Skip to content

Releases: cli/cli

GitHub CLI 2.69.0

19 Mar 16:07
45ffa3c
Compare
Choose a tag to compare

What's Changed

Features

  • Commands that accept filepath arguments will do glob expansion for * characters, by @iamazeem in #10413

Bug Fixes

  • gh issue/pr comment --edit-last no longer creates a comment in non-interactive mode if there weren't one. A new flag --create-if-none provides this behaviour, by @andyfeller in #10625
  • gh repo sync provides a more informative error for missing workflow permissions when the token is provided by a GitHub app, by @wata727 in #10574
  • gh api no longer tries to encode URLs incorrectly, by @williammartin in #10630

Other

New Contributors

Full Changelog: v2.68.1...v2.69.0

GitHub CLI 2.68.1

06 Mar 11:29
fc19ff3
Compare
Choose a tag to compare

What's Changed

Full Changelog: v2.68.0...v2.68.1

GitHub CLI 2.68.0

05 Mar 20:03
a92528a
Compare
Choose a tag to compare

What's Changed

✨ Features

  • [gh repo view] Improve error message for forked repo by @iamazeem in #10334
  • Add signer-digest, source-ref, and source-digest options for gh attestation verify by @malancas in #10308
  • [gh pr checkout] Add --no-tags option to git fetch commands in checkout by @latzskim in #10479
  • [gh issue/pr comment] Add --create-if-none and prompts to create a comment if no comment already exists by @latzskim in #10427
  • [gh cache delete --all] Add --succeed-on-no-caches flag to return exit code 0 by @iamazeem in #10327
  • [gh release create] Fail when there are no new commits since the last release by @iamazeem in #10398
  • update default upstream when forking repo during PR creation by @daviddl9 in #10458

🐛 Fixes

  • Refactor GetLocalAttestations and clean up custom registry transport by @malancas in #10382
  • Check GH_REPO too in addition to --repo for disambiguation by @williammartin in #10539
    • (Fixes gh secret subcommands not working outside of a repository)
  • Fix unhandled panic in FindWorkflow and add tests by @jtmcg in #10521
  • Fix checkout when URL arg is from fork and cwd is upstream by @williammartin in #10512
  • [gh api] Escape package name (URL encoding) for packages endpoint by @iamazeem in #10384
  • Fix remoteResolver caching issue by @iamazeem in #10456
  • Fix gh project item-edit to allow --number 0 as a valid value by @aryanbhosale in #10417
  • Add mutex to fix race in attestation test client by @codysoyland in #10439
  • Base64 decode GPG passphrase in deployment workflow by @BagToad in #10546

📚 Docs & Chores

:dependabot: Dependencies

GitHub CLI 2.67.0

11 Feb 19:54
6899fe2
Compare
Choose a tag to compare

Security

A bug in gh attestation verify may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type <value> or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact has an attestation with a predicate type different from the one provided in the command. As a result, users relying solely on these exit codes may mistakenly believe the attestation has been verified, despite the absence of an attestation with the specified predicate type and the tool printing a verification failure.

Users are advised to update gh to version v2.67.0 as soon as possible.

For more information, see GHSA-fgw4-v983-mgp8

gh pr checkout now supports interactively selecting a pull request

Similar to commands like gh workflow run which prompts for a workflow to run, now gh pr checkout will prompt for a pull request to checkout. The list is currently limited to the most recent 10 pull requests in the repository.

393797385-499b5dfb-3103-42b8-876a-3a2d4d7173c8.mov

Big thank you to @nilvng for implementing this 🙌

Contributing guidelines updated

We've updated our CONTRIBUTING.md guidelines to give more clarity around old help wanted issues.

TLDR:

  • Please directly mention @cli/code-reviewers when an issue you want to work on does not have clear Acceptance Criteria
  • Please only open pull requests for issues with both the help wanted label and clear Acceptance Criteria
  • Please avoid expanding pull request scope to include changes that are not described in the connected issue's Acceptance Criteria

Note: Acceptance Criteria is posted as an issue comment by a core maintainer.

See #10381 and #10395 for more information.

❓ Have feedback on anything? We'd love to hear from you in a discussion post ❤️

What's Changed

✨ Features

  • feat: let user select pr to checkout by @nilvng in #9868
  • feat: Add support for deleting autolink references by @hoffm in #10362
  • [gh extensions install] Improve help text and error message by @iamazeem in #10333
  • Error when gh repo rename is used with a new repo name that contains an owner by @timrogers in #10364
  • Attestation bundle fetch improvements by @malancas in #10233
  • [gh project item-list] Add iterationId field in ProjectV2ItemFieldIterationValue by @iamazeem in #10329

🐛 Fixes

📚 Docs & Chores

  • Fix logic error in contributing docs by @BagToad in #10395
  • Docs: Clarify guidelines for help wanted issues and pull requests by @BagToad in #10381
  • [gh pr status] Mention gh pr checks in the Long section by @iamazeem in #10389
  • [docs/releasing.md] Add basic info for homebrew update flow by @iamazeem in #10344
  • [gh issue/pr list] Improve help text by @iamazeem in #10335
  • Remove v1 project 'add to board' automation from prauto workflow by @hoffm in #10331
  • Note: the following pair of PRs was reverted and never made into a release
    • [gh repo edit] Allow setting commit message defaults by @iamazeem in #10363
    • Revert "[gh repo edit] Allow setting commit message defaults" by @BagToad in #10372

:dependabot: Dependencies

Full Changelog: v2.66.1...v2.67.0

GitHub CLI 2.66.1

31 Jan 23:21
d10fbbf
Compare
Choose a tag to compare

Hotfix: gh pr view fails with provided URL

This addresses a regression in gh pr view was reported in #10352. This regression was due to a change in v2.66.0 that no longer allowed gh pr subcommands to execute properly outside of a git repo.

What's Changed

  • Hotfix: gh pr view fails with provided URL by @jtmcg in #10354

Full Changelog: v2.66.0...v2.66.1

GitHub CLI 2.66.0

30 Jan 18:27
42c0cb0
Compare
Choose a tag to compare

gh pr view and gh pr status now respect common triangular workflow configurations

Previously, gh pr view and gh pr status would fail for pull request's (PR) open in triangular workflows. This was due to gh being unable to identify the PR's corresponding remote and branch refs on GitHub.

Now, gh pr view and gh pr status should successfully identify the PR's refs when the following common git configurations are used:

Branch specific configuration, the former, supersedes repo specific configuration, the latter.

Additionally, if the @{push} revision syntax for git resolves for a branch, gh pr view and gh pr status should work regardless of additional config settings.

For more information, see

gh secret list, gh secret set, and gh secret delete now require repository selection when multiple git remotes are present

Previously, gh secret list, gh secret set, and gh secret delete would determine which remote to target for interacting with GitHub Actions secrets. Remotes marked as default using gh repo set-default or through other gh commands had higher priority when figuring out which repository to interact with. This could have unexpected outcomes when using gh secret commands with forked repositories as the upstream repository would generally be selected.

Now, gh secret commands require users to disambiguate which repository should be the target if multiple remotes are present and the -R, --repo flag is not provided.

For more information, see #4688

Extension update notices now notify once every 24 hours per extension and can be disabled

Previously, the GitHub CLI would notify users about newer versions every time an extension was executed. This did not match GitHub CLI notices, which only notified users once every 24 hours and could be disabled through an environment variable.

Now, extension update notices will behave similar to GitHub CLI notices. To disable extension update notices, set the GH_NO_EXTENSION_UPDATE_NOTIFIER environment variable.

For more information, see #9925

What's Changed

✨ Features

🐛 Fixes

  • gh gist delete: prompt for gist id by @danochoa in #10154
  • Better handling for waiting for codespaces to become ready by @cmbrose in #10198
  • Fix: gh gist view and gh gist edit prompts with no TTY by @mateusmarquezini in #10048
  • Remove naked return values from ReadBranchConfig and prSelectorForCurrentBranch by @jtmcg in #10197
  • Add job to deployment workflow to validate the tag name for a given release by @jtmcg in #10121
  • [gh run list] Stop progress indicator on failure from --workflow flag by @iamazeem in #10323
  • Update deployment.yml by @andyfeller in #10340

📚 Docs & Chores

:dependabot: Dependencies

New Contributors

Big thank you to our many new and longtime contributors making this release happen!! ❤️ ✨

Full Changelog: v2.65.0...v2.66.0

GitHub CLI 2.65.0

06 Jan 20:43
b3be16e
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v2.64.0...v2.65.0

GitHub CLI 2.64.0

20 Dec 19:37
5402e20
Compare
Choose a tag to compare

What's Changed

  • docs: improve docs for browse command as of #5352 by @ankddev in #10025
  • Open PR against gh-merge-base by @heaths in #9712
  • Add integration tests for gh attestation verify when the bundle-from-oci flag is specified by @malancas in #10020
  • gh repo rename help text clarifies new repo name should not include owner by @BagToad in #10044
  • fix: list branches in square brackets in gh run and gh codespace by @uday-rana in #10043
  • Bump actions/attest-build-provenance from 1.4.4 to 2.1.0 by @dependabot in #10056
  • Bump golang.org/x/crypto from 0.29.0 to 0.31.0 by @dependabot in #10070
  • Improve documentation and error messaging for local extension installations without executables by @BagToad in #9933
  • docs: better document auth scopes by @ankddev in #10026
  • Sigstore verifier logic updates by @malancas in #9999
  • gh pr merge --delete-branch exits with error when merge requested via merge queue by @BagToad in #10074
  • sundry gh at inspect improvements by @phillmv in #9954
  • Support pr view for intra-org forks by @williammartin in #10078
  • Print policy information before verifying attestations by @malancas in #9891
  • Improve error handling in apt setup script by @jobegrabber in #10055
  • Use Windows compatible file name for downloaded attestations when running gh attestation download by @malancas in #10051
  • Bump github.com/cpuguy83/go-md2man/v2 from 2.0.5 to 2.0.6 by @dependabot in #10094
  • Perform all gh attestation verify policy options configuration in the newEnforcementCriteria() function by @malancas in #10012

New Contributors

Full Changelog: v2.63.2...v2.64.0

GitHub CLI 2.63.2

05 Dec 18:15
d60e5ff
Compare
Choose a tag to compare

What's Changed

Full Changelog: v2.63.1...v2.63.2

GitHub CLI 2.63.1

03 Dec 23:33
1136764
Compare
Choose a tag to compare

What's Changed

  • Fix formatting in git/client_test.go comments for linter by @BagToad in #9969
  • Bump github.com/gabriel-vasile/mimetype from 1.4.6 to 1.4.7 by @dependabot in #9942
  • Clarify which commands correspond to which DNF version under Linux install instructions by @BagToad in #9976
  • When renaming an existing remote as part of remote creation in gh repo fork, log the change by @timrogers in #9983
  • Fix PR checkout panic when base repo is not in remotes by @williammartin in #9992

Security

  • A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download.

    For more information, see GHSA-2m9h-r57g-45pj

Full Changelog: v2.63.0...v2.63.1