Skip to content

Commit c2bbc99

Browse files
committed
Merge remote-tracking branch 'upstream/trunk' into trunk
2 parents e22ccae + b626711 commit c2bbc99

1,302 files changed

Lines changed: 11872 additions & 176814 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/CONTRIBUTING.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,19 +2,19 @@
22

33
Hi! Thanks for your interest in contributing to the GitHub CLI!
44

5-
We accept pull requests for bug fixes and features where we've discussed the approach in an issue and given the go-ahead for a community member to work on it. We'd also love to hear about ideas for new features as issues.
5+
We accept pull requests for issues labelled `help wanted`. We encourage issues and discussion posts for all other contributions.
66

77
### Please do:
88

99
* Check issues to verify that a [bug][bug issues] or [feature request][feature request issues] issue does not already exist for the same problem or feature
1010
* Open an issue if things aren't working as expected
11-
* Open an issue to propose a significant change
11+
* Open an issue to propose a change
1212
* Open an issue to propose a design for an issue labelled [`needs-design` and `help wanted`][needs design and help wanted], following the [proposing a design guidelines](#proposing-a-design) instructions below
1313
* Open an issue to propose a new community supported `gh` package with details about support and redistribution
1414
* Mention `@cli/code-reviewers` when an issue you want to work on does not have clear Acceptance Criteria
1515
* Open a pull request for any issue labelled [`help wanted`][hw] and [`good first issue`][gfi]
1616

17-
### Please _do not_:
17+
### Please _do NOT_:
1818

1919
* Open a pull request for issues without the `help wanted` label or explicit Acceptance Criteria
2020
* Expand pull request scope to include changes that are not described in the issue's Acceptance Criteria
@@ -24,7 +24,7 @@ We accept pull requests for bug fixes and features where we've discussed the app
2424
## Building the project
2525

2626
Prerequisites:
27-
- Go 1.25+
27+
- Go 1.26+
2828

2929
Build with:
3030
* Unix-like systems: `make`

.github/ISSUE_TEMPLATE/bug_report.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
name: "\U0001F41B Bug report"
33
about: Report a bug or unexpected behavior while using GitHub CLI
44
title: ''
5-
labels: bug
5+
labels: ''
66
assignees: ''
77

88
---

.github/ISSUE_TEMPLATE/feedback.md

Lines changed: 0 additions & 28 deletions
This file was deleted.

.github/ISSUE_TEMPLATE/submit-a-design-proposal.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
name: "🎨 Submit a design proposal"
33
about: Submit a design to resolve an open issue that has both `needs-design` and `help-wanted` labels
44
title: ''
5-
labels: enhancement
5+
labels: ''
66
assignees: ''
77

88
---

.github/ISSUE_TEMPLATE/submit-a-request.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
name: "⭐ Submit a request"
33
about: Surface a feature or problem that you think should be solved
44
title: ''
5-
labels: enhancement
5+
labels: ''
66
assignees: ''
77

88
---

.github/licenses.tmpl

Lines changed: 6 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,8 @@
1-
# GitHub CLI dependencies
1+
GitHub CLI third-party dependencies
2+
====================================
23

3-
The following open source dependencies are used to build the [cli/cli][] GitHub CLI.
4+
The following open source dependencies are used to build the GitHub CLI.
45

5-
## Go Packages
6-
7-
Some packages may only be included on certain architectures or operating systems.
8-
9-
{{ range . }}
10-
- [{{.Name}}](https://pkg.go.dev/{{.Name}}) ([{{.LicenseName}}]({{.LicenseURL}}))
11-
{{- end }}
12-
13-
[cli/cli]: https://github.com/cli/cli
6+
{{ range . -}}
7+
{{.Name}} ({{.Version}}) - {{.LicenseName}} - {{.LicenseURL}}
8+
{{ end }}

.github/secret_scanning.yml

Lines changed: 0 additions & 3 deletions
This file was deleted.

.github/workflows/bump-go.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ name: Bump Go
22
on:
33
schedule:
44
- cron: "0 3 * * *" # 3 AM UTC
5+
workflow_dispatch:
56
permissions:
67
contents: write
78
pull-requests: write

.github/workflows/deployment.yml

Lines changed: 52 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -50,10 +50,18 @@ jobs:
5050
with:
5151
go-version-file: 'go.mod'
5252
- name: Install GoReleaser
53-
uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a
53+
uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
5454
with:
55-
version: "~1.17.1"
55+
# The version is pinned not only for security purposes, but also to avoid breaking
56+
# our scripts, which rely on the specific file names generated by GoReleaser.
57+
version: v2.13.1
5658
install-only: true
59+
# We temporarily create a tag on HEAD to make the right version embedded
60+
# in the built binaries, BUT we don't push it to the remote.
61+
- name: Create temporary tag
62+
env:
63+
TAG_NAME: ${{ inputs.tag_name }}
64+
run: git tag "$TAG_NAME"
5765
- name: Build release binaries
5866
env:
5967
TAG_NAME: ${{ inputs.tag_name }}
@@ -62,7 +70,7 @@ jobs:
6270
run: |
6371
go run ./cmd/gen-docs --website --doc-path dist/manual
6472
tar -czvf dist/manual.tar.gz -C dist -- manual
65-
- uses: actions/upload-artifact@v5
73+
- uses: actions/upload-artifact@v7
6674
with:
6775
name: linux
6876
if-no-files-found: error
@@ -103,10 +111,18 @@ jobs:
103111
security set-key-partition-list -S "apple-tool:,apple:,codesign:" -s -k "$keychain_password" "$keychain"
104112
rm "$RUNNER_TEMP/cert.p12"
105113
- name: Install GoReleaser
106-
uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a
114+
uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
107115
with:
108-
version: "~1.17.1"
116+
# The version is pinned not only for security purposes, but also to avoid breaking
117+
# our scripts, which rely on the specific file names generated by GoReleaser.
118+
version: v2.13.1
109119
install-only: true
120+
# We temporarily create a tag on HEAD to make the right version embedded
121+
# in the built binaries, BUT we don't push it to the remote.
122+
- name: Create temporary tag
123+
env:
124+
TAG_NAME: ${{ inputs.tag_name }}
125+
run: git tag "$TAG_NAME"
110126
- name: Build release binaries
111127
env:
112128
TAG_NAME: ${{ inputs.tag_name }}
@@ -134,7 +150,7 @@ jobs:
134150
run: |
135151
shopt -s failglob
136152
script/pkgmacos "$TAG_NAME"
137-
- uses: actions/upload-artifact@v5
153+
- uses: actions/upload-artifact@v7
138154
with:
139155
name: macos
140156
if-no-files-found: error
@@ -157,9 +173,11 @@ jobs:
157173
with:
158174
go-version-file: 'go.mod'
159175
- name: Install GoReleaser
160-
uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a
176+
uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
161177
with:
162-
version: "~1.17.1"
178+
# The version is pinned not only for security purposes, but also to avoid breaking
179+
# our scripts, which rely on the specific file names generated by GoReleaser.
180+
version: v2.13.1
163181
install-only: true
164182
- name: Install Azure Code Signing Client
165183
shell: pwsh
@@ -170,33 +188,45 @@ jobs:
170188
METADATA_PATH: ${{ runner.temp }}\acs\metadata.json
171189
run: |
172190
# Download Azure Code Signing client containing the DLL needed for signtool in script/sign
173-
Invoke-WebRequest -Uri https://www.nuget.org/api/v2/package/Azure.CodeSigning.Client/1.0.43 -OutFile $Env:ACS_ZIP -Verbose
191+
Invoke-WebRequest -Uri https://www.nuget.org/api/v2/package/Microsoft.Trusted.Signing.Client/1.0.95 -OutFile $Env:ACS_ZIP -Verbose
174192
Expand-Archive $Env:ACS_ZIP -Destination $Env:ACS_DIR -Force -Verbose
175193
176194
# Generate metadata file for signtool, used in signing box .exe and .msi
177195
@{
178196
CertificateProfileName = "GitHubInc"
179197
CodeSigningAccountName = "GitHubInc"
180198
CorrelationId = $Env:CORRELATION_ID
181-
Endpoint = "https://wus.codesigning.azure.net/"
199+
Endpoint = "https://wus3.codesigning.azure.net/"
182200
} | ConvertTo-Json | Out-File -FilePath $Env:METADATA_PATH
183201
184-
# Azure Code Signing leverages the environment variables for secrets that complement the metadata.json
185-
# file generated above (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID)
186-
# For more information, see https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet
202+
# We temporarily create a tag on HEAD to make the right version embedded
203+
# in the built binaries, BUT we don't push it to the remote.
204+
- name: Create temporary tag
205+
shell: bash
206+
env:
207+
TAG_NAME: ${{ inputs.tag_name }}
208+
run: git tag "$TAG_NAME"
209+
- name: Authenticate to Azure for code signing
210+
if: inputs.environment == 'production'
211+
uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0
212+
with:
213+
client-id: ${{ secrets.SPN_GITHUB_CLI_SIGNING_CLIENT_ID }}
214+
tenant-id: ${{ secrets.SPN_GITHUB_CLI_SIGNING_TENANT_ID }}
215+
allow-no-subscriptions: true
216+
# Azure Code Signing authenticates via OIDC (azure/login above). AZURE_CLIENT_ID and AZURE_TENANT_ID
217+
# are still passed so DefaultAzureCredential can identify the service principal.
187218
- name: Build release binaries
188219
shell: bash
189220
env:
190221
AZURE_CLIENT_ID: ${{ secrets.SPN_GITHUB_CLI_SIGNING_CLIENT_ID }}
191-
AZURE_CLIENT_SECRET: ${{ secrets.SPN_GITHUB_CLI_SIGNING }}
192222
AZURE_TENANT_ID: ${{ secrets.SPN_GITHUB_CLI_SIGNING_TENANT_ID }}
193223
DLIB_PATH: ${{ runner.temp }}\acs\bin\x64\Azure.CodeSigning.Dlib.dll
194224
METADATA_PATH: ${{ runner.temp }}\acs\metadata.json
195225
TAG_NAME: ${{ inputs.tag_name }}
196226
run: script/release --local "$TAG_NAME" --platform windows
197227
- name: Set up MSBuild
198228
id: setupmsbuild
199-
uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce
229+
uses: microsoft/setup-msbuild@30375c66a4eea26614e0d39710365f22f8b0af57
200230
- name: Build MSI
201231
shell: bash
202232
env:
@@ -207,15 +237,15 @@ jobs:
207237
MSI_VERSION="$(cut -d_ -f2 <<<"$MSI_NAME" | cut -d- -f1)"
208238
case "$MSI_NAME" in
209239
*_386 )
210-
source_dir="$PWD/dist/windows_windows_386"
240+
source_dir="$PWD/dist/windows_windows_386_sse2"
211241
platform="x86"
212242
;;
213243
*_amd64 )
214244
source_dir="$PWD/dist/windows_windows_amd64_v1"
215245
platform="x64"
216246
;;
217247
*_arm64 )
218-
source_dir="$PWD/dist/windows_windows_arm64"
248+
source_dir="$PWD/dist/windows_windows_arm64_v8.0"
219249
platform="arm64"
220250
;;
221251
* )
@@ -230,15 +260,14 @@ jobs:
230260
shell: pwsh
231261
env:
232262
AZURE_CLIENT_ID: ${{ secrets.SPN_GITHUB_CLI_SIGNING_CLIENT_ID }}
233-
AZURE_CLIENT_SECRET: ${{ secrets.SPN_GITHUB_CLI_SIGNING }}
234263
AZURE_TENANT_ID: ${{ secrets.SPN_GITHUB_CLI_SIGNING_TENANT_ID }}
235264
DLIB_PATH: ${{ runner.temp }}\acs\bin\x64\Azure.CodeSigning.Dlib.dll
236265
METADATA_PATH: ${{ runner.temp }}\acs\metadata.json
237266
run: |
238267
Get-ChildItem -Path .\dist -Filter *.msi | ForEach-Object {
239268
.\script\sign.ps1 $_.FullName
240269
}
241-
- uses: actions/upload-artifact@v5
270+
- uses: actions/upload-artifact@v7
242271
with:
243272
name: windows
244273
if-no-files-found: error
@@ -256,7 +285,7 @@ jobs:
256285
- name: Checkout cli/cli
257286
uses: actions/checkout@v6
258287
- name: Merge built artifacts
259-
uses: actions/download-artifact@v6
288+
uses: actions/download-artifact@v8
260289
- name: Checkout documentation site
261290
uses: actions/checkout@v6
262291
with:
@@ -309,9 +338,10 @@ jobs:
309338
rpmsign --addsign dist/*.rpm
310339
- name: Attest release artifacts
311340
if: inputs.environment == 'production'
312-
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
341+
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
313342
with:
314343
subject-path: "dist/gh_*"
344+
create-storage-record: false # (default: true)
315345
- name: Run createrepo
316346
env:
317347
GPG_SIGN: ${{ inputs.environment == 'production' }}
@@ -384,7 +414,7 @@ jobs:
384414
git diff --name-status @{upstream}..
385415
fi
386416
- name: Bump homebrew-core formula
387-
uses: mislav/bump-homebrew-formula-action@56a283fa15557e9abaa4bdb63b8212abc68e655c
417+
uses: mislav/bump-homebrew-formula-action@ccf2332299a883f6af50a1d2d41e5df7904dd769
388418
if: inputs.environment == 'production' && !contains(inputs.tag_name, '-')
389419
with:
390420
formula-name: gh

.github/workflows/feature-request-comment.yml

Lines changed: 0 additions & 36 deletions
This file was deleted.

0 commit comments

Comments
 (0)