Hi π β we have CI pinned to v0.71.1 of gh-aw (via github/gh-aw-actions/setup-cli@β¦) and it started failing recently with Could not find a release of github/gh-aw for v0.71.1 and curl: (22) ... 404 for https://github.com/github/gh-aw/releases/download/v0.71.1/linux-amd64.
Confirmed via the GitHub API:
- Git tag
v0.71.1 still exists.
GET /repos/github/gh-aw/releases/tags/v0.71.1 returns 404.- Same for
v0.71.0, v0.71.2, and v0.71.3. The earliest surviving v0.71.x release is v0.71.4.
A previously-green build that succeeded with v0.71.1 started failing without any change on our side, so the release was deleted after publication.
Failing run: https://github.com/microsoft/aspire.dev/actions/runs/25472117492/job/74844702611?pr=530
Excerpt from the failing job:
[INFO] Using specified version: v0.71.1
[INFO] Attempting to install gh-aw using 'gh extension install'...
X Could not find a release of github/gh-aw for v0.71.1
[WARNING] gh extension install failed, falling back to manual installation...
X Could not find a release of github/gh-aw for v0.71.1
[INFO] Download URL: https://github.com/github/gh-aw/releases/download/v0.71.1/linux-amd64
...
curl: (22) The requested URL returned error: 404
[ERROR] Failed to download binary from https://github.com/github/gh-aw/releases/download/v0.71.1/linux-amd64 after 3 attempts
Questions
- Was the deletion of
v0.71.0βv0.71.3 intentional (e.g., yanked due to a critical bug)? If so, could the rationale please be documented somewhere consumers can find it (release notes, README, security advisory) so we know whether to upgrade or skip ahead?
- Could deleted releases be republished β even as pre-releases β so existing pins continue to resolve? SHA-pinning a setup action with a specific
version: input is the recommended supply-chain practice, and silently yanking the corresponding release artifacts breaks that contract for downstream consumers.
- What is the recommended replacement for
v0.71.1 β v0.71.4, v0.71.5, or something newer?
Thanks!
Hi π β we have CI pinned to
v0.71.1ofgh-aw(viagithub/gh-aw-actions/setup-cli@β¦) and it started failing recently withCould not find a release of github/gh-aw for v0.71.1andcurl: (22) ... 404forhttps://github.com/github/gh-aw/releases/download/v0.71.1/linux-amd64.Confirmed via the GitHub API:
v0.71.1still exists.GET /repos/github/gh-aw/releases/tags/v0.71.1returns 404.v0.71.0,v0.71.2, andv0.71.3. The earliest survivingv0.71.xrelease isv0.71.4.A previously-green build that succeeded with
v0.71.1started failing without any change on our side, so the release was deleted after publication.Failing run: https://github.com/microsoft/aspire.dev/actions/runs/25472117492/job/74844702611?pr=530
Excerpt from the failing job:
Questions
v0.71.0βv0.71.3intentional (e.g., yanked due to a critical bug)? If so, could the rationale please be documented somewhere consumers can find it (release notes, README, security advisory) so we know whether to upgrade or skip ahead?version:input is the recommended supply-chain practice, and silently yanking the corresponding release artifacts breaks that contract for downstream consumers.v0.71.1βv0.71.4,v0.71.5, or something newer?Thanks!