STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11082 commits 87 branches 0 tags 160 MiB
Commit graph

11082 commits

This branch
This branch
All branches
Author SHA1 Message Date
tommaso-moro
e57fb436fa
add skills command scaffold 2026-04-15 15:43:43 +02:00
Babak K. Shandiz
f79cc02bdd
Merge pull request #13157 from timsu92/patch-2 
docs: fix SHA512 checksum for GPG key
 2026-04-15 10:19:32 +01:00
timsu92
d0e6747d5d
docs: fix SHA512 checksum for GPG key 
We missed one single character
 2026-04-15 11:41:31 +08:00
Kynan Ware
0cede16c5f
Merge pull request #13065 from cli/dependabot/go_modules/github.com/hashicorp/go-version-1.9.0 
chore(deps): bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0
 2026-04-14 12:46:07 -06:00
Kynan Ware
f09a9226fe
Merge pull request #13076 from cli/dependabot/go_modules/google.golang.org/grpc-1.80.0 
chore(deps): bump google.golang.org/grpc from 1.79.3 to 1.80.0
 2026-04-14 12:41:35 -06:00
dependabot[bot]
a0bace5c29
chore(deps): bump github.com/hashicorp/go-version from 1.8.0 to 1.9.0 
Bumps [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/hashicorp/go-version/releases)
- [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/go-version/compare/v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-version
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-14 18:37:41 +00:00
Kynan Ware
d3b2cebb60
Merge pull request #12918 from cli/dependabot/github_actions/advanced-security/filter-sarif-1.1 
chore(deps): bump advanced-security/filter-sarif from 1.0.1 to 1.1
 2026-04-14 12:36:19 -06:00
Kynan Ware
409fac4115
Merge pull request #13044 from cli/dependabot/go_modules/github.com/in-toto/attestation-1.2.0 
chore(deps): bump github.com/in-toto/attestation from 1.1.2 to 1.2.0
 2026-04-14 12:36:15 -06:00
Kynan Ware
a1367a1da0
Merge pull request #13128 from cli/dependabot/go_modules/github.com/sigstore/protobuf-specs-0.5.1 
chore(deps): bump github.com/sigstore/protobuf-specs from 0.5.0 to 0.5.1
 2026-04-14 12:33:00 -06:00
Kynan Ware
0ab87d222f
Merge pull request #13129 from cli/dependabot/go_modules/github.com/google/go-containerregistry-0.21.4 
chore(deps): bump github.com/google/go-containerregistry from 0.21.3 to 0.21.4
 2026-04-14 12:32:12 -06:00
dependabot[bot]
7c0cd98a59
chore(deps): bump google.golang.org/grpc from 1.79.3 to 1.80.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.79.3 to 1.80.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.79.3...v1.80.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-version: 1.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-14 18:31:53 +00:00
Kynan Ware
fae01b0ad9
Merge pull request #13152 from cli/dependabot/go_modules/github.com/sigstore/timestamp-authority/v2-2.0.6 
chore(deps): bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6
 2026-04-14 12:30:35 -06:00
dependabot[bot]
c6b79a1669
chore(deps): bump github.com/sigstore/timestamp-authority/v2 
Bumps [github.com/sigstore/timestamp-authority/v2](https://github.com/sigstore/timestamp-authority) from 2.0.3 to 2.0.6.
- [Release notes](https://github.com/sigstore/timestamp-authority/releases)
- [Changelog](https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/timestamp-authority/compare/v2.0.3...v2.0.6)

---
updated-dependencies:
- dependency-name: github.com/sigstore/timestamp-authority/v2
  dependency-version: 2.0.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-14 01:03:09 +00:00
Babak K. Shandiz
968720862b
Merge pull request #13150 from cli/babakks/add-keyring-sha-md5-sums 
docs: add sha/md5 checksums of keyring files
 2026-04-13 18:00:14 +01:00
Babak K. Shandiz
274a5d6bac
docs: add sha/md5 checksums of keyring files 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2026-04-13 10:16:12 +01:00
Kynan Ware
69585cc771
Merge pull request #13127 from cli/babakks/remove-debian-devel 
chore: delete experimental script/debian-devel
 2026-04-09 09:42:25 -06:00
dependabot[bot]
baf0a4c6ac
chore(deps): bump github.com/google/go-containerregistry 
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.21.3 to 0.21.4.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](https://github.com/google/go-containerregistry/compare/v0.21.3...v0.21.4)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-09 14:03:39 +00:00
dependabot[bot]
8453e431f9
chore(deps): bump github.com/sigstore/protobuf-specs from 0.5.0 to 0.5.1 
Bumps [github.com/sigstore/protobuf-specs](https://github.com/sigstore/protobuf-specs) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/sigstore/protobuf-specs/releases)
- [Changelog](https://github.com/sigstore/protobuf-specs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/protobuf-specs/compare/v0.5.0...v0.5.1)

---
updated-dependencies:
- dependency-name: github.com/sigstore/protobuf-specs
  dependency-version: 0.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-09 14:03:33 +00:00
Babak K. Shandiz
2598460f61
chore: delete experimental script/debian-devel 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2026-04-09 14:07:15 +01:00
Kynan Ware
6e91daa8b0
Merge pull request #13051 from cli/dependabot/go_modules/charm.land/bubbles/v2-2.1.0 
chore(deps): bump charm.land/bubbles/v2 from 2.0.0 to 2.1.0
 2026-04-08 11:44:02 -06:00
Kynan Ware
2119383982
Merge pull request #13119 from cli/kw/security-md-dep-cve-policy 
Document dependency CVE policy in SECURITY.md
 2026-04-08 11:38:45 -06:00
William Martin
a646bbeb8a
Merge pull request #13045 from cli/dependabot/go_modules/github.com/yuin/goldmark-1.8.2 
chore(deps): bump github.com/yuin/goldmark from 1.7.16 to 1.8.2
 2026-04-08 19:38:27 +02:00
dependabot[bot]
832e3e7fa0
chore(deps): bump charm.land/bubbles/v2 from 2.0.0 to 2.1.0 
Bumps [charm.land/bubbles/v2](https://github.com/charmbracelet/bubbles) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/charmbracelet/bubbles/releases)
- [Commits](https://github.com/charmbracelet/bubbles/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: charm.land/bubbles/v2
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-08 17:34:24 +00:00
Kynan Ware
51d3b9967e
Merge pull request #13116 from cli/babakks/bump-to-go1.26.2 
chore: bump to go1.26.2
 2026-04-08 11:32:52 -06:00
Kynan Ware
73d65ed701 Document dependency CVE policy in SECURITY.md 
Clarify that a dependency having a CVE does not mean gh has a
vulnerability. We use govulncheck for reachability analysis and
ask reporters to demonstrate impact before we act on dependency CVE
reports.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-08 11:28:30 -06:00
Babak K. Shandiz
97ba17b98a
Merge pull request #13112 from cli/babakks/add-pgp-fingerprints-to-install-docs 
docs: include PGP key fingerprints
 2026-04-08 14:55:45 +01:00
Babak K. Shandiz
1f94ee4c58
docs: add manual PGP key verification commands 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2026-04-08 13:07:33 +01:00
Babak K. Shandiz
e5927332c6
chore: re-add toolchain to go1.26.2 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2026-04-08 12:58:07 +01:00
Babak K. Shandiz
2eceb3908c
docs: polish wording around PGP keys 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2026-04-07 22:21:26 +01:00
Babak K. Shandiz
5f38ef1a02
docs: include PGP key fingerprints 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2026-04-07 22:13:06 +01:00
Babak K. Shandiz
d0558fcbaa
Merge pull request #13097 from Bahtya/fix-limit-final 
Fix infinite loop in `gh release list --limit 0`
 2026-04-04 11:30:21 +01:00
bahtya
57b2477752 Fix infinite loop in 'gh release list --limit 0' 
Other list subcommands correctly reject --limit 0 but 'release list'
does not validate the limit, causing an infinite loop.

Add validation consistent with other subcommands and a test.

Closes #13078
 2026-04-04 18:13:25 +08:00
dependabot[bot]
1e2755829c
chore(deps): bump github.com/in-toto/attestation from 1.1.2 to 1.2.0 
Bumps [github.com/in-toto/attestation](https://github.com/in-toto/attestation) from 1.1.2 to 1.2.0.
- [Release notes](https://github.com/in-toto/attestation/releases)
- [Commits](https://github.com/in-toto/attestation/compare/v1.1.2...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/in-toto/attestation
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-31 15:23:27 +00:00
William Martin
5d3c2ba569
Merge pull request #13071 from cli/dependabot/go_modules/github.com/klauspost/compress-1.18.5 
chore(deps): bump github.com/klauspost/compress from 1.18.4 to 1.18.5
 2026-03-31 17:22:09 +02:00
dependabot[bot]
4d22541239
chore(deps): bump github.com/klauspost/compress from 1.18.4 to 1.18.5 
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.4 to 1.18.5.
- [Release notes](https://github.com/klauspost/compress/releases)
- [Commits](https://github.com/klauspost/compress/compare/v1.18.4...v1.18.5)

---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
  dependency-version: 1.18.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-31 14:03:34 +00:00
William Martin
40da05861a
Merge pull request #13048 from thaJeztah/snappier 
replace github.com/golang/snappy with klauspost/compress/snappy
 2026-03-31 12:25:44 +02:00
Babak K. Shandiz
68c6d9e127
Merge pull request #13046 from cli/wm/gh-api-agent 
Ensure `api` and `auth` commands record agentic invocations
 2026-03-27 17:24:59 +00:00
Babak K. Shandiz
2bf528ccc7
test(internal/authflow): assert user-agent header is not modified/added 
Signed-off-by: Babak K. Shandiz <babakks@github.com>
 2026-03-27 11:48:17 +00:00
Sebastiaan van Stijn
6868d273ec
replace github.com/golang/snappy with klauspost/compress/snappy 
The github.com/golang/snappy repository was archived and is no longer
maintained. klauspost/compress provides a drop-in replacement, which
is actively maintained, and the klauspost/compress module is already
an existing (indirect) dependency.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2026-03-26 22:58:08 +01:00
William Martin
4e8aa562a3 docs: require tests and linter pass before committing 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-26 17:26:27 +01:00
William Martin
fb8e22a767 fix(auth): preserve User-Agent in authflow getViewer 
getViewer was building a new HTTP client from scratch, losing
AppVersion and InvokingAgent from the plain client already passed
into AuthFlow. Reuse the existing client by shallow-copying it and
wrapping its transport with AddAuthTokenHeader for the new token.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-26 17:26:27 +01:00
William Martin
268453803e fix(api): propagate InvokingAgent in gh api HTTP client 
The gh api command builds its own HTTP client inline without
forwarding InvokingAgent, so the User-Agent header was missing
the Agent/<name> suffix when invoked by AI coding agents.

Thread InvokingAgent through Factory → ApiOptions → HTTPClientOptions,
mirroring the existing AppVersion pattern.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-26 16:55:16 +01:00
dependabot[bot]
10294d6f4d
chore(deps): bump github.com/yuin/goldmark from 1.7.16 to 1.8.2 
Bumps [github.com/yuin/goldmark](https://github.com/yuin/goldmark) from 1.7.16 to 1.8.2.
- [Release notes](https://github.com/yuin/goldmark/releases)
- [Commits](https://github.com/yuin/goldmark/compare/v1.7.16...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/yuin/goldmark
  dependency-version: 1.8.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-26 14:03:39 +00:00
William Martin
b62671151b
Merge pull request #12859 from cli/kw/experimental-huh-prompter 
Add experimental huh-only prompter gated by GH_EXPERIMENTAL_PROMPTER
 2026-03-26 14:38:19 +01:00
William Martin
cb2b50576f Ensure huh prompter cleans up 2026-03-26 14:26:57 +01:00
Kynan Ware
84a3ba83e4 fix(huh prompter): remove unused fields and imports 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-26 14:26:57 +01:00
Kynan Ware
f92fab6124 go mod tidy 2026-03-26 14:26:56 +01:00
Kynan Ware
13e47d0078 feat(huh prompter): clear search input after submitting query 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-26 14:26:17 +01:00
Kynan Ware
cfb2224176 refactor(huh prompter): custom Field for MultiSelectWithSearch 
Replace the OptionsFunc-based MultiSelectWithSearch with a custom huh
Field implementation. huh's OptionsFunc runs in a goroutine, causing
data races with selection state and stale cache issues that made
selections disappear on toggle or search changes.

The custom field (multiSelectSearchField) combines a text input and
multi-select list in a single field with full control over the update
loop. Search runs asynchronously via tea.Cmd when the user presses
Enter, with a themed spinner during loading. Selections are stored in
a simple map — no goroutine races, no Eval cache, no syncAccessor.

Also adds defensive validation for mismatched Keys/Labels slices from
searchFunc.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-26 14:26:17 +01:00
Kynan Ware
f38abbe1ca feat(huh prompter): add placeholder to search input 
Add 'Type to search, Ctrl+U to clear' placeholder to the
MultiSelectWithSearch search input. Set WithWidth(80) in the test
harness to prevent textinput placeholder rendering panics when
there is no terminal.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-03-26 14:26:17 +01:00