From a83e1d9abc262f2017af581380a1ea140ca3018c Mon Sep 17 00:00:00 2001 From: "Project Mu UEFI Bot [bot]" <45776386+uefibot@users.noreply.github.com> Date: Tue, 2 Apr 2024 19:06:59 -0400 Subject: [PATCH] Repo File Sync: synced file(s) with microsoft/mu_devops (#6) Signed-off-by: Project Mu UEFI Bot Co-authored-by: Chris Fernald --- .github/ISSUE_TEMPLATE/bug_report.yml | 155 ++++++ .github/ISSUE_TEMPLATE/config.yml | 16 + .../ISSUE_TEMPLATE/documentation_request.yml | 65 +++ .github/ISSUE_TEMPLATE/feature_request.yml | 108 ++++ .github/advanced-issue-labeler.yml | 54 ++ .github/dependabot.yml | 73 +++ .github/pull_request_template.md | 42 ++ .github/release-draft-config.yml | 98 ++++ .github/workflows/auto-approve.yml | 33 ++ .github/workflows/auto-merge.yml | 36 ++ .github/workflows/codeql.yml | 468 ++++++++++++++++++ .github/workflows/issue-assignment.yml | 26 + .github/workflows/label-issues.yml | 39 ++ .github/workflows/label-issues/file-paths.yml | 18 + .../label-issues/regex-pull-requests.yml | 30 ++ .github/workflows/label-sync.yml | 31 ++ .../pull-request-formatting-validator.yml | 59 +++ .github/workflows/release-draft.yml | 36 ++ .github/workflows/scheduled-maintenance.yml | 64 +++ .github/workflows/stale.yml | 32 ++ .github/workflows/triage-issues.yml | 26 + 21 files changed, 1509 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/documentation_request.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml create mode 100644 .github/advanced-issue-labeler.yml create mode 100644 .github/dependabot.yml create mode 100644 .github/pull_request_template.md create mode 100644 .github/release-draft-config.yml create mode 100644 .github/workflows/auto-approve.yml create mode 100644 .github/workflows/auto-merge.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/issue-assignment.yml create mode 100644 .github/workflows/label-issues.yml create mode 100644 .github/workflows/label-issues/file-paths.yml create mode 100644 .github/workflows/label-issues/regex-pull-requests.yml create mode 100644 .github/workflows/label-sync.yml create mode 100644 .github/workflows/pull-request-formatting-validator.yml create mode 100644 .github/workflows/release-draft.yml create mode 100644 .github/workflows/scheduled-maintenance.yml create mode 100644 .github/workflows/stale.yml create mode 100644 .github/workflows/triage-issues.yml diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..9b8fc31 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,155 @@ +# Project Mu GitHub Bug Report Template +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: 🐛 Bug Report +description: File a bug report +title: "[Bug]: " +labels: ["type:bug", "state:needs-triage"] + +body: + - type: markdown + attributes: + value: | + 👋 Thanks for taking the time to fill out this bug report! + + - type: checkboxes + attributes: + label: Is there an existing issue for this? + description: Please search to see if an issue already exists for the bug you encountered. + options: + - label: I have searched existing issues + required: true + + - type: textarea + id: current_behavior + attributes: + label: Current Behavior + description: A concise description of the bug that you're experiencing. + validations: + required: true + + - type: textarea + id: expected_behavior + attributes: + label: Expected Behavior + description: A concise description of what you expected to happen. + validations: + required: true + + - type: textarea + id: steps_to_reproduce + attributes: + label: Steps To Reproduce + description: Steps to reproduce the behavior. + placeholder: | + <example> + 1. In this environment... + 2. With this config... + 3. Boot to '...' + 4. Change option '...' + 4. See error... + validations: + required: true + + - type: textarea + id: build_environment + attributes: + label: Build Environment + description: | + examples: + - **OS**: Ubuntu 20.04 or Windows 11... + - **Tool Chain**: GCC5 or VS2022 or CLANGPDB... + - **Targets Impacted**: RELEASE, DEBUG, NO-TARGET, NOOPT... + value: | + - OS(s): + - Tool Chain(s): + - Targets Impacted: + render: markdown + validations: + required: true + + - type: textarea + id: version_info + attributes: + label: Version Information + description: What version of this repo reproduces the problem? + placeholder: | + Commit: <SHA> + -or- + Tag: <Tag> + render: text + validations: + required: true + + - type: markdown + attributes: + value: | + **Urgency Key** + - 🟢 **Low** + - A minor change with little to no important functional impact + - It is not important to fix this in a specific time frame + - 🟡 **Medium** + - An important change with a functional impact + - Will be prioritized above *low* issues in the normal course of development + - 🔥 **High** + - A critical change that has a significant functional impact + - Must be fixed immediately + + - type: dropdown + id: urgency + attributes: + label: Urgency + description: How urgent is it to fix this bug? + multiple: false + options: + - Low + - Medium + - High + validations: + required: true + + - type: dropdown + id: fix_owner + attributes: + label: Are you going to fix this? + description: Indicate if you are going to fix this or requesting someone else fix it. + multiple: false + options: + - I will fix it + - Someone else needs to fix it + validations: + required: true + + - type: dropdown + id: needs_maintainer_feedback + attributes: + label: Do you need maintainer feedback? + description: Indicate if you would like a maintainer to provide feedback on this submission. + multiple: false + options: + - No maintainer feedback needed + - Maintainer feedback requested + validations: + required: true + + - type: textarea + id: anything_else + attributes: + label: Anything else? + description: | + Links? References? Anything that will give us more context about the issue you are encountering. + + Serial debug logs and/or debugger logs are especially helpful! + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..12ad7f8 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,16 @@ +# Project Mu GitHub Issue Configuration File +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +contact_links: + - name: 📃 Project Mu Documentation + url: https://microsoft.github.io/mu/ + about: Goals, principles, repo layout, build instructions, and more. diff --git a/.github/ISSUE_TEMPLATE/documentation_request.yml b/.github/ISSUE_TEMPLATE/documentation_request.yml new file mode 100644 index 0000000..66ccab2 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/documentation_request.yml @@ -0,0 +1,65 @@ +# Project Mu GitHub Documentation Request Template +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: 📖 Documentation Request +description: Request a documentation change +title: "[Documentation]: <title>" +labels: ["type:documentation", "state:needs-triage"] + +body: + - type: markdown + attributes: + value: | + 👋 Thanks for taking the time to help us improve our documentation! + + - type: textarea + id: request_description + attributes: + label: Request Description + description: A clear and concise description of what needs to change. + validations: + required: true + + - type: dropdown + id: request_owner + attributes: + label: Are you going to make the change? + description: Indicate if you are going to make this change or requesting someone else make it. + multiple: false + options: + - I will make the change + - Someone else needs to make the change + validations: + required: true + + - type: dropdown + id: needs_maintainer_feedback + attributes: + label: Do you need maintainer feedback? + description: Indicate if you would like a maintainer to provide feedback on this submission. + multiple: false + options: + - No maintainer feedback needed + - Maintainer feedback requested + validations: + required: true + + - type: textarea + id: anything_else + attributes: + label: Anything else? + description: | + Links? References? Anything that will give us more context about the request. + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..f520102 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,108 @@ +# Project Mu GitHub Feature Request Template +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: 🚀 Feature Request +description: Request a feature change +title: "[Feature]: <title>" +labels: ["type:feature-request", "state:needs-triage"] + +body: + - type: markdown + attributes: + value: | + 👋 Thanks for taking the time to help us improve our features! + + - type: textarea + id: feature_overview + attributes: + label: Feature Overview + description: Provide a high-level summary of your feature request. + validations: + required: true + + - type: textarea + id: solution_overview + attributes: + label: Solution Overview + description: Give a clear and concise description of what you want to happen. + validations: + required: true + + - type: textarea + id: alternatives_considered + attributes: + label: Alternatives Considered + description: Describe alternatives you've considered. + validations: + required: false + + - type: markdown + attributes: + value: | + **Urgency Key** + - 🟢 **Low** + - A minor enhancement + - It is not important to address this request in a specific time frame + - 🟡 **Medium** + - An important enhancement + - Will be prioritized above *low* requests in the normal course of development + - 🔥 **High** + - A critical enhancement with significant value + - Should be prioritized above *low* and *medium* requests + + - type: dropdown + id: urgency + attributes: + label: Urgency + description: How urgent is it to resolve this feature request? + multiple: false + options: + - Low + - Medium + - High + validations: + required: true + + - type: dropdown + id: request_owner + attributes: + label: Are you going to implement the feature request? + description: Indicate if you are going to do the work to close this feature request. + multiple: false + options: + - I will implement the feature + - Someone else needs to implement the feature + validations: + required: true + + - type: dropdown + id: needs_maintainer_feedback + attributes: + label: Do you need maintainer feedback? + description: Indicate if you would like a maintainer to provide feedback on this submission. + multiple: false + options: + - No maintainer feedback needed + - Maintainer feedback requested + validations: + required: true + + - type: textarea + id: anything_else + attributes: + label: Anything else? + description: | + Links? References? Anything that will give us more context about the feature you are requesting. + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + validations: + required: false diff --git a/.github/advanced-issue-labeler.yml b/.github/advanced-issue-labeler.yml new file mode 100644 index 0000000..fa3977d --- /dev/null +++ b/.github/advanced-issue-labeler.yml @@ -0,0 +1,54 @@ +# Defines the mappings between GitHub issue responses and labels applied to the issue +# for Project Mu repos. +# +# IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/redhat-plumbers-in-action/advanced-issue-labeler + +policy: + - section: + + # Issue Template - Urgency Dropdown + - id: ['urgency'] + block-list: [] + label: + - name: 'urgency:low' + keys: ['Low'] + - name: 'urgency:medium' + keys: ['Medium'] + - name: 'urgency:high' + keys: ['High'] + + # Issue Template - Fix Owner Dropdown + - id: ['fix_owner', 'request_owner'] + block-list: [] + label: + - name: 'state:needs-owner' + keys: [ + 'Someone else needs to fix it', + 'Someone else needs to make the change', + 'Someone else needs to implement the feature' + ] + - name: 'state:needs-triage' + keys: [ + 'Someone else needs to fix it', + 'Someone else needs to make the change', + 'Someone else needs to implement the feature' + ] + + # Issue Template - Needs Maintainer Feedback Dropdown + - id: ['needs_maintainer_feedback'] + block-list: [] + label: + - name: 'state:needs-maintainer-feedback' + keys: ['Maintainer feedback requested'] diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..7492698 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,73 @@ +## @file +# Dependabot configuration file to enable GitHub services for managing and updating +# dependencies. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# This dependabot file is limited to syncing the following type of dependencies. Other files +# are already available in Mu DevOps to sync other dependency types. +# - Rust Crate Dependencies (`cargo`) +# - GitHub Actions (`github-actions`) +# - Python PIP Modules (`pip`) +# +# Dependabot does not update the microsoft/mu_devops version because that is updated once in mu_devops +# and then synced to all repos when the file sync occurs. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# Please see the documentation for all dependabot configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates +## + +version: 2 + +updates: + - package-ecosystem: "cargo" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + timezone: "America/Los_Angeles" + time: "03:00" + commit-message: + prefix: "Rust Dependency" + labels: + - "type:dependencies" + - "type:dependabot" + rebase-strategy: "disabled" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + timezone: "America/Los_Angeles" + time: "06:00" + ignore: + - dependency-name: "microsoft/mu_devops" + commit-message: + prefix: "GitHub Action" + labels: + - "type:dependencies" + - "type:dependabot" + rebase-strategy: "disabled" + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + day: "wednesday" + timezone: "America/Los_Angeles" + time: "01:00" + commit-message: + prefix: "pip" + labels: + - "language:python" + - "type:dependencies" + - "type:dependabot" + rebase-strategy: "disabled" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..0f216b6 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,42 @@ +# Preface + +Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior +to submitting the pull request. In particular, +[pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). + +## Description + +<_Please include a description of the change and why this change was made._> + +For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. +_(you can also check items in the GitHub UI)_ + +- [ ] Impacts functionality? + - **Functionality** - Does the change ultimately impact how firmware functions? + - Examples: Add a new library, publish a new PPI, update an algorithm, ... +- [ ] Impacts security? + - **Security** - Does the change have a direct security impact on an application, + flow, or firmware? + - Examples: Crypto algorithm change, buffer overflow fix, parameter + validation improvement, ... +- [ ] Breaking change? + - **Breaking change** - Will anyone consuming this change experience a break + in build or boot behavior? + - Examples: Add a new library class, move a module to a different repo, call + a function in a new library class in a pre-existing module, ... +- [ ] Includes tests? + - **Tests** - Does the change include any explicit test code? + - Examples: Unit tests, integration tests, robot tests, ... +- [ ] Includes documentation? + - **Documentation** - Does the change contain explicit documentation additions + outside direct code modifications (and comments)? + - Examples: Update readme file, add feature readme file, link to documentation + on an a separate Web page, ... + +## How This Was Tested + +<_Please describe the test(s) that were run to verify the changes._> + +## Integration Instructions + +<_Describe how these changes should be integrated. Use N/A if nothing is required._> diff --git a/.github/release-draft-config.yml b/.github/release-draft-config.yml new file mode 100644 index 0000000..e1121cc --- /dev/null +++ b/.github/release-draft-config.yml @@ -0,0 +1,98 @@ +# Defines the configuration used for drafting new releases. +# +# IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. +# +# NOTE: `semver:major`, `semver:minor`, and `semver:patch` can be used to force that +# version to roll regardless of other labels. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/release-drafter/release-drafter + +name-template: 'v$RESOLVED_VERSION' +tag-template: 'v$RESOLVED_VERSION' + + +template: | + # What's Changed + + $CHANGES + + **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION + +categories: + - title: '⚠️ Breaking Changes' + labels: + - 'impact:breaking-change' + - title: '🚀 Features & ✨ Enhancements' + labels: + - 'type:design-change' + - 'type:enhancement' + - 'type:feature-request' + - title: '🐛 Bug Fixes' + labels: + - 'type:bug' + - title: '🔐 Security Impacting' + labels: + - 'impact:security' + - title: '📖 Documentation Updates' + labels: + - 'type:documentation' + - title: '🛠️ Submodule Updates' + labels: + - 'type:submodules' + +change-template: >- + <ul> + <li> + $TITLE @$AUTHOR (#$NUMBER) + <br> + <details> + <summary>Change Details</summary> + <blockquote> + <!-- Non-breaking space to have content if body is empty --> +   $BODY + </blockquote> + <hr> + </details> + </li> + </ul> + +change-title-escapes: '\<*_&@' # Note: @ is added to disable mentions + +# Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. +version-resolver: + major: + labels: + - 'impact:breaking-change' + - 'semver:major' + minor: + labels: + - 'semver:minor' + - 'type:design-change' + - 'type:enhancement' + - 'type:feature-request' + patch: + labels: + - 'impact:non-functional' + - 'semver:patch' + - 'type:bug' + - 'type:documentation' + default: patch + +exclude-labels: + - 'type:dependabot' + - 'type:file-sync' + - 'type:notes' + - 'type:question' + +exclude-contributors: + - 'uefibot' diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml new file mode 100644 index 0000000..b745950 --- /dev/null +++ b/.github/workflows/auto-approve.yml @@ -0,0 +1,33 @@ +# This workflow automatically approves pull requests under certain conditions. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made +# in the common/reusable workflow. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Auto Approve Pull Request + +on: + pull_request_target: + types: + - opened + - reopened + +jobs: + approval_check: + + permissions: + pull-requests: write + + if: | + github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' + uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v9.1.8 + secrets: inherit diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml new file mode 100644 index 0000000..d3d61c7 --- /dev/null +++ b/.github/workflows/auto-merge.yml @@ -0,0 +1,36 @@ +# This workflow automatically merges pull requests under certain conditions. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made +# in the common/reusable workflow. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Auto Merge Pull Request + +on: + pull_request_target: + types: + - opened + - reopened + - synchronize + +jobs: + merge_check: + + permissions: + contents: read + pull-requests: write + issues: write + + if: | + github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' + uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v9.1.8 + secrets: inherit diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..2ee0736 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,468 @@ +# This workflow runs CodeQL against the repository. +# +# Results are uploaded to GitHub Code Scanning. +# +# Note: Important: This file only works with "CI" builds. "Platform" builds are +# supported with the codeql-platform.yml file. +# +# Note: This workflow only supports Windows as CodeQL CLI has confirmed issues running +# against edk2-style codebases on Linux (only tested on Ubuntu). Therefore, this +# workflow is written only for Windows but could easily be adapted to run on Linux +# in the future if needed (e.g. swap out "windows" with agent OS var value, etc.). +# +# For details about the Linux issue see: https://github.com/github/codeql-action/issues/1338 +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent + + +name: "CodeQL" + +on: + push: + branches: + - main + - release/* + pull_request: + branches: + - main + - release/* + paths-ignore: + - '!**.c' + - '!**.h' + +jobs: + gather_packages: + name: Gather Repo Packages + runs-on: ubuntu-latest + outputs: + packages: ${{ steps.generate_matrix.outputs.packages }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Python + uses: actions/setup-python@v5 + with: + python-version: '3.12' + + - name: Generate Package Matrix + id: generate_matrix + shell: python + run: | + import os + import json + + packages = [d for d in os.listdir() if d.strip().lower().endswith('pkg')] + + # Ensure the package can actually be built + for package in packages: + if not any(file.endswith('.dsc') for file in os.listdir(package)): + packages.remove(package) + + packages.sort() + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'packages={json.dumps(packages)}', file=fh) + + analyze: + name: Analyze + runs-on: windows-2022 + needs: + - gather_packages + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + package: ${{ fromJson(needs.gather_packages.outputs.packages) }} + include: + - archs: IA32,X64 + - tool_chain_tag: VS2022 + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Python + uses: actions/setup-python@v5 + with: + python-version: '3.12' + cache: 'pip' + cache-dependency-path: 'pip-requirements.txt' + + - name: Use Git Long Paths on Windows + if: runner.os == 'Windows' + shell: pwsh + run: | + git config --system core.longpaths true + + - name: Install/Upgrade pip Modules + run: pip install -r pip-requirements.txt --upgrade requests + + - name: Determine CI Settings File Supported Operations + id: get_ci_file_operations + shell: python + run: | + import importlib + import os + import sys + from pathlib import Path + from edk2toolext.invocables.edk2_ci_setup import CiSetupSettingsManager + from edk2toolext.invocables.edk2_setup import SetupSettingsManager + + # Find the CI Settings file (usually in .pytool/CISettings.py) + ci_settings_file = list(Path(os.environ['GITHUB_WORKSPACE']).rglob('.pytool/CISettings.py')) + + # Note: At this point, submodules have not been pulled, only one CI Settings file should exist + if len(ci_settings_file) != 1 or not ci_settings_file[0].is_file(): + print("::error title=Workspace Error!::Failed to find CI Settings file!") + sys.exit(1) + + ci_settings_file = ci_settings_file[0] + + # Try Finding the Settings class in the file + module_name = 'ci_settings' + + spec = importlib.util.spec_from_file_location(module_name, ci_settings_file) + module = importlib.util.module_from_spec(spec) + spec.loader.exec_module(module) + + try: + settings = getattr(module, 'Settings') + except AttributeError: + print("::error title=Workspace Error!::Failed to find Settings class in CI Settings file!") + sys.exit(1) + + # Determine Which Operations Are Supported by the Settings Class + ci_setup_supported = issubclass(settings, CiSetupSettingsManager) + setup_supported = issubclass(settings, SetupSettingsManager) + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'ci_setup_supported={str(ci_setup_supported).lower()}', file=fh) + print(f'setup_supported={str(setup_supported).lower()}', file=fh) + + + + - name: Get Cargo Tool Details + id: get_cargo_tool_details + shell: python + run: | + import os + import requests + import sys + + GITHUB_REPO = "sagiegurari/cargo-make" + api_url = f"https://api.github.com/repos/{GITHUB_REPO}/releases/tags/0.37.9" + + response = requests.get(api_url) + if response.status_code == 200: + build_release_id = response.json()["id"] + else: + print("::error title=GitHub Release Error!::Failed to get cargo-make release ID!") + sys.exit(1) + + api_url = f"https://api.github.com/repos/{GITHUB_REPO}/releases/{build_release_id}" + + response = requests.get(api_url) + if response.status_code == 200: + latest_cargo_make_version = response.json()["tag_name"] + else: + print("::error title=GitHub Release Error!::Failed to get cargo-make!") + sys.exit(1) + + cache_key = f'cargo-make-{latest_cargo_make_version}' + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'cargo_bin_path={os.path.join(os.environ["USERPROFILE"], ".cargo", "bin")}', file=fh) + print(f'cargo_make_cache_key={cache_key}', file=fh) + print(f'cargo_make_version={latest_cargo_make_version}', file=fh) + + + - name: Attempt to Load cargo-make From Cache + id: cargo_make_cache + uses: actions/cache@v4 + with: + path: ${{ steps.get_cargo_tool_details.outputs.cargo_bin_path }} + key: ${{ steps.get_cargo_tool_details.outputs.cargo_make_cache_key }} + + - name: Download cargo-make + if: steps.cargo_make_cache.outputs.cache-hit != 'true' + uses: robinraju/release-downloader@v1.9 + with: + repository: 'sagiegurari/cargo-make' + tag: '${{ steps.get_cargo_tool_details.outputs.cargo_make_version }}' + fileName: 'cargo-make-v${{ steps.get_cargo_tool_details.outputs.cargo_make_version }}-x86_64-pc-windows-msvc.zip' + out-file-path: 'cargo-make-download' + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract cargo-make + if: steps.cargo_make_cache.outputs.cache-hit != 'true' + env: + CARGO_MAKE_VERSION: ${{ steps.get_cargo_tool_details.outputs.cargo_make_version }} + DEST_DIR: ${{steps.get_cargo_tool_details.outputs.cargo_bin_path }} + shell: python + run: | + import os + import shutil + import zipfile + from pathlib import Path + + DOWNLOAD_DIR = Path(os.environ["GITHUB_WORKSPACE"], "cargo-make-download") + ZIP_FILE_NAME = f"cargo-make-v{os.environ['CARGO_MAKE_VERSION']}-x86_64-pc-windows-msvc.zip" + ZIP_FILE_PATH = Path(DOWNLOAD_DIR, ZIP_FILE_NAME) + EXTRACT_DIR = Path(DOWNLOAD_DIR, "cargo-make-contents") + + with zipfile.ZipFile(ZIP_FILE_PATH, 'r') as zip_ref: + zip_ref.extractall(EXTRACT_DIR) + + for extracted_file in EXTRACT_DIR.iterdir(): + if extracted_file.name == "cargo-make.exe": + shutil.copy2(extracted_file, os.environ["DEST_DIR"]) + break + + - name: Rust Prep + run: rustup component add rust-src + + - name: Setup + if: steps.get_ci_file_operations.outputs.setup_supported == 'true' + run: stuart_setup -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }} + + - name: Upload Setup Log As An Artifact + uses: actions/upload-artifact@v4 + if: (success() || failure()) && steps.get_ci_file_operations.outputs.setup_supported == 'true' + with: + name: ${{ matrix.package }}-Setup-Log + path: | + **/SETUPLOG.txt + retention-days: 7 + if-no-files-found: ignore + + - name: CI Setup + if: steps.get_ci_file_operations.outputs.ci_setup_supported == 'true' + run: stuart_ci_setup -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }} + + - name: Upload CI Setup Log As An Artifact + uses: actions/upload-artifact@v4 + if: (success() || failure()) && steps.get_ci_file_operations.outputs.ci_setup_supported == 'true' + with: + name: ${{ matrix.package }}-CI-Setup-Log + path: | + **/CISETUP.txt + retention-days: 7 + if-no-files-found: ignore + + - name: Update + run: stuart_update -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }} + + - name: Upload Update Log As An Artifact + uses: actions/upload-artifact@v4 + if: success() || failure() + with: + name: ${{ matrix.package }}-Update-Log + path: | + **/UPDATE_LOG.txt + retention-days: 7 + if-no-files-found: ignore + + - name: Find CodeQL Plugin Directory + id: find_dir + shell: python + run: | + import os + import sys + from pathlib import Path + + # + # Find the plugin directory that contains the CodeQL plugin. + # + # Prior to Mu Basecore 202311, the CodeQL plugin was located in .pytool. After it + # is located in BaseTools. First check BaseTools, but consider .pytool as a backup + # for backward compatibility. The .pytool backup can be removed when no longer needed + # for supported branches. + # + plugin_dir = list(Path(os.environ['GITHUB_WORKSPACE']).rglob('BaseTools/Plugin/CodeQL')) + if not plugin_dir: + plugin_dir = list(Path(os.environ['GITHUB_WORKSPACE']).rglob('.pytool/Plugin/CodeQL')) + + # This should only be found once + if len(plugin_dir) == 1: + plugin_dir = str(plugin_dir[0]) + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'codeql_plugin_dir={plugin_dir}', file=fh) + else: + print("::error title=Workspace Error!::Failed to find Mu Basecore plugin directory!") + sys.exit(1) + + - name: Get CodeQL CLI Cache Data + id: cache_key_gen + env: + CODEQL_PLUGIN_DIR: ${{ steps.find_dir.outputs.codeql_plugin_dir }} + shell: python + run: | + import os + import yaml + + codeql_cli_ext_dep_name = 'codeqlcli_windows_ext_dep' + codeql_plugin_file = os.path.join(os.environ['CODEQL_PLUGIN_DIR'], codeql_cli_ext_dep_name + '.yaml') + + with open (codeql_plugin_file) as pf: + codeql_cli_ext_dep = yaml.safe_load(pf) + + cache_key_name = codeql_cli_ext_dep['name'] + cache_key_version = codeql_cli_ext_dep['version'] + cache_key = f'{cache_key_name}-{cache_key_version}' + + codeql_plugin_cli_ext_dep_dir = os.path.join(os.environ['CODEQL_PLUGIN_DIR'], codeql_cli_ext_dep['name'].strip() + '_extdep') + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'codeql_cli_cache_key={cache_key}', file=fh) + print(f'codeql_cli_ext_dep_dir={codeql_plugin_cli_ext_dep_dir}', file=fh) + + - name: Attempt to Load CodeQL CLI From Cache + id: codeqlcli_cache + uses: actions/cache@v4 + with: + path: ${{ steps.cache_key_gen.outputs.codeql_cli_ext_dep_dir }} + key: ${{ steps.cache_key_gen.outputs.codeql_cli_cache_key }} + + - name: Download CodeQL CLI + if: steps.codeqlcli_cache.outputs.cache-hit != 'true' + run: stuart_update -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }} --codeql + + - name: Find pytool Plugin Directory + id: find_pytool_dir + shell: python + run: | + import os + import sys + from pathlib import Path + + # Find the plugin directory that contains the Compiler plugin + plugin_dir = list(Path(os.environ['GITHUB_WORKSPACE']).rglob('.pytool/Plugin/CompilerPlugin')) + + # This should only be found once + if len(plugin_dir) == 1: + # If the directory is found get the parent Plugin directory + plugin_dir = str(plugin_dir[0].parent) + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'pytool_plugin_dir={plugin_dir}', file=fh) + else: + print("::error title=Workspace Error!::Failed to find Mu Basecore .pytool/Plugin directory!") + sys.exit(1) + + - name: Remove CI Plugins Irrelevant to CodeQL + shell: python + env: + PYTOOL_PLUGIN_DIR: ${{ steps.find_pytool_dir.outputs.pytool_plugin_dir }} + run: | + import os + import shutil + from pathlib import Path + + # Only these two plugins are needed for CodeQL. + # + # CodeQL build time is reduced by removing other plugins that are not needed for the CodeQL + # build in the .pytool directory. The CompilerPlugin is required to compile code for CodeQL + # to extract results from and the CodeQL plugin is necessary to to analyze the results and + # build the CodeQL database from them. The CodeQL plugin should be in BaseTools moving forward + # but still might be in .pytool in older branches so it is kept here as an exception. + # + plugins_to_keep = ['CodeQL', 'CompilerPlugin'] + + plugin_dir = Path(os.environ['PYTOOL_PLUGIN_DIR']).absolute() + if plugin_dir.is_dir(): + for dir in plugin_dir.iterdir(): + if str(dir.stem) not in plugins_to_keep: + shutil.rmtree(str(dir.absolute()), ignore_errors=True) + + - name: CI Build + env: + RUST_ENV_CHECK_TOOL_EXCLUSIONS: "cargo fmt, cargo tarpaulin" + STUART_CODEQL_PATH: ${{ steps.cache_key_gen.outputs.codeql_cli_ext_dep_dir }} + run: stuart_ci_build -c .pytool/CISettings.py -t DEBUG -p ${{ matrix.package }} -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }} --codeql + + - name: Build Cleanup + id: build_cleanup + shell: python + run: | + import os + import shutil + from pathlib import Path + + dirs_to_delete = ['ia32', 'x64', 'arm', 'aarch64'] + + def delete_dirs(path: Path): + if path.exists() and path.is_dir(): + if path.name.lower() in dirs_to_delete: + print(f'Removed {str(path)}') + shutil.rmtree(path) + return + + for child_dir in path.iterdir(): + delete_dirs(child_dir) + + build_path = Path(os.environ['GITHUB_WORKSPACE'], 'Build') + delete_dirs(build_path) + + - name: Upload Build Logs As An Artifact + uses: actions/upload-artifact@v4 + if: success() || failure() + with: + name: ${{ matrix.package }}-Build-Logs + path: | + **/BUILD_REPORT.TXT + **/OVERRIDELOG.TXT + **/BUILDLOG_*.md + **/BUILDLOG_*.txt + **/CI_*.md + **/CI_*.txt + retention-days: 7 + if-no-files-found: ignore + + - name: Prepare Env Data for CodeQL Upload + id: env_data + env: + PACKAGE_NAME: ${{ matrix.package }} + shell: python + run: | + import os + + package = os.environ['PACKAGE_NAME'].strip().lower() + directory_name = 'codeql-analysis-' + package + '-debug' + file_name = 'codeql-db-' + package + '-debug-0.sarif' + sarif_path = os.path.join('Build', directory_name, file_name) + + with open(os.environ['GITHUB_OUTPUT'], 'a') as fh: + print(f'sarif_file_path={sarif_path}', file=fh) + + - name: Upload CodeQL Results (SARIF) As An Artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.package }}-CodeQL-SARIF + path: ${{ steps.env_data.outputs.sarif_file_path }} + retention-days: 14 + if-no-files-found: warn + + - name: Upload CodeQL Results (SARIF) To GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v3 + with: + # Path to SARIF file relative to the root of the repository. + sarif_file: ${{ steps.env_data.outputs.sarif_file_path }} + # Optional category for the results. Used to differentiate multiple results for one commit. + # Each package is a separate category. + category: ${{ matrix.package }} + + diff --git a/.github/workflows/issue-assignment.yml b/.github/workflows/issue-assignment.yml new file mode 100644 index 0000000..61c69e7 --- /dev/null +++ b/.github/workflows/issue-assignment.yml @@ -0,0 +1,26 @@ +# This workflow provides actions that should be applied when an issue is assigned. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: React to Issue Assignment + +on: + issues: + types: assigned + +jobs: + apply: + + permissions: + contents: read + issues: write + + uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v9.1.8 diff --git a/.github/workflows/label-issues.yml b/.github/workflows/label-issues.yml new file mode 100644 index 0000000..27cbdfa --- /dev/null +++ b/.github/workflows/label-issues.yml @@ -0,0 +1,39 @@ +# This workflow automatically applies labels to GitHub issues and pull requests based on the +# file paths in a pull request or content in the body of an issue or pull request. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made +# in the common/reusable workflow. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Apply Issue and PR Labels + +on: + issues: + types: + - edited + - opened + pull_request_target: + types: + - edited + - opened + - reopened + - synchronize + workflow_dispatch: + +jobs: + apply: + + permissions: + contents: read + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v9.1.8 diff --git a/.github/workflows/label-issues/file-paths.yml b/.github/workflows/label-issues/file-paths.yml new file mode 100644 index 0000000..c3b3cc8 --- /dev/null +++ b/.github/workflows/label-issues/file-paths.yml @@ -0,0 +1,18 @@ +# Specifies labels to apply to issues and pull requests based on file path patterns in Project Mu repositories. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/actions/labeler + +# Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. + +language:python: + - '**/*.py' diff --git a/.github/workflows/label-issues/regex-pull-requests.yml b/.github/workflows/label-issues/regex-pull-requests.yml new file mode 100644 index 0000000..484fc6c --- /dev/null +++ b/.github/workflows/label-issues/regex-pull-requests.yml @@ -0,0 +1,30 @@ +# Specifies labels to apply to pull requests in Project Mu repositories based on regular expressions. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/github/issue-labeler + +# Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. + +impact:breaking-change: + - '\s*-\s*\[\s*[x|X]\s*\] Breaking change\?' + +impact:non-functional: + - '\s*-\s*\[\s*(?![x|X])\s*\] Impacts functionality\?' + +impact:security: + - '\s*-\s*\[\s*[x|X]\s*\] Impacts security\?' + +impact:testing: + - '\s*-\s*\[\s*[x|X]\s*\] Includes tests\?' + +type:documentation: + - '\s*-\s*\[\s*[x|X]\s*\] Includes documentation\?' diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml new file mode 100644 index 0000000..6d3e8a1 --- /dev/null +++ b/.github/workflows/label-sync.yml @@ -0,0 +1,31 @@ +# This workflow syncs GitHub labels to the common set of labels defined in Mu DevOps. +# +# All repos should sync at the same time. +# '0 0,12 * * *'' +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Sync GitHub Labels + +on: + schedule: + # At minute 0 past hour 0 and 12 + # https://crontab.guru/#0_0,12_*_*_* + - cron: '0 0,12 * * *' + workflow_dispatch: + +jobs: + sync: + + permissions: + issues: write + + uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v9.1.8 diff --git a/.github/workflows/pull-request-formatting-validator.yml b/.github/workflows/pull-request-formatting-validator.yml new file mode 100644 index 0000000..7032b62 --- /dev/null +++ b/.github/workflows/pull-request-formatting-validator.yml @@ -0,0 +1,59 @@ +# This workflow validates basic pull request formatting requirements are met. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Validate Pull Request Formatting + +on: + pull_request_target: + types: + - edited + - opened + - reopened + - synchronize + +jobs: + validate_pr: + runs-on: ubuntu-latest + + permissions: + contents: read + pull-requests: write + + steps: + - run: | + prTitle="$(gh api graphql -F owner=$OWNER -F name=$REPO -F pr_number=$PR_NUMBER -f query=' + query($name: String!, $owner: String!, $pr_number: Int!) { + repository(owner: $owner, name: $name) { + pullRequest(number: $pr_number) { + title + } + } + }')" + + if [[ "${prTitle}" == *"Personal/"* ]]; then + gh pr comment $PR_URL --body "⚠️ Please add a meaningful PR title (remove the 'Personal/' prefix from the title)." + echo 'VALIDATION_ERROR=true' >> $GITHUB_ENV + fi + + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + OWNER: ${{ github.repository_owner }} + PR_NUMBER: ${{ github.event.number }} + PR_URL: ${{ github.event.pull_request.html_url }} + REPO: ${{ github.event.repository.name }} + + - name: Check for Validation Errors + if: env.VALIDATION_ERROR + uses: actions/github-script@v7 + with: + script: | + core.setFailed('PR Formatting Validation Check Failed!') diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml new file mode 100644 index 0000000..d53f889 --- /dev/null +++ b/.github/workflows/release-draft.yml @@ -0,0 +1,36 @@ +# This workflow automatically drafts new project releases so it is obvious +# what a current release will look like at any time. +# +# It takes advantage of the labels used in Project Mu to automatically categorize +# the types of changes in a given release. In addition, the semantic version of +# the code is constantly maintained based on Project Mu label conventions to ensure +# semantic versioning is followed and a release version is always ready. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/release-drafter/release-drafter + +name: Update Release Draft + +on: + push: + branches: + - main + +jobs: + draft: + + permissions: + contents: write + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v9.1.8 + secrets: inherit diff --git a/.github/workflows/scheduled-maintenance.yml b/.github/workflows/scheduled-maintenance.yml new file mode 100644 index 0000000..eef4487 --- /dev/null +++ b/.github/workflows/scheduled-maintenance.yml @@ -0,0 +1,64 @@ +# This workflow performs scheduled maintenance tasks. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# NOTE: This file uses reusable workflows. Do not make changes to the file that should be made +# in the common/reusable workflows. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Scheduled Maintenance + +on: + schedule: + # * is a special character in YAML so you have to quote this string + # Run every hour - https://crontab.guru/#0_*_*_*_* + - cron: '0 * * * *' + +jobs: + repo_cleanup: + runs-on: ubuntu-latest + + permissions: + pull-requests: write + issues: write + + steps: + - name: Get Repository Info + run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV + + - name: Prune Won't Fix Pull Requests + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REPOSITORY: ${{ env.REPOSITORY_NAME }} + run: | + gh api \ + -H "Accept: application/vnd.github+json" \ + /repos/microsoft/${REPOSITORY}/pulls | jq -r '.[]' | jq -rc '.html_url,.labels' | \ + while read -r html_url ; do + read -r labels + if [[ $labels == *"state:wont-fix"* ]]; then + gh pr close $html_url -c "Closed due to being marked as wont fix" --delete-branch + fi + done + + - name: Prune Won't Fix Issues + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REPOSITORY: ${{ env.REPOSITORY_NAME }} + run: | + gh api \ + -H "Accept: application/vnd.github+json" \ + /repos/microsoft/${REPOSITORY}/issues | jq -r '.[]' | jq -rc '.html_url,.labels' | \ + while read -r html_url ; do + read -r labels + if [[ $labels == *"state:wont-fix"* ]]; then + gh issue close $html_url -c "Closed due to being marked as wont fix" -r "not planned" + fi + done diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..bd8d762 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,32 @@ +# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# You can adjust the behavior by modifying this file. +# For more information, see: +# https://github.com/actions/stale + +name: Check for Stale Issues and Pull Requests + +on: + schedule: + # At 23:35 on every day-of-week from Sunday through Saturday + # https://crontab.guru/#35_23_*_*_0-6 + - cron: '35 23 * * 0-6' + workflow_dispatch: + +jobs: + check: + + permissions: + issues: write + pull-requests: write + + uses: microsoft/mu_devops/.github/workflows/Stale.yml@v9.1.8 diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml new file mode 100644 index 0000000..30461ee --- /dev/null +++ b/.github/workflows/triage-issues.yml @@ -0,0 +1,26 @@ +# This workflow assists with initial triage of new issues by applying +# labels based on data provided in the issue. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Initial Triage for New Issue + +on: + issues: + types: [ opened ] + +jobs: + triage: + + permissions: + issues: write + + uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v9.1.8