steps.cache_key_gen.outputs.codeql_cli_ext_dep_dir }} + run: stuart_ci_build -c .pytool/CISettings.py -t DEBUG -p ${{ matrix.package }} -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }} --codeql + + - name: Build Cleanup + id: build_cleanup + shell: python + run: | + import os + import shutil + from pathlib import Path + + dirs_to_delete = ['ia32', 'x64', 'arm', 'aarch64'] + + def delete_dirs(path: Path): + if path.exists() and path.is_dir(): + if path.name.lower() in dirs_to_delete: + print(f'Removed {str(path)}') + shutil.rmtree(path) + return + + for child_dir in path.iterdir(): + delete_dirs(child_dir) + + build_path = Path(os.environ['GITHUB_WORKSPACE'], 'Build') + delete_dirs(build_path) + + - name: Upload Build Logs As An Artifact + uses: actions/upload-artifact@v4 + if: success() || failure() + with: + name: ${{ matrix.package }}-Build-Logs + path: | + **/BUILD_REPORT.TXT + **/OVERRIDELOG.TXT + **/BUILDLOG_*.md + **/BUILDLOG_*.txt + **/CI_*.md + **/CI_*.txt + retention-days: 7 + if-no-files-found: ignore + + - name: Prepare Env Data for CodeQL Upload + id: env_data + env: + PACKAGE_NAME: ${{ matrix.package }} + shell: python + run: | + import os + + package = os.environ['PACKAGE_NAME'].strip().lower() + directory_name = 'codeql-analysis-' + package + '-debug' + file_name = 'codeql-db-' + package + '-debug-0.sarif' + sarif_path = os.path.join('Build', directory_name, file_name) + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'sarif_file_path={sarif_path}', file=fh) + + - name: Upload CodeQL Results (SARIF) As An Artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.package }}-CodeQL-SARIF + path: ${{ steps.env_data.outputs.sarif_file_path }} + retention-days: 14 + if-no-files-found: warn + + - name: Upload CodeQL Results (SARIF) To GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v3 + with: + # Path to SARIF file relative to the root of the repository. + sarif_file: ${{ steps.env_data.outputs.sarif_file_path }} + # Optional category for the results. Used to differentiate multiple results for one commit. + # Each package is a separate category. + category: ${{ matrix.package }} + + diff --git a/.github/workflows/issue-assignment.yml b/.github/workflows/issue-assignment.yml new file mode 100644 index 0000000000..79196ea3b2 --- /dev/null +++ b/.github/workflows/issue-assignment.yml @@ -0,0 +1,26 @@ +# This workflow provides actions that should be applied when an issue is assigned. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: React to Issue Assignment + +on: + issues: + types: assigned + +jobs: + apply: + + permissions: + contents: read + issues: write + + uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v10.0.0 diff --git a/.github/workflows/label-issues.yml b/.github/workflows/label-issues.yml new file mode 100644 index 0000000000..ffad0ec08f --- /dev/null +++ b/.github/workflows/label-issues.yml @@ -0,0 +1,39 @@ +# This workflow automatically applies labels to GitHub issues and pull requests based on the +# file paths in a pull request or content in the body of an issue or pull request. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made +# in the common/reusable workflow. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Apply Issue and PR Labels + +on: + issues: + types: + - edited + - opened + pull_request_target: + types: + - edited + - opened + - reopened + - synchronize + workflow_dispatch: + +jobs: + apply: + + permissions: + contents: read + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v10.0.0 diff --git a/.github/workflows/label-issues/file-paths.yml b/.github/workflows/label-issues/file-paths.yml new file mode 100644 index 0000000000..c3b3cc8039 --- /dev/null +++ b/.github/workflows/label-issues/file-paths.yml @@ -0,0 +1,18 @@ +# Specifies labels to apply to issues and pull requests based on file path patterns in Project Mu repositories. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/actions/labeler + +# Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. + +language:python: + - '**/*.py' diff --git a/.github/workflows/label-issues/regex-pull-requests.yml b/.github/workflows/label-issues/regex-pull-requests.yml new file mode 100644 index 0000000000..484fc6ce7e --- /dev/null +++ b/.github/workflows/label-issues/regex-pull-requests.yml @@ -0,0 +1,30 @@ +# Specifies labels to apply to pull requests in Project Mu repositories based on regular expressions. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/github/issue-labeler + +# Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. + +impact:breaking-change: + - '\s*-\s*\[\s*[x|X]\s*\] Breaking change\?' + +impact:non-functional: + - '\s*-\s*\[\s*(?![x|X])\s*\] Impacts functionality\?' + +impact:security: + - '\s*-\s*\[\s*[x|X]\s*\] Impacts security\?' + +impact:testing: + - '\s*-\s*\[\s*[x|X]\s*\] Includes tests\?' + +type:documentation: + - '\s*-\s*\[\s*[x|X]\s*\] Includes documentation\?' diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index e65acc45a5..c42746422d 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -3,6 +3,12 @@ # All repos should sync at the same time. # '0 0,12 * * *'' # +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -18,4 +24,8 @@ on: jobs: sync: - uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@main + + permissions: + issues: write + + uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v10.0.0 diff --git a/.github/workflows/pull-request-formatting-validator.yml b/.github/workflows/pull-request-formatting-validator.yml new file mode 100644 index 0000000000..7032b62637 --- /dev/null +++ b/.github/workflows/pull-request-formatting-validator.yml @@ -0,0 +1,59 @@ +# This workflow validates basic pull request formatting requirements are met. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Validate Pull Request Formatting + +on: + pull_request_target: + types: + - edited + - opened + - reopened + - synchronize + +jobs: + validate_pr: + runs-on: ubuntu-latest + + permissions: + contents: read + pull-requests: write + + steps: + - run: | + prTitle="$(gh api graphql -F owner=$OWNER -F name=$REPO -F pr_number=$PR_NUMBER -f query=' + query($name: String!, $owner: String!, $pr_number: Int!) { + repository(owner: $owner, name: $name) { + pullRequest(number: $pr_number) { + title + } + } + }')" + + if [[ "${prTitle}" == *"Personal/"* ]]; then + gh pr comment $PR_URL --body "⚠️ Please add a meaningful PR title (remove the 'Personal/' prefix from the title)." + echo 'VALIDATION_ERROR=true' >> $GITHUB_ENV + fi + + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + OWNER: ${{ github.repository_owner }} + PR_NUMBER: ${{ github.event.number }} + PR_URL: ${{ github.event.pull_request.html_url }} + REPO: ${{ github.event.repository.name }} + + - name: Check for Validation Errors + if: env.VALIDATION_ERROR + uses: actions/github-script@v7 + with: + script: | + core.setFailed('PR Formatting Validation Check Failed!') diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml new file mode 100644 index 0000000000..94e45e70f0 --- /dev/null +++ b/.github/workflows/release-draft.yml @@ -0,0 +1,36 @@ +# This workflow automatically drafts new project releases so it is obvious +# what a current release will look like at any time. +# +# It takes advantage of the labels used in Project Mu to automatically categorize +# the types of changes in a given release. In addition, the semantic version of +# the code is constantly maintained based on Project Mu label conventions to ensure +# semantic versioning is followed and a release version is always ready. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/release-drafter/release-drafter + +name: Update Release Draft + +on: + push: + branches: + - release/202311 + +jobs: + draft: + + permissions: + contents: write + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v10.0.0 + secrets: inherit diff --git a/.github/workflows/scheduled-maintenance.yml b/.github/workflows/scheduled-maintenance.yml index 348f4a4ae8..eef4487f8d 100644 --- a/.github/workflows/scheduled-maintenance.yml +++ b/.github/workflows/scheduled-maintenance.yml @@ -24,6 +24,11 @@ on: jobs: repo_cleanup: runs-on: ubuntu-latest + + permissions: + pull-requests: write + issues: write + steps: - name: Get Repository Info run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index ce96011c43..5b94e82283 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,5 +1,11 @@ # This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. # +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -18,4 +24,9 @@ on: jobs: check: - uses: microsoft/mu_devops/.github/workflows/Stale.yml@main + + permissions: + issues: write + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/Stale.yml@v10.0.0 diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml new file mode 100644 index 0000000000..49780aaedb --- /dev/null +++ b/.github/workflows/triage-issues.yml @@ -0,0 +1,26 @@ +# This workflow assists with initial triage of new issues by applying +# labels based on data provided in the issue. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Initial Triage for New Issue + +on: + issues: + types: [ opened ] + +jobs: + triage: + + permissions: + issues: write + + uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v10.0.0 diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 83b980f91c..d9ec238b34 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -1,14 +1,21 @@ -## @file -# markdownlint configuration -# -# Copyright (c) Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -# Rules can be found here: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md -# Config info: https://github.com/DavidAnson/markdownlint#configuration -{ - "default": true, - "MD013": {"line_length": 120, "code_blocks": false, "tables": false}, - "MD033": {"allowed_elements": ["br"]} -} +## @file +# markdownlint configuration +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +# Rules can be found here: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md +# Config info: https://github.com/DavidAnson/markdownlint#configuration + +{ + "default": true, + "MD013": {"line_length": 120, "code_blocks": false, "tables": false}, + "MD033": {"allowed_elements": ["br"]} +} diff --git a/.pytool/CISettings.py b/.pytool/CISettings.py index a5ce754dad..03e4cbba3f 100644 --- a/.pytool/CISettings.py +++ b/.pytool/CISettings.py @@ -18,14 +18,7 @@ from edk2toollib.utility_functions import GetHostInfo from pathlib import Path -try: - # May not be present until submodules are populated - root = Path(__file__).parent.parent.resolve() - sys.path.append(str(root/'MU_BASECORE'/'.pytool'/'Plugin'/'CodeQL'/'integration')) - import stuart_codeql as codeql_helpers -except ImportError: - pass - +from edk2toolext import codeql as codeql_helpers class Settings(CiSetupSettingsManager, CiBuildSettingsManager, UpdateSettingsManager, SetupSettingsManager, PrEvalSettingsManager): @@ -34,7 +27,6 @@ def __init__(self): self.ActualTargets = [] self.ActualArchitectures = [] self.ActualToolChainTag = "" - self.UseBuiltInBaseTools = None self.ActualScopes = None # ####################################################################################### # @@ -42,22 +34,12 @@ def __init__(self): # ####################################################################################### # def AddCommandLineOptions(self, parserObj): - group = parserObj.add_mutually_exclusive_group() - group.add_argument("-force_piptools", "--fpt", dest="force_piptools", action="store_true", default=False, help="Force the system to use pip tools") - group.add_argument("-no_piptools", "--npt", dest="no_piptools", action="store_true", default=False, help="Force the system to not use pip tools") - try: codeql_helpers.add_command_line_option(parserObj) except NameError: pass def RetrieveCommandLineOptions(self, args): - super().RetrieveCommandLineOptions(args) - if args.force_piptools: - self.UseBuiltInBaseTools = True - if args.no_piptools: - self.UseBuiltInBaseTools = False - try: self.codeql = codeql_helpers.is_codeql_enabled_on_command_line(args) except NameError: @@ -148,22 +130,6 @@ def GetActiveScopes(self): is_linux = GetHostInfo().os.upper() == "LINUX" - if self.UseBuiltInBaseTools is None: - # MU_CHANGE - redundant is_linux = GetHostInfo().os.upper() == "LINUX" - # try and import the pip module for basetools - try: - import edk2basetools - self.UseBuiltInBaseTools = True - except ImportError: - self.UseBuiltInBaseTools = False - pass - - if self.UseBuiltInBaseTools == True: - scopes += ('pipbuild-unix',) if is_linux else ('pipbuild-win',) - logging.warning("Using Pip Tools based BaseTools") - else: - logging.warning("Falling back to using in-tree BaseTools") - if is_linux and self.ActualToolChainTag.upper().startswith("GCC"): if "AARCH64" in self.ActualArchitectures: scopes += ("gcc_aarch64_linux",) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000000..c6ff888b87 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,102 @@ +# Contributing to Project Mu + +Welcome, and thank you for your interest in contributing to Project Mu! + +There are many ways in which you can contribute, beyond writing code. The goal of this document is to provide a +high-level overview of how you can get involved. + +If this is your first time working with Project Mu, please keep in mind that many project details are maintained in +the [Project Mu Documentation](https://microsoft.github.io/mu/). + +## Asking Questions + +Have a question? Rather than opening an issue, please post your question under the `Q&A` category in the `Discussions` +section of the relevant Project Mu GitHub repo. + +## Reporting Issues + +Every Project Mu repo has an `Issues` section. Bug reports, feature requests, and documentation requests can all be +submitted in the issues section. + +## Security Vulnerabilities + +Please review the repos `Security Policy` but in general every Project Mu repo has `Private vulnerability reporting` +enabled. Please use the security tab to report a potential issue. + +### Identify Where to Report + +Project Mu is distributed across multiple repositories. Use features such as issues and discussions in the repository +most relevant to the topic. + +Although we prefer items to be filed in the most relevant repo, if you're unsure which repo is most relevant, the item +can be filed in the [Project Mu Documentation Repo](https://github.com/microsoft/mu) and we will review the request and +move it to the relevant repo if necessary. + +### Look For an Existing Issue + +Before you create a new issue, please do a search in the issues section of the relevant repo to see if the issue or +feature request has already been filed. + +If you find your issue already exists, make relevant comments and add your +[reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place +of a "+1" comment: + +* 👍 - upvote +* 👎 - downvote + +If you cannot find an existing issue that describes your bug or feature, create a new issue using the guidelines below. + +### Follow Your Issue + +Please continue to follow your request after it is submitted to assist with any additional information that might be +requested. + +### Pull Request Best Practices + +Pull requests for UEFI code can become large and difficult to review due to the large number of build and +configuration files. To aid maintainers in reviewing your code, we suggest adhering to the following guidelines: + +1. Do keep code reviews single purpose; don't add more than one feature at a time. +2. Do fix bugs independently of adding features. +3. Do provide documentation and unit tests. +4. Do introduce code in digestible amounts. + * If the contribution logically be broken up into separate pull requests that independently build and function + successfully, do use multiple pull requests. + +#### Code Categories + +To keep code digestible, you may consider breaking large pull requests into three categories of commits within the pull +request. + +1. **Interfaces**: .h, .inf, .dec, documentation +2. **Implementation**: .c, unit tests, unit test build file; unit tests should build and run at this point +3. **Integration/Build**: .dec, .dsc, .fdf, (.yml) configuration files, integration tests; code added to platform and + affects downstream consumers + +By breaking the pull request into these three categories, the pull request reviewers can digest each piece +independently. + +If your commits are still very large after adhering to these categories, consider further breaking the pull request +down by library/driver; break each component into its own commit. + +#### Implementation Limits + +Implementation is ultimately composed of functions as logical units of code. + +To help maintainers review the code and improve long-term maintainability, limit functions to 60 lines of code. If your +function exceeds 60 lines of code, it likely has also exceeded a single responsibility and should be broken up. + +Files are easier to review and maintain if they contain functions that serves similar purpose. Limit files to around +1,000 lines of code (excluding comments). If your file exceeds 1,000 lines of code, it may have functions that should +be split into separate files. + +--- + +By following these guidelines, your pull requests will be reviewed faster, and you'll avoid being asked to refactor the +code to follow the guidelines. + +Feel free to create a draft pull request and ask for suggestions on how to split the pull request if you are unsure. + +## Thank You + +Thank you for your interest in Project Mu and taking the time to contribute! diff --git a/License.txt b/License.txt index 130d11ce18..ee840505cb 100644 --- a/License.txt +++ b/License.txt @@ -1,51 +1,51 @@ -Copyright (c) 2019, TianoCore and contributors. All rights reserved. - -SPDX-License-Identifier: BSD-2-Clause-Patent - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - -Subject to the terms and conditions of this license, each copyright holder -and contributor hereby grants to those receiving rights under this license -a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable -(except for failure to satisfy the conditions of this license) patent -license to make, have made, use, offer to sell, sell, import, and otherwise -transfer this software, where such license applies only to those patent -claims, already acquired or hereafter acquired, licensable by such copyright -holder or contributor that are necessarily infringed by: - -(a) their Contribution(s) (the licensed copyrights of copyright holders and - non-copyrightable additions of contributors, in source or binary form) - alone; or - -(b) combination of their Contribution(s) with the work of authorship to - which such Contribution(s) was added by such copyright holder or - contributor, if, at the time the Contribution is added, such addition - causes such combination to be necessarily infringed. The patent license - shall not apply to any other combinations which include the - Contribution. - -Except as expressly stated above, no rights or licenses from any copyright -holder or contributor is granted under this license, whether expressly, by -implication, estoppel or otherwise. - -DISCLAIMER - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. +Copyright (c) 2019, TianoCore and contributors. All rights reserved. + +SPDX-License-Identifier: BSD-2-Clause-Patent + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +Subject to the terms and conditions of this license, each copyright holder +and contributor hereby grants to those receiving rights under this license +a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable +(except for failure to satisfy the conditions of this license) patent +license to make, have made, use, offer to sell, sell, import, and otherwise +transfer this software, where such license applies only to those patent +claims, already acquired or hereafter acquired, licensable by such copyright +holder or contributor that are necessarily infringed by: + +(a) their Contribution(s) (the licensed copyrights of copyright holders and + non-copyrightable additions of contributors, in source or binary form) + alone; or + +(b) combination of their Contribution(s) with the work of authorship to + which such Contribution(s) was added by such copyright holder or + contributor, if, at the time the Contribution is added, such addition + causes such combination to be necessarily infringed. The patent license + shall not apply to any other combinations which include the + Contribution. + +Except as expressly stated above, no rights or licenses from any copyright +holder or contributor is granted under this license, whether expressly, by +implication, estoppel or otherwise. + +DISCLAIMER + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..3ad20948a0 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,39 @@ +# Project Mu Security Policy + +Project Mu is an open source firmware project that is leveraged by and combined into +other projects to build the firmware for a given product. We build and maintain this +code with the intent that any consuming projects can use this code as-is. If features +or fixes are necessary we ask that they contribute them back to the project. **But**, that +said, in the firmware ecosystem there is a lot of variation and differentiation, and +the license in this project allows flexibility for use without contribution back to +Project Mu. Therefore, any issues found here may or may not exist in products using Project Mu. + +## Supported Versions + +Due to the usage model we generally only supply fixes to the most recent release branch (or main). +For a serious vulnerability we may patch older release branches. + +## Additional Notes + +Project Mu contains code that is available and/or originally authored in other +repositories (see <https://github.com/tianocore/edk2> as one such example). For any +vulnerability found, we may be subject to their security policy and may need to work +with those groups to resolve amicably and patch the "upstream". This might involve +additional time to release and/or additional confidentiality requirements. + +## Reporting a Vulnerability + +**Please do not report security vulnerabilities through public GitHub issues.** + +Instead please use **Github Private vulnerability reporting**, which is enabled for each Project Mu +repository. This process is well documented by github in their documentation [here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability). + +This process will allow us to privately discuss the issue, collaborate on a solution, and then disclose the vulnerability. + +## Preferred Languages + +We prefer all communications to be in English. + +## Policy + +Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd). diff --git a/pip-requirements.txt b/pip-requirements.txt index d6130766d6..d17b88a55c 100644 --- a/pip-requirements.txt +++ b/pip-requirements.txt @@ -14,6 +14,6 @@ edk2-pytool-library~=0.11.2 # MU_CHANGE - update to 0.11.2 or later edk2-pytool-extensions~=0.17.0 # MU_CHANGE - update to 0.17.0 or later -edk2-basetools==0.1.13 # MU_CHANGE - update to 0.1.13 or later antlr4-python3-runtime==4.7.1 regex +pygount==1.6.1