Repo File Sync: Always publish logs in CodeQL workflow, fix container safe dir, add issue assignment workflow (#230)

synced local file(s) with [microsoft/mu_devops](https://github.com/microsoft/mu_devops). 🤖: View the [Repo File Sync Configuration File](https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml) to see how files are synced. --- This PR was created automatically by the [repo-file-sync-action](https://github.com/BetaHuhn/repo-file-sync-action) workflow run [#4832448197](https://github.com/microsoft/mu_devops/actions/runs/4832448197) Signed-off-by: Project Mu UEFI Bot <uefibot@microsoft.com>
2023-04-28 13:24:26 -04:00 · 2023-04-28 13:24:26 -04:00 · 653baa1642
--- a/.azurepipelines/Ubuntu-GCC5.yml
+++ b/.azurepipelines/Ubuntu-GCC5.yml
@ -20,7 +20,7 @@ resources:
      type: github
      endpoint: microsoft
      name: microsoft/mu_devops
-      ref: refs/tags/v2.4.0
+      ref: refs/tags/v2.5.1
  containers:
    - container: linux-gcc
      image: ghcr.io/tianocore/containers/fedora-37-build:3b3eb8f
--- a/.azurepipelines/Windows-VS.yml
+++ b/.azurepipelines/Windows-VS.yml
@ -20,7 +20,7 @@ resources:
      type: github
      endpoint: microsoft
      name: microsoft/mu_devops
-      ref: refs/tags/v2.4.0
+      ref: refs/tags/v2.5.1

 variables:
 - group: architectures-x86-64
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -1,6 +1,6 @@
 {
  "image": "ghcr.io/tianocore/containers/fedora-37-dev:latest",
-  "postCreateCommand": "git config --global --add safe.directory * && pip install --upgrade -r pip-requirements.txt",
+  "postCreateCommand": "git config --global --add safe.directory '*' && pip install --upgrade -r pip-requirements.txt",
  "customizations": {
    "vscode": {
      "extensions": [
@ -9,4 +9,4 @@
      ]
    }
  }
-}
+}
--- a/.github/workflows/auto-approve.yml
+++ b/.github/workflows/auto-approve.yml
@ -25,5 +25,5 @@ jobs:
  approval_check:
    if: |
      github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot'
-    uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v2.4.0
+    uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v2.5.1
    secrets: inherit
--- a/.github/workflows/auto-merge.yml
+++ b/.github/workflows/auto-merge.yml
@ -26,5 +26,5 @@ jobs:
  merge_check:
    if: |
      github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot'
-    uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v2.4.0
+    uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v2.5.1
    secrets: inherit
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -153,13 +153,43 @@ jobs:
      if: steps.get_ci_file_operations.outputs.setup_supported == 'true'
      run: stuart_setup -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }}

+    - name: Upload Setup Log As An Artifact
+      uses: actions/upload-artifact@v3
+      if: (success() || failure()) && steps.get_ci_file_operations.outputs.setup_supported == 'true'
+      with:
+        name: ${{ matrix.package }}-Logs
+        path: |
+          **/SETUPLOG.txt
+          retention-days: 7
+        if-no-files-found: ignore
+
    - name: CI Setup
      if: steps.get_ci_file_operations.outputs.ci_setup_supported == 'true'
      run: stuart_ci_setup -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }}

+    - name: Upload CI Setup Log As An Artifact
+      uses: actions/upload-artifact@v3
+      if: (success() || failure()) && steps.get_ci_file_operations.outputs.ci_setup_supported == 'true'
+      with:
+        name: ${{ matrix.package }}-Logs
+        path: |
+          **/CISETUP.txt
+          retention-days: 7
+        if-no-files-found: ignore
+
    - name: Update
      run: stuart_update -c .pytool/CISettings.py -t DEBUG -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }}

+    - name: Upload Update Log As An Artifact
+      uses: actions/upload-artifact@v3
+      if: success() || failure()
+      with:
+        name: ${{ matrix.package }}-Logs
+        path: |
+          **/UPDATE_LOG.txt
+        retention-days: 7
+        if-no-files-found: ignore
+
    - name: Find CodeQL Plugin Directory
      id: find_dir
      shell: python
@ -240,6 +270,21 @@ jobs:
        STUART_CODEQL_PATH: ${{ steps.cache_key_gen.outputs.codeql_cli_ext_dep_dir }}
      run: stuart_ci_build -c .pytool/CISettings.py -t DEBUG -p ${{ matrix.package }} -a ${{ matrix.archs }} TOOL_CHAIN_TAG=${{ matrix.tool_chain_tag }} --codeql

+    - name: Upload Build Logs As An Artifact
+      uses: actions/upload-artifact@v3
+      if: success() || failure()
+      with:
+        name: ${{ matrix.package }}-Logs
+        path: |
+          **/BUILD_REPORT.TXT
+          **/OVERRIDELOG.TXT
+          **/BUILDLOG_*.md
+          **/BUILDLOG_*.txt
+          **/CI_*.md
+          **/CI_*.txt
+        retention-days: 7
+        if-no-files-found: ignore
+
    - name: Prepare Env Data for CodeQL Upload
      id: env_data
      env:
@ -256,31 +301,6 @@ jobs:
        with open(os.environ['GITHUB_OUTPUT'], 'a') as fh:
            print(f'sarif_file_path={sarif_path}', file=fh)

-    - name: Upload Setup and Update Logs As An Artifact
-      uses: actions/upload-artifact@v3
-      with:
-        name: ${{ matrix.package }}-Setup-Update-Logs
-        path: |
-          **/OVERRIDELOG.TXT
-          CISETUP.txt
-          SETUPLOG.txt
-          UPDATE_LOG.txt
-        retention-days: 3
-        if-no-files-found: ignore
-
-    - name: Upload Build Log As An Artifact
-      uses: actions/upload-artifact@v3
-      with:
-        name: ${{ matrix.package }}-Build-Logs
-        path: |
-          **/BUILD_REPORT.TXT
-          BUILDLOG_*.md
-          BUILDLOG_*.txt
-          CI_*.md
-          CI_*.txt
-        retention-days: 7
-        if-no-files-found: ignore
-
    - name: Upload CodeQL Results (SARIF) As An Artifact
      uses: actions/upload-artifact@v3
      with:
--- a/.github/workflows/issue-assignment.yml
+++ b/.github/workflows/issue-assignment.yml
@ -0,0 +1,21 @@
+# This workflow provides actions that should be applied when an issue is assigned.
+#
+# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there
+#       instead of the file in this repo.
+#
+# - Mu DevOps Repo: https://github.com/microsoft/mu_devops
+# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+name: React to Issue Assignment
+
+on:
+  issues:
+    types: assigned
+
+jobs:
+  apply:
+    uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v2.5.1
--- a/.github/workflows/label-issues.yml
+++ b/.github/workflows/label-issues.yml
@ -31,4 +31,4 @@ on:

 jobs:
  apply:
-    uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v2.4.0
+    uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v2.5.1
--- a/.github/workflows/label-sync.yml
+++ b/.github/workflows/label-sync.yml
@ -24,4 +24,4 @@ on:

 jobs:
  sync:
-    uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v2.4.0
+    uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v2.5.1
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -24,4 +24,4 @@ on:

 jobs:
  check:
-    uses: microsoft/mu_devops/.github/workflows/Stale.yml@v2.4.0
+    uses: microsoft/mu_devops/.github/workflows/Stale.yml@v2.5.1
--- a/.github/workflows/triage-issues.yml
+++ b/.github/workflows/triage-issues.yml
@ -19,4 +19,4 @@ on:

 jobs:
  triage:
-    uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v2.4.0
+    uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v2.5.1