microsoft
diff --git a/‎.github/workflows/bencher-ab.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/bencher-ab.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/ci-verification.yml‎
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/ci-verification.yml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/long-test.yml‎
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/long-test.yml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.github/workflows/long-verification.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/long-verification.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/release-attestation.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release-attestation.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 21 additions & 21 deletions b/‎.github/workflows/release.yml‎
Lines changed: 21 additions & 21 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 16 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 16 additions & 0 deletions
@@ -58,7 +58,7 @@ jobs:
           PYTHONPATH=../tests python convert_pico_to_bencher.py
 
       - name: Upload PR results
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: benchmark-pr-${{ github.run_id }}
           path: build/bencher.json
@@ -109,7 +109,7 @@ jobs:
           PYTHONPATH=../tests python convert_pico_to_bencher.py
 
       - name: Upload main results
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: benchmark-main-${{ github.run_id }}
           path: build/bencher.json
@@ -137,7 +137,7 @@ jobs:
       - uses: actions/checkout@v6
 
       - name: Download artifacts
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           pattern: benchmark-*-${{ github.run_id }}
           merge-multiple: false
 
@@ -50,7 +50,7 @@ jobs:
       - run: cd tla && ./tlc.py mc consistency/MCMultiNodeReadsAlt.tla
 
       - name: Upload TLC traces
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         if: ${{ failure() }}
         with:
           name: tlc-model-checking-consistency
@@ -96,7 +96,7 @@ jobs:
       - run: ./tlc.py sim --num 500 --depth 50 consistency/MultiNodeReads.tla
 
       - name: Upload TLC traces
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         if: ${{ failure() }}
         with:
           name: tlc-simulation-consistency
@@ -135,7 +135,7 @@ jobs:
       - run: cd tla && ./tlc.py --trace-name 1C3N mc --term-count 0 --request-count 3 --raft-configs 1C3N consensus/MCccfraft.tla
 
       - name: Upload TLC traces
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         if: ${{ failure() }}
         with:
           name: tlc-model-checking-consensus
@@ -161,7 +161,7 @@ jobs:
       - run: ./tlc.py sim consensus/SIMccfraft.tla
 
       - name: Upload TLC traces
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         if: ${{ failure() }}
         with:
           name: tlc-simulation-consensus
@@ -233,7 +233,7 @@ jobs:
         shell: bash
 
       - name: Upload artifacts.
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         if: always()
         with:
           name: tlc-trace-validation-consensus
 
@@ -94,7 +94,7 @@ jobs:
           ./tests.sh --timeout 360 --output-on-failure -L partitions -C partitions
 
       - name: "Upload logs for virtual A"
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: logs-azurelinux-virtual-a
           path: |
@@ -169,7 +169,7 @@ jobs:
         shell: bash
 
       - name: "Upload logs for virtual B"
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: logs-azurelinux-virtual-b
           path: |
@@ -249,7 +249,7 @@ jobs:
         if: success() || failure()
 
       - name: "Upload logs"
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: logs-aci-snp-milan
           path: |
@@ -330,7 +330,7 @@ jobs:
         if: success() || failure()
 
       - name: "Upload logs"
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: logs-caci-snp-genoa
           path: |
 
@@ -67,7 +67,7 @@ jobs:
 
       - name: "Upload logs"
         if: success() || failure()
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: logs-asan
           path: |
@@ -127,7 +127,7 @@ jobs:
 
       - name: "Upload logs"
         if: success() || failure()
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: logs-tsan
           path: |
@@ -192,7 +192,7 @@ jobs:
 
       - name: "Upload logs"
         if: success() || failure()
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: logs-e2e-debug
           path: |
@@ -252,7 +252,7 @@ jobs:
 
       - name: "Upload logs"
         if: success() || failure()
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: logs-e2e-release
           path: |
@@ -338,7 +338,7 @@ jobs:
 
       - name: "Upload logs"
         if: success() || failure()
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: e2e-long-combined
           path: |
 
@@ -48,7 +48,7 @@ jobs:
       - run: cd tla && ./tlc.py --trace-name 2C2N mc --term-count 2 --request-count 0 --raft-configs 2C2N --disable-check-quorum consensus/MCccfraft.tla
 
       - name: Upload TLC traces
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         if: ${{ failure() }}
         with:
           name: tlc-model-checking-with-atomic-reconfig-consensus
@@ -86,7 +86,7 @@ jobs:
       - run: cd tla && ./tlc.py --trace-name 3C2N mc --term-count 2 --request-count 0 --raft-configs 3C2N --disable-check-quorum consensus/MCccfraft.tla
 
       - name: Upload TLC traces
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         if: ${{ failure() }}
         with:
           name: tlc-model-checking-with-reconfig-consensus
@@ -112,7 +112,7 @@ jobs:
       - run: ./tlc.py sim --max-seconds 3000 --depth 500 consensus/SIMccfraft.tla
 
       - name: Upload TLC traces
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         if: ${{ failure() }}
         with:
           name: tlc-simulation-consensus
 
@@ -41,7 +41,7 @@ jobs:
 
       - name: Attest release assets
         id: attest
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@v4
         with:
           subject-path: "release-assets/*"
 
 
@@ -33,7 +33,7 @@ jobs:
           ./sbom-tool generate -b . -bc . -pn CCF -ps Microsoft -nsb https://sbom.microsoft -pv $CCF_VERSION -V Error
         shell: bash
       - name: "Upload SBOM"
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: sbom
           path: _manifest/spdx_2.2/*
@@ -56,7 +56,7 @@ jobs:
           set -o pipefail
           ./scripts/extract-release-notes.py --target-git-version --describe-path-changes "./samples/constitution" | tee rel-notes.md
       - name: "Upload Release Notes"
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: relnotes
           path: rel-notes.md
@@ -156,7 +156,7 @@ jobs:
 
       - name: "Upload logs"
         if: success() || failure()
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: logs
           path: |
@@ -218,19 +218,19 @@ jobs:
         shell: bash
 
       - name: "Upload .rpm Package"
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: pkg
           path: build/${{ steps.make_rpm_devel.outputs.name }}
 
       - name: "Upload Compatibility Report"
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: compatibility
           path: build/compatibility_report.json
 
       - name: "Upload TLS Report"
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: tls
           path: build/tls_report.html
@@ -249,7 +249,7 @@ jobs:
         shell: bash
 
       - name: "Upload Python Wheel"
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: wheel
           path: python/${{ steps.build_wheel.outputs.name }}
@@ -269,7 +269,7 @@ jobs:
         shell: bash
 
       - name: "Upload TS Package"
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: tstgz
           path: js/ccf-app/${{ steps.build_tstgz.outputs.name }}
@@ -293,7 +293,7 @@ jobs:
           cat $filename
 
       - name: "Upload Reproducibility Metadata"
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: reproduce-metadata
           path: reproduce.json
@@ -325,7 +325,7 @@ jobs:
           fetch-depth: 0
 
       - name: Download RPM
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           path: DOWNLOAD_DIR
           pattern: pkg
@@ -374,13 +374,13 @@ jobs:
         with:
           fetch-depth: 0
       - name: Download Prebuilt Packages
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           path: DOWNLOAD_DIR
           pattern: pkg
           merge-multiple: true
       - name: Download Reproducibility Metadata
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           path: repro
           pattern: reproduce-metadata
@@ -411,7 +411,7 @@ jobs:
           cmp "$PKG" "DOWNLOAD_DIR/$(basename "$PKG")"
       - name: Upload Non-Reproduced Package
         if: failure()
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: not-reproduced
           path: ${{ env.REPRO_DIR }}
@@ -431,40 +431,40 @@ jobs:
         with:
           fetch-depth: 1
       - name: Download Packages
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           path: pkg
           pattern: pkg*
           merge-multiple: true
       - name: Download Release Notes
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           name: relnotes
       - name: Download Compatibility Report
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           name: compatibility
       - name: Download TLS Report
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           name: tls
       - name: Download Python Wheel
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           path: wheel
           name: wheel
       - name: Download TS Package
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           path: tstgz
           name: tstgz
       - name: Download SBOM
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           path: sbom
           name: sbom
       - name: Download Reproducibility Metadata
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           path: repro
           pattern: reproduce*
 
@@ -5,6 +5,22 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [7.0.0-dev12]
+
+[7.0.0-dev12]: https://github.com/microsoft/CCF/releases/tag/ccf-7.0.0-dev12
+
+### Added
+
+- Added `ccf::describe_cose_receipt_v1(receipt)` to obtain COSE receipts with Merkle proof in unprotected header for non-signature TXs, and empty unprotected header for signature TXs (#7700).
+- `NetworkIdentitySubsystemInterface` now exposes `get_trusted_keys()`, returning all trusted network identity keys as a `TrustedKeys` map (#7690).
+
+### Changed
+
+- Refactored the user facing surface of self-healing-open and local sealing. The whole feature is now `sealing-recovery` with `self-healing-open` now referred to as the `recovery-decision-protocol`. (#7679)
+  - Local sealing is enabled by setting the `sealing-recovery` config field (for both the sealing node, and the unsealing recovery node)
+  - The local sealing identity is under `sealing-recovery.location.name`
+  - The recovery-decision-protocol is configured via `sealing-recovery.recovery_decision_protocol`
+
 ## [7.0.0-dev11]
 
 [7.0.0-dev11]: https://github.com/microsoft/CCF/releases/tag/ccf-7.0.0-dev11