Require repo disambiguation for secret commands #10209
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
williammartin
changed the title
williammartin
commented
Jan 9, 2025
williammartin
force-pushed
the
wm/add-remote-check-to-secret
branch
2 times, most recently
from
fae1343 to
4282fef
Compare
jtmcg
reviewed
Jan 9, 2025
There was a problem hiding this comment.
Clever implementation, but I'm wondering if hoisting this even higher and into the factory's BaseRepo function might be the right choice. I'm not sure about the cost of that throughout the rest of the app, but the amount of repetition in the tests are giving me pause.
Maybe it isn't expansion of BaseRepo but instead the introduction of an UnambiguousBaseRepo function on the factory that secret delete, list, and set all use in place of BaseRepo. That way all the functionality is hoisted higher, you remove the need for repetitive testing, and you can rely on mocking in the command tests for the base repo instead of writing the tests you have here to validate the behavior.
williammartin
force-pushed
the
wm/add-remote-check-to-secret
branch
from
4282fef to
393b361
Compare
williammartin
changed the title
williammartin
force-pushed
the
wm/add-remote-check-to-secret
branch
from
af872c3 to
ac8ad5d
Compare
Co-authored-by: William Martin <williammartin@github.com>
Co-authored-by: William Martin <williammartin@github.com>
Co-authored-by: William Martin <williammartin@github.com>
NOTE: gh does not use the default repository for managing repository and environment secrets.
This is because the secret commands don't use the SmartBaseRepo behaviour, and therefore don't care about the resolved remote.
williammartin
force-pushed
the
wm/add-remote-check-to-secret
branch
from
ac8ad5d to
e7ffb1e
Compare
andyfeller
reviewed
Jan 15, 2025
Comment on lines
+102
to
+109
| var baseRepo ghrepo.Interface | ||
| if secretEntity == shared.Repository || secretEntity == shared.Environment { | ||
| baseRepo, err = opts.BaseRepo() | ||
| if err != nil { | ||
| return err | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
I assume this was moved higher up so any ambiguity errors are raised earlier before the other ways this can error.
There was a problem hiding this comment.
Yeh, similar to #10209 (comment) I just wanted the repo disambiguation frontloaded to avoid going through a bunch of steps only to discover this at the end.
Comment on lines
+18
to
+21
| t.Parallel() | ||
|
|
||
| t.Run("succeeds when there is only one remote", func(t *testing.T) { | ||
| t.Parallel() |
There was a problem hiding this comment.
I think this would make a great topic of conversation about testing craftsmanship.
andyfeller
approved these changes
Jan 15, 2025
There was a problem hiding this comment.
Having manually put it through its paces, I think this is good to go.
Testing notes
Building PR locally
$ cd Documents/workspace/cli/cli
$ gh pr checkout 10209
Already on 'wm/add-remote-check-to-secret'
Your branch is up to date with 'origin/wm/add-remote-check-to-secret'.
Already up to date.
$ make
go build -trimpath -ldflags "-X github.com/cli/cli/v2/internal/build.Date=2025-01-15 -X github.com/cli/cli/v2/internal/build.Version=v2.65.0-138-ge7ffb1e4 " -o bin/gh ./cmd/gh
``
Setting up upstream and fork repos for testing
```shell
$ ~/Documents/workspace/cli/cli/bin/gh repo create gh-acceptance-testing/10209-upstream --add-readme --private --clone
✓ Created repository gh-acceptance-testing/10209-upstream on GitHub
https://github.com/gh-acceptance-testing/10209-upstream
Cloning into '10209-upstream'...
$ ~/Documents/workspace/cli/cli/bin/gh repo fork gh-acceptance-testing/10209-upstream --org gh-acceptance-testing --fork-name 10209-fork
✓ Created fork gh-acceptance-testing/10209-fork
? Would you like to clone the fork? Yes
Cloning into '10209-fork'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
Receiving objects: 100% (3/3), done.
From https://github.com/gh-acceptance-testing/10209-upstream
* [new branch] main -> upstream/main
✓ Cloned fork
! Repository gh-acceptance-testing/10209-upstream set as the default repository. To learn more about the default repository, run: gh repo set-default --helpConfirming ambiguous prompt behavior
$ cd 10209-fork
$ ~/Documents/workspace/cli/cli/bin/gh secret set SECRET --body "should be fork"
! Multiple remotes detected. Due to the sensitive nature of secrets, requiring disambiguation.
? Select a repo [Use arrows to move, type to filter]
> gh-acceptance-testing/10209-upstream
gh-acceptance-testing/10209-forkCreating secrets on upstream and fork for testing in workflow run
$ ~/Documents/workspace/cli/cli/bin/gh secret set SECRET --body "should be fork" --repo gh-acceptance-testing/10209-fork
✓ Set Actions secret SECRET for gh-acceptance-testing/10209-fork
$ ~/Documents/workspace/cli/cli/bin/gh secret set SECRET --body "should be upstream" --repo gh-acceptance-testing/10209-upstream
✓ Set Actions secret SECRET for gh-acceptance-testing/10209-upstreamCreating workflow to test secrets
$ cd ..
$ cd 10209-upstream
$ mkdir -p .github/workflows
$ cat << EOF > .github/workflows/verify.yml
# This workflow is intended to assert the value of the GitHub Actions secret was set appropriately
name: Test Workflow Name
on:
# Allow workflow to be dispatched by gh workflow run
workflow_dispatch:
jobs:
# This workflow contains a single job called "assert" that should only pass if the GitHub Actions secret value matches
assert:
runs-on: ubuntu-latest
steps:
- name: Assert secret value matches
env:
SECRET: ${{ secrets.SECRET }}
run: |
if [[ "$SECRET" == "should be upstream" ]]; then
echo "GitHub Actions secret value states it should be the upstream value"
elif [[ "$SECRET" == "should be fork" ]]; then
echo "GitHub Actions secret value states it should be the fork value"
else
echo "GitHub Actions secret value does not match anything we expect; this is bad"
exit 1
fi
EOF
$ git add verify.yml
$ git commit -m "Test workflow"
$ git push
Enumerating objects: 6, done.
Counting objects: 100% (6/6), done.
Delta compression using up to 16 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (5/5), 762 bytes | 762.00 KiB/s, done.
Total 5 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
To https://github.com/gh-acceptance-testing/10209-upstream.git
006dbc5..4c1d420 main -> mainTesting secret values with workflow in upstream
$ ~/Documents/workspace/cli/cli/bin/gh run view 12791122577 --repo gh-acceptance-testing/10209-upstream --log
assert Set up job 2025-01-15T15:04:17.5302179Z Current runner version: '2.321.0'
assert Set up job 2025-01-15T15:04:17.5340288Z ##[group]Operating System
assert Set up job 2025-01-15T15:04:17.5341721Z Ubuntu
assert Set up job 2025-01-15T15:04:17.5342556Z 24.04.1
assert Set up job 2025-01-15T15:04:17.5343331Z LTS
assert Set up job 2025-01-15T15:04:17.5344352Z ##[endgroup]
assert Set up job 2025-01-15T15:04:17.5345387Z ##[group]Runner Image
assert Set up job 2025-01-15T15:04:17.5346389Z Image: ubuntu-24.04
assert Set up job 2025-01-15T15:04:17.5347395Z Version: 20250105.1.0
assert Set up job 2025-01-15T15:04:17.5349449Z Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20250105.1/images/ubuntu/Ubuntu2404-Readme.md
assert Set up job 2025-01-15T15:04:17.5351932Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20250105.1
assert Set up job 2025-01-15T15:04:17.5353680Z ##[endgroup]
assert Set up job 2025-01-15T15:04:17.5354509Z ##[group]Runner Image Provisioner
assert Set up job 2025-01-15T15:04:17.5355565Z 2.0.414.1
assert Set up job 2025-01-15T15:04:17.5356502Z ##[endgroup]
assert Set up job 2025-01-15T15:04:17.5358706Z ##[group]GITHUB_TOKEN Permissions
assert Set up job 2025-01-15T15:04:17.5361479Z Contents: read
assert Set up job 2025-01-15T15:04:17.5362448Z Metadata: read
assert Set up job 2025-01-15T15:04:17.5363318Z Packages: read
assert Set up job 2025-01-15T15:04:17.5364702Z ##[endgroup]
assert Set up job 2025-01-15T15:04:17.5369809Z Secret source: Actions
assert Set up job 2025-01-15T15:04:17.5370966Z Prepare workflow directory
assert Set up job 2025-01-15T15:04:17.5856623Z Prepare all required actions
assert Set up job 2025-01-15T15:04:17.5997410Z Complete job name: assert
assert Assert secret value matches 2025-01-15T15:04:17.7028911Z ##[group]Run if [[ "$SECRET" == "***" ]]; then
assert Assert secret value matches 2025-01-15T15:04:17.7029780Z if [[ "$SECRET" == "***" ]]; then
assert Assert secret value matches 2025-01-15T15:04:17.7030538Z echo "GitHub Actions secret value states it should be the upstream value"
assert Assert secret value matches 2025-01-15T15:04:17.7031334Z elif [[ "$SECRET" == "should be fork" ]]; then
assert Assert secret value matches 2025-01-15T15:04:17.7032092Z echo "GitHub Actions secret value states it should be the fork value"
assert Assert secret value matches 2025-01-15T15:04:17.7032792Z else
assert Assert secret value matches 2025-01-15T15:04:17.7033440Z echo "GitHub Actions secret value does not match anything we expect; this is bad"
assert Assert secret value matches 2025-01-15T15:04:17.7034181Z exit 1
assert Assert secret value matches 2025-01-15T15:04:17.7034574Z fi
assert Assert secret value matches 2025-01-15T15:04:17.7258622Z shell: /usr/bin/bash -e {0}
assert Assert secret value matches 2025-01-15T15:04:17.7259548Z env:
assert Assert secret value matches 2025-01-15T15:04:17.7260120Z SECRET: ***
assert Assert secret value matches 2025-01-15T15:04:17.7260542Z ##[endgroup]
assert Assert secret value matches 2025-01-15T15:04:17.7506265Z GitHub Actions secret value states it should be the upstream value
assert Complete job 2025-01-15T15:04:17.7609521Z Cleaning up orphan processesSyncing local fork to pickup workflow change
$ ~/Documents/workspace/cli/cli/bin/gh repo sync
✓ Synced the "main" branch from "gh-acceptance-testing/10209-upstream" to local repository
$ git push
Total 0 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
To https://github.com/gh-acceptance-testing/10209-fork.git
006dbc5..6db6d5e main -> mainTesting secret values with workflow in fork
$ ~/Documents/workspace/cli/cli/bin/gh workflow run verify.yml --repo gh-acceptance-testing/10209-fork
✓ Created workflow_dispatch event for verify.yml at main
To see runs for this workflow, try: gh run list --workflow=verify.yml
$ ~/Documents/workspace/cli/cli/bin/gh run list --repo gh-acceptance-testing/10209-fork
STATUS TITLE WORKFLOW BRANCH EVENT ID ELAPSED AGE
* Test Workflow Name Test Workflow Name main workflow_dispatch 12791264263 10s less than a minute ago
$ ~/Documents/workspace/cli/cli/bin/gh run view 12791264263 --log --repo gh-acceptance-testing/10209-fork
assert Set up job 2025-01-15T15:11:08.7937555Z Current runner version: '2.321.0'
assert Set up job 2025-01-15T15:11:08.7969975Z ##[group]Operating System
assert Set up job 2025-01-15T15:11:08.7970877Z Ubuntu
assert Set up job 2025-01-15T15:11:08.7971579Z 24.04.1
assert Set up job 2025-01-15T15:11:08.7972354Z LTS
assert Set up job 2025-01-15T15:11:08.7972915Z ##[endgroup]
assert Set up job 2025-01-15T15:11:08.7973627Z ##[group]Runner Image
assert Set up job 2025-01-15T15:11:08.7974320Z Image: ubuntu-24.04
assert Set up job 2025-01-15T15:11:08.7974948Z Version: 20250105.1.0
assert Set up job 2025-01-15T15:11:08.7976335Z Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20250105.1/images/ubuntu/Ubuntu2404-Readme.md
assert Set up job 2025-01-15T15:11:08.7978054Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20250105.1
assert Set up job 2025-01-15T15:11:08.7979165Z ##[endgroup]
assert Set up job 2025-01-15T15:11:08.7979889Z ##[group]Runner Image Provisioner
assert Set up job 2025-01-15T15:11:08.7980606Z 2.0.414.1
assert Set up job 2025-01-15T15:11:08.7981115Z ##[endgroup]
assert Set up job 2025-01-15T15:11:08.7982801Z ##[group]GITHUB_TOKEN Permissions
assert Set up job 2025-01-15T15:11:08.7985103Z Contents: read
assert Set up job 2025-01-15T15:11:08.7985850Z Metadata: read
assert Set up job 2025-01-15T15:11:08.7986468Z Packages: read
assert Set up job 2025-01-15T15:11:08.7987448Z ##[endgroup]
assert Set up job 2025-01-15T15:11:08.7990772Z Secret source: Actions
assert Set up job 2025-01-15T15:11:08.7991927Z Prepare workflow directory
assert Set up job 2025-01-15T15:11:08.8320617Z Prepare all required actions
assert Set up job 2025-01-15T15:11:08.8415448Z Complete job name: assert
assert Assert secret value matches 2025-01-15T15:11:08.9501281Z ##[group]Run if [[ "$SECRET" == "should be upstream" ]]; then
assert Assert secret value matches 2025-01-15T15:11:08.9503026Z if [[ "$SECRET" == "should be upstream" ]]; then
assert Assert secret value matches 2025-01-15T15:11:08.9504563Z echo "GitHub Actions secret value states it should be the upstream value"
assert Assert secret value matches 2025-01-15T15:11:08.9506369Z elif [[ "$SECRET" == "***" ]]; then
assert Assert secret value matches 2025-01-15T15:11:08.9507927Z echo "GitHub Actions secret value states it should be the fork value"
assert Assert secret value matches 2025-01-15T15:11:08.9509304Z else
assert Assert secret value matches 2025-01-15T15:11:08.9510576Z echo "GitHub Actions secret value does not match anything we expect; this is bad"
assert Assert secret value matches 2025-01-15T15:11:08.9512315Z exit 1
assert Assert secret value matches 2025-01-15T15:11:08.9513214Z fi
assert Assert secret value matches 2025-01-15T15:11:08.9866996Z shell: /usr/bin/bash -e {0}
assert Assert secret value matches 2025-01-15T15:11:08.9868123Z env:
assert Assert secret value matches 2025-01-15T15:11:08.9868850Z SECRET: ***
assert Assert secret value matches 2025-01-15T15:11:08.9869374Z ##[endgroup]
assert Assert secret value matches 2025-01-15T15:11:09.0102099Z GitHub Actions secret value states it should be the fork value
assert Complete job 2025-01-15T15:11:09.0242915Z Cleaning up orphan processes
jtmcg
approved these changes
Jan 16, 2025
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Feb 4, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [cli/cli](https://github.com/cli/cli) | minor | `v2.65.0` -> `v2.66.1` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>cli/cli (cli/cli)</summary> ### [`v2.66.1`](https://github.com/cli/cli/releases/tag/v2.66.1): GitHub CLI 2.66.1 [Compare Source](cli/cli@v2.66.0...v2.66.1) #### Hotfix: `gh pr view` fails with provided URL This addresses a regression in `gh pr view` was reported in [#​10352](cli/cli#10352). This regression was due to a change in `v2.66.0` that no longer allowed `gh pr` subcommands to execute properly outside of a git repo. #### What's Changed - Hotfix: `gh pr view` fails with provided URL by [@​jtmcg](https://github.com/jtmcg) in cli/cli#10354 **Full Changelog**: cli/cli@v2.66.0...v2.66.1 ### [`v2.66.0`](https://github.com/cli/cli/releases/tag/v2.66.0): GitHub CLI 2.66.0 [Compare Source](cli/cli@v2.65.0...v2.66.0) #### `gh pr view` and `gh pr status` now respect common triangular workflow configurations Previously, `gh pr view` and `gh pr status` would fail for pull request's (MR) open in triangular workflows. This was due to `gh` being unable to identify the MR's corresponding remote and branch refs on GitHub. Now, `gh pr view` and `gh pr status` should successfully identify the MR's refs when the following common git configurations are used: - [`branch.<branchName>.pushremote`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-branchltnamegtpushRemote) is set - [`remote.pushDefault`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-remotepushDefault) is set Branch specific configuration, the former, supersedes repo specific configuration, the latter. Additionally, if the [`@{push}` revision syntax](https://git-scm.com/docs/gitrevisions#Documentation/gitrevisions.txt-emltbranchnamegtpushemegemmasterpushemempushem) for git resolves for a branch, `gh pr view` and `gh pr status` should work regardless of additional config settings. For more information, see - cli/cli#9363 - cli/cli#9364 - cli/cli#9365 - cli/cli#9374 #### `gh secret list`, `gh secret set`, and `gh secret delete` now require repository selection when multiple `git` remotes are present Previously, `gh secret list`, `gh secret set`, and `gh secret delete` would determine which remote to target for interacting with GitHub Actions secrets. Remotes marked as default using `gh repo set-default` or through other `gh` commands had higher priority when figuring out which repository to interact with. This could have unexpected outcomes when using `gh secret` commands with forked repositories as the upstream repository would generally be selected. Now, `gh secret` commands require users to disambiguate which repository should be the target if multiple remotes are present and the `-R, --repo` flag is not provided. For more information, see cli/cli#4688 #### Extension update notices now notify once every 24 hours per extension and can be disabled Previously, the GitHub CLI would notify users about newer versions every time an extension was executed. This did not match GitHub CLI notices, which only notified users once every 24 hours and could be disabled through an environment variable. Now, extension update notices will behave similar to GitHub CLI notices. To disable extension update notices, set the `GH_NO_EXTENSION_UPDATE_NOTIFIER` environment variable. For more information, see cli/cli#9925 #### What's Changed ##### ✨ Features - Draft for discussing testing around extension update checking behavior by [@​andyfeller](https://github.com/andyfeller) in cli/cli#9985 - Make extension update check non-blocking by [@​andyfeller](https://github.com/andyfeller) in cli/cli#10239 - Ensure extension update notices only notify once within 24 hours, provide ability to disable all extension update notices by [@​andyfeller](https://github.com/andyfeller) in cli/cli#9934 - feat: make the extension upgrade fancier by [@​nobe4](https://github.com/nobe4) in cli/cli#10194 - fix: padded display by [@​nobe4](https://github.com/nobe4) in cli/cli#10216 - Update `gh attestation` attestation bundle fetching logic by [@​malancas](https://github.com/malancas) in cli/cli#10185 - Require repo disambiguation for secret commands by [@​williammartin](https://github.com/williammartin) in cli/cli#10209 - show error message for rerun workflow older than a month ago by [@​iamrajhans](https://github.com/iamrajhans) in cli/cli#10227 - Update `gh attestation verify` table output by [@​malancas](https://github.com/malancas) in cli/cli#10104 - Enable MSI building for Windows arm64 by [@​dennisameling](https://github.com/dennisameling) in cli/cli#10297 - feat: Add support for creating autolink references by [@​hoffm](https://github.com/hoffm) in cli/cli#10180 - Find MRs using `@{push}` by [@​Frederick888](https://github.com/Frederick888) in cli/cli#9208 - feat: Add support for viewing autolink references by [@​hoffm](https://github.com/hoffm) in cli/cli#10324 - Update `gh attestation` bundle fetching logic by [@​malancas](https://github.com/malancas) in cli/cli#10339 ##### 🐛 Fixes - gh gist delete: prompt for gist id by [@​danochoa](https://github.com/danochoa) in cli/cli#10154 - Better handling for waiting for codespaces to become ready by [@​cmbrose](https://github.com/cmbrose) in cli/cli#10198 - Fix: `gh gist view` and `gh gist edit` prompts with no TTY by [@​mateusmarquezini](https://github.com/mateusmarquezini) in cli/cli#10048 - Remove naked return values from `ReadBranchConfig` and `prSelectorForCurrentBranch` by [@​jtmcg](https://github.com/jtmcg) in cli/cli#10197 - Add job to deployment workflow to validate the tag name for a given release by [@​jtmcg](https://github.com/jtmcg) in cli/cli#10121 - \[gh run list] Stop progress indicator on failure from `--workflow` flag by [@​iamazeem](https://github.com/iamazeem) in cli/cli#10323 - Update deployment.yml by [@​andyfeller](https://github.com/andyfeller) in cli/cli#10340 ##### 📚 Docs & Chores - Add affected version heading to bug report issue form by [@​BagToad](https://github.com/BagToad) in cli/cli#10269 - chore: fix some comments by [@​petercover](https://github.com/petercover) in cli/cli#10296 - Update triage.md to reflect FR experiment outcome by [@​jtmcg](https://github.com/jtmcg) in cli/cli#10196 - Clear up --with-token fine grained PAT usage by [@​williammartin](https://github.com/williammartin) in cli/cli#10186 - Correct help documentation around template use in `gh issue create` by [@​andyfeller](https://github.com/andyfeller) in cli/cli#10208 - chore: fix some function names in comment by [@​zhuhaicity](https://github.com/zhuhaicity) in cli/cli#10225 - Tiny typo fix by [@​robmorgan](https://github.com/robmorgan) in cli/cli#10265 - add install instructions for Manjaro Linux by [@​AMS21](https://github.com/AMS21) in cli/cli#10236 - Update test to be compatible with latest Glamour v0.8.0 by [@​ottok](https://github.com/ottok) in cli/cli#10151 - Add more `gh attestation verify` integration tests by [@​malancas](https://github.com/malancas) in cli/cli#10102 #####Dependencies - Bump github.com/mattn/go-colorable from 0.1.13 to 0.1.14 by [@​dependabot](https://github.com/dependabot) in cli/cli#10215 - Bump github.com/sigstore/protobuf-specs from 0.3.2 to 0.3.3 by [@​dependabot](https://github.com/dependabot) in cli/cli#10214 - Bump github.com/gabriel-vasile/mimetype from 1.4.7 to 1.4.8 by [@​dependabot](https://github.com/dependabot) in cli/cli#10184 - Bump google.golang.org/protobuf from 1.36.2 to 1.36.3 by [@​dependabot](https://github.com/dependabot) in cli/cli#10250 - Bump golangci-linter and address failures to prepare for Go 1.24 strictness by [@​mikelolasagasti](https://github.com/mikelolasagasti) in cli/cli#10279 - Bump github.com/google/go-containerregistry from 0.20.2 to 0.20.3 by [@​dependabot](https://github.com/dependabot) in cli/cli#10257 - Bump actions/attest-build-provenance from 2.1.0 to 2.2.0 by [@​dependabot](https://github.com/dependabot) in cli/cli#10300 - Bump google.golang.org/protobuf from 1.36.3 to 1.36.4 by [@​dependabot](https://github.com/dependabot) in cli/cli#10306 - Upgrade sigstore-go to v0.7.0: fixes [#​10114](cli/cli#10114) formatting issue by [@​codysoyland](https://github.com/codysoyland) in cli/cli#10309 - Bump github.com/in-toto/attestation from 1.1.0 to 1.1.1 by [@​dependabot](https://github.com/dependabot) in cli/cli#10319 #### New Contributors Big thank you to our many new *and* longtime contributors making this release happen!! ❤️ ✨ - [@​zhuhaicity](https://github.com/zhuhaicity) made their first contribution in cli/cli#10225 - [@​danochoa](https://github.com/danochoa) made their first contribution in cli/cli#10154 - [@​robmorgan](https://github.com/robmorgan) made their first contribution in cli/cli#10265 - [@​iamrajhans](https://github.com/iamrajhans) made their first contribution in cli/cli#10227 - [@​AMS21](https://github.com/AMS21) made their first contribution in cli/cli#10236 - [@​petercover](https://github.com/petercover) made their first contribution in cli/cli#10296 - [@​ottok](https://github.com/ottok) made their first contribution in cli/cli#10151 - [@​dennisameling](https://github.com/dennisameling) made their first contribution in cli/cli#10297 - [@​iamazeem](https://github.com/iamazeem) made their first contribution in cli/cli#10323 - [@​Frederick888](https://github.com/Frederick888) made their first contribution in cli/cli#9208 **Full Changelog**: cli/cli@v2.65.0...v2.66.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNDMuMCIsInVwZGF0ZWRJblZlciI6IjM5LjE0Ni40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fixes #4688
Supersedes #9083
Testing
There is a new acceptance test to run through the non-interactive cases:
The other secret A/C tests that are expected to pass, pass.
There are some scripts in 0c9b6ed that demonstrate the behaviour. Most importantly, interactive prompting: