diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index 1629d061..67225ca1 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -135,7 +135,9 @@ jobs: env: GH_TOKEN: ${{ github.token }} run: | - gh attestation verify --repo ${{ github.repository }} oci://${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}@${{ steps.build-and-push.outputs.digest }} --format json --jq '.[] | .attestation.bundle.dsseEnvelope | select(.payloadType == "application/vnd.in-toto+json").payload' | base64 -d | jq . > ${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ matrix.flavor }}_sha256_${{ steps.build-and-push.outputs.digest }}.intoto.jsonl + RAW_SHA=${{ steps.build-and-push.outputs.digest }} + FORMATTED_SHA=${RAW_SHA//:/_} + gh attestation verify --repo ${{ github.repository }} oci://${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}@${{ steps.build-and-push.outputs.digest }} --format json --jq '.[] | .attestation.bundle.dsseEnvelope | select(.payloadType == "application/vnd.in-toto+json").payload' | base64 -d | jq . > "${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ matrix.flavor }}_${FORMATTED_SHA}.intoto.jsonl" gh release upload ${{ github.ref_name }} ./*.intoto.jsonl - name: Update package details in release if: startsWith(github.ref, 'refs/tags/') diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index ee234e32..8958ff31 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -16,6 +16,9 @@ jobs: create-release: runs-on: ubuntu-latest steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 id: token with: diff --git a/test/cpp/features/steps/fixtures.ts b/test/cpp/features/steps/fixtures.ts index 6306116b..70071004 100644 --- a/test/cpp/features/steps/fixtures.ts +++ b/test/cpp/features/steps/fixtures.ts @@ -13,7 +13,7 @@ export const test = base.extend<{ codespacePage: CodespacePage }, { authenticati codespacePage: async ({ page }, use) => { const codespacePage = new CodespacePage(page); await codespacePage.goto(); - await codespacePage.areExtensionsActive(['SonarQube', 'CMake', 'Live Share', 'GitHub Pull Requests']); + await codespacePage.areExtensionsActive(['SonarQube', 'CMake', 'Live Share', 'GitHub']); await use(codespacePage); diff --git a/test/cpp/integration-tests.bats b/test/cpp/integration-tests.bats index 04612870..23690c1e 100644 --- a/test/cpp/integration-tests.bats +++ b/test/cpp/integration-tests.bats @@ -6,7 +6,7 @@ setup_file() { # Installing the Windows SDK/CRT takes a long time. # When still valid, use the installation from cache. - xwin --accept-license --cache-dir ${BATS_TEST_DIRNAME}/.xwin-hash list + xwin --accept-license --manifest-version 16 --cache-dir ${BATS_TEST_DIRNAME}/.xwin-hash list HASH_LIST_MANIFEST=$(sha256sum ${BATS_TEST_DIRNAME}/.xwin-hash/dl/manifest*.json | awk '{ print $1 }') HASH_CACHED_MANIFEST= @@ -15,7 +15,7 @@ setup_file() { fi if [[ $HASH_LIST_MANIFEST != $HASH_CACHED_MANIFEST ]]; then - xwin --accept-license --cache-dir ${BATS_TEST_DIRNAME}/.xwin-cache splat --preserve-ms-arch-notation + xwin --accept-license --manifest-version 16 --cache-dir ${BATS_TEST_DIRNAME}/.xwin-cache splat --preserve-ms-arch-notation fi ln -sf ${BATS_TEST_DIRNAME}/.xwin-cache/splat/ /winsdk