Skip to content

Stabilize PowerShell v7.6.1 build#39

Open
adilhusain-s wants to merge 1 commit into
IBM:mainfrom
adilhusain-s:pr/02-powershell-stabilization
Open

Stabilize PowerShell v7.6.1 build#39
adilhusain-s wants to merge 1 commit into
IBM:mainfrom
adilhusain-s:pr/02-powershell-stabilization

Conversation

@adilhusain-s
Copy link
Copy Markdown
Collaborator

@adilhusain-s adilhusain-s commented May 15, 2026
edited
Loading

Context

The PowerShell v7.5.1 build was failing in CI. The immediate failure was in
the .NET restore/build step: some NuGet packages used by that PowerShell
release had become obsolete and were flagged with CVEs, so dotnet refused to
continue the build.

There was a second issue in the same path as well. The GitHub metadata lookup
in PowerShell/dotnet-install.py could hit rate limits when it ran without an
authenticated token.

What changed

  • Refresh the PowerShell patch and tar inputs to v7.6.1 for ppc64le and
    s390x.
  • Update Makefile and PowerShell/Dockerfile so the PowerShell build can receive the GitHub token as a Docker BuildKit secret.
  • Update PowerShell/dotnet-install.py to read GITHUB_TOKEN or GITHUB_TOKEN_FILE and send authenticated GitHub API requests.
  • Add test coverage for the authenticated download path in tests/test_dotnet_install.py.

Why this shape

These changes stay together because they fix the same broken build path: move
off the v7.5.1 inputs that no longer build cleanly, and make the replacement
path more reliable in CI by authenticating the metadata fetch.

Validation

  • Checked Python syntax for the updated Python files.
  • Linted the changed reusable workflow with actionlint.
  • Built the PowerShell image on a remote ppc64le VM and verified pwsh --version from the resulting image.

@adilhusain-s
Stabilize PowerShell v7.6.1 build
579c3b0 
The PowerShell v7.5.1 build was failing in CI because NuGet CVEs were
being detected, and the build path also hit GitHub-only rate limiting
when release metadata was fetched anonymously.

Refresh the PowerShell patch and tar inputs to v7.6.1 and make the
.NET installer consume the GitHub token passed through the reusable
workflow so the metadata fetch path is authenticated in CI.

Signed-off-by: Adilhusain Shaikh <Adilhusain.Shaikh@ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtarsel mtarsel Awaiting requested review from mtarsel mtarsel is a code owner

@anup-kodlekere anup-kodlekere Awaiting requested review from anup-kodlekere anup-kodlekere is a code owner

@rahulssv-ibm rahulssv-ibm Awaiting requested review from rahulssv-ibm rahulssv-ibm is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adilhusain-s