Skip to content

Releases: microsoft/mu_devops

v1.7.2

01 Feb 23:40
@github-actions github-actions
v1.7.2
1e9ab6c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.2

What's Changed

  • .sync/azure\_pipelines: Enable ci\_setup in feature repos @Javagedes (#102)
    Change Details
      Feature repos are being moved to use ci_setup's GetDependencies() instead of external dependencies. Due to this, ci_setup is required.

Full Changelog: v1.7.1...v1.7.2

Contributors

Javagedes
Assets 2
Loading

v1.7.1

01 Feb 21:53
@github-actions github-actions
v1.7.1
81bb815
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.1

What's Changed

📖 Documentation Updates

  • Elaborate on check list items in PR template @makubacki (#101)
    Change Details
      The pull request template has a number of items contributors can check to classify their changes. This commit updates the template to give more details about the types of changes that impact the checkboxes along with some examples.

    Signed-off-by: Michael Kubacki [email protected]



Full Changelog: v1.7.0...v1.7.1

Contributors

makubacki
Assets 2
Loading

v1.7.0

01 Feb 15:02
@github-actions github-actions
v1.7.0
4eb4705
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.7.0

What's Changed

  • Dependabot and FileSyncer: Run after hours @makubacki (#96)
    Change Details
      Closes #100

    File sync can cause a large impact on CI resources. This change moves
    the trigger to a schedule outside office hours (1AM Pacific Time /
    9AM UTC daily) to reduce resource usage during most active periods
    of other development.

    Schedules dependabot checks for times outside normal Pacific
    timezone working hours when most development occurs.

    Signed-off-by: Michael Kubacki [email protected]



  • GitHub Action: Bump github/issue-labeler from 2.5 to 2.6 @dependabot (#98)
    Change Details
      Bumps [github/issue-labeler](https://github.com/github/issue-labeler) from 2.5 to 2.6.
    Release notes

    Sourced from github/issue-labeler's releases.

    v2.6

    What's Changed

    Full Changelog: https://github.com/github/issue-labeler/commits/v2.6

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Add scheduled maintenance workflow @makubacki (#92)
    Change Details
      Closes #33

    Adds a workflow to prune issues and pull requests marked as
    "won't fix" (via the label state:wont-fix).

    The workflow is scheduled to run every hour. The minimum event
    schedule granularity for GitHub is every 5 minutes.

    Signed-off-by: Michael Kubacki [email protected]



🚀 Features & ✨ Enhancements

  • Assign submitter as assignee if they indicate issue ownership @makubacki (#91)
    Change Details
      Closes #86

    When submitting an issue, the submitter can choose to resolve the
    issue or request someone else be assigned to resolve it.

    This changes makes the submitter the assignee if they choose to
    resolve the issue.

    Signed-off-by: Michael Kubacki [email protected]



  • Add ability to request maintainer feedback in issues @makubacki (#90)
    Change Details
      Closes #85

    Adds a new selection to issues to request maintainer feedback.

    The default is no maintainer feedback is necessary. Opting for
    maintainer feedback adds the state:needs-maintainer-feedback
    label to the issue.

    Signed-off-by: Michael Kubacki [email protected]



Full Changelog: v1.6.0...v1.7.0

Contributors

makubacki and dependabot
Assets 2
Loading

v1.6.0

24 Jan 02:38
@github-actions github-actions
v1.6.0
1fa4897
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.6.0

What's Changed

  • Changed links to github.dev instead of github.com @apop5 (#88)
    Change Details
      The links in Readme.md (the second and third) were to the individual files in the repo, instead of github.dev, which enables quick access to run the queries.

    Changed the Dashboards for Personal Issues to use github.dev.



🚀 Features & ✨ Enhancements

  • .github/workflows/AutoMerger.yml: Increase timeouts @makubacki (#83)
    Change Details
      Closes #82

    Increase the merge and update timeouts to increase likelihood the
    operations can occur.

    Signed-off-by: Michael Kubacki [email protected]



Full Changelog: v1.5.0...v1.6.0

Contributors

makubacki and apop5
Assets 2
Loading

v1.5.0

20 Jan 03:52
@github-actions github-actions
v1.5.0
7465bc3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.0

What's Changed

  • Add dashboard for issue triage @apop5 (#87)
    Change Details
      Added a issue triage dashboard that enables queries for no assignee and no labels

🚀 Features & ✨ Enhancements

  • Steps/BuildPlatform.yml: Add Run to Shell timeout parameter @makubacki (#89)
    Change Details
      Updates the template to allow the platform to specify a custom timeout for running to shell.

    The previous value of 5 is the default.

    Signed-off-by: Michael Kubacki [email protected]



Full Changelog: v1.4.3...v1.5.0

Contributors

makubacki and apop5
Assets 2
Loading

v1.4.3

17 Jan 17:36
@github-actions github-actions
v1.4.3
6ce2faf
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.4.3

What's Changed

  • .sync/Files.yml: Sync auto approver workflow @makubacki (#81)
    Change Details
      Adds the auto approval workflow to the file sync list.

    Signed-off-by: Michael Kubacki [email protected]



  • .sync/dependabot: Remove team reviewers @makubacki (#79)
    Change Details
      Removes the microsoft/project-mu-dependency-reviewers team from reviews to reduce messages with the automated workflow.

    Signed-off-by: Michael Kubacki [email protected]



Full Changelog: v1.4.2...v1.4.3

Contributors

makubacki
Assets 2
Loading

v1.4.2

09 Jan 19:06
@github-actions github-actions
v1.4.2
a50cb30
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.4.2

What's Changed

  • Split approval and merge workflows @makubacki (#76)
    Change Details
      Split approval and merge workflows

    Splitting the workflows provides several benefits:

    1. Simplifies logic due to jobs being attached to separate triggers
      relevant for the specific job.
    2. Reduces number of status checks shown in PRs due to certain steps
      being skipped in irrelevant circumstances.
    3. Allows better workflow reuse.

    The reviewers are also dropped from dependabot PRs since the pending
    team reviewer is (1) not acted upon (2) can delay PR merging if the
    reviewer team has not reviewed the PR.

    The version is updated in anticipation of this change. It will be
    modified if the expected version changes before this PR is merged.

    Signed-off-by: Michael Kubacki [email protected]



  • GitHub Action: Bump release-drafter/release-drafter from 5.21.1 to 5.22.0 @dependabot (#77)
    Change Details
      Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 5.21.1 to 5.22.0.
    Release notes

    Sourced from release-drafter/release-drafter's releases.

    v5.22.0

    What's Changed

    New

    Full Changelog: release-drafter/release-drafter@v5.21.1...v5.22.0

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Full Changelog: v1.4.1...v1.4.2

Contributors

makubacki and dependabot
Assets 2
Loading

v1.4.1

05 Jan 22:37
@github-actions github-actions
v1.4.1
d469777
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.4.1

What's Changed

Read more

Contributors

makubacki and dependabot
Assets 2
Loading

v1.4.0

05 Jan 19:37
@github-actions github-actions
v1.4.0
109e86b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.4.0

What's Changed

  • GitHub Action: Bump stefanbuck/github-issue-parser from 2 to 3 [Rebase \& FF] @dependabot (#69)
    Change Details
      Bumps [stefanbuck/github-issue-parser](https://github.com/stefanbuck/github-issue-parser) from 2 to 3.
    Release notes

    Sourced from stefanbuck/github-issue-parser's releases.

    v3.0.0

    3.0.0 (2022-10-19)

    Bug Fixes

    • deps: bump @​actions/core from 1.9.1 to 1.10.0 (284e5eb)
    • Ensure releases can be pinned to SHAs #23 (#39) (428eec3)

    Features

    • mitigating script injection attacks by passing issue body as env var (#42) (0b27d4a)

    BREAKING CHANGES

    • Add issue-body argument which is required from v3 onwards

    To mitigate script injection attacks, github-issue-parser v3 will require workflow authors to pass the issue body as an argument. By doing so you will follow GitHub's Good practices for mitigating script injection attacks 

    - uses: stefanbuck/github-issue-parser@v3
  id: issue-parser
  with:
    issue-body: ${{ github.event.issue.body }} # required
    template-path: .github/ISSUE_TEMPLATE/bug-report.yml # optional but recommended

    The previous checkbox output produced this:

     {
    "laravel": true,
    "svelte": true,
 }

    whereas the new output will be an array like this

    {
    "fav_frameworks": ["Laravel", "Svelte"]
}

    ... (truncated)

    Commits
    • 2e4d854 build
    • 55281d1 build(deps-dev): bump jest from 29.2.2 to 29.3.1
    • 3c9c1c3 build(deps-dev): bump jest from 29.1.2 to 29.2.2 (#49)
    • 741688b feat: add issue-body default (#47)
    • de423fc docs: Add migration section
    • 0b27d4a feat: mitigating script injection attacks by passing issue body as env var (#42)
    • 1d341cb feat: parse checkboxes (#21)
    • 284e5eb fix(deps): bump @​actions/core from 1.9.1 to 1.10.0
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

🚀 Features & ✨ Enhancements

  • Add auto approval for auto merge @makubacki (#68)
    Change Details
      The auto merge process needs two reviews to meet Project Mu branch protection policy requirements. This change auto approves dependency update pull requests so they can be auto merged.

    Signed-off-by: Michael Kubacki [email protected]



Full Changelog: v1.3.1...v1.4.0

Contributors

makubacki and dependabot
Assets 2
Loading
0 Join discussion

v1.3.1

19 Dec 20:26
@github-actions github-actions
v1.3.1
665e97e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.3.1

What's Changed

  • .sync/workflows: Add file sync notice to some files @makubacki (#67)
    Change Details
      These files were added without the notice in the copyright area that states the files should be updated in mu_devops.

    This change adds the notice.

    Signed-off-by: Michael Kubacki [email protected]



  • .sync: Set recent workflows to a fixed version of mu\_devops @makubacki (#66)
    Change Details
      When some workflows were added recently, the reusable workflow file that the leaf files depend on in mu_devops did not exist yet.

    Therefore, those leaf files depended on the main branch instead
    of a mu_devops release tag as the files would be in the main
    branch as soon as the PR was merged.

    Now that all of the reusable workflows are in a tagged release
    (as of the v1.3.0 release), this change sets them to a fixed version
    of Mu DevOps as well.

    Signed-off-by: Michael Kubacki [email protected]



📖 Documentation Updates

  • Add pull-request best practices guide @Erich-McMillan (#70)
    Change Details
      # Description

    Adds pull request best practices to CONTRIBUTING.md and references this document + pull request best practices in the pull_request_template.md so all contributors are confronted with this guide before they open a pull request rather than afterward by the bot.

    TODO:

    • ensure the relative path to CONTRIBUTING.md in pull_request_template.md is correct since dependent repos have different layout

Full Changelog: v1.3.0...v1.3.1

Contributors

Erich-McMillan and makubacki
Assets 2
Loading