[pull] trunk from cli:trunk#14
Open
pull[bot] wants to merge 391 commits into
Open
Conversation
…attn/go-isatty-0.0.22 chore(deps): bump github.com/mattn/go-isatty from 0.0.21 to 0.0.22
Bump Go to 1.26.2
Add "Resource not accessible" to ProjectsV2IgnorableError
…er/goreleaser-action-7.2.1 chore(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1
The four tests in this file (TestVerifyIntegration, TestVerifyIntegrationCustomIssuer, TestVerifyIntegrationReusableWorkflow, TestVerifyIntegrationReusableWorkflowSignerWorkflow) call NewLiveSigstoreVerifier which requires network access to Sigstore and GitHub TUF servers. Unlike the other integration test files in this package (attestation_integration_test.go, sigstore_integration_test.go, inspect_integration_test.go), this file was missing the //go:build integration tag, causing these tests to run during a regular 'go test ./...' and fail in network-isolated build environments.
The beforePasswordSendTimeout was set to 100 microseconds, which is insufficient for huh to disable echo mode on the PTY in slow or constrained environments (e.g. network-isolated build containers). Increase to 100 milliseconds to avoid the race condition.
Add missing //go:build integration tag to verify_integration_test.go
…rd-test-timeout Fix flaky accessible prompter Password test timeout
Opts in to the new PR screening features in the shared triage workflow: - Instantly closes PRs with zero file changes - Detects same-author resubmissions of recently closed PRs - Fast-tracks small, well-described fixes to ready-for-review - Accelerates closure of large unsolicited PRs (3 days vs 7) Depends on desktop/gh-cli-and-desktop-shared-workflows#17 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Enable extended PR screening for external PRs
https://github.com/actions/attest-build-provenance#usage > As of version 4, actions/attest-build-provenance is simply a wrapper > on top of actions/attest. > > Existing applications may continue to use the attest-build-provenance > action, but new implementations should use actions/attest instead.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.5 to 1.18.6. - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](klauspost/compress@v1.18.5...v1.18.6) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-version: 1.18.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…ation fix(pr): remove numberFieldOnly optimization that skips API validation
Print `gh auth refresh` for 401 returns
Grammar fixes
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Bump `gh copilot` telemetry sampling to 100%
Record accessibility feature state in telemetry
…lauspost/compress-1.18.6 chore(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6
Replace the fixed-duration sleep with a polling loop that checks the actual TTY echo flag before sending password input. This eliminates the race condition where huh has not yet disabled echo mode, which caused flaky test failures in slow environments. Follow-up to #13304.
- Rename echo_test_{linux,darwin}.go to echo_{linux,darwin}_test.go so
they are only compiled during tests
- Narrow build tag from !windows to linux || darwin to avoid compile
failures on other Unix platforms
- Return error from waitForEchoDisabled instead of calling t.Fatal,
since the function is called from goroutines where FailNow would only
terminate the calling goroutine
The Go toolchain infers constraints from _darwin/_linux filename suffixes, but explicit //go:build tags make the constraint visible without relying on filename conventions, consistent with modern Go style. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…word-tests Poll TTY echo mode instead of sleeping in password tests
Switch from actions/attest-build-provenance to actions/attest
Fix skills acceptance tests
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.43.0 to 0.44.0. - [Commits](golang/term@v0.43.0...v0.44.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…/term-0.44.0 chore(deps): bump golang.org/x/term from 0.43.0 to 0.44.0
…odeql-action-4.36.2 chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2
…igstore/sigstore-go-1.2.1 chore(deps): bump github.com/sigstore/sigstore-go from 1.1.4 to 1.2.1
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.52.0 to 0.53.0. - [Commits](golang/crypto@v0.52.0...v0.53.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.53.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…/crypto-0.53.0 chore(deps): bump golang.org/x/crypto from 0.52.0 to 0.53.0
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Bump Go in devcontainer
Signed-off-by: Babak K. Shandiz <babakks@github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: sammorrowdrums <sammorrowdrums@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ly (#13548) Co-authored-by: sammorrowdrums <sammorrowdrums@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
printSummary gated the summary block on Failed+Passed+Skipping+Pending > 0, omitting Canceled. For a PR whose only checks were cancelled, the summary (and the 'Some checks were cancelled' message) was skipped, printing a blank line. Include Canceled in the guard. Signed-off-by: Seonghyun Hong <s3onghyun.hong@gmail.com>
The Universal agent host installed user-scoped skills to ~/.config/agents/skills, which is not the location scanned by the majority of compliant clients (Copilot CLI, Pi, OpenCode). Per the agentskills.io cross-client convention, user-level skills for compliant clients live under ~/.agents/skills. Switch UserDir for the universal agent to the shared project skills directory constant, matching the convention used by Warp and Cline. Add regression tests for both project and user scope. Fixes #13494
Address review: expand TestPrintSummary to exercise every summary path (no checks, all successful, failed, pending, cancelled) and drop the redundant separate regression case. Signed-off-by: Seonghyun Hong <s3onghyun.hong@gmail.com>
Co-authored-by: Patrick Wehbe <patrick.wehbe.applications@gmail.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
fix: show checks summary when all checks were cancelled
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ows-to-sha Pin reusable triage workflows to a commit SHA
Bumps [github.com/microsoft/dev-tunnels](https://github.com/microsoft/dev-tunnels) from 0.1.19 to 0.1.27. - [Release notes](https://github.com/microsoft/dev-tunnels/releases) - [Commits](microsoft/dev-tunnels@v0.1.19...v0.1.27) --- updated-dependencies: - dependency-name: github.com/microsoft/dev-tunnels dependency-version: 0.1.27 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
fix(skills): install universal agent to ~/.agents/skills
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…icrosoft/dev-tunnels-0.1.27 chore(deps): bump github.com/microsoft/dev-tunnels from 0.1.19 to 0.1.27
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
FetchRelease races a published-release REST lookup against a draft-release GraphQL lookup, and returned the first result unless it was ErrReleaseNotFound. A failing draft lookup, such as a 403 when unauthenticated, could mask a release the published lookup found. Prefer a found release and only error when both fail. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Downloading assets from a public repository's release works unauthenticated over REST, so drop the login gate. A token is still used when present. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
EnableRepoOverride's hook shadows the root auth gate, then re-runs the nearest ancestor hook to restore it. That re-run passed the ancestor as the command, so the gate judged the wrong node and ignored a leaf's DisableAuthCheck. Pass the invoked leaf instead, as cobra does for every persistent hook. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…-clone Allow downloading release assets without authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )