Releases: microsoft/mu_devops
v15.0.4
What's Changed
-
Adding missing components from docker images @kuqin12 (#473)
Change Details
This change adds 5 main components to the docker image to support Hafnium building:
clang, device-tree-compiler, libssl-dev, lld, llvmThis is tested with
docker build, then pulled down top of main in mu_tiano_platforms from the built docker, build and run QemuSbsaPkg successfully.</blockquote> <hr> </details>
-
Add RustCargoSteps workflow @magravel (#468)
Change Details
Adds a Rust workflow that makes sure the code is well formatted, doesn't have Clippy errors, and that tests that are passing and validate the documentation.
This workflow is synced with these repositories:
- microsoft/mu_basecore
- microsoft/mu_plus
- microsoft/mu_rust_helpers
- microsoft/mu_rust_hid
- microsoft/mu_rust_pi
- microsoft/mu_tiano_platforms
This has been tested on a dummy repository.
Example: When fmt fails, we want other checks to still run in that case.
</blockquote> <hr> </details>
-
Update actions/checkout from v4 to v5 @apop5 (#470)
Change Details
Update actions/checkout@v4 to actions/checkout@v5
This will take place of the dependabot updates that are scattered throughout the repos.
</blockquote> <hr> </details>
-
Move crypto\_release out of Dev/Release file sync @apop5 (#467)
Change Details
mu_crypto_release is moving to a main branch.
Update file sync to no longer sync the
-
Update rustfmt to use local repo version instead of mu\_devops version. @apop5 (#466)
Change Details
Some downstream repos updated to 2024 rustfmt.
Update the synced version of rustfmt to remove specifying a format. This way, the edition will use the repo's Cargo.toml.
-
Add to the dependenabot ignore subrepos the TFA and HAF repos @apop5 (#465)
Change Details
mu_tiano_platforms added Silicon/Arm/TFA and Silicon/Arm/HAF as submodules.
Dependabot was creating PRs to update.
Add these repos to the ignore list for dependabot.
-
codeql: Go back to pull\_request @makubacki (#464)
Change Details
b9c5931 moved to pull_request_target to use the GitHub app to derive auth tokens. This may not allow GitHub to have the propoer context for the changes in the PR. This goes back to pull_request. Since only read permission is needed for the token, this sets uses the default token to make authenticated API calls.
🐛 Bug Fixes
-
codeql: Add raw markers for Nunjucks @makubacki (#463)
Change Details
Marks GitHub variables as raw sections to prevent Nunjucks from interfering with them during file sync.
Full Changelog: v15.0.3...v15.0.4
Contributors
Assets 2
v15.0.3
What's Changed
-
Update Mu DevOps version to 15.0.3 @makubacki (#461)
Change Details
Includes:
- codeql: Use app token for API requests
- Use the GitHub app token for writing
Bumps the version for an upcoming release.
-
Use the GitHub app token for writing @makubacki (#458)
Change Details
Remove uses of the default GitHub token with write permission and instead use the GitHub app derived token which has write access.
-
Removes setting the default token to have write access.
-
Uses
pull_request_targetfor the pull request triggered workflow to allow the secrets to be passed to the action used to derive the GitHub app token.
-
-
codeql: Use app token for API requests [Rebase & FF] @makubacki (#460)
Change Details
Two changes for the CodeQL workflows:
codeql: Use app token for API requests
Make authenticated requests to prevent relying on the GitHub
anonymous API limit from potentially causing requests to
fail.
codeql: Always download cargo make
Temporarily always download cargo make instead of using the workflow
cache as loading from the cache has failed recently in some repos
and a root cause needs to be found for that issue.Tracked in #459
-
Version.njk: Update to Mu DevOps v15.0.2 @makubacki (#454)
Change Details
Updates repos to use the latest Mu DevOps release.
Full Changelog: v15.0.2...v15.0.3
Contributors
Assets 2
v15.0.2
What's Changed
-
Use pull\_request instead of pull\_request\_target trigger @makubacki (#453)
Change Details
Use pull_request to not run workflow changes on PRs from forks.
Note: Tested on fork in this PR makubacki/mu_basecore#99
Full Changelog: v15.0.1...v15.0.2
Contributors
Assets 2
v15.0.1
What's Changed
-
Update Version.njk to prepare for 15.0.1 release @Javagedes (#451)
Change Details
Need a 15.0.1 release so that the syncer will update all MuDevopsWrapper.yml to 15.0.1
-
Update container to latest with rust 1.85 @Javagedes (#450)
Change Details
-
containers: Sync rust related versions from Version.njk @Javagedes (#448)
Change Details
Sync's the rust toolchain version and cargo_make / cargo_tarpaulin version from the Version.njk file instead of needing to be updated manually.
🐛 Bug Fixes
-
submbodule-release-updater.yml: End raw sections with `endraw` @makubacki (#447)
Full Changelog: v15.0.0...v15.0.1
Contributors
Assets 2
v15.0.0
What's Changed
-
PullRequests.github-issues: Add mu-automation to bot list @makubacki (#442)
Change Details
Excludes `mu-automation[bot]` account PRs in the human list.
-
Update container version to 4d8e1b7 to use QEMU 10 @kuqin12 (#441)
Change Details
The new container incorporates QEMU v10.0.0 to support hafnium v2.13.
⚠️ Breaking Changes
-
Update rust to 1.85.0 @Javagedes (#444)
Change Details
Updates the rust version to 1.85.0
🐛 Bug Fixes
-
submodule-release-updater.yml: Treat GitHub vars as raw Nunjucks values @makubacki (#443)
Change Details
Prevents `{{` and `}}` from being interpreted as Nunjucks substitutions.
Full Changelog: v14.0.2...v15.0.0
Contributors
Assets 2
v14.0.2
What's Changed
-
Update docker image to build QEMU v10 @kuqin12 (#439)
Change Details
This change picks up QEMU v10 for docker images, which has a timer feature for AArch64 that is needed by hafnium build v2.13.
-
Update Version.njk for mu\_devops 14.0.1 @apop5 (#436)
Change Details
Update Version.njk to mu_devops v14.0.1
https://github.com/microsoft/mu_devops/releases/tag/v14.0.1
Specifically this is to pull in the autobackport label for filesync, dependabot PRs.
Full Changelog: v14.0.1...v14.0.2
Contributors
Assets 2
v14.0.1
What's Changed
-
Version.njk Update to 202502, 202405 versions @apop5 (#427)
Change Details
Switch n,n-1 to 202502, 202405
-
Backport: use srvaroa/labeler@v1.12.0 instead of github/issue-labeler @apop5 (#434)
Change Details
Switch to using srvaroa/labeler instead of github/issue-labeler to allow more configuration options.
Add backport labels for dependabot created PRs and for filesync operations as well.
github/issue-labeler did not provide configuration to add labels based on PR author or PR branch target or PR branch name.
Switching to allow automatically targeting FileSync operations and Dependabot Prs to be labeled backport.
-
FileSyncer.yml: Create app derived token for all repos @makubacki (#432)
Change Details
Allow file syncer to access all repos in the owning repo's installation and use the `GH_INSTALLATION_TOKEN` parameter to provide the token as the action differentiates between PATs using `GH_PAT` and apps using `GH_INSTALLATION_TOKEN`.
-
.sync/Version.njk: Update mu\_devops to v14.0.0 @makubacki (#431)
Change Details
See the following comparison for details of the changes between these releases:
The breaking changes are that the Auto Approve and Auto Merge workflows are removed in this release.
Full Changelog: v14.0.0...v14.0.1
Contributors
Assets 2
v14.0.0
What's Changed
-
Update non-Default GitHub token usage to Mu GitHub app @makubacki (#430)
Change Details
Generates tokens during workflow execution instead of directly depending on PATs.
-
Add microsoft/mu\_feature\_ffa to notebooks @apop5 (#426)
Change Details
Add the newly created mu_feature_ffa repo to notebooks for querying issues/pull requests.
-
.sync/codeql: Update robinraju/release-downloader to v1.12 @makubacki (#425)
Change Details
Use the latest version in CodeQL workflows.
-
Synchronize files into `mu_feature_ffa` repo @kuqin12 (#424)
Change Details
This change onboards the `mu_feature_ffa` repo to be part of the mu repo collection, by synchronizing the necessary files into the repo automatically.
-
Add secureboot\_objects to repos which pull\_request\_template is synced. @apop5 (#423)
Change Details
Add pull request template as file synced to secureboot_objects.
-
.sync/Version.njk: Update linux\_build\_container to for 1.84.0 rust toolchain. @apop5 (#422)
Change Details
Update Readme.rst to contain details on process for updating rust_toolchain.
-
.sync/Version.njk: Update mu\_devops to v13.0.3 @apop5 (#419)
Change Details
See the following comparison for details of the changes between these releases:
⚠️ Breaking Changes
-
Remove Auto Merge workflow @makubacki (#429)
Change Details
This workflow has not been used in a long time due to policy change toward merging PRs with automation. Remove it from the repo for now to reduce maintenance burden. It can be pulled from git history if needed in the future.
-
Remove Auto Approve worfklow @makubacki (#428)
Change Details
This workflow has not been used in a long time due to policy changes toward automated approval. Remove it from the repo for now to reduce maintenance burden. It can be pulled from git history if needed in the future.
Full Changelog: v13.0.3...v14.0.0
Contributors
Assets 2
v13.0.3
What's Changed
Full Changelog: v13.0.2...v13.0.3
Contributors
Assets 2
v13.0.2
What's Changed
-
Always update artifacts\_present variable in artifact publish @MarcChen46 (#414)
Change Details
The Binary and Other artifact publish is depending on `artifacts_present` variable, but the variable will only be set to false or true when all previous steps are success.
In some cases, we want to always upload the artifacts no matter previous steps are pass or failed, and this
artifacts_presentalready be handled well to decide the binary and other artifact should be uploaded or not, hence add thecondition: succeededOrFailed()to the step that set theartifacts_presentvariable
-
.sync/rust-toolchain.toml: Sync cargo-release @makubacki (#411)
Change Details
The release GitHub workflow downloads and caches the cargo tools in the rust-toolchain.toml file so sync it.
Full Changelog: v13.0.1...v13.0.2
