Skip to content

Releases: OpenDevicePartnership/patina-devops

v0.3.12

02 Jun 18:16
@github-actions github-actions
v0.3.12
53fca46
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.12 Latest
Latest

What's Changed

  • Version.njk: Bump version to 0.3.12 @makubacki (#154)
    Change Details
      Updates the version for an upcoming release.
  • .sync: Add armvirt tasks to patina-dxe-core-qemu Makefile.toml @makubacki (#152)
    Change Details
      The new `armvirt` tasks are used to build the armvirt binaries.

    These changes are already checked into patina-dxe-core-qemu/main.



  • .sync: Group cargo dependencies in dependabot.yml @makubacki (#151)
    Change Details
      Group dependencies so they are updated in a single pull request.

    Note: This does not include major version updates since they will often require integration changes.

    Test PR created from changes on fork: makubacki/patina-readiness-tool#3



  • Add MSRV Check workflow [Rebase \& FF] @makubacki (#149)
    Change Details
      Two commits that run a workflow that confirms Patina build and test compile and run successfully against the Minimum Supported Rust Version (MSRV) specified in the project.

    .github: Update rust-tool-cache to only parse the [tools] section

    Updates the rust-tool-cache action to only parse the [tools] section
    of the rust-toolchain.toml file, rather than all lines after the
    [tools] header.

    .sync: Add [msrv] section to rust-toolchain.toml

    Adds a new section to the file to specify the nightly toolchain that
    matches the MSRV (which is specified in Cargo.toml) for the project.

    Used to test against the MSRV.

    Add MSRV check workflow

    Adds a reusable workflow that verifies the workspace builds and tests
    successfully on the Minimum Supported Rust Version (MSRV) declared in
    rust-toolchain.toml under a custom [msrv] table.

    The workflow resolves [msrv].channel, rewrites [toolchain].channel
    in place so all downstream tooling (e.g. rustup, cargo, cargo-make)
    uses the MSRV toolchain, then runs cargo make check, cargo make test, and any optional, caller-supplied build tasks.

    On scheduled runs, failures open or refresh a single rolling "MSRV
    Check Failure" issue, and a subsequent successful scheduled run closes
    it. PR-triggered failures just rely on the PR status check.

    .sync: Sync msrv-check.yml leaf workflow to patina

    This workflow calls the resuable MsrvCheck.yml workflow.

    Can be synced to other Patina repos in the future as needed/tested.

    Tested on fork:

    • Verified workflow runs on PR trigger, dispatch, and scheduled triggers
    • Verified workflow runs successfully when MSRV checks pass
    • Verified workflow creates a MSRV issue automatically when MSRV checks fail
    • Verified workflow closes the MSRV issue automatically when the issue is eventually fixed

    MSRV New Issue Example

    image

    MSRV Issue Auto Close Example

    image
  • Makefile updates [Rebase \& FF} @makubacki (#148)
    Change Details
      A few commits to update makefiles that are synced.

    Only run clippy-std on tests in UEFI bin repos

    The synced clippy-std task ran cargo clippy --all-targets --all-features on the host target. With --all-features enabled,
    the bins' required-features are satisfied and cargo tries to
    compile them on the host.

    Each bin starts with #![cfg(all(target_os = "uefi", feature = "x64"))] plus
    #![no_main], so on a non-uefi target the entire file (including
    #![no_main]) is stripped, resulting in E0601.

    This change narrow the task to cargo clippy --tests -- -D warnings,
    which pulls in the lib via the test build and leaves the bins out.

    patina-dxe-core-qemu Makefile: Fix Clippy/Check Args

    This updates the makefile to specify x64 and aarch64 in
    addition to the ci_features for the given arch.

    patina-readiness-tool Makefile: Split Core and UefiShell Clippy/Check

    The current combined configuration does not work to build the
    binaries intended to be core replacements with the uefi shell
    version. The uefishell feature requires certain things because
    it uses the uefi crate.

    As such, this splits the clippy and check targets like the build
    targets are.



  • Update nightly toolchain to 2026-02-27 (1.95.0) @makubacki (#147)
    Change Details
      The previous nightly toolchain was from 2026-02-13, which had partial support for some of the changes that ended up in Rust 1.95.0. This updates the toolchain to the same day the 1.95.0 stable tag was created.

    Also fixes clippy issues reported after the update.



  • codecov: Remove header from comment @Javagedes (#48)
    Change Details
      Currently, the codecov commenter posts a header which (most of the time) has a big red "X" on it. This can be confusing when you see the "X" and think you are failing, even though the actual CI check is passing because you are meeting the 80% threshold.

    This PR removes the header all together, since this commentor is purely informational, to make it easy to see what lines of code do not have associated tests



  • [REBASE \& FF] Makefiles: Update Clippy/Check Configuration @os-d (#145)
    Change Details
      Makefiles/CI: Update Clippy/Check Configuration -- This updates makefiles for all repos and the CI to run clippy/check uniformly across the UEFI targets, as --all-targets does not do so (it builds bin, lib, etc.), and std/tests.

    Makefiles: Drop Unstable Options Flag

    -Zunstable-options was added to support --timings=json, but that was removed some time ago. As a result, unstable compiler options are no longer being passed, so remove the flag.

    Makefiles: Drop -Zbuild-std and -Zbuild-std-features

    These unstable compiler options are no longer needed for building Patina.

    They can be used when a target is unsupported for building Rust std crates (including no_std alloc, core, etc.). The UEFI targets are supported, so this isn't needed.

    They can also be used for applying custom profile settings to the core libraries. However, the two settings we primarily care about for Patina are binary size and debugging symbols in debug builds. A sample Patina DXE Core binary was 100KB smaller when not including these flags and still had all the debugging symbols (stepping through core libs in a debugger worked).

    The other benefit is that build times are improved, for a sample Patina DXE Core binary build the time decreased from 39 seconds to 25 seconds.



  • .sync/Makefile-patina.toml: Clean mdbook deps on build @makubacki (#146)
    Change Details
      To prevent multiple rlib candidates during mdbook build, this will remove the `target/mdbook` directory before building mdbook.

    Prevents:

    error[E0464]: multiple candidates for `rlib` dependency `patina` found
   --> dxe_core/memory_management.md:250:1
    |
250 | extern crate patina;
    | ^^^^^^^^^^^^^^^^^^^^
    |
    = note: candidate #1: C:\src\patina\target/mdbook/deps\libpatina-0578c10102f67b3a.rlib
    = note: candidate #2: C:\src\patina\target/mdbook/deps\libpatina-1d28a091ef1e188b.rlib

      </blockquote>
  <hr>
</details>
  • .sync/Files.yml: Drop RUSTSEC-2024-0436 @makubacki (#144)
    Change Details
      A Rust security advisory was ignored for `paste` was present due to it being unmaintained but brought in through the crate tree. It is no longer needed:

    BEFORE:

    ❯ cargo tree -p paste
paste v1.0.15 (proc-macro)

    NOW:

    ❯ cargo tree -p paste
warning: nothing to print.

    Test file sync with the change to my patina fork: makubacki/patina#15



    </detail...

Read more

Contributors

makubacki, Javagedes, and os-d
Assets 2
Loading

v0.3.11

22 May 20:20
@github-actions github-actions
v0.3.11
5bfb50c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.11

What's Changed

  • Version.njk: Bump version to 0.3.11 @makubacki (#141)
    Change Details
      Updates the version for an upcoming release.
  • MdbookWorkflow.yml: Call the `test-mdbook` task @makubacki (#140)
    Change Details
      A new task was added to patina called `test-mdbook` that builds and tests the mdbook, encapsulating the logic previously in this workflow. This updates the workflow to reuse that task, so CI and local operations are the same.

    The workflow is very simple now but retained as a callable workflow since it still provides a common/reusable place to put any future mdbook related CI logic and reduces some duplication in calling workflows.

    The only caller into this reusable workflow today is in the patina repo. The only other Patina-related repo that publishes an mdbook is patina-qemu.

    The task can be added to patina-qemu as well when it begins using this workflow.

    Note: Not considered "breaking" since the workflow is called from ci-workflow.yml which is synced from this repo and has been updated to remove the parameters no longer in the workflow. A patina-devops version update must also be made in the same file sync so the file references the latest version that calls the cargo-make task.

    Tested on fork in this run: https://github.com/makubacki/patina/actions/runs/26247006985/job/77247864402



  • mdbook Upates [Rebase \& FF] @makubacki (#139)
    Change Details
      A few updates related to recent mdbook changes.

    mdbook: Update dependencies

    Updates dependencies to the latest compatible versions. The latest
    mdbook release is 0.5.2 but the latest mdbook-admonish release 1.20.0
    is not compatible with mdbook 0.5.x. So, mdbook is updated to the
    latest 0.4.x release, which is 0.4.52.

    Note:

    mdbook-admonish might give a warning like the following:

    Warning: The mdbook-admonish preprocessor was built against version
0.4.51 of mdbook, but we're being called from version 0.4.52

    That hasn't been observed to be a problem. Nearby versions of
    mdbook-mermaid are built against 0.4.52, so they would give a similar
    warning if mdbook were downgraded.

    Sync updates for adding mdbook to patina-qemu

    1. Sync the publish-mdbook.yml workflow to patina-qemu
    2. Add an entry to .gitignore in patina-qemu for the mdbook output
      directory
  • Sync mdbook changes from the patina repository [Rebase \& FF] @makubacki (#137)
    Change Details
      Syncs additional changes for building and publishing the mdbook from the patina repository.

    .sync: Do not attempt to deploy on forks in publish-mdbook.yml

    Most forks are likely not intending to publish the Patina mdbook
    on their fork repository. Skip the deployment step on forks.

    This change is already in place in the patina repository. This is just
    syncing it to patina-devops.

    .sync: Add mdbook-linkcheck to rust-toolchain.toml

    Syncs the mdbook-linkcheck dependency in rust-toolchain.toml to match
    what is used in the patina repository.



  • .sync: Update mdbook from html directory in publish-mdbook.yml @makubacki (#134)
    Change Details
      Updates the mdbook build artifacts to be uploaded from docs/book/html instead of docs/book because when mdbook has multiple output backends ([output.html] and [output.linkcheck]), it nests output in subdirectories under the build dir (e.g., book/html/, book/linkcheck/) instead of writing directly to book/.
  • .sync: Use pull\_request\_target for Rust version check workflow @makubacki (#136)
    Change Details
      This workflow needs to use secrets for PRs from public forks, which is not available with the pull_request trigger currently used.

    pull_request_target is used instead since it allows access to secrets and the workflow is limited to simple toml parsing and validation not executing any code from the PR.

    Tested on a pull request to a PR from a public fork here: makubacki/patina#13



Full Changelog: v0.3.10...v0.3.11

Contributors

makubacki
Loading

v0.3.10

06 May 20:24
@github-actions github-actions
v0.3.10
4841582
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.10

What's Changed

  • Version.njk: Bump version to 0.3.10 @makubacki (#133)
    Change Details
      Updates the version for an upcoming release.
  • .sync/Files.yml: Sync to the patina-components repo @makubacki (#129)
    Change Details
      Syncs files to the patina-components repo recently created.

    Tested on patina-components fork: makubacki/patina-components#1

    Two files in patina-components will be modified by the file sync:

    1. github/workflows/ci-workflow.yml‎ - Concurrency group added and patina-devops version updated.
    2. /codecov.yml - File added
  • Update action dependencies @makubacki (#130)
    Change Details
      Bumps the all-actions-dependencies group with 3 updates:

    Note: Contains all changes from #121 but with actions/github-script updated to 9, action versions updated in sync files, and the update to .github/workflows/UpdateReleaseDraft.yml excluded so that can be individually merged in the future after being tested.



  • patina-dxe-core-qemu: Makefile.toml: Drop COMMON\_RUSTFLAGS @os-d (#127)
    Change Details
      The COMMON_RUSTFLAGS are set in config.toml now and kept in sync between platforms. Drop these duplicating the flags in COMMON_RUSTFLAGS. The base of 0 was decided to be dropped as patina ignores this field and other tools don't like a 0 base.
  • .sync: Add --no-build arg to patina-dxe-core-qemu patch command @makubacki (#126)
    Change Details
      Today, the `patch` task always builds. In some cases (CI), the workflow needs to patch, update, then build. This allows that by passing `--no-build`.

    The default behavior is unchanged, which is to build after patching.

    Note: This change is already merged in patina-dxe-core-qemu. This is just an update to the sync file.



  • Add Validate Pull Request Formatting workflow @makubacki (#122)
    Change Details
      This workflow checks pull request titles and descriptions for formatting issues are reports failures as PR comments and a PR status check failure.

    Right now, the workflow just verifies that the default file sync PR title is not present. This is to make the file sync changes more descriptive in source history.



  • .github: Update setup-patina-qemu-validation to patch, update, then build @makubacki (#125)
    Change Details
      Instead of patch & build, this change updates the flow to patch, update, then build. This allows the build to resolve dependencies from the registry as-is, while still using the local patina source for the crate itself.
  • .sync/Files.yml: Ignore StMM log files @makubacki (#123)
    Change Details
      Commit b2bf562 in patina-qemu recently added the following lines to .gitignore:

    *secure_mm.log
    *secure.log

    This change includes the lines in the sync. The lines will be synced to patina-edk2 as well because patina-qemu and patina-edk2 currently share .gitignore file sync settings. Since the lines will have no impact in patina-edk2, this approach is chosen over adding complexity to the sync file to split the .gitignore file sync settings for patina-qemu and patina-edk2.



  • .sync/dependabot/dependabot.yml: Add pip and action groups @makubacki (#119)
    Change Details
      Group pip and action updates to reduce the number of dependabot PRs.
  • .sync: Update patina-test feature flag @Javagedes (#115)
    Change Details
      This commit updates the feature flag for the `patina-test` cargo make command to `test-runner`. This feature flag replaced `enable_patina_tests` when the patina test logic was moved to it's own crate in https://github.com/OpenDevicePartnership/patina/commit/16fd292a1e4834f5f879020a939c35ba7b578895

    ref: OpenDevicePartnership/patina#1443



  • .sync/github/bug\_report.yml: Remove toolchain @makubacki (#114)
    Change Details
      Patina uses CLANGPDB now. The VS2022 and GCC toolchain options are no longer relevant for bug reports. Removing them from the template to avoid confusion.
  • Makefiles: Add native cargo test arg passthrough to test tasks @makubacki (#111)
    Change Details
      Resolves https://github.com/OpenDevicePartnership/patina/issues/1370

    Update all Makefile.toml files so that cargo make test supports standard cargo test arguments (e.g., -p <package>, -- --nocapture).



  • .github: Update Patina QEMU PR Val for patina-qemu Changes @makubacki (#113)
    Change Details
      Drops the `toolchain` input from the `run-patina-qemu-validation` action and removes all references to it in the action's code and the workflow that uses it.

    patina-qemu has converged onto a single CLANGPDBG toolchain.



  • Modify QEMU CI constants for toolchains @kuqin12 (#112)
    Change Details
      After https://github.com/OpenDevicePartnership/patina-qemu/commit/f39bcdb0df44ad1ec980e34d73a716c75dcbcbb7, the patina validation pipeline start to break due to unrecognized toolchain: https://github.com/OpenDevicePartnership/patina/pull/1413

    This change updated toolchain constants for Windows and Linux in the QEMU CI workflow to only support CLANGPDB.



  • Add commit status support to QEMU PR Validation @makubacki (#110)
    Change Details
      Closes #108

    Adds an optional head-sha input to the three reusable workflow files. When provided, commit statuses are created on the PR head SHA so that QEMU validation appears in the PR status checks area.

    This is needed because the validation chain uses workflow_run triggers, which run in the default branch context and are not automatically associated with the PR as status checks.

    The status context is Patina QEMU PR Validation which can be configured as a required status check in branch protection rules.

    Tested in a PR on my patina-dxe-core-qemu fork

    Pending Results

    image

    Successful Result Status

    image

    Failure Result Status

    <img width="966" height="525" alt="image"...

Read more

Contributors

makubacki, Javagedes, and 3 other contributors
Loading

v0.3.9

09 Mar 19:51
@github-actions github-actions
v0.3.9
673154a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.9

What's Changed

  • Version.njk: Update version to v0.3.9 @makubacki (#90)
    Change Details
      Updates the version for an upcoming patina-devops release.
  • Add Patina End-to-End Validation Flow [Rebase \& FF] @makubacki (#81)
    Change Details
      One main commit and a couple of peripheral commits.

    Add Patina QEMU validation workflow and actions

    Workflow documentation: https://opendevicepartnership.github.io/patina/dev/testing/qemu_pr_validation.html

    Adds a new workflow that will run changes in the patina repository
    against the latest code and releases from other Patina repositories.

    The main files to support this workflow are:

    Workflows:

    • .github/workflows/PatinaQemuPrValidation.yml: The workflow file
      that defines the steps to run the validation.
    • .github\workflows\PatinaQemuPrValidationPending.yml: A simple
      workflow the manages the validation comment prior to validation
      being started.
    • .github/workflows/PatinaQemuPrValidationPost.yml: A workflow that
      runs after the main validation workflow to post results in a comment
      back to the PR.

    Actions:

    • .github/actions/setup-patina-qemu-validation: A GitHub Action that
      sets up the environment for running the QEMU validation tests.
    • .github/actions/run-patina-qemu-validation: A GitHub Action
      that runs the QEMU validation tests.
    • .github/actions/extract-build-errors: A GitHub Action that
      extracts build errors from the QEMU validation logs and formats
      them for posting back to the PR.

    PatinaQemuPrValidation.yml is expected to be triggered on pull
    requests into the patina repository.

    A common set of steps are organized in a "Preflight" job. This
    generates cache keys for different dependencies and determines that
    there is version compatibility to proceed with the rest of the
    workflow. This job tries to reduce the likelihood of hitting the
    GitHub API rate limit through authenticated requests and caching.

    The platform validation portion builds the Q35 and SBSA binaries in
    a standalone step instead of in combination with the script invocation
    that runs the tests. This allows for clear differentiation between
    build and runtime failures. Special parameters were added to the
    build_and_run_rust_binary.py script in patina-qemu to support this.

    Comments posted back to the patina PR are meant to be as helpful as
    possible resulting in some overhead to generate them. The parsing
    and heuristic details might need to be tweaked over time.

    Notes:

    • Concurrent runs of the workflow for the same PR are prevent in the
      calling workflow in the patina repository.
    • GitHub API requests are made using authenticated requests. Reads
      generally use the default GitHub token while writes use the Patina
      app-derived token. The secrets necessary to derive the app token
      are not available every reads are performed or it would be used for
      everything.
    • Special handling is added to build and test within a container.
    • Actual Rust compilation and runs happen in parallel jobs.
    • Only one comment is posted by the workflow on a PR. It is edited when new
      updates are posted. The comment revision history can be used to see
      the history of updates to the comment.
    • The comment format varies between compilation failures and runtime
      failures to provide relevant detail for each when they occur.
    • Succeess comments include execution time (exlcuding build time) to
      run QEMU and shutdown.
    • Compilation failures include snippets of failures in the logs and
      links to the full log artifacts.
    • Runtime failures similarly include snippets of ERROR messages and
      links to the full log artifacts.
    • The validation results comment is updated to reflect when validation
      is pending on CI result success.
    • Special handling is in place to update the comment for cases when
      a PR is closed or merged before the main validation workflow can run.

    Additional Information

    Preflight and Parallelization

    Preflight checks largely operate on cached data as much as possible. Actual build and platform validation occur in parallel as shown below.

    image
    Successful Run

    Prints the boot time to shell.

    image
    Validation-in-Progress Message
    image
    Compilation Failure

    Force a compilation failure by changing EFI_PROGRESS_CODE to EFI_PROGRESS_CODE2:
    image

    Failure in the workflow:
    image

    Compilation failure specific PR comment:
    image

    Expanded error details include snippets of failure messages:
    image

    Boot Failure

    Here SBSA execution fails.
    image

    The PR comment has runtime details and shows that only SBSA failed:
    image

    Other Commits

    Patina QEMU Validation Workflow: Temporarily disable Windows Q35 boot

    Until OpenDevicePartnership/patina-qemu#188
    is resolved, disable QEMU Q35 boot on a Windows host due to the
    potential for vfat-related QEMU boot failures.

    Update rust-tool-cache cache action version to v5

    Updates action version in .github/actions/rust-tool-cache/action.yml
    to latest (matching what is used in other files in the repo).

    Add qemu-constants.yml workflow

    Adds constant used for Patina QEMU workflows to patina-devops so they
    can be reused in workflows that will build and test patina changes
    on QEMU.



  • Update rust to v1.93.1 @Javagedes (#89)
    Change Details
      This commit updates rust to a nightly release of rust, dated 1 day post 1.93.1.

    This version, as it is nightly, includes nightly features from rust v1.94, which includes the optional file format for the --timings report.

    ref: rust-lang/cargo#16420



  • .sync/Makefiles: Add test-asan task for AddressSanitizer testing @makubacki (#88)
    Change Details
      Adds a `test-asan` task that runs tests with AddressSanitizer (`-Zsanitizer=address`) enabled. The task supports Windows x64 and Linux hosts.

    Full task command: cargo make test-asan

    On Windows [1], ASan-instrumented binaries require the MSVC ASan runtime DLL (clang_rt.asan_dynamic-x86_64.dll) to be on PATH at runtime so that's done as part of the task setup. The DLL location is resolved using the VC toolset installation path from vswhere [2].

    On Linux, no additional setup is needed as the ASan runtime is resolved automatically by the linker.

    [1] https://learn.microsoft.com/cpp/sanitizers/asan
    [2] https://github.com/microsoft/vswhere/wiki/Find-VC

    Some Makefile.toml files have --features std present depending on whether the workspace Cargo.toml supports a std feature.

    A --print-dll-path argument is supported on Windows to print the resolved ASan DLL path and exit, which can be useful for adding that to the system PATH when running tests outside of cargo make.

    Tested running cargo make test-asan in each repo (on Windows) with the Makefile.toml change applied.



  • GitHub Action: Bump actions/upload-artifact from 6 to 7 @[dependabot[bot]](https://github.com/apps/dependabot) (#86)
    Change Details
      Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
    Release notes

    Sourced from actions/upload-artifact's releases.

    v7.0.0

    v7 What's new

    Direct Uploads

    Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, w...

Read more

Contributors

makubacki, Javagedes, and 2 other contributors
Loading

v0.3.8

14 Jan 22:14
@github-actions github-actions
v0.3.8
94f604e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.8

What's Changed

  • Version.njk: Update version to v0.3.8 @makubacki (#71)
    Change Details
      Updates the version for an upcoming patina-devops release.

    Note: The patina-devops v0.3.7 release was made on GitHub without
    this file being updated so this commit takes the version from
    v0.3.6 to v0.3.8 directly.



Read more

Contributors

makubacki and vineelko
Loading

v0.3.7

22 Dec 22:05
@github-actions github-actions
v0.3.7
e986864
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.7

What's Changed

  • Notebook: Show my open/reviewed PR across repos @vineelko (#64)
    Change Details
     
  • .sync/rust-toolchain.toml: Downgrade cargo-vet to v0.10.0 @Javagedes (#63)
    Change Details
      cargo-vet does not have a v0.10.1 release on github, which means we fall back to attempting to compile the tool. Compilation fails regularly as we do not keep our toolchain up to date. This commit downgrades to v0.10.0, which does have binaries published that we can download.
  • .sync/rust-toolchain.toml: Update cargo-deny to v0.18 @makubacki (#59)
    Change Details
      Update to version 0.18 to pick up the fix for the following issue:

    EmbarkStudios/cargo-deny#804

    In the v0.18.6 release of cargo-deny:

    https://github.com/EmbarkStudios/cargo-deny/releases/tag/0.18.6

    Fixes this issue observed in patina-dxe-core-qemu:

    Error: -20 00:22:52 [ERROR] failed to load advisory database: parse error: error parsing /home/runner/.cargo/advisory-dbs/github.com-9b36585d9d99f7b3/crates/cap-primitives/RUSTSEC-2024-0445.md: parse error: TOML parse error at line 8, column 8
  |
8 | cvss = "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"
  |        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
unsupported CVSS version: 4.0

      </blockquote>
  <hr>
</details>
  • rust-tool-cache: do not always download cargo-binstall @Javagedes (#58)
    Change Details
      Update the rust-tool-cache action to only download cargo-binstall if we are actually going to use it in the next command. Otherwise, it is a pointless install.
  • rust-toolchain.toml: use an empty additional\_targets list when no extra targets are needed @vineelko (#57)
    Change Details
      - Address the failure in processing the nunjucks template introduced in recent https://github.com//pull/55 - Validated on a private fork https://github.com/vineelko/patina-devops/actions/runs/20178244757
  • Update Rust toolchain version to nightly-2025-12-12 @Javagedes (#56)
    Change Details
      This commit updates rust toolchain version to 2025-12-12, which is one day post 1.92.0 release. This file is sync'd to all applicable repositories via the file syncer.

    ref: OpenDevicePartnership/patina#1190



  • Add template parameter to Rust toolchain file to add additional targets @vineelko (#55)
    Change Details
      - Ensure validator binary builds for the following target triples: - x86_64-pc-windows-msvc - aarch64-pc-windows-msvc - x86_64-unknown-linux-gnu - aarch64-unknown-linux-gnu - This change enables the patina readiness tool GitHub release to include all supported binary flavors(after a follow up fix in readiness repo). ``` ├───aarch64-pc-windows-msvc │ └───debug │ dxe_readiness_validator.exe │ dxe_readiness_validator.pdb ├───x86_64-pc-windows-msvc │ └───debug │ dxe_readiness_validator.exe │ dxe_readiness_validator.pdb ├───x86_64-unknown-linux-gnu │ └───debug │ dxe_readiness_validator └───aarch64-unknown-linux-gnu └───debug dxe_readiness_validator ```
  • CiWorkflow.yml: Move clippy to the Rust CI job @hashcatHitman (#53)
    Change Details
      Clippy is dependent on conditional compilation configurations such as the target architecture, which leads to issues such as [patina#1092].

    Having clippy be part of the Rust CI job should remedy this since it runs on the ubuntu-24.04-arm runner.



  • .sync/Makefiles: Add --doctests to test task @makubacki (#54)
    Change Details
      Runs doc tests during the `test` task to validate doc examples and include their coverage in reports.
  • Files.yml: Add .git\_credentials to .gitignore @makubacki (#52)
    Change Details
      A recent change in the patina added `.git_credentials` to the `.gitignore` file. This change adds it to the file sync so it is included in the sync to the patina and other repos.
  • Update sync version to v0.3.6 @cfernald (#49)
    Change Details
     

Full Changelog: v0.3.6...v0.3.7

Contributors

cfernald, makubacki, and 3 other contributors
Loading

v0.3.6

19 Nov 23:32
@github-actions github-actions
v0.3.6
b0f353d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.6

What's Changed

  • Add arm64 CI runner \& fix cache and upload keys @cfernald (#47)
    Change Details
      - Introduces a ubuntu-24.04-arm runner to the CI workflow to verify compatibility with ARM64 development environments. - Updates cache and artifact keys to include the runner architecture, to prevent conflicts between x86_64 and Arm64.

    Tested in forked repo: https://github.com/cfernald/patina/actions/runs/19413067151/job/55537282932?pr=2

    Will hold until all dependent repos are fixed for arm64 compilation.



  • Notebooks: Add patina-apps repo @makubacki (#45)
    Change Details
      Adds the `patina-apps` repo that was recently created to the notebooks.
  • .sync/Makefile-patina-readiness-tool.toml: Add deny task @makubacki (#44)
    Change Details
      Adds the `deny` task to the makefile so it can be invoked with `cargo make deny`.
  • Files.yml: Add custom patina-readiness-tool settings @makubacki (#43)
    Change Details
      These repos are using the current deny.toml config file as-is today:
    • patina
    • patina-dxe-core-qemu
    • patina-mtrr
    • patina-paging

    patina-readiness-tool needs a few settings customized. This keeps project-level settings consistent between all repos while allowing common configuration points to be compared and edited in a single location across all repos.

    Example syncs on forks with these changes:


  • .sync/Makefiles: Update all to use LF line endings @makubacki (#42)
    Change Details
      Makefiles have been maintained with different line endings. Update all to have Unix style line endings for consistency.
  • Readiness Tool: Avoid setting target subsystem rules @vineelko (#41)
    Change Details
      The Readiness Tool generates binaries with differing subsystem types. Forcing the subsystem type to `efi_boot_service_driver` causes UEFI Shell applications to fail.

    Produced binaries and their expected subsystem types:

    • x64-uefishell - EFI application
    • aarch64-uefishell - EFI application
    • intel-lnl - EFI driver
    • intel-ptl - EFI driver
    • x64-uefi - EFI driver
    • aarch64-uefi - EFI driver
    • validation-binary - Windows console application

  • Makefile.toml: Don't Build Doc Dependencies for CI @os-d (#39)
    Change Details
      Currently, we run cargo doc in cargo make all and in CI to validate our docs are not broken. However, this automatically builds dependencies, which is slow, needless for this case, and can cause a CI break for us if a dependency has broken docs.

    This adds --no-deps to cargo make doc to not build dependencies. On a local system that changed a clean build of cargo make doc from 5m 04s to 38s.

    For the locally built docs case, cargo make doc-open will build all docs, including dependencies and open it locally.



Full Changelog: v0.3.5...v0.3.6

Contributors

cfernald, makubacki, and 3 other contributors
Loading

v0.3.5

13 Nov 16:34
@github-actions github-actions
v0.3.5
65aa655

Choose a tag to compare

View all tags
v0.3.5

What's Changed

  • Add Makefile Sync for All Patina Repos [Rebase \& FF] @makubacki (#37)
    Change Details
      Closes #36

    .sync/Makefile.toml: Clean Coverage Artifacts Before Running Coverage

    Currently, this file is only synced to the patina repository. This
    change brings in the changes from the following commit in the patina
    repository to this copy of the file.

    OpenDevicePartnership/patina@faae91a

    Add all Patina repo Makefile.toml files for sync

    Consolidate all Makefile.toml files as they exist in each repo to
    be synced from this repo.

    This makes it easy to audit files against each, leverage potential
    shared implementation or templating in the future, and reduce
    manual churn to update each makefile manually across repos when a
    sweeping change is needed.

    Note: The new patina-apps repo does not have a Makefile.toml so this PR does not attempt to create one. Once a Makefile.toml has been created and tested in that repo with the content that needs to build there then a future change can sync it from patina-devops.



  • CiWorkflow.yml: Add artifact upload parameter @makubacki (#40)
    Change Details
      Allow a caller to specify a list of artifacts to upload. This allows build output to efficiently be uploaded from the build already performed in the job.
  • Files.yml: Sync files to the patina-apps repo @makubacki (#38)
    Change Details
      Syncs common files to the `patina-apps` repo. The CI workflow and a Makefile.toml are not synced at this time. After content is added to that repo and confirmed to build, then those files can be synced from here with the configuration needed to support that build.
  • Files.yml: Update .gitignore in Rust repos @makubacki (#34)
    Change Details
      Pull in the changes made to .gitignore locally in the patina repo in: https://github.com/OpenDevicePartnership/patina/commit/228bfbadec6cf478ffe8f7d76bb67be32ee56f49

    This should resolve as a no-op to that repo in future file syncs.



Full Changelog: v0.3.4...v0.3.5

Contributors

makubacki
Loading

v0.3.4

07 Nov 22:31
@github-actions github-actions
v0.3.4
4b6c5cd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.4

What's Changed

  • Update label syntax for actions/labeler v6 @makubacki (#32)
    Change Details
      The syntax for file paths needs to be updated after updating to v6 of the action in:

    1a7c1e5



Full Changelog: v0.3.3...v0.3.4

Contributors

makubacki
Loading

v0.3.3

07 Nov 20:11
@github-actions github-actions
v0.3.3
a1e3446
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.3.3

What's Changed

  • Version.njk: Update version to v0.3.3 @makubacki (#30)
    Change Details
      Updates the version for an upcoming patina-devops release.
  • .sync/config.toml: Customize link section inclusion @makubacki (#28)
    Change Details
      Add a template parameter called `include_uefi_target_rules` to control whether the linker arguments for UEFI targets are defined for `rustflags`.

    This is currently only needed for building UEFI binaries in the patina-dxe-core-qemu and patina-readiness-tool repos.

    PDB names can be customized for the PDBALTPATH parameter independently for each target.

    File Sync Tests


  • Only run workflows dependent on the ODP app to the org @makubacki (#29)
    Change Details
      Some workflows use the ODP GitHub app credentials to perform write actions across one or more repos. Since forks will not have secrets to the ODP GitHub app and likely do not want these workflows to run anyway, limit them to `OpenDevicePartnership` organization.
  • Sync label-issues config files @makubacki (#27)
    Change Details
      The configuration files used in `.github/workflows/Labeler.yml` can be synced to repos to keep label application consistent.
  • Consolidate Current Dependabot PRs [Rebase \& FF] @makubacki (#26)
    Change Details
      Brings the following commits into a single PR to make review easier for several updates being made at once after enabling Dependabot.

Full Changelog: v0.3.2...v0.3.3

Contributors

makubacki
Loading