Sandbox/rdutta/3.0/update 3.0.20250521 3.0 v4#326
Merged
cheeyanglee merged 280 commits into3.0-devfrom Jul 24, 2025
Merged
Conversation
Co-authored-by: dj_palli <dj_palli@microsoft.com>
…tapackage (#12298)
This is early work to build a kernel in the extended repo that includes LVBS support.
…ch 3.0-dev (#13365) Co-authored-by: Archana Shettigar <v-shettigara@microsoft.com>
…3.0-dev (#13366) Co-authored-by: jykanase <v-jykanase@microsoft.com>
….0-dev (#13367) Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
….0-dev (#13368) Co-authored-by: Sreenivasulu Malavathula (HCL Technologies Ltd) <v-smalavathu@microsoft.com>
…-dev (#13369) Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
…3.0-dev (#13370) Co-authored-by: Kevin Lockwood <57274670+kevin-b-lockwood@users.noreply.github.com>
…h 3.0-dev (#13371) Co-authored-by: jykanase <v-jykanase@microsoft.com>
…Medium] - branch 3.0-dev (#13372) Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
…ev (#13373) Co-authored-by: kgodara912 <kshigodara@outlook.com>
…m] - branch 3.0-dev (#13374) Co-authored-by: Sumedh Alok Sharma <sumsharma@microsoft.com>
…h 3.0-dev (#13375) Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
…2024-11053 [High] - branch 3.0-dev (#13376) Co-authored-by: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
…ch 3.0-dev (#13389) Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
…3.0-dev (#13390) Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
…[Medium] - branch 3.0-dev (#13391) Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
…v (#13392) Co-authored-by: jykanase <v-jykanase@microsoft.com>
… branch 3.0-dev (#13393) Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
…gs (#13674) Updated the config options in config_aarch64 as per nvidia's recently published patch guide. The config options are related to GB200 and GB200F helps h/w team to run the diagnostics. Made modification to config_aarch64 based on nvidia's recommendation. nvidia patch guide: https://docs.nvidia.com/grace-patch-config-guide.pdf Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
Signed-off-by: Sreenivasulu Malavathula <v-smalavathu@microsoft.com>
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
…gs (#13674) Updated the config options in config_aarch64 as per nvidia's recently published patch guide. The config options are related to GB200 and GB200F helps h/w team to run the diagnostics. Made modification to config_aarch64 based on nvidia's recommendation. nvidia patch guide: https://docs.nvidia.com/grace-patch-config-guide.pdf Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
* tag '3.0.20250521-3.0': (271 commits) Fixed reporting of build errors (CP: #13889) (#13897) Revert "Revert "Merge 3.0-dev for May 2025 2 release"" (#13847) Revert "Anphel/3 mid may 2025 update b" (#13846) kernel-64k: Added a new patch to solve EFI slack slots issue (#13783) kernel-64k: enabling config options required for GB200 and GB200F diags (#13674) Prepare May 2025 Update 2 (#13808) Revert "Merge 3.0-dev for May 2025 2 release" (#13833) kernel-64k: Added a new patch to solve EFI slack slots issue (#13783) Patch docker-buildx for CVE-2025-0495 [Medium] (#13768) [Medium] Patch yasm for CVE-2023-51258 and CVE-2023-37732 (#13792) [Medium] Patch iniparser for CVE-2023-33461 (#13804) [Medium] patch rpm-ostree for CVE-2024-2905 (#13818) kernel-64k: enabling config options required for GB200 and GB200F diags (#13674) [3.0] bmake: move tests to check section (#13815) Updated lua-json to version 1.3.4 (#11179) Upgrade kyotocabinet to version 1.2.80 (#10802) Extended build failure logging (#13705) Prepare May 2025 Update 2 (#13808) dom0 packages: Update to dom0 release v2411.19.1 (#13648) [AUTO-CHERRYPICK] Upgrade SymCrypt-OpenSSL to 1.8.1 - branch 3.0-dev (#13805) ...
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+26
to
+29
| - name: Workflow trigger checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| # For consistency, we use the same major/minor version of Python that Azure Linux ships |
Check warning
Code scanning / zizmor
does not set persist-credentials: false Warning
Comment on lines
+16
to
+48
| name: SRPMs duplicates check | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| # Each group is published to a different repo, thus we only need to check | ||
| # for SRPM duplicates within the group. | ||
| specs-dirs-groups: ["SPECS SPECS-SIGNED", "SPECS-EXTENDED"] | ||
|
|
||
| steps: | ||
| # Checkout the branch of our repo that triggered this action | ||
| - name: Workflow trigger checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| # For consistency, we use the same major/minor version of Python that Azure Linux ships | ||
| - name: Setup Python 3.12 | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: 3.12 | ||
|
|
||
| # Generate the specs.json files. They are the input for the duplicates check script. | ||
| - name: Generate specs.json | ||
| run: | | ||
| set -euo pipefail | ||
|
|
||
| for spec_folder in ${{ matrix.specs-dirs-groups }}; do | ||
| echo "Generating specs.json for spec folder '$spec_folder'." | ||
|
|
||
| sudo make -C toolkit -j$(nproc) parse-specs REBUILD_TOOLS=y DAILY_BUILD_ID=lkg SPECS_DIR=../$spec_folder | ||
| cp -v build/pkg_artifacts/specs.json ${spec_folder}_specs.json | ||
| done | ||
|
|
||
| - name: Check for duplicate SRPMs | ||
| run: python3 toolkit/scripts/check_srpm_duplicates.py *_specs.json |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 9 months ago
To fix the detected issue, we need to add a permissions block to the workflow. The permissions block will specify the minimal privileges required for the workflow to execute successfully. Since the workflow primarily reads repository contents and does not need write access, the permissions block should restrict access to contents: read.
The permissions block can be added at the workflow level (applies to all jobs) or at the job level (specific to the check job). We will add the permissions at the workflow level because all jobs in the workflow share the same privilege requirements.
Suggested changeset
1
.github/workflows/check-srpm-duplicates.yml
| @@ -4,6 +4,8 @@ | ||
| # This action checks that the specs in this repo | ||
| # generate SRPMs with unique names. | ||
| name: SRPMs duplicates check | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| push: |
Copilot is powered by AI and may make mistakes. Always verify output.
anujm1
approved these changes
Jul 24, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merge Checklist
All boxes should be checked before merging the PR
Description
AZL update 3.0.20250521-3.0
Any Newly Introduced Dependencies
How Has This Been Tested?