Skip to content

Releases: OpenDevicePartnership/patina-devops

v0.3.9

09 Mar 19:51
@github-actions github-actions
v0.3.9
673154a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.9 Latest
Latest

What's Changed

  • Version.njk: Update version to v0.3.9 @makubacki (#90)
    Change Details
      Updates the version for an upcoming patina-devops release.
  • Add Patina End-to-End Validation Flow [Rebase \& FF] @makubacki (#81)
    Change Details
      One main commit and a couple of peripheral commits.

    Add Patina QEMU validation workflow and actions

    Workflow documentation: https://opendevicepartnership.github.io/patina/dev/testing/qemu_pr_validation.html

    Adds a new workflow that will run changes in the patina repository
    against the latest code and releases from other Patina repositories.

    The main files to support this workflow are:

    Workflows:

    • .github/workflows/PatinaQemuPrValidation.yml: The workflow file
      that defines the steps to run the validation.
    • .github\workflows\PatinaQemuPrValidationPending.yml: A simple
      workflow the manages the validation comment prior to validation
      being started.
    • .github/workflows/PatinaQemuPrValidationPost.yml: A workflow that
      runs after the main validation workflow to post results in a comment
      back to the PR.

    Actions:

    • .github/actions/setup-patina-qemu-validation: A GitHub Action that
      sets up the environment for running the QEMU validation tests.
    • .github/actions/run-patina-qemu-validation: A GitHub Action
      that runs the QEMU validation tests.
    • .github/actions/extract-build-errors: A GitHub Action that
      extracts build errors from the QEMU validation logs and formats
      them for posting back to the PR.

    PatinaQemuPrValidation.yml is expected to be triggered on pull
    requests into the patina repository.

    A common set of steps are organized in a "Preflight" job. This
    generates cache keys for different dependencies and determines that
    there is version compatibility to proceed with the rest of the
    workflow. This job tries to reduce the likelihood of hitting the
    GitHub API rate limit through authenticated requests and caching.

    The platform validation portion builds the Q35 and SBSA binaries in
    a standalone step instead of in combination with the script invocation
    that runs the tests. This allows for clear differentiation between
    build and runtime failures. Special parameters were added to the
    build_and_run_rust_binary.py script in patina-qemu to support this.

    Comments posted back to the patina PR are meant to be as helpful as
    possible resulting in some overhead to generate them. The parsing
    and heuristic details might need to be tweaked over time.

    Notes:

    • Concurrent runs of the workflow for the same PR are prevent in the
      calling workflow in the patina repository.
    • GitHub API requests are made using authenticated requests. Reads
      generally use the default GitHub token while writes use the Patina
      app-derived token. The secrets necessary to derive the app token
      are not available every reads are performed or it would be used for
      everything.
    • Special handling is added to build and test within a container.
    • Actual Rust compilation and runs happen in parallel jobs.
    • Only one comment is posted by the workflow on a PR. It is edited when new
      updates are posted. The comment revision history can be used to see
      the history of updates to the comment.
    • The comment format varies between compilation failures and runtime
      failures to provide relevant detail for each when they occur.
    • Succeess comments include execution time (exlcuding build time) to
      run QEMU and shutdown.
    • Compilation failures include snippets of failures in the logs and
      links to the full log artifacts.
    • Runtime failures similarly include snippets of ERROR messages and
      links to the full log artifacts.
    • The validation results comment is updated to reflect when validation
      is pending on CI result success.
    • Special handling is in place to update the comment for cases when
      a PR is closed or merged before the main validation workflow can run.

    Additional Information

    Preflight and Parallelization

    Preflight checks largely operate on cached data as much as possible. Actual build and platform validation occur in parallel as shown below.

    image
    Successful Run

    Prints the boot time to shell.

    image
    Validation-in-Progress Message
    image
    Compilation Failure

    Force a compilation failure by changing EFI_PROGRESS_CODE to EFI_PROGRESS_CODE2:
    image

    Failure in the workflow:
    image

    Compilation failure specific PR comment:
    image

    Expanded error details include snippets of failure messages:
    image

    Boot Failure

    Here SBSA execution fails.
    image

    The PR comment has runtime details and shows that only SBSA failed:
    image

    Other Commits

    Patina QEMU Validation Workflow: Temporarily disable Windows Q35 boot

    Until OpenDevicePartnership/patina-qemu#188
    is resolved, disable QEMU Q35 boot on a Windows host due to the
    potential for vfat-related QEMU boot failures.

    Update rust-tool-cache cache action version to v5

    Updates action version in .github/actions/rust-tool-cache/action.yml
    to latest (matching what is used in other files in the repo).

    Add qemu-constants.yml workflow

    Adds constant used for Patina QEMU workflows to patina-devops so they
    can be reused in workflows that will build and test patina changes
    on QEMU.



  • Update rust to v1.93.1 @Javagedes (#89)
    Change Details
      This commit updates rust to a nightly release of rust, dated 1 day post 1.93.1.

    This version, as it is nightly, includes nightly features from rust v1.94, which includes the optional file format for the --timings report.

    ref: rust-lang/cargo#16420



  • .sync/Makefiles: Add test-asan task for AddressSanitizer testing @makubacki (#88)
    Change Details
      Adds a `test-asan` task that runs tests with AddressSanitizer (`-Zsanitizer=address`) enabled. The task supports Windows x64 and Linux hosts.

    Full task command: cargo make test-asan

    On Windows [1], ASan-instrumented binaries require the MSVC ASan runtime DLL (clang_rt.asan_dynamic-x86_64.dll) to be on PATH at runtime so that's done as part of the task setup. The DLL location is resolved using the VC toolset installation path from vswhere [2].

    On Linux, no additional setup is needed as the ASan runtime is resolved automatically by the linker.

    [1] https://learn.microsoft.com/cpp/sanitizers/asan
    [2] https://github.com/microsoft/vswhere/wiki/Find-VC

    Some Makefile.toml files have --features std present depending on whether the workspace Cargo.toml supports a std feature.

    A --print-dll-path argument is supported on Windows to print the resolved ASan DLL path and exit, which can be useful for adding that to the system PATH when running tests outside of cargo make.

    Tested running cargo make test-asan in each repo (on Windows) with the Makefile.toml change applied.



  • GitHub Action: Bump actions/upload-artifact from 6 to 7 @[dependabot[bot]](https://github.com/apps/dependabot) (#86)
    Change Details
      Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
    Release notes

    Sourced from actions/upload-artifact's releases.

    v7.0.0

    v7 What's new

    Direct Uploads

    Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, w...

Read more

Contributors

makubacki, Javagedes, and 2 other contributors
Assets 2
Loading

v0.3.8

14 Jan 22:14
@github-actions github-actions
v0.3.8
94f604e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.8

What's Changed

  • Version.njk: Update version to v0.3.8 @makubacki (#71)
    Change Details
      Updates the version for an upcoming patina-devops release.

    Note: The patina-devops v0.3.7 release was made on GitHub without
    this file being updated so this commit takes the version from
    v0.3.6 to v0.3.8 directly.



Read more

Contributors

makubacki and vineelko
Loading

v0.3.7

22 Dec 22:05
@github-actions github-actions
v0.3.7
e986864
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.7

What's Changed

  • Notebook: Show my open/reviewed PR across repos @vineelko (#64)
    Change Details
     
  • .sync/rust-toolchain.toml: Downgrade cargo-vet to v0.10.0 @Javagedes (#63)
    Change Details
      cargo-vet does not have a v0.10.1 release on github, which means we fall back to attempting to compile the tool. Compilation fails regularly as we do not keep our toolchain up to date. This commit downgrades to v0.10.0, which does have binaries published that we can download.
  • .sync/rust-toolchain.toml: Update cargo-deny to v0.18 @makubacki (#59)
    Change Details
      Update to version 0.18 to pick up the fix for the following issue:

    EmbarkStudios/cargo-deny#804

    In the v0.18.6 release of cargo-deny:

    https://github.com/EmbarkStudios/cargo-deny/releases/tag/0.18.6

    Fixes this issue observed in patina-dxe-core-qemu:

    Error: -20 00:22:52 [ERROR] failed to load advisory database: parse error: error parsing /home/runner/.cargo/advisory-dbs/github.com-9b36585d9d99f7b3/crates/cap-primitives/RUSTSEC-2024-0445.md: parse error: TOML parse error at line 8, column 8
  |
8 | cvss = "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
  |        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
unsupported CVSS version: 4.0

      </blockquote>
  <hr>
</details>
  • rust-tool-cache: do not always download cargo-binstall @Javagedes (#58)
    Change Details
      Update the rust-tool-cache action to only download cargo-binstall if we are actually going to use it in the next command. Otherwise, it is a pointless install.
  • rust-toolchain.toml: use an empty additional\_targets list when no extra targets are needed @vineelko (#57)
    Change Details
      - Address the failure in processing the nunjucks template introduced in recent https://github.com//pull/55 - Validated on a private fork https://github.com/vineelko/patina-devops/actions/runs/20178244757
  • Update Rust toolchain version to nightly-2025-12-12 @Javagedes (#56)
    Change Details
      This commit updates rust toolchain version to 2025-12-12, which is one day post 1.92.0 release. This file is sync'd to all applicable repositories via the file syncer.

    ref: OpenDevicePartnership/patina#1190



  • Add template parameter to Rust toolchain file to add additional targets @vineelko (#55)
    Change Details
      - Ensure validator binary builds for the following target triples: - x86_64-pc-windows-msvc - aarch64-pc-windows-msvc - x86_64-unknown-linux-gnu - aarch64-unknown-linux-gnu - This change enables the patina readiness tool GitHub release to include all supported binary flavors(after a follow up fix in readiness repo). ``` ├───aarch64-pc-windows-msvc │ └───debug │ dxe_readiness_validator.exe │ dxe_readiness_validator.pdb ├───x86_64-pc-windows-msvc │ └───debug │ dxe_readiness_validator.exe │ dxe_readiness_validator.pdb ├───x86_64-unknown-linux-gnu │ └───debug │ dxe_readiness_validator └───aarch64-unknown-linux-gnu └───debug dxe_readiness_validator ```
  • CiWorkflow.yml: Move clippy to the Rust CI job @hashcatHitman (#53)
    Change Details
      Clippy is dependent on conditional compilation configurations such as the target architecture, which leads to issues such as [patina#1092].

    Having clippy be part of the Rust CI job should remedy this since it runs on the ubuntu-24.04-arm runner.



  • .sync/Makefiles: Add --doctests to test task @makubacki (#54)
    Change Details
      Runs doc tests during the `test` task to validate doc examples and include their coverage in reports.
  • Files.yml: Add .git\_credentials to .gitignore @makubacki (#52)
    Change Details
      A recent change in the patina added `.git_credentials` to the `.gitignore` file. This change adds it to the file sync so it is included in the sync to the patina and other repos.
  • Update sync version to v0.3.6 @cfernald (#49)
    Change Details
     

Full Changelog: v0.3.6...v0.3.7

Contributors

cfernald, makubacki, and 3 other contributors
Loading

v0.3.6

19 Nov 23:32
@github-actions github-actions
v0.3.6
b0f353d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.6

What's Changed

  • Add arm64 CI runner \& fix cache and upload keys @cfernald (#47)
    Change Details
      - Introduces a ubuntu-24.04-arm runner to the CI workflow to verify compatibility with ARM64 development environments. - Updates cache and artifact keys to include the runner architecture, to prevent conflicts between x86_64 and Arm64.

    Tested in forked repo: https://github.com/cfernald/patina/actions/runs/19413067151/job/55537282932?pr=2

    Will hold until all dependent repos are fixed for arm64 compilation.



  • Notebooks: Add patina-apps repo @makubacki (#45)
    Change Details
      Adds the `patina-apps` repo that was recently created to the notebooks.
  • .sync/Makefile-patina-readiness-tool.toml: Add deny task @makubacki (#44)
    Change Details
      Adds the `deny` task to the makefile so it can be invoked with `cargo make deny`.
  • Files.yml: Add custom patina-readiness-tool settings @makubacki (#43)
    Change Details
      These repos are using the current deny.toml config file as-is today:
    • patina
    • patina-dxe-core-qemu
    • patina-mtrr
    • patina-paging

    patina-readiness-tool needs a few settings customized. This keeps project-level settings consistent between all repos while allowing common configuration points to be compared and edited in a single location across all repos.

    Example syncs on forks with these changes:


  • .sync/Makefiles: Update all to use LF line endings @makubacki (#42)
    Change Details
      Makefiles have been maintained with different line endings. Update all to have Unix style line endings for consistency.
  • Readiness Tool: Avoid setting target subsystem rules @vineelko (#41)
    Change Details
      The Readiness Tool generates binaries with differing subsystem types. Forcing the subsystem type to `efi_boot_service_driver` causes UEFI Shell applications to fail.

    Produced binaries and their expected subsystem types:

    • x64-uefishell - EFI application
    • aarch64-uefishell - EFI application
    • intel-lnl - EFI driver
    • intel-ptl - EFI driver
    • x64-uefi - EFI driver
    • aarch64-uefi - EFI driver
    • validation-binary - Windows console application

  • Makefile.toml: Don't Build Doc Dependencies for CI @os-d (#39)
    Change Details
      Currently, we run cargo doc in cargo make all and in CI to validate our docs are not broken. However, this automatically builds dependencies, which is slow, needless for this case, and can cause a CI break for us if a dependency has broken docs.

    This adds --no-deps to cargo make doc to not build dependencies. On a local system that changed a clean build of cargo make doc from 5m 04s to 38s.

    For the locally built docs case, cargo make doc-open will build all docs, including dependencies and open it locally.



Full Changelog: v0.3.5...v0.3.6

Contributors

cfernald, makubacki, and 3 other contributors
Loading

v0.3.5

13 Nov 16:34
@github-actions github-actions
v0.3.5
65aa655

Choose a tag to compare

View all tags
v0.3.5

What's Changed

  • Add Makefile Sync for All Patina Repos [Rebase \& FF] @makubacki (#37)
    Change Details
      Closes #36

    .sync/Makefile.toml: Clean Coverage Artifacts Before Running Coverage

    Currently, this file is only synced to the patina repository. This
    change brings in the changes from the following commit in the patina
    repository to this copy of the file.

    OpenDevicePartnership/patina@faae91a

    Add all Patina repo Makefile.toml files for sync

    Consolidate all Makefile.toml files as they exist in each repo to
    be synced from this repo.

    This makes it easy to audit files against each, leverage potential
    shared implementation or templating in the future, and reduce
    manual churn to update each makefile manually across repos when a
    sweeping change is needed.

    Note: The new patina-apps repo does not have a Makefile.toml so this PR does not attempt to create one. Once a Makefile.toml has been created and tested in that repo with the content that needs to build there then a future change can sync it from patina-devops.



  • CiWorkflow.yml: Add artifact upload parameter @makubacki (#40)
    Change Details
      Allow a caller to specify a list of artifacts to upload. This allows build output to efficiently be uploaded from the build already performed in the job.
  • Files.yml: Sync files to the patina-apps repo @makubacki (#38)
    Change Details
      Syncs common files to the `patina-apps` repo. The CI workflow and a Makefile.toml are not synced at this time. After content is added to that repo and confirmed to build, then those files can be synced from here with the configuration needed to support that build.
  • Files.yml: Update .gitignore in Rust repos @makubacki (#34)
    Change Details
      Pull in the changes made to .gitignore locally in the patina repo in: https://github.com/OpenDevicePartnership/patina/commit/228bfbadec6cf478ffe8f7d76bb67be32ee56f49

    This should resolve as a no-op to that repo in future file syncs.



Full Changelog: v0.3.4...v0.3.5

Contributors

makubacki
Loading

v0.3.4

07 Nov 22:31
@github-actions github-actions
v0.3.4
4b6c5cd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.4

What's Changed

  • Update label syntax for actions/labeler v6 @makubacki (#32)
    Change Details
      The syntax for file paths needs to be updated after updating to v6 of the action in:

    1a7c1e5



Full Changelog: v0.3.3...v0.3.4

Contributors

makubacki
Loading

v0.3.3

07 Nov 20:11
@github-actions github-actions
v0.3.3
a1e3446
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.3

What's Changed

  • Version.njk: Update version to v0.3.3 @makubacki (#30)
    Change Details
      Updates the version for an upcoming patina-devops release.
  • .sync/config.toml: Customize link section inclusion @makubacki (#28)
    Change Details
      Add a template parameter called `include_uefi_target_rules` to control whether the linker arguments for UEFI targets are defined for `rustflags`.

    This is currently only needed for building UEFI binaries in the patina-dxe-core-qemu and patina-readiness-tool repos.

    PDB names can be customized for the PDBALTPATH parameter independently for each target.

    File Sync Tests


  • Only run workflows dependent on the ODP app to the org @makubacki (#29)
    Change Details
      Some workflows use the ODP GitHub app credentials to perform write actions across one or more repos. Since forks will not have secrets to the ODP GitHub app and likely do not want these workflows to run anyway, limit them to `OpenDevicePartnership` organization.
  • Sync label-issues config files @makubacki (#27)
    Change Details
      The configuration files used in `.github/workflows/Labeler.yml` can be synced to repos to keep label application consistent.
  • Consolidate Current Dependabot PRs [Rebase \& FF] @makubacki (#26)
    Change Details
      Brings the following commits into a single PR to make review easier for several updates being made at once after enabling Dependabot.

Full Changelog: v0.3.2...v0.3.3

Contributors

makubacki
Loading

v0.3.2

06 Nov 21:06
@github-actions github-actions
v0.3.2
a1da3d2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.2

What's Changed

  • Exclude the patina-automation bot in release notes @makubacki (#24)
    Change Details
      Add a label to PRs created by the patina-automation bot so they can easily be excluded from release notes.

    This change (OpenDevicePartnership/patina@334853c) in the patina repo prevented patina-automation[bot] from appearing as a contributor but did not prevent its actual PR from being included in the release notes. Now, a label type:patina-bot is applied to its PRs and those labels are marked for exclusion from the release notes.



Full Changelog: v0.3.1...v0.3.2

Contributors

makubacki
Loading

v0.3.1

06 Nov 18:31
@github-actions github-actions
v0.3.1
dd86534
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.1

What's Changed

  • CiWorkflow.yml: Remove dry-release step @Javagedes (#23)
    Change Details
      The dry-release step has caused more issues then it has solved and it is not even able to test the main scenario that needs to be tested - when a new crate is added. Due to this, I am removing the dry-release CI step. If something does come up, then we can just create a PR to fix it and perform another release.

    Additionally - pre-set patina-devops version to v0.3.1



  • .sync/markdownlint.yaml: Add iframe as an allowed element @makubacki (#22)
    Change Details
      Allow `iframe` elements to be used in markdown. This is currently used to embed videos in the published mdbook.
  • .sync/publish-release.yml: Remove default token permissions @makubacki (#21)
    Change Details
      The default token permissions do not need to be modified since a GitHub app-derived token is used for authentication.
  • .sync/ci-workflow.yml: Apply a safe filter to `run-release-dry-run` @makubacki (#19)
    Change Details
      To prevent quotes from being autoescaped, use the `safe` filter when substituting the parameter value.

    Prevents the quotes from being placed like this:

    ${{ !contains(github.event.pull_request.body, &quot;- [x] Creates a new crate?&quot;) }}



Full Changelog: v0.3.0...v0.3.1

Contributors

makubacki and Javagedes
Loading

v0.3.0

05 Nov 19:58
@makubacki makubacki
v0.3.0
a6b39cb

Choose a tag to compare

View all tags
v0.3.0

What's Changed

Full Changelog: v0.2.2...v0.3.0

Contributors

makubacki
Loading