.github/CONTRIBUTING.md

@@ -79,8 +79,8 @@ export PATH=<path-to-cli-directory>/out:$PATH # Puts the built CLI first in your
 
 ### Compiling for Other Operating Systems and Architectures
 
-The supported platforms for the CF CLI are Linux (32-bit and 64-bit), Windows
-(32-bit and 64-bit) and OSX (aka Darwin). The commands that build the binaries
+The supported platforms for the CF CLI are Linux (x86, x86-64 and arm64) , Windows
+(x86 and x86-64) and OSX (aka Darwin x86-64 and arm64). The commands that build the binaries
 can be seen in the [Makefile](/Makefile) where the target begins with the
 `out/cf-cli`.
 

.github/PULL_REQUEST_TEMPLATE.md

@@ -9,13 +9,10 @@ If your contribution falls under a company CLA but your membership is not public
 * Contributions must conform to our [style guide](https://github.com/cloudfoundry/cli/wiki/CLI-Product-Specific-Style-Guide). Please reach out to us if you have questions.
 
 
-## Does this PR modify CLI v6, CLI v7, or CLI v8?
-
-Please see the contribution doc above or review [Architecture Guide](https://github.com/cloudfoundry/cli/wiki/Architecture-Guide).
+#### Note: Please create separate PR for every branch (main, v8 and v7) as needed.
 
 ## Description of the Change
 
-
 We must be able to understand the design of your change from this description.
 Keep in mind that the maintainer reviewing this PR may not be familiar with or
 have worked with the code here recently, so please walk us through the concepts.
@@ -25,10 +22,6 @@ have worked with the code here recently, so please walk us through the concepts.
 
 What benefits will be realized by the code change? What users would want this change? What user need is this change addressing? 
 
-## Why Should This Be In Core?
-
-Explain why this functionality should be in the cf CLI, as opposed to a plugin. 
-
 ## Applicable Issues
 
 List any applicable GitHub Issues here

.github/dependabot.yml

@@ -1,10 +1,60 @@
 version: 2
 updates:
 - package-ecosystem: gomod
-  directory: "/"
+  directory: '/'
   schedule:
-    interval: daily
-    time: '11:00'
-  open-pull-requests-limit: 10
-  target-branch: "v7"
-  vendor: true
+    interval: weekly
+    day:      monday
+    time:     '01:00'
+    timezone: US/Pacific
+  open-pull-requests-limit: 2
+  commit-message:
+    prefix: '[main](go)'
+  groups:
+    dependencies:
+      patterns:
+        - '*'
+- package-ecosystem: gomod
+  directory: '/'
+  target-branch: 'v8'
+  schedule:
+    interval: weekly
+    day:      monday
+    time:     '01:00'
+    timezone: US/Pacific
+  open-pull-requests-limit: 2
+  commit-message:
+    prefix: '[v8](go)'
+  groups:
+    dependencies:
+      patterns:
+        - '*'
+- package-ecosystem: 'github-actions'
+  directory: '/'
+  schedule:
+    interval: weekly
+    day:      monday
+    time:     '01:00'
+    timezone: US/Pacific
+  open-pull-requests-limit: 2
+  commit-message:
+    prefix: '[main](gha)'
+  groups:
+    dependencies:
+      patterns:
+        - '*'
+- package-ecosystem: 'github-actions'
+  directory: '/'
+  target-branch: 'v8'
+  schedule:
+    interval: weekly
+    day:      monday
+    time:     '01:00'
+    timezone: US/Pacific
+  open-pull-requests-limit: 2
+  commit-message:
+    prefix: '[v8](gha)'
+  groups:
+    dependencies:
+      patterns:
+        - '*'

.github/ops-files/add-oidc-provider.yml

@@ -0,0 +1,155 @@
+---
+- type: replace
+  path: /instance_groups/name=uaa/jobs/name=uaa/properties/login/oauth?/providers?
+  value:
+    cli-oidc-provider:
+      type: oidc1.0
+      discoveryUrl: https://uaa-oidc.service.cf.internal:8443/.well-known/openid-configuration
+      scopes:
+        - openid
+      linkText: My other uaa Oauth Provider
+      showLinkText: true
+      addShadowUserOnLogin: true
+      relyingPartyId: rp_oidc_admin
+      relyingPartySecret: adminsecret
+      skipSslValidation: true
+      storeCustomAttributes: true
+      passwordGrantEnabled: true
+      attributeMappings:
+        given_name: given_name
+        family_name: family_name
+        user_name: user_name
+
+- type: replace
+  path: /instance_groups/name=uaa:after
+  value:
+    name: uaa-oidc
+    instances: 1
+    azs: [z1, z2, z3]
+    vm_type: default
+    stemcell: default
+    persistent_disk: 500
+    networks:
+    - name: default
+    jobs:
+    - name: uaa
+      release: uaa
+      properties:
+        encryption:
+          active_key_label: 'key-1'
+          encryption_keys:
+            - label: 'key-1'
+              passphrase: 'MY-PASSPHRASE'
+        uaadb:
+          address: sql-db.service.cf.internal
+          databases:
+          - name: uaa_oidc
+            tag: uaa
+          db_scheme: mysql
+          port: 3306
+          roles:
+          - name: uaa-oidc
+            password: "((uaa_oidc_database_password))"
+            tag: admin
+        uaa:
+          url: https://uaa-oidc.service.cf.internal:8443
+          jwt:
+            policy:
+              active_key_id: key-1
+              keys:
+                key-1:
+                  signingKey: ((uaa-oidc-key1.private_key))
+          sslCertificate: ((uaa-oidc_tls.certificate))
+          sslPrivateKey: ((uaa-oidc_tls.private_key))
+          ca_certs:
+          - ((mysql_server_certificate.ca))
+          clients:
+            rp_oidc_admin:
+              authorized-grant-types: authorization_code,client_credentials,refresh_token,user_token,password,urn:ietf:params:oauth:grant-type:saml2-bearer,implicit
+              redirect-uri: https://uaa.service.cf.internal:8443/login/callback/cli-oidc-provider
+              scope: openid,uaa.admin,clients.read,clients.write,clients.secret,scim.read,scim.write,clients.admin,uaa.user,doppler.firehose
+              authorities: uaa.admin,clients.admin
+              secret: adminsecret
+          scim:
+            user:
+              override: true
+            users:
+              - name: admin-oidc
+                password: "((uaa_oidc_admin_password))"
+                groups:
+                  - uaa.admin
+        login:
+          protocol: https
+          saml:
+            activeKeyId: key1
+            keys:
+              key1:
+                key: ((saml_oidc-key1.private_key))
+                passphrase: ''
+                certificate: ((saml_oidc-key1.certificate))
+
+- type: replace
+  path: /addons/name=bosh-dns-aliases/jobs/name=bosh-dns-aliases/properties/aliases/-
+  value:
+    domain: uaa-oidc.service.cf.internal
+    targets:
+    - query: '*'
+      instance_group: uaa-oidc
+      deployment: cf
+      network: default
+      domain: bosh
+
+- type: replace
+  path: /instance_groups/name=database/jobs/name=pxc-mysql/properties/seeded_databases?/-
+  value:
+    name: uaa_oidc
+    username: uaa-oidc
+    password: "((uaa_oidc_database_password))"
+
+- type: replace
+  path: /variables?/-
+  value:
+    name: uaa_oidc_admin_password
+    type: password
+
+- type: replace
+  path: /variables?/-
+  value:
+    name: uaa_oidc_database_password
+    type: password
+
+- type: replace
+  path: /variables?/-
+  value:
+    name: uaa-oidc-key1
+    type: rsa
+
+- type: replace
+  path: /variables?/-
+  value:
+    name: uaa-oidc_ca
+    type: certificate
+    options:
+      is_ca: true
+      common_name: uaa-oidc
+      alternative_names: ["*.uaa-oidc.service.cf.internal"]
+      extended_key_usage:
+      - server_auth
+
+- type: replace
+  path: /variables?/-
+  value:
+    name: saml_oidc-key1
+    type: certificate
+    options:
+      ca: uaa-oidc_ca
+      common_name: saml_oidc
+
+- type: replace
+  path: /variables?/-
+  value:
+    name: uaa-oidc_tls
+    type: certificate
+    options:
+      ca: uaa-oidc_ca
+      common_name: uaa-oidc.service.cf.internal

.github/ops-files/add-uaa-client-credentials.yml

@@ -0,0 +1,11 @@
+---
+- type: replace
+  path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/potato-face?
+  value:
+    access-token-validity: 600
+    authorized-grant-types: client_credentials
+    override: true
+    secret: ((client-secret))
+    scope: openid,routing.router_groups.write,scim.read,cloud_controller.admin,uaa.user,routing.router_groups.read,cloud_controller.read,password.write,cloud_controller.write,network.admin,doppler.firehose,scim.write,uaa.admin
+    authorities: openid,routing.router_groups.write,scim.read,cloud_controller.admin,uaa.user,routing.router_groups.read,cloud_controller.read,password.write,cloud_controller.write,network.admin,doppler.firehose,scim.write,uaa.admin
+

.github/ops-files/diego-cell-instances.yml

@@ -0,0 +1,8 @@
+---
+- type: replace
+  path: /instance_groups/name=diego-cell/instances
+  value: 4
+
+- type: replace
+  path: /instance_groups/name=isolated-diego-cell/jobs/name=rep/properties?/set_kernel_parameters
+  value: false

.github/ops-files/use-latest-capi.yml

@@ -0,0 +1,10 @@
+---
+- type: replace
+  path: /releases/name=capi/version
+  value: latest
+
+- type: remove
+  path: /releases/name=capi/url?
+
+- type: remove
+  path: /releases/name=capi/sha1?

.github/release/release-notes-template.txt

@@ -0,0 +1,23 @@
+Package Manager Installation
+----------
+- [apt-get, yum, homebrew](https://github.com/cloudfoundry/cli#getting-started)
+
+Installers
+----------
+- Debian [64 bit](https://packages.cloudfoundry.org/stable?release=debian64&version=new-version&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=debian32&version=new-version&source=github-rel) / [arm64](https://packages.cloudfoundry.org/stable?release=debianarm64&version=new-version&source=github-rel) (deb)
+- Redhat [64 bit](https://packages.cloudfoundry.org/stable?release=redhat64&version=new-version&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=redhat32&version=new-version&source=github-rel) / [aarch64](https://packages.cloudfoundry.org/stable?release=redhataarch64&version=new-version&source=github-rel) (rpm)
+- macOS [64 bit](https://packages.cloudfoundry.org/stable?release=macosx64&version=new-version&source=github-rel) / [arm](https://packages.cloudfoundry.org/stable?release=macosarm&version=new-version&source=github-rel) (pkg)
+- Windows [64 bit](https://packages.cloudfoundry.org/stable?release=windows64&version=new-version&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=windows32&version=new-version&source=github-rel) (zip)
+
+Binaries
+--------
+- Linux [64 bit](https://packages.cloudfoundry.org/stable?release=linux64-binary&version=new-version&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=linux32-binary&version=new-version&source=github-rel) / [arm64](https://packages.cloudfoundry.org/stable?release=linuxarm64-binary&version=new-version&source=github-rel) (tgz)
+- macOS [64 bit](https://packages.cloudfoundry.org/stable?release=macosx64-binary&version=new-version&source=github-rel) / [arm](https://packages.cloudfoundry.org/stable?release=macosarm-binary&version=new-version&source=github-rel) (tgz)
+- Windows [64 bit](https://packages.cloudfoundry.org/stable?release=windows64-exe&version=new-version&source=github-rel) / [32 bit](https://packages.cloudfoundry.org/stable?release=windows32-exe&version=new-version&source=github-rel) (zip)
+
+
+Docker
+--------
+```shell
+docker pull cloudfoundry/cli:new-version
+```

.github/scripts/format-cve-scan-results.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+set -o errexit -o nounset -o pipefail
+[[ "${TRACE:-0}" == "1" ]] && set -o xtrace
+
+##
+# Formats CVE results in a markdown table to display a summary in a GitHub Action UI
+##
+
+# Check if the number of arguments is correct
+if [ $# -ne 1 ]; then
+    echo "Usage: $0 <filename of grype json results>"
+    exit 1
+fi
+
+_results_filename="${1}"
+
+# Check if the file exists
+if [ ! -f "${_results_filename}" ]; then
+    echo "Error: File '${_results_filename}' does not exist"
+    exit 1
+fi
+
+_number_of_cves_found=$(jq -r '.matches | length' "${_results_filename}")
+
+echo -e "# CVE Scan Results\n"
+
+if [ ${_number_of_cves_found} -eq 0 ]; then
+    echo -e "## Success! No vulnerabilities found.\n"
+else
+    echo -e "## Failure: ${_number_of_cves_found} vulnerabilities found.\n"
+
+    _table_headers='"NAME","INSTALLED","FIXED-IN","TYPE","VULNERABILITY","SEVERITY"'
+    _table_underlines='"----","---------","--------","----","-------------","--------"'
+
+    jq -r "[${_table_headers}],
+    [${_table_underlines}],
+    (.matches[] | [
+        .artifact.name,
+        .artifact.version,
+        .vulnerability.fix.versions[0],
+        .artifact.type,
+        .vulnerability.id,
+        .vulnerability.severity
+    ]) | @tsv" "${_results_filename}" \
+    | sed 's/|/\\|/g' \
+    | sed 's/\t/ | /g'
+fi

.github/win/choco/chocolateyinstall.ps1.tmpl

@@ -0,0 +1,21 @@
+# stop on all errors
+$ErrorActionPreference = 'Stop';
+
+$packageName = 'cloudfoundry-cli'
+$registryUninstallerKeyName = 'cloudfoundry-cli'
+$version = '${version}'
+$url = '${claw_url}/stable?release=windows32-exe&version=${version}&source=github-rel'
+$url64 = '${claw_url}/stable?release=windows64-exe&version=${version}&source=github-rel'
+$checksum = '${checksum}'
+$checksum64 = '${checksum64}'
+$installDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
+$validExitCodes = @(0)
+
+Install-ChocolateyZipPackage -PackageName "$packageName" `
+  -Url "$url" `
+  -ChecksumType sha256 `
+  -Checksum "$checksum" `
+  -Url64bit "$url64" `
+  -ChecksumType64 sha256 `
+  -Checksum64 "$checksum64" `
+  -UnzipLocation "$installDir"