From 74cccaa9f48c5cf380ebafb4c97fa39a6b46fc7f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jan 2024 11:01:29 -0500 Subject: [PATCH 1/4] GitHub Action: Bump actions/cache from 3 to 4 (#231) Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 509d9d3b52..70e2660a31 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -178,7 +178,7 @@ jobs: - name: Attempt to Load cargo-make From Cache id: cargo_make_cache - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ${{ steps.get_cargo_tool_details.outputs.cargo_bin_path }} key: ${{ steps.get_cargo_tool_details.outputs.cargo_make_cache_key }} @@ -312,7 +312,7 @@ jobs: - name: Attempt to Load CodeQL CLI From Cache id: codeqlcli_cache - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ${{ steps.cache_key_gen.outputs.codeql_cli_ext_dep_dir }} key: ${{ steps.cache_key_gen.outputs.codeql_cli_cache_key }} From 3527c424de5078bd4cd02484f455917ac6195710 Mon Sep 17 00:00:00 2001 From: Joey Vagedes Date: Wed, 24 Jan 2024 09:38:19 -0800 Subject: [PATCH 2/4] Update pip-requirements.txt (#237) ## Description Updates edk2-pytool-extensions and edk2-pytool-library to work with the latest commit of MU_BASECORE For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [ ] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested N/A ## Integration Instructions N/A --- pip-requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pip-requirements.txt b/pip-requirements.txt index 6643066b38..561ae264f2 100644 --- a/pip-requirements.txt +++ b/pip-requirements.txt @@ -12,8 +12,8 @@ # https://www.python.org/dev/peps/pep-0440/#version-specifiers ## -edk2-pytool-library==0.19.9 -edk2-pytool-extensions==0.26.4 +edk2-pytool-library==0.20.0 +edk2-pytool-extensions==0.27.0 edk2-basetools==0.1.49 antlr4-python3-runtime==4.13.1 regex From 8b800054817cc277dd70ed24e74c2d79db485d37 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jan 2024 09:14:06 -0500 Subject: [PATCH 3/4] GitHub Action: Bump robinraju/release-downloader from 1.8 to 1.9 (#238) Bumps [robinraju/release-downloader](https://github.com/robinraju/release-downloader) from 1.8 to 1.9. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 70e2660a31..01b85ee5e7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -185,7 +185,7 @@ jobs: - name: Download cargo-make if: steps.cargo_make_cache.outputs.cache-hit != 'true' - uses: robinraju/release-downloader@v1.8 + uses: robinraju/release-downloader@v1.9 with: repository: 'sagiegurari/cargo-make' tag: '${{ steps.get_cargo_tool_details.outputs.cargo_make_version }}' From fe0cbb0bdf389917adc672d852af64d1a15eefcf Mon Sep 17 00:00:00 2001 From: "Project Mu UEFI Bot [bot]" <45776386+uefibot@users.noreply.github.com> Date: Wed, 31 Jan 2024 13:06:52 -0500 Subject: [PATCH 4/4] Repo File Sync: synced file(s) with microsoft/mu_devops (#239) --- .azurepipelines/MuDevOpsWrapper.yml | 11 +---------- .azurepipelines/Ubuntu-GCC5.yml | 1 + .azurepipelines/Windows-VS.yml | 1 + .github/workflows/auto-approve.yml | 6 +++++- .github/workflows/auto-merge.yml | 8 +++++++- .github/workflows/issue-assignment.yml | 7 ++++++- .github/workflows/label-issues.yml | 7 ++++++- .github/workflows/label-sync.yml | 6 +++++- .../workflows/pull-request-formatting-validator.yml | 7 ++++++- .github/workflows/release-draft.yml | 7 ++++++- .github/workflows/scheduled-maintenance.yml | 5 +++++ .github/workflows/stale.yml | 7 ++++++- .github/workflows/triage-issues.yml | 6 +++++- 13 files changed, 60 insertions(+), 19 deletions(-) diff --git a/.azurepipelines/MuDevOpsWrapper.yml b/.azurepipelines/MuDevOpsWrapper.yml index 8556e1b4cc..a1babf8890 100644 --- a/.azurepipelines/MuDevOpsWrapper.yml +++ b/.azurepipelines/MuDevOpsWrapper.yml @@ -19,7 +19,7 @@ resources: type: github endpoint: microsoft name: microsoft/mu_devops - ref: refs/tags/v7.2.0 + ref: refs/tags/v9.1.1 parameters: - name: do_ci_build @@ -42,13 +42,6 @@ parameters: displayName: Perform Stuart PR Evaluation type: boolean default: true -- name: calculate_code_coverage - displayName: Calculate Code Coverage From Unit Tests - default: false -- name: coverage_publish_target - displayName: Code Coverage Publish Target - type: string - default: 'ado' # 'ado', 'codecov' - name: container_build displayName: Flag for whether this repo should do stuart_setup type: boolean @@ -95,8 +88,6 @@ jobs: do_ci_build: ${{ parameters.do_ci_build }} do_ci_setup: ${{ parameters.do_ci_setup }} do_pr_eval: ${{ parameters.do_pr_eval }} - calculate_code_coverage: ${{ parameters.calculate_code_coverage }} - coverage_publish_target: ${{ parameters.coverage_publish_target }} do_non_ci_setup: ${{ parameters.do_non_ci_setup }} do_non_ci_build: ${{ parameters.do_non_ci_build }} build_matrix: ${{ parameters.build_matrix }} diff --git a/.azurepipelines/Ubuntu-GCC5.yml b/.azurepipelines/Ubuntu-GCC5.yml index 550026ee8e..e299a2d476 100644 --- a/.azurepipelines/Ubuntu-GCC5.yml +++ b/.azurepipelines/Ubuntu-GCC5.yml @@ -17,6 +17,7 @@ variables: - group: architectures-arm-64-x86-64 - group: tool-chain-ubuntu-gcc +- group: coverage extends: template: MuDevOpsWrapper.yml diff --git a/.azurepipelines/Windows-VS.yml b/.azurepipelines/Windows-VS.yml index c6abec3468..0bc7e1fd4d 100644 --- a/.azurepipelines/Windows-VS.yml +++ b/.azurepipelines/Windows-VS.yml @@ -17,6 +17,7 @@ variables: - group: architectures-x86-64 - group: tool-chain-windows-visual-studio-latest +- group: coverage extends: template: MuDevOpsWrapper.yml diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index f136045896..fa4340652e 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -23,7 +23,11 @@ on: jobs: approval_check: + + permissions: + pull-requests: write + if: | github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' - uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v7.2.0 + uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v9.1.1 secrets: inherit diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index dd835308cc..dc4b1fe392 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -24,7 +24,13 @@ on: jobs: merge_check: + + permissions: + contents: read + pull-requests: write + issues: write + if: | github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' - uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v7.2.0 + uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v9.1.1 secrets: inherit diff --git a/.github/workflows/issue-assignment.yml b/.github/workflows/issue-assignment.yml index 65d93fed26..f3b2367a6f 100644 --- a/.github/workflows/issue-assignment.yml +++ b/.github/workflows/issue-assignment.yml @@ -18,4 +18,9 @@ on: jobs: apply: - uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v7.2.0 + + permissions: + contents: read + issues: write + + uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v9.1.1 diff --git a/.github/workflows/label-issues.yml b/.github/workflows/label-issues.yml index 739549e922..f5706cc641 100644 --- a/.github/workflows/label-issues.yml +++ b/.github/workflows/label-issues.yml @@ -31,4 +31,9 @@ on: jobs: apply: - uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v7.2.0 + + permissions: + contents: read + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v9.1.1 diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index 9289e064ce..c551f4022b 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -24,4 +24,8 @@ on: jobs: sync: - uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v7.2.0 + + permissions: + issues: write + + uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v9.1.1 diff --git a/.github/workflows/pull-request-formatting-validator.yml b/.github/workflows/pull-request-formatting-validator.yml index 13ad68a915..ea405cb6a6 100644 --- a/.github/workflows/pull-request-formatting-validator.yml +++ b/.github/workflows/pull-request-formatting-validator.yml @@ -23,6 +23,11 @@ on: jobs: validate_pr: runs-on: ubuntu-latest + + permissions: + contents: read + pull-requests: write + steps: - run: | prTitle="$(gh api graphql -F owner=$OWNER -F name=$REPO -F pr_number=$PR_NUMBER -f query=' @@ -48,7 +53,7 @@ jobs: - name: Check for Validation Errors if: env.VALIDATION_ERROR - uses: actions/github-script@v7 + uses: actions/github-script@v6 with: script: | core.setFailed('PR Formatting Validation Check Failed!') diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml index ad79b83d8b..45c294ccd2 100644 --- a/.github/workflows/release-draft.yml +++ b/.github/workflows/release-draft.yml @@ -27,5 +27,10 @@ on: jobs: draft: - uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v7.2.0 + + permissions: + contents: write + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v9.1.1 secrets: inherit diff --git a/.github/workflows/scheduled-maintenance.yml b/.github/workflows/scheduled-maintenance.yml index 348f4a4ae8..eef4487f8d 100644 --- a/.github/workflows/scheduled-maintenance.yml +++ b/.github/workflows/scheduled-maintenance.yml @@ -24,6 +24,11 @@ on: jobs: repo_cleanup: runs-on: ubuntu-latest + + permissions: + pull-requests: write + issues: write + steps: - name: Get Repository Info run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 79087d5f79..eaa5419b17 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -24,4 +24,9 @@ on: jobs: check: - uses: microsoft/mu_devops/.github/workflows/Stale.yml@v7.2.0 + + permissions: + issues: write + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/Stale.yml@v9.1.1 diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml index 276e64b362..3d0636e84a 100644 --- a/.github/workflows/triage-issues.yml +++ b/.github/workflows/triage-issues.yml @@ -19,4 +19,8 @@ on: jobs: triage: - uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v7.2.0 + + permissions: + issues: write + + uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v9.1.1