Merged
Conversation
Migrate from now-deprecated attestation action to `actions/attest`.
martincostello
added
enhancement
dependencies
There was a problem hiding this comment.
Pull request overview
Migrates the repository’s GitHub Actions artifact attestation step from the deprecated actions/attest-build-provenance action to the consolidated actions/attest action, and updates the Dependabot auto-approval allowlist accordingly.
Changes:
- Update build workflow to use
actions/attestfor artifact attestations. - Update Dependabot approval workflow allowlist to recognize
actions/attestupdates.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| .github/workflows/dependabot-approve.yml | Updates the Dependabot dependency-name allowlist entry to actions/attest. |
| .github/workflows/build.yml | Switches the attestation step to actions/attest while keeping the same subject-path inputs and required permissions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2952 +/- ##
=======================================
Coverage 96.15% 96.15%
=======================================
Files 309 309
Lines 7128 7128
Branches 1005 1005
=======================================
Hits 6854 6854
Misses 221 221
Partials 53 53
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
This was referenced Mar 4, 2026
Closed
Bump Polly.Core and Polly.RateLimiting
ProReception/ProReception.DistributionServerInfrastructure#41
Open
This was referenced Mar 6, 2026
Open
github-merge-queue bot
pushed a commit
to DFE-Digital/teaching-record-system
that referenced
this pull request
Mar 9, 2026
Updated [Polly.Core](https://github.com/App-vNext/Polly) from 8.6.5 to 8.6.6. <details> <summary>Release notes</summary> _Sourced from [Polly.Core's releases](https://github.com/App-vNext/Polly/releases)._ ## 8.6.6 ## Highlights * Fix `ScheduledTaskExecutor` deadlock when `TrySetResult` runs continuations inline by @crnhrv in App-vNext/Polly#2953 ## What's Changed * Add specification tests for jitter by @martincostello in App-vNext/Polly#2830 * Refactor property-based tests by @martincostello in App-vNext/Polly#2831 * .NET 10 preparation by @martincostello in App-vNext/Polly#2842 * Fix CS7035 warning in dependabot jobs by @martincostello in App-vNext/Polly#2849 * Remove codecov/test-results-action by @martincostello in App-vNext/Polly#2872 * Update to .NET 10 SDK by @martincostello in App-vNext/Polly#2531 * Bump zizmor to v1.19.0 by @martincostello in App-vNext/Polly#2882 * Fix typo by @martincostello in App-vNext/Polly#2886 * Add RateLimitHeaders library to community resources by @alexis- in App-vNext/Polly#2887 * Bump zizmor to 1.21.0 by @martincostello in App-vNext/Polly#2905 * .NET 11 preparation by @martincostello in App-vNext/Polly#2932 * Remove Stryker workaround by @martincostello in App-vNext/Polly#2933 * Group .NET dependency updates by @martincostello in App-vNext/Polly#2944 * Migrate to actions/attest by @martincostello in App-vNext/Polly#2952 ## New Contributors * @alexis- made their first contribution in App-vNext/Polly#2887 * @crnhrv made their first contribution in App-vNext/Polly#2953 **Full Changelog**: App-vNext/Polly@8.6.5...8.6.6 Commits viewable in [compare view](App-vNext/Polly@8.6.5...8.6.6). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Gunn <james@gunn.io>
This was referenced Mar 9, 2026
Bump the nuget-minor-and-patch group with 1 update
anddone-kit/AndDone-SecureAPI-FrameWork-DotNet#10
Open
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Migrate from now-deprecated attestation action to
actions/attest.