- Clarify comment to say "matches" instead of "matches or exceeds"
- Update PR body to accurately reflect final go.mod state
- Show actual toolchain if present, or note it's not specified
- Provide clear explanation when toolchain is omitted
Co-authored-by: williammartin <1611510+williammartin@users.noreply.github.com>
- Compare major.minor versions instead of exact string match
- Preserve go directive if already at latest major.minor
- Handle cases where go.mod has full patch version (e.g., 1.25.6)
- Update PR body to use actual go directive from modified go.mod
- Add detailed comments explaining version handling logic
Co-authored-by: williammartin <1611510+williammartin@users.noreply.github.com>
- Add early trap setup to avoid exit code issues
- Handle missing toolchain directive gracefully with `|| true`
- Add logic to detect when toolchain is expected to be missing
- Add informative messages about missing toolchain
- Implement smart toolchain handling:
- Skip toolchain when go version matches latest (redundant)
- Add toolchain when go version is older than latest
- Update toolchain when it exists but is outdated
Co-authored-by: williammartin <1611510+williammartin@users.noreply.github.com>
When the copilot binary is found in PATH but exec fails (e.g., due to
unusual characters like parentheses in the path on Windows), append a
hint suggesting the user run `copilot` directly without `gh`.
The hint is only shown when the binary was already present on the host,
not when it was freshly downloaded and installed by `gh`.
Closescli/cli#13106
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
DETACHED_PROCESS leaves the gh send-telemetry child with no console at
all. When the transitive dependency thlib/go-timezone-local invokes
`tzutil /g` to resolve the local IANA timezone, the console-subsystem
tzutil binary allocates a fresh conhost — producing a visible window
flash on every gh invocation, which accumulates as orphan terminals
under terminal configurations that keep windows open on exit.
CREATE_NO_WINDOW gives the child a non-visible console that descendants
inherit, suppressing the flash. CREATE_NEW_PROCESS_GROUP is preserved
so Ctrl+C still does not propagate to the detached telemetry child.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
When a PR is opened as draft and later marked ready for review, the
check-requirements job's if filter excluded the ready_for_review action,
so the screening workflow never ran and unmet-requirements was never
applied. Add ready_for_review to the action filter so screening runs
when a draft PR transitions to requesting review.
Companion fix in desktop/gh-cli-and-desktop-shared-workflows updates the
called workflow's own filters to handle ready_for_review consistently.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The Go toolchain infers constraints from _darwin/_linux filename suffixes,
but explicit //go:build tags make the constraint visible without relying
on filename conventions, consistent with modern Go style.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Rename echo_test_{linux,darwin}.go to echo_{linux,darwin}_test.go so
they are only compiled during tests
- Narrow build tag from !windows to linux || darwin to avoid compile
failures on other Unix platforms
- Return error from waitForEchoDisabled instead of calling t.Fatal,
since the function is called from goroutines where FailNow would only
terminate the calling goroutine
Replace the fixed-duration sleep with a polling loop that checks the
actual TTY echo flag before sending password input. This eliminates the
race condition where huh has not yet disabled echo mode, which caused
flaky test failures in slow environments.
Follow-up to #13304.
https://github.com/actions/attest-build-provenance#usage
> As of version 4, actions/attest-build-provenance is simply a wrapper
> on top of actions/attest.
>
> Existing applications may continue to use the attest-build-provenance
> action, but new implementations should use actions/attest instead.
Opts in to the new PR screening features in the shared triage workflow:
- Instantly closes PRs with zero file changes
- Detects same-author resubmissions of recently closed PRs
- Fast-tracks small, well-described fixes to ready-for-review
- Accelerates closure of large unsolicited PRs (3 days vs 7)
Depends on desktop/gh-cli-and-desktop-shared-workflows#17
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The beforePasswordSendTimeout was set to 100 microseconds, which is
insufficient for huh to disable echo mode on the PTY in slow or
constrained environments (e.g. network-isolated build containers).
Increase to 100 milliseconds to avoid the race condition.
The four tests in this file (TestVerifyIntegration,
TestVerifyIntegrationCustomIssuer, TestVerifyIntegrationReusableWorkflow,
TestVerifyIntegrationReusableWorkflowSignerWorkflow) call
NewLiveSigstoreVerifier which requires network access to Sigstore and
GitHub TUF servers. Unlike the other integration test files in this
package (attestation_integration_test.go, sigstore_integration_test.go,
inspect_integration_test.go), this file was missing the //go:build
integration tag, causing these tests to run during a regular
'go test ./...' and fail in network-isolated build environments.
