Release (#944)

Changes:

- Check for broken links in documentation (#700)
- Support macOS `arm64` installs via Homebrew (#798) 
- Validate installers before publishing (#813)
- Auto-generate maintainer away notification issues (#842)
- Install dotnet via Jammy feeds on Ubuntu 22.04 and greater (#839)
- Access Azure storage account using service principle credentials
(#851)
- Update documentation to use reference-style links (#680)
- Unify documentation line length (#862)
- Add generic username/password UI (#871)
- Bitbucket DC OAuth support (#607)
- Distribute GCM as a dotnet tool (#886)
- Drop `-core` suffix from entry executable #551 
- Speed up build graph (#924)

Author: ldennington

.github/ISSUE_TEMPLATE/auth-problem.md

@@ -8,7 +8,7 @@ assignees: ''
 
 **Which version of GCM are you using?**
 
-From a terminal, run `git credential-manager-core --version` and paste the output.
+From a terminal, run `git credential-manager --version` and paste the output.
 
 <!-- Ex:
 Git Credential Manager version 2.0.8-beta+e1f8492d04 (macOS, .NET Core 4.6.27129.04)
@@ -44,7 +44,9 @@ origin https://dev.azure.com/contoso/_git/widgets
 * [ ] https://`{org}`@dev.azure.com/`{org}`/...
 * [ ] https://`{org}`.visualstudio.com/...
 
-**_[Azure DevOps only]_ If the account picker shows more than one identity as you authenticate, check that you selected the same one that has access on the web.**
+**_[Azure DevOps only]_ If the account picker shows more than one identity as
+you authenticate, check that you selected the same one that has access on the
+web.**
 
 * [ ] Not applicable
 * [ ] I only see one identity
@@ -58,13 +60,16 @@ I am authenticated and my Git operation completes successfully.
 
 **Actual behavior**
 
-A clear and concise description of what happens. For example: exception is thrown, UI freezes, etc.
+A clear and concise description of what happens. For example: exception is
+thrown, UI freezes, etc.
 
 **Logs**
 
-Set the environment variables `GCM_TRACE=1` and `GIT_TRACE=1` and re-run your Git command. Review and redact any private information and attach the log.
+Set the environment variables `GCM_TRACE=1` and `GIT_TRACE=1` and re-run your
+Git command. Review and redact any private information and attach the log.
 
-If you are running inside of Windows Subsystem for Linux (WSL), you must also set an additional environment variable to enable tracing: `WSLENV=$WSLENV:GCM_TRACE`.
+If you are running inside of Windows Subsystem for Linux (WSL), you must also
+set an additional environment variable to enable tracing: `WSLENV=$WSLENV:GCM_TRACE`.
 For example:
 
 ```shell

.github/ISSUE_TEMPLATE/experimental.md

@@ -8,7 +8,7 @@ assignees: ''
 
 **Which version of GCM are you using?**
 
-From a terminal, run `git credential-manager-core --version` and paste the output.
+From a terminal, run `git credential-manager --version` and paste the output.
 
 <!-- Ex:
 Git Credential Manager version 2.0.8-beta+e1f8492d04 (macOS, .NET Core 4.6.27129.04)
@@ -44,7 +44,9 @@ origin https://dev.azure.com/contoso/_git/widgets
 * [ ] https://`{org}`@dev.azure.com/`{org}`/...
 * [ ] https://`{org}`.visualstudio.com/...
 
-**_[Azure DevOps only]_ If the account picker shows more than one identity as you authenticate, check that you selected the same one that has access on the web.**
+**_[Azure DevOps only]_ If the account picker shows more than one identity as
+you authenticate, check that you selected the same one that has access on the
+web.**
 
 * [ ] Not applicable
 * [ ] I only see one identity
@@ -58,13 +60,16 @@ I am authenticated and my Git operation completes successfully.
 
 **Actual behavior**
 
-A clear and concise description of what happens. For example: exception is thrown, UI freezes, etc.
+A clear and concise description of what happens. For example: exception is
+thrown, UI freezes, etc.
 
 **Logs**
 
-Set the environment variables `GCM_TRACE=1` and `GIT_TRACE=1` and re-run your Git command. Review and redact any private information and attach the log.
+Set the environment variables `GCM_TRACE=1` and `GIT_TRACE=1` and re-run your
+Git command. Review and redact any private information and attach the log.
 
-If you are running inside of Windows Subsystem for Linux (WSL), you must also set an additional environment variable to enable tracing: `WSLENV=$WSLENV:GCM_TRACE`.
+If you are running inside of Windows Subsystem for Linux (WSL), you must also
+set an additional environment variable to enable tracing: `WSLENV=$WSLENV:GCM_TRACE`.
 For example:
 
 ```shell

.github/run_esrp_signing.py

@@ -18,10 +18,6 @@
 esrp_tool = os.path.join("esrp", "tools", "EsrpClient.exe")
 
 aad_id = os.environ['AZURE_AAD_ID'].strip()
-# We temporarily need two AAD IDs, as we're using an SSL certificate associated
-# with an older App Registration until we have the required hardware to approve
-# the new certificate in SSL Admin.
-aad_id_ssl = os.environ['AZURE_AAD_ID_SSL'].strip()
 workspace = os.environ['GITHUB_WORKSPACE'].strip()
 
 source_location = args.path
@@ -36,9 +32,10 @@
     "TenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
     "ClientId": f"{aad_id}",
     "AuthCert": {
-            "SubjectName": f"CN={aad_id_ssl}.microsoft.com",
+            "SubjectName": f"CN={aad_id}.microsoft.com",
             "StoreLocation": "LocalMachine",
-            "StoreName": "My"
+            "StoreName": "My",
+            "SendX5c" : "true"
     },
     "RequestSigningCert": {
             "SubjectName": f"CN={aad_id}",

.github/set_up_esrp.ps1

@@ -1,5 +1,5 @@
 # Install ESRP client
-az storage blob download --file esrp.zip --account-key "$env:AZURE_STORAGE_KEY" --account-name gcmesrp --container microsoft-esrp-client --name microsoft.esrpclient.1.2.76.nupkg
+az storage blob download --file esrp.zip --auth-mode login --account-name esrpsigningstorage --container signing-resources --name microsoft.esrpclient.1.2.76.nupkg
 Expand-Archive -Path esrp.zip -DestinationPath .\esrp
 
 # Install certificates

.github/workflows/codeql-analysis.yml

@@ -23,7 +23,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         fetch-depth: 0 # patch around Nerdbank.GitVersioning failure
 

.github/workflows/continuous-integration.yml

@@ -14,15 +14,15 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-18.04, ubuntu-20.04, windows-2019, macos-10.15]
+        os: [ubuntu-18.04, ubuntu-20.04, windows-2019, macos-latest]
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         fetch-depth: 0 # Indicate full history so Nerdbank.GitVersioning works.
 
     - name: Setup .NET
-      uses: actions/setup-dotnet@v2
+      uses: actions/setup-dotnet@v3.0.3
       with:
         dotnet-version: 6.0.201
 

.github/workflows/lint-docs.yml

@@ -4,16 +4,53 @@ on:
   workflow_dispatch:
   push:
     branches: [ main, linux ]
+    paths:
+      - '**.md'
+      - '.github/workflows/lint-docs.yml'
   pull_request:
     branches: [ main, linux ]
+    paths:
+      - '**.md'
+      - '.github/workflows/lint-docs.yml'
 
 jobs:
   lint-markdown:
     name: Lint markdown files
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
 
-      - uses: DavidAnson/markdownlint-cli2-action@744f913a124058ee903768d3adb92a4847e5d132
+      - uses: DavidAnson/markdownlint-cli2-action@e3969ef4ed874458f4b66d4631f78fff7717012c
         with:
-          globs: "**/*.md"
+          globs: |
+            "**/*.md"
+            "!.github/ISSUE_TEMPLATE"
+
+  check-links:
+    name: Check for broken links
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+
+      - name: Run link checker
+        # For any troubleshooting, see:
+        # https://github.com/lycheeverse/lychee/blob/master/docs/TROUBLESHOOTING.md
+        uses: lycheeverse/lychee-action@4a5af7cd2958a2282cefbd9c10f63bdb89982d76
+
+        with:
+          # user-agent: if a user agent is not specified, some websites (e.g.
+          # GitHub Docs) return HTTP errors which Lychee will interpret as
+          # a broken link.
+          # no-progress: do not show progress bar. Recommended for
+          # non-interactive shells (e.g. for CI)
+          # inputs: by default (.), this action checks files matching the
+          # patterns: './**/*.md' './**/*.html'
+          args: >-
+            --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
+            --no-progress .
+          fail: true
+        env:
+          # A token is used to avoid GitHub rate limiting. A personal token with
+          # no extra permissions is enough to be able to check public repos
+          # See: https://github.com/lycheeverse/lychee#github-token
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/maintainer-absence.yml

@@ -0,0 +1,60 @@
+name: maintainer-absence
+
+on:
+  workflow_dispatch:
+    inputs:
+      startDate:
+        description: 'First day of maintainer absence [mm-dd-yyyy]'
+        required: true
+      endDate:
+        description:  'Last day of maintainer absence [mm-dd-yyyy]'
+        required: true
+
+permissions:
+  issues: write
+
+jobs:
+  create-issue:
+    name: create-issue
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@v6
+        with:
+          script: |
+            const startDate = new Date('${{ github.event.inputs.startDate }}');
+            const endDate = new Date('${{ github.event.inputs.endDate }}');
+
+            if (startDate > endDate) {
+              throw 'Start date cannot be later than end date.';
+            }
+
+            // Calculate total days of absence
+            const differenceInDays = endDate.getTime() - startDate.getTime();
+            const lengthOfAbsence = differenceInDays/(1000 * 3600 * 24);
+
+            // Create issue
+            issue = await github.rest.issues.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              // Use the briefer input date format in title (instead of JavaScript's full date string)
+              title: `Maintainer(s) will be away from ${{ github.event.inputs.startDate }} until ${{ github.event.inputs.endDate }}`,
+              body: `The ${context.repo.repo} maintainer(s) will be away for ${lengthOfAbsence} day${lengthOfAbsence > 1 ? 's' : ''} beginning on
+              ${startDate.toDateString()} and ending on ${endDate.toDateString()}. During this time, the maintainer(s)
+              will not be actively monitoring PRs, discussions, etc. Please report any issues
+              requiring immediate attention to [@GitCredManager](https://twitter.com/GitCredManager) on Twitter.`
+            });
+
+            // Pin issue - we use GraphQL since there is no GitHub API available for this
+            const mutation = `mutation($issueId: ID!) {
+              pinIssue(input: { issueId: $issueId }) {
+                issue {
+                  repository {
+                    id
+                  }
+                }
+              }
+            }`;
+            const variables = {
+              issueId: issue.data.node_id
+            }
+            const result = await github.graphql(mutation, variables)

.github/workflows/release-homebrew.yaml

@@ -8,11 +8,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Update Homebrew tap
-      uses: mjcheetham/update-homebrew@v1.1
+      uses: mjcheetham/update-homebrew@v1.2
       with:
         token: ${{ secrets.HOMEBREW_TOKEN }}
         tap: microsoft/git
         name: git-credential-manager-core
         type: cask
-        releaseAsset: gcm-osx-x64-(.*)\.pkg
-        alwaysUsePullRequest: true
+        releaseAsset: |
+          gcm-osx-x64-(.*)\.pkg
+          gcm-osx-arm64-(.*)\.pkg