Fix milestone workflow: restore permissions and update github-script to v9#16174
Merged
Fix milestone workflow: restore permissions and update github-script to v9#16174
Conversation
…pt v9 - Restore pull-requests: write permission (required by the Issues API when updating PR resources, confirmed by 403 error in run #24421110155) - Update actions/github-script from v7.0.1 (Node.js 20) to v9.0.0 (Node.js 24) to avoid the June 2026 Node.js 20 deprecation Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Member
Author
|
Merging to unblock milestone assignment. |
Contributor
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Fixes the milestone auto-assignment GitHub Actions workflow by restoring required token permissions and updating the pinned actions/github-script version to avoid authorization failures and keep the action current.
Changes:
- Add
pull-requests: writepermission to allow milestone updates on PR resources. - Update
actions/github-scriptfrom v7.0.1 to v9.0.0 (pinned SHA).
Comment on lines
7
to
+9
| permissions: | ||
| issues: write | ||
| pull-requests: write |
There was a problem hiding this comment.
Top-level permissions applies to all jobs in the workflow. To follow least-privilege and reduce the chance of accidentally granting write permissions to future jobs added to this workflow, move these permissions to the specific assign-milestone job (or even the specific step if feasible) instead of setting them globally.
| steps: | ||
| - name: Assign milestone based on target branch | ||
| uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 | ||
| uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 |
There was a problem hiding this comment.
The PR description states that v9 uses Node.js 24 and that v7 (Node.js 20) is deprecated with a June 2026 cutoff. Since this workflow change is specifically updating actions/github-script, please ensure the description accurately reflects the runtime used by actions/github-script@v9.0.0 (and GitHub Actions’ supported Node runtime for JS actions) to avoid future confusion when auditing this update.
Contributor
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 16174Or
iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 16174" |
radical
pushed a commit
that referenced
this pull request
Apr 15, 2026
…pt v9 (#16174) - Restore pull-requests: write permission (required by the Issues API when updating PR resources, confirmed by 403 error in run #24421110155) - Update actions/github-script from v7.0.1 (Node.js 20) to v9.0.0 (Node.js 24) to avoid the June 2026 Node.js 20 deprecation Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
radical
added a commit
that referenced
this pull request
Apr 15, 2026
* Wrap script execution in main() with BASH_SOURCE guard
Enable sourcing get-aspire-cli.sh and get-aspire-cli-pr.sh to load
function definitions without executing the main flow. This is required
for unit-testing individual script functions in isolation.
Also initialize `local config_file=""` to prevent unbound-variable
errors under `set -u` when no shell config file is found.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Consolidate ProcessExtensions into Aspire.TestUtilities
Move ProcessExtensions from Infrastructure.Tests (internal) to
Aspire.TestUtilities (public) so it can be shared by the new
acquisition test project. Update Infrastructure.Tests to reference
the shared version. Simplify CommandResult and ToolCommandException
to use primary constructors.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Surface PR metadata and GH_TOKEN for Acquisition tests in CI
Extend the existing requiresCliArchive token/metadata exports to also
trigger when testShortName == 'Acquisition', so integration tests can
access GitHub API when run as outerloop.
Remove unrelated create-failing-test-issue.* entry from CI trigger
skip-list.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Add Aspire.Acquisition.Tests with 160 tests for CLI scripts
New test project covering get-aspire-cli.sh, get-aspire-cli-pr.sh,
and their PowerShell equivalents. Tests are organized in tiers:
- Function-level tests (ScriptFunctionCommand): source a script and
call individual functions in isolation — URL construction, platform
detection, input validation, shell profile handling, archive ops.
- Script-level tests (ScriptToolCommand): run full scripts with mock
gh CLI and --dry-run to validate end-to-end parameter handling.
- Piped install tests (ScriptHostFixture): serve scripts over HTTP
and test curl|bash and irm|iex patterns against a real pipe.
- Integration tests (RealGitHubPRFixture): query real GitHub PRs
with --dry-run, gated behind OuterloopTest + Category=integration.
Test infrastructure:
- TestEnvironment: isolated temp dirs with mock HOME
- FakeArchiveHelper: generates tar.gz/zip with .sha512 sidecars
- Mock gh CLI: canned JSON for pr/run/api commands
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: iex quoting for Windows + add timeouts to piped install tests
Fix Windows test failures where double quotes in ProcessStartInfo.Arguments
were consumed as argument delimiters by MSVCRT command-line parser. Wrap the
entire iex expression in outer quotes with escaped inner quotes so they
survive as literal characters for pwsh -Command.
Add 60-second timeouts to all piped install tests to prevent CI hang dumps.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: quote bash -c args and add -Help to PR script
Fix macOS test failures where .NET's ProcessStartInfo.Arguments parser
splits compound bash -c commands on spaces. Wrap the entire command
string in quotes so it stays as a single argv entry.
Add missing -Help switch parameter to get-aspire-cli-pr.ps1 (the release
script has it but the PR script was missing it, causing iex test to fail
with 'parameter not found').
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix missing disposal of ScriptToolCommand in PR script tests
Add 'using' to all CreateCommandWithMockGhAsync call sites to ensure
ToolCommand.Dispose() is called, which kills any running process.
Without disposal, hung processes could accumulate under CI contention.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address review feedback: mock gh api fidelity and XDG_CONFIG_HOME isolation
1. Mock gh api now returns endpoint-aware responses instead of always
returning {}. PR endpoint returns a realistic SHA, workflow endpoint
returns a realistic run ID. When --jq is present, returns the
pre-extracted value; otherwise returns the full JSON structure.
This ensures tests actually validate the PR lookup contract.
2. Override XDG_CONFIG_HOME in both ScriptFunctionCommand and
ScriptToolCommand to prevent bash scripts that consult
${XDG_CONFIG_HOME:-$HOME/.config} from reading real profile files
outside the test's temp home on developer machines with
XDG_CONFIG_HOME set.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix milestone workflow: restore permissions and update to github-script v9 (#16174)
- Restore pull-requests: write permission (required by the Issues API
when updating PR resources, confirmed by 403 error in run #24421110155)
- Update actions/github-script from v7.0.1 (Node.js 20) to v9.0.0
(Node.js 24) to avoid the June 2026 Node.js 20 deprecation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Clarify dashboard clear telemetry labels (#16128)
* Rename describe endpoints column to URLs (#16144)
* Bump next in /extension in the npm_and_yarn group across 1 directory (#16041)
Bumps the npm_and_yarn group with 1 update in the /tests/Aspire.Cli.EndToEnd.Tests/Fixtures/JsPublish/nextjs directory: [next](https://github.com/vercel/next.js).
Updates `next` from 15.5.14 to 15.5.15
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.14...v15.5.15)
---
updated-dependencies:
- dependency-name: next
dependency-version: 15.5.15
dependency-type: direct:production
dependency-group: npm_and_yarn
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Fix pr-docs-check docs PR flow (#16149)
* Fix pr-docs-check docs PR flow
Gate the workflow on significant user-facing changes and only draft aspire.dev documentation PRs when there is a clear docs gap.
Recompile the workflow with gh aw v0.68.1, refresh the shared action lock, and restore the required safe_outputs checkout override for microsoft/aspire.dev under _repos/aspire.dev so cross-repo draft PR creation can switch repositories correctly.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Fix pr-docs-check source-only checkouts
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Address PR #15995 review feedback
- Remove Acquisition-specific GH_TOKEN injection from run-tests.yml (#14)
- Rename s_-prefixed test classes to PascalCase (#15)
- Add retry loop for TOCTOU port race in ScriptHostFixture (#16)
- Add missing [RequiresTools(["pwsh"])] attributes (#17)
- Add default 60s timeout to ScriptToolCommand/ScriptFunctionCommand (#18)
- Fix CTS disposal in PowerShellCommand and NodeCommand (#19/#20)
- Move ToolCommandException into Aspire.Templates.Tests namespace (#21)
- Expand comment on broad readonly override in bash sourcing (#22)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Jose Perez Rodriguez <joperezr@microsoft.com>
Co-authored-by: Adam Ratzman <adam@adamratzman.com>
Co-authored-by: James Newton-King <james@newtonking.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Pine <david.pine@microsoft.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes the milestone auto-assignment workflow that was failing with a 403 error (run #24421110155).
Changes
Restore \pull-requests: write\ permission — The GitHub Issues API requires this permission when updating PR resources (PRs are issues under the hood). The 403 response header confirmed: \x-accepted-github-permissions: issues=write; pull_requests=write\
Update \�ctions/github-script\ from v7.0.1 to v9.0.0 — v7 uses Node.js 20 which is deprecated and will stop working June 2026. v9 uses Node.js 24 and a newer GitHub API version, resolving the deprecation warning.