* verify 2nd artifact without swapping order
possible solution to https://github.com/cli/cli/issues/9521#issuecomment-2310686619?
* copy the mentioned test file and adds some extra lines
* rm unnecessary import
* Update pkg/cmd/attestation/verification/attestation_test.go
Co-authored-by: Meredith Lancaster <malancas@users.noreply.github.com>
* gofmt
---------
Co-authored-by: Meredith Lancaster <malancas@users.noreply.github.com>
Changing to `release-notes.md` from `changelog.md` may help users better contextually understand usage.
Co-authored-by: Tyler McGoffin <jtmcg@github.com>
* Remove `Internal` from `gh repo create` prompt when owner is not an org
Closes#9464
Internal repos only exist for organizations, so when a user selects their
personal namespace to create a repo using `gh repo create`, `Internal`
should not be an option in the `Visibility` prompt.
This should avoid the additional quirk where if the user selects
`Internal` while creating a personal repo and then proceeds to add any
of the README, .gitignore, or LICENSE files prompted for later, the repo
will not error and instead get created as a `Public` repo. This has the
potential for a user to unknowingly leak sensitive info intended to go
into a non-public repo.
* Refactor prompter with test coverage
By extracting the repo visibility options to its own function,
getRepoVisibilityOptions, we're able to directly test the behavior
introduced with this change. This breaks the testing pattern established
here thus far, but may be a good example of the direction we should
explore for a future refactor.
* Add failing tests to check for error with internal vis in non-org repos
There is a bug in the code, currently, where a user repo can attempt to be
created as with `--internal` visibility flag when that is not an option
for non-org repos. It fails at the API level if the --gitignore,
--license, or --add-readme flags are not included, but silently falls back
to Public visibility if one of them is included.
Because this bug already existed, this commit adds the tests to ensure
that both scenarios described above are captured accurately by the test
suite. A fix for the latter scenario will be coming in a future commit
* Add Exclude to httpmock registry and implement in Test_repoCreate
Upon attempting to make the previous commit pass, I realized that it was
actually impossible to test what I wanted to. The tests in the previous
commit were behaving as expected given the bug that commit described, but
upon attempting to implement a solution I realized that the tests were
only testing the mocks and not the code functionality itself.
Essentially, when the code to fix the bug was implemented, the tests were
failing because the mocks required to test the buggy behavior were no
longer being called. To make the tests pass, I'd have to rewrite them, but
were I to remove the bug fix, the tests would no longer fail.
This pointed me to a gap in our httpmocks - the ability to intentionally
exclude api calls. The behavior I'm trying to test, here, is that we stop
executing when a certain condition is met, and therefore won't make any
subsequent api calls down the chain.
This implements the Exclude method on the registry such that it will fail
if an excluded api pattern is called. I have refactored the tests in
Test_repoCreate to use the Exclude mock for testing.
* Add error if user attempts to create repo with --internal flag
This was previously failing at either the API if no other flags were
included or falling back to creating a public repo if one of gitignore,
license, or add-readme were included.
* Add testing for error messages in gh repo create
In the previous commits, we've introduced a new error when a user tries to
create an Internal repo not owned by an organization. This adds tests to
verify that the error we are getting is, in fact, the one associated with
this use case and not some random error.
While the `state` field corresponds 1:1 with different GitHub Actions
states, the `bucket` field is an abstraction of the CLI that lacked
documentation. This both adds documentation about the existence of the
`bucket` field and enumerates the possible values.
