All-Blockchains
diff --git a/‎.github/CONTRIBUTING.md‎
Lines changed: 3 additions & 3 deletions b/‎.github/CONTRIBUTING.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/feedback.md‎
Lines changed: 0 additions & 28 deletions b/‎.github/ISSUE_TEMPLATE/feedback.md‎
Lines changed: 0 additions & 28 deletions
diff --git a/‎.github/licenses.tmpl‎
Lines changed: 6 additions & 11 deletions b/‎.github/licenses.tmpl‎
Lines changed: 6 additions & 11 deletions
diff --git a/‎.github/secret_scanning.yml‎
Lines changed: 0 additions & 3 deletions b/‎.github/secret_scanning.yml‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎.github/workflows/bump-go.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/bump-go.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/deployment.yml‎
Lines changed: 41 additions & 15 deletions b/‎.github/workflows/deployment.yml‎
Lines changed: 41 additions & 15 deletions
diff --git a/‎.github/workflows/feature-request-comment.yml‎
Lines changed: 0 additions & 36 deletions b/‎.github/workflows/feature-request-comment.yml‎
Lines changed: 0 additions & 36 deletions
diff --git a/‎.github/workflows/issueauto.yml‎
Lines changed: 0 additions & 25 deletions b/‎.github/workflows/issueauto.yml‎
Lines changed: 0 additions & 25 deletions
diff --git a/‎.github/workflows/lint.yml‎
Lines changed: 6 additions & 6 deletions b/‎.github/workflows/lint.yml‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎.github/workflows/pr-help-wanted.yml‎
Lines changed: 0 additions & 46 deletions b/‎.github/workflows/pr-help-wanted.yml‎
Lines changed: 0 additions & 46 deletions
@@ -2,19 +2,19 @@
 
 Hi! Thanks for your interest in contributing to the GitHub CLI!
 
-We accept pull requests for bug fixes and features where we've discussed the approach in an issue and given the go-ahead for a community member to work on it. We'd also love to hear about ideas for new features as issues.
+We accept pull requests for issues labelled `help wanted`. We encourage issues and discussion posts for all other contributions.
 
 ### Please do:
 
 * Check issues to verify that a [bug][bug issues] or [feature request][feature request issues] issue does not already exist for the same problem or feature
 * Open an issue if things aren't working as expected
-* Open an issue to propose a significant change
+* Open an issue to propose a change
 * Open an issue to propose a design for an issue labelled [`needs-design` and `help wanted`][needs design and help wanted], following the [proposing a design guidelines](#proposing-a-design) instructions below
 * Open an issue to propose a new community supported `gh` package with details about support and redistribution
 * Mention `@cli/code-reviewers` when an issue you want to work on does not have clear Acceptance Criteria
 * Open a pull request for any issue labelled [`help wanted`][hw] and [`good first issue`][gfi]
 
-### Please _do not_:
+### Please _do NOT_:
 
 * Open a pull request for issues without the `help wanted` label or explicit Acceptance Criteria
 * Expand pull request scope to include changes that are not described in the issue's Acceptance Criteria
 
@@ -1,13 +1,8 @@
-# GitHub CLI dependencies
+GitHub CLI third-party dependencies
+====================================
 
-The following open source dependencies are used to build the [cli/cli][] GitHub CLI.
+The following open source dependencies are used to build the GitHub CLI.
 
-## Go Packages
-
-Some packages may only be included on certain architectures or operating systems.
-
-{{ range . }}
-- [{{.Name}}](https://pkg.go.dev/{{.Name}}) ([{{.LicenseName}}]({{.LicenseURL}}))
-{{- end }}
-
-[cli/cli]: https://github.com/cli/cli
+{{ range . -}}
+{{.Name}} ({{.Version}}) - {{.LicenseName}} - {{.LicenseURL}}
+{{ end }}
@@ -2,6 +2,7 @@ name: Bump Go
 on:
   schedule:
     - cron: "0 3 * * *" # 3 AM UTC
+  workflow_dispatch:
 permissions:
   contents: write
   pull-requests: write
 
@@ -50,10 +50,18 @@ jobs:
         with:
           go-version-file: 'go.mod'
       - name: Install GoReleaser
-        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a
+        uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
         with:
-          version: "~1.17.1"
+          # The version is pinned not only for security purposes, but also to avoid breaking
+          # our scripts, which rely on the specific file names generated by GoReleaser.
+          version: v2.13.1
           install-only: true
+      # We temporarily create a tag on HEAD to make the right version embedded
+      # in the built binaries, BUT we don't push it to the remote.
+      - name: Create temporary tag
+        env:
+          TAG_NAME: ${{ inputs.tag_name }}
+        run: git tag "$TAG_NAME"
       - name: Build release binaries
         env:
           TAG_NAME: ${{ inputs.tag_name }}
@@ -62,7 +70,7 @@ jobs:
         run: |
           go run ./cmd/gen-docs --website --doc-path dist/manual
           tar -czvf dist/manual.tar.gz -C dist -- manual
-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v7
         with:
           name: linux
           if-no-files-found: error
@@ -103,10 +111,18 @@ jobs:
           security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "$keychain_password" "$keychain"
           rm "$RUNNER_TEMP/cert.p12"
       - name: Install GoReleaser
-        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a
+        uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
         with:
-          version: "~1.17.1"
+          # The version is pinned not only for security purposes, but also to avoid breaking
+          # our scripts, which rely on the specific file names generated by GoReleaser.
+          version: v2.13.1
           install-only: true
+      # We temporarily create a tag on HEAD to make the right version embedded
+      # in the built binaries, BUT we don't push it to the remote.
+      - name: Create temporary tag
+        env:
+          TAG_NAME: ${{ inputs.tag_name }}
+        run: git tag "$TAG_NAME"
       - name: Build release binaries
         env:
           TAG_NAME: ${{ inputs.tag_name }}
@@ -134,7 +150,7 @@ jobs:
         run: |
           shopt -s failglob
           script/pkgmacos "$TAG_NAME"
-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v7
         with:
           name: macos
           if-no-files-found: error
@@ -157,9 +173,11 @@ jobs:
         with:
           go-version-file: 'go.mod'
       - name: Install GoReleaser
-        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a
+        uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
         with:
-          version: "~1.17.1"
+          # The version is pinned not only for security purposes, but also to avoid breaking
+          # our scripts, which rely on the specific file names generated by GoReleaser.
+          version: v2.13.1
           install-only: true
       - name: Install Azure Code Signing Client
         shell: pwsh
@@ -170,17 +188,24 @@ jobs:
           METADATA_PATH: ${{ runner.temp }}\acs\metadata.json
         run: |
           # Download Azure Code Signing client containing the DLL needed for signtool in script/sign
-          Invoke-WebRequest -Uri https://www.nuget.org/api/v2/package/Azure.CodeSigning.Client/1.0.43 -OutFile $Env:ACS_ZIP -Verbose
+          Invoke-WebRequest -Uri https://www.nuget.org/api/v2/package/Microsoft.Trusted.Signing.Client/1.0.95 -OutFile $Env:ACS_ZIP -Verbose
           Expand-Archive $Env:ACS_ZIP -Destination $Env:ACS_DIR -Force -Verbose
 
           # Generate metadata file for signtool, used in signing box .exe and .msi
           @{
             CertificateProfileName = "GitHubInc"
             CodeSigningAccountName = "GitHubInc"
             CorrelationId = $Env:CORRELATION_ID
-            Endpoint =  "https://wus.codesigning.azure.net/"
+            Endpoint =  "https://wus3.codesigning.azure.net/"
           } | ConvertTo-Json | Out-File -FilePath $Env:METADATA_PATH
 
+      # We temporarily create a tag on HEAD to make the right version embedded
+      # in the built binaries, BUT we don't push it to the remote.
+      - name: Create temporary tag
+        shell: bash
+        env:
+          TAG_NAME: ${{ inputs.tag_name }}
+        run: git tag "$TAG_NAME"
       # Azure Code Signing leverages the environment variables for secrets that complement the metadata.json
       # file generated above (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID)
       # For more information, see https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet
@@ -207,15 +232,15 @@ jobs:
             MSI_VERSION="$(cut -d_ -f2 <<<"$MSI_NAME" | cut -d- -f1)"
             case "$MSI_NAME" in
             *_386 )
-              source_dir="$PWD/dist/windows_windows_386"
+              source_dir="$PWD/dist/windows_windows_386_sse2"
               platform="x86"
               ;;
             *_amd64 )
               source_dir="$PWD/dist/windows_windows_amd64_v1"
               platform="x64"
               ;;
             *_arm64 )
-              source_dir="$PWD/dist/windows_windows_arm64"
+              source_dir="$PWD/dist/windows_windows_arm64_v8.0"
               platform="arm64"
               ;;
             * )
@@ -238,7 +263,7 @@ jobs:
           Get-ChildItem -Path .\dist -Filter *.msi | ForEach-Object {
             .\script\sign.ps1 $_.FullName
           }
-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v7
         with:
           name: windows
           if-no-files-found: error
@@ -256,7 +281,7 @@ jobs:
       - name: Checkout cli/cli
         uses: actions/checkout@v6
       - name: Merge built artifacts
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v8
       - name: Checkout documentation site
         uses: actions/checkout@v6
         with:
@@ -309,9 +334,10 @@ jobs:
           rpmsign --addsign dist/*.rpm
       - name: Attest release artifacts
         if: inputs.environment == 'production'
-        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
         with:
           subject-path: "dist/gh_*"
+          create-storage-record: false # (default: true)
       - name: Run createrepo
         env:
           GPG_SIGN: ${{ inputs.environment == 'production' }}
 
@@ -8,14 +8,14 @@ on:
       - go.mod
       - go.sum
       - ".github/licenses.tmpl"
-      - "script/licenses*"
+      - "script/licenses"
   pull_request:
     paths:
       - "**.go"
       - go.mod
       - go.sum
       - ".github/licenses.tmpl"
-      - "script/licenses*"
+      - "script/licenses"
 permissions:
   contents: read
 jobs:
@@ -50,16 +50,16 @@ jobs:
         with:
           version: v2.6.0
 
+      # Verify that license generation succeeds for all release platforms (GOOS/GOARCH).
+      # This catches issues like new dependencies with unrecognized licenses before release time.
+      #
       # actions/setup-go does not setup the installed toolchain to be preferred over the system install,
       # which causes go-licenses to raise "Package ... does not have module info" errors.
       # For more information, https://github.com/google/go-licenses/issues/244#issuecomment-1885098633
-      #
-      # go-licenses has been pinned for automation use.
-      - name: Check licenses
+      - name: Verify license generation
         run: |
           export GOROOT=$(go env GOROOT)
           export PATH=${GOROOT}/bin:$PATH
-          go install github.com/google/go-licenses@5348b744d0983d85713295ea08a20cca1654a45e # v2.0.1
           make licenses-check
 
   # Discover vulnerabilities within Go standard libraries used to build GitHub CLI using govulncheck.