| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
These archs are not supported by ArmPkg so we can save agent
resources by not attempting to schedule their CodeQL build.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF: https://github.com/tianocore/edk2/discussions/5926
Adds workflows to manage labels on issues based on issue content.
Workflows:
- `issue-assignment` - Performs actions when an issue is assigned.
- Currently, removed the `state:needs-owner` label.
- `issue-triage` - Assigns initial labels to the issue based on data
entered when the issue was created.
- The policies for applying labels are defined in
- `advanced-issue-labeler.yml`
- Note: Based on https://github.com/marketplace/actions/advanced-issue-labeler
- `scheduled-maintenance` - Runs every hour to perform clean up work
need on issues.
- Currently, closes issues that have had the `state:wont-fix` label
applied.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REF:https://github.com/tianocore/edk2/discussions/5926
Adds GitHub form isssue templates for bugs, documentation requests,
and feature requests.
These files define the form structure in YAML to be rendered by
GitHub in the edk2 repo issues area.
See the referenced RFC for additional details.
Future changes will add automation tasks described in the RFC.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
| |
This PR updates the CI pipelines to use VS2022 instead of VS2019
as that is the latest supported VS toolchain on edk2.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
|
| |
|
|
|
|
|
|
| |
If a GitHub account has been deleted entirely, a `None` user will
be returrned from the GitHub API. This change accounts for a `None`
user when querying GitHub APIs for user information.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The project moved from using the `github-actions[bot]` bot account to
the `tianocore-assign-reviewers[bot]` account. A check is in place to
prevent the "`WARNING: Cannot add some reviewers`" from appearing
more than once if nothing has changed in the content it would post.
This change updates the bot account to the current one so the check
can work again.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/issue-labeler](https://github.com/github/issue-labeler) from 3.1 to 3.4.
- [Release notes](https://github.com/github/issue-labeler/releases)
- [Commits](https://github.com/github/issue-labeler/compare/v3.1...v3.4)
---
updated-dependencies:
- dependency-name: github/issue-labeler
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since the edk2 repository is owned by an organization, the default
GitHub token will not be able to access the collaborator list.
Therefore, a GitHub App with `metadata:read` permission will be used
to grant access to that REST API. This is used in GitHub.py when it
makes the `repo_gh.get_collaborators()` call that resolves to the
`/repos/{owner}/{repo}/collaborators` GitHub REST API.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
| |
To make the Python code used within the action more mantainable over
time, it is moved to a standalone script in .github/scripts.
No functional changes are made to the workflow itself.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
| |
Updates code for PEP8 formatting by using the Black code formatter.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
| |
Adds additional documentation and cleans up debug messages printed
to GitHub workflow output (available in the GitHub Actions pane).
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
| |
Enhances the flow that adds a comment on a PR if a non-collaborator
is in the reviewer list by checking if a comment was previously left
on the PR. If it was for the same set of non-collaborators, another
comment is not created. If a new non-collaborator is discovered, the
message will be left identifying that new user account.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If a non-collaborator is part of the reviewer list, an admin needs
to be notified so they can be removed.
This change finds the list of admins for the repo and notifies them
in the comment left on the PR describing the list of non-collaborator
users. The message itself is cleaned up to show only the
non-collaborator users for ease of identification.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updates logic to:
- Not request reviews from reviewers that have already left a review
on the PR. Previously, the reviewers review (e.g. approval) would
remain on the PR, but they would be notified on each change to the
PR. This approach follows the expected notification process for
requesting reviews which is one time. Maintainers and reviewers can
set up their own notifications for more granular updates on PR
activity separately.
- Add the collaborator reviewers if a reviewer(s) is found to not be
a collaborator. This is an improvement to today's behavior which is
to not add any reviewers if a single reviewer is not a collaborator
of the repo.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
| |
Removed the `download_gh_file()` function which is no longer needed
with sparse checkout.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Uses PyGithub for GitHub interactions instead of the GitHub REST API
directly.
This simplifies the code, improves error handling and robustness, and
lets the PyGithub project abstract GitHub REST API changes that may
occur over time.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
| |
Uses `GitPython` instead of invoking the git executable directly.
This has the benefit of improving code readability and less support
code for binary interaction.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Optimizes and makes the PIP module installation process for the
workflow more robust by caching the pip modules used so the only
time the workflow needs to reach to PyPi is when new PIP modules
are published.
- Improves long term stability by locking the major versions for PIP
modules in the workflow. This is to reduce overall maintenance over
time to automatically pick up new versions while also not being
broken in the process.
- Removes edk2-pytool-extensions as it is not used.
The new "requirements.txt" file is used to lock versions and support
the caching step which depends on a requirements file.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
| |
Optimizes the repository checkout step from an average time of 21
to 1 second by performing a sparse checkout of only the file paths
needed for the workflow run at a fetch depth of 1.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change simply moves the trigger to `pull_request_target`. The
rest of this message contains verbose details related to that.
`pull_request_target` is used instead of `pull_request` since the
default GitHub token cannot pick up write permissions with the
`pull_request` type on PRs from public forks. Write permission is
needed to add reviewrs. This was previously tested on an edk2 fork
where PRs were not from other public forks into the fork being used
for testing but directly on the fork itself.
Because `pull_request_target` runs the pull request in the context
of the base branch (not the PR branch) some logic needs slightly
modified. The main change is that the GitHub context will no longer
give the PR branch HEAD as the PR commit SHA (i.e.
`github.event.pull_request.head.sha`). The SHA will be the base
branch (`master`) SHA as that is what is checked out for the
workflow run. SO, the actual PR SHA is now fetched separately.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a new GitHub workflow to automatically add reviewers to pull
requests when they are opened, reopened, synchronized, and if a draft
pull request is marked as ready for review. The workflow will not
run on draft pull requests.
The workflow is meant to be simple to understand and modify, relying
on existing logic in GetMaintainer.py to determine the relevant
reviewers and using simple Python GitHub REST API wrappers with the
default GitHub token for authentication.
Future changes may optimize the workflow.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
| |
Adds a script that provides GitHub API helpers for workflows and
other GitHub automation in the repository.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
| |
Slightly reword the template to be more specific and use active language.
Signed-off-by: Leif Lindholm <quic_llindhol@quicinc.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a pull request template with important information to note in
the PR description and guidance on how to classify the PR.
A simple GitHub action is present that applies three labels based
on the boxes checked in the PR template:
- `impact:breaking-change`
- `impact:security`
- `impact:testing`
These provide several purposes.
1. Bring attention to the impact of the PR both for reviewers and
consumers that reference the PR in the future during debug
or integration.
2. Allow automated tools like those that create release notes to
be able to highlight important changes.
3. Similarly, to allow PR searches to conditionalize the search on
PRs with these tags present.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently CodeQL runs have the following warnings:
Node.js 16 actions are deprecated. Please update the following
actions to use Node.js 20: actions/setup-python@v4,
actions/upload-artifact@v3, actions/cache@v3. For more information
see:
https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
And:
CodeQL Action v2 will be deprecated on December 5th, 2024. Please
update all occurrences of the CodeQL Action in your workflow files
to v3. For more information, see:
https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/
The first is resolved by updating the actions to the latest versions
that were released to use Node.js 20. The second is specifically
referring to the codeql-action/upload-sarif action which is at v2.
This change updates all of the actions to the latest releases to
prevent deprecated versions from continuing to be used.
---
The following breaking change was noted in actions/upload-artifact
that caused some related changes in the workflow:
"Due to how Artifacts are created in this new version, it is no
longer possible to upload to the same named Artifact multiple
times. You must either split the uploads into multiple Artifacts
with different names, or only upload once. Otherwise you will
encounter an error."
This workflow depended on that behavior previously to append multiple
logs (e.g. setup log, update log, build log) to the same named
artifact (named per package). These were appended after each operation
so they are readily available if the operation failed and no further
actions are run.
Now the artifacts must be unique in name. The hyphenation comes in
because edk2 further builds some packages with both architectures in
a single build vs separate builds (e.g. IA32 and X64 vs IA32,X64). To
uniquely name artifacts resulting from those builds, the architecture
is also placed in the artifact name. For builds with multiple
architectures the artifact name captures each architecture separated
by a hyphen.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updates the workflow to also output files that can be loaded in emacs
to show CodeQL issues (in addition to the existing SARIF output for
standard SARIF viewers).
The emacs files are in the SARIF zip file attached to each "CodeQL"
run (https://github.com/tianocore/edk2/actions/workflows/codeql.yml).
The file name ends with "-emacs.txt". An MdePkg example:
"codeql-db-mdepkg-debug-0-emacs.txt".
Cc: Joey Vagedes <joey.vagedes@gmail.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Joey Vagedes <joey.vagedes@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a workflow to run CodeQL against all packages built in
.pytool/CISettings.py. The following is done:
1. Determine which packages to build against. Those that support
are managed by .pytool/CISettings.py will be selected.
For each package:
2. Determine how to interact with the package. Such as whether
`stuart_ci_setup` or `stuart_setup` should be used.
3. Perform supported Stuart steps for setup and update.
4. Discover the CodeQL plugin directory in the repo.
5. Attempt to load the CodeQL CLI specific to the host OS from a
GitHub cache.
6. Perform the build.
7. Clean up some files after build to improve robustness.
8. Upload the CodeQL results (generated SARIF file) to GitHub Code
Scanning. The results will be associated with the trigger of the
workflow.
After each step that can upload logs such as the setup, update, and
build steps the logs are uploaded as an artifact to the workflow run.
This allows easy debugging in case there's an error in the step.
The SARIF file is also uploaded to the workflow run so it can be
downloaded and analyzed.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CodeQL currently runs via the codeql-analysis.yml GitHub workflow
which uses the `github/codeql-action/init@v2` action (pre-build)
and the `github/codeql-action/analyze@v2` action (post-build) to
setup the CodeQL environment and extract results.
This infrastructure is removed in preparation for a new design that
will directly run the CodeQL CLI as part of the build. This will
allow CodeQL to be run locally as part of the normal build process
with results that match 1:1 with CI builds.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a GitHub workflow that uses the actions/stale GitHub action to
automatically leave notifications on and close PRs that have had no
activity for a long time.
Note: Modifications to a PR reset the staleness counter. This
includes pushing to the PR, adding a label to the PR,
commenting on the PR, etc.
If a PR has been marked "stale", simply leaving a comment will
reset the counter.
Configuration choices:
1. Do not attempt to close edk2 GitHub issues.
2. Mark edk2 PRs as stale if no activity in the last 60 days. Close
PRs marked stale if no further activity in 7 days.
3. Do not exempt PRs with a "push" label.
4. Run the check once daily. Allow manual runs from those that have
permission to run GitHub workflows.
5. Add the label "stale" to the PR when it enters the stale state.
Rationale:
1. We do not use issues often enough. The limited usage of GitHub
issues in Tianocore org GitHub projects are in another repo not
impacted by this workflow and expected to track long term tasks.
2. This is the default value. In non-edk2 projects, I've seen these
times work fairly well to identify PRs that have fallen stale.
3. Adding a "push" label resets the stale timer. If a PR has had a
"push" label for 60+ days and has not been fixed for submission,
then it is has very likely been abandoned.
4. This is sufficient to update PRs on the day granularity the
configuration settings are applied against.
5. The label makes it easy to filter stale PRs in the PR list and
write automation around PRs that are stale. It's also an obvious
visual identifier that a PR needs attention in the PR list.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Message-Id: <20231031014120.917-1-mikuback@linux.microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Build was previously using 3.11. Using 3.12 now that is is released.
To allow scripts to take time to update, fix to 3.11.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
MdeModulePkg and CryptoPkg have double the CodeQL analysis
time of all other packages. Split these packages up to perform
separate analysis of IA32 and X64.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Michael Kubacki <mikuback@linux.microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As recommended by CodeQL this change replaces
cpp/potential-buffer-overflow with cpp/overrunning-write-with-float
and cpp/overrunning-write.
Enables:
1. cpp/overrunning-write
- @name Likely overrunning write
- @description Buffer write operations that do not control the length
data written may overflow
- @kind problem
- @problem.severity error
- @security-severity 9.3
- @precision high
- @id cpp/very-likely-overrunning-write
- @tags reliability
- security
- external/cwe/cwe-120
- external/cwe/cwe-787
- external/cwe/cwe-805
2. cpp/overrunning-write-with-float
- @name Potentially overrunning write with float to string conversion
- @description Buffer write operations that do not control the length
of data written may overflow when floating point inputs
take extreme values.
- @kind problem
- @problem.severity error
- @security-severity 9.3
- @precision medium
- @id cpp/overrunning-write-with-float
- @tags reliability
- security
- external/cwe/cwe-120
- external/cwe/cwe-787
- external/cwe/cwe-805
3. cpp/very-likely-overrunning-write
- @name Likely overrunning write
- @description Buffer write operations that do not control the length
of data written may overflow
- @kind problem
- @problem.severity error
- @security-severity 9.3
- @precision high
- @id cpp/very-likely-overrunning-write
- @tags reliability
- security
- external/cwe/cwe-120
- external/cwe/cwe-787
- external/cwe/cwe-805
- CWEs:
- https://cwe.mitre.org/data/definitions/120.html
- https://cwe.mitre.org/data/definitions/787.html
- https://cwe.mitre.org/data/definitions/805.html
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous commits fixed issues with these queries across various
packages. Now that those are resolved, enable the queries in the
edk2 query set so regressions can be found in the future.
Enables:
1. cpp/conditionallyuninitializedvariable
- CWE: https://cwe.mitre.org/data/definitions/457.html
- @name Conditionally uninitialized variable
- @description An initialization function is used to initialize a
local variable, but the returned status code is
not checked. The variable may be left in an
uninitialized state, and reading the variable may
result in undefined behavior.
- @kind problem
- @problem.severity warning
- @security-severity 7.8
- @id cpp/conditionally-uninitialized-variable
- @tags security
- external/cwe/cwe-457
2. cpp/pointer-overflow-check
- CWE: https://cwe.mitre.org/data/definitions/758.html
- @name Pointer overflow check
- @description Adding a value to a pointer to check if it
overflows relies on undefined behavior and
may lead to memory corruption.
- @kind problem
- @problem.severity error
- @security-severity 2.1
- @precision high
- @id cpp/pointer-overflow-check
- @tags reliability
- security
- external/cwe/cwe-758
3. cpp/potential-buffer-overflow
- CWE: https://cwe.mitre.org/data/definitions/676.html
- @name Potential buffer overflow
- @description Using a library function that does not check
buffer bounds requires the surrounding program
to be very carefully written to avoid buffer
overflows.
- @kind problem
- @id cpp/potential-buffer-overflow
- @problem.severity warning
- @security-severity 10.0
- @tags reliability
- security
- external/cwe/cwe-676
- @deprecated This query is deprecated, use
Potentially overrunning write
(`cpp/overrunning-write`) and
Potentially overrunning write with float to string
conversion
(`cpp/overrunning-write-with-float`) instead.
Note that cpp/potential-buffer-overflow is deprecated. This query
will be updated to the succeeding queries in the next commit. The
query is used in this commit to show that we considered and tested
the query in history.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sets the rebase-strategy to "disabled" to prevent automatic
rebasing.
Rebasing can be done manually in the dependabot PR either through
the GitHub UI or the dependabot command.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds caching of PIP dependencies. This reduces overall execution time
and decreases likelihood of a network error reaching out pypi to get
the dependencies.
Caching happens based on modules specified in pip-requirements.txt.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
Adds a GitHub issue template to direct contributors familiar with
GitHub's issue tracker to the external resources used by TianoCore.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enables dependabot in this repo so we can better alerted when
dependency updates are available.
This GitHub action will automatically create pull requests and
summarize the dependency details. Because it is a pull request,
the CI system will validate the dependency update in the pull
request.
Configures dependabot for:
1. PIP module updates
2. GitHub action updates
The maintainers/reviewers of the .github directory were added as
pull request reviewers so they can be notified when the pull request
is available.
Note to Maintainers:
After this change is committed, PRs from dependabot will be
automatically created in the edk2 repo. Never set the 'push' label
directly on these PRs. If a dependency identified by dependedabot
looks like one that should be updated in the edk2 repo, then copy
the PR generated by dependabot to your personal fork and update the
commit message to follow the edk2 commit message requirements and
send as a normal code review.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
|
| |
|
|
|
|
|
|
| |
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael Kubacki <mikuback@linux.microsoft.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Michael Kubacki <mikuback@linux.microsoft.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The query cpp/conditionallyuninitializedvariable was initially
enabled with the CodeQL code because work was in progress on those
changes. The results were filtered out so CodeQL passed so we could
verify the CodeQL workflow without impacting CI results.
This change allows error severity messages and substitutes that query
with two queries that do not return failures. This allows these
queries to find future problems and prepares the CodeQL workflow to
catch future failures as queries are enabled.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Sean Brogan <sean.brogan@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
|
|
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4115
Adds initial support for enabling CodeQL Code Scanning in this
repository per the RFC:
https://github.com/tianocore/edk2/discussions/3258
Adds the following new files:
- .github/workflows/codql-analysis.yml - The main GitHub workflow
file used to setup CodeQL in the repo.
- .github/codeql/codeql-config.yml - The main CodeQL configuration
file used to customize the queries and other resources the repo
is using for CodeQL.
- edk2.qls - A query set of queries to run for CodeQL.
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
