From a053985525082e4cd0a54f1a2a4139be2bd51a0f Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Fri, 21 Feb 2025 12:54:19 +0100
Subject: [PATCH 1/2] fixup! Adding winget workflows

This commit changes the workflow to strip the enclosing double quotes
from the PAT.

In a98c3d7eb6ec (fixup! Adding winget workflows, 2024-10-28), I
converted the `release-winget` workflow from hard-coding the PAT that is
required as a repository secret to retrieving it from an Azure KeyVault
instead.

However, I made a crucial mistake there: The `az keyvault` call outputs
a JSON-formatted value by default. Using the "tab-separated value"
format as we do elsewhere fixes the problem: There is only one value,
therefore no tab will be inserted, and certainly no double quotes will
surround the retrieved value.

This bug prevented the workflow from running correctly, and Matthew had
to follow the steps manually instead. Let's fix this so that next time,
it will work without any hassle (apart from needing to recreate the PAT
and storing it in the Key Vault because of the PAT's short-lived
nature).

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 .github/workflows/release-winget.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release-winget.yml b/.github/workflows/release-winget.yml
index 9ee86c84263280..b8aa6d98fe163a 100644
--- a/.github/workflows/release-winget.yml
+++ b/.github/workflows/release-winget.yml
@@ -54,5 +54,5 @@ jobs:
 
           # Submit manifests
           $manifestDirectory = Split-Path "$manifestPath"
-          .\wingetcreate.exe submit -t "(az keyvault secret show --name ${{ secrets.WINGET_TOKEN_SECRET_NAME }} --vault-name ${{ secrets.AZURE_VAULT }} --query "value")" $manifestDirectory
+          .\wingetcreate.exe submit -t "(az keyvault secret show --name ${{ secrets.WINGET_TOKEN_SECRET_NAME }} --vault-name ${{ secrets.AZURE_VAULT }} --query "value" --output tsv)" $manifestDirectory
         shell: powershell

From fec16edfa6adffe9163bd2402ad2b107c80383b1 Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Fri, 21 Feb 2025 12:56:36 +0100
Subject: [PATCH 2/2] fixup! build-git-installers: publish gpg public key

As we did elsewhere, use the `--output tsv` option of `az keyvault` to
avoid having the retrieved value be enclosed in double quotes.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 .github/workflows/build-git-installers.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-git-installers.yml b/.github/workflows/build-git-installers.yml
index 94301be6ea3cd8..e9d7b7eb2ebbde 100644
--- a/.github/workflows/build-git-installers.yml
+++ b/.github/workflows/build-git-installers.yml
@@ -780,8 +780,8 @@ jobs:
       - name: Download GPG public key signature file
         run: |
           az keyvault secret show --name "$GPG_PUBLIC_KEY_SECRET_NAME" \
-            --vault-name "$AZURE_VAULT" --query "value" \
-            | sed -e 's/^"//' -e 's/"$//' | base64 -d >msft-git-public.asc
+            --vault-name "$AZURE_VAULT" --query "value" --output tsv |
+            base64 -d >msft-git-public.asc
           mv msft-git-public.asc deb-package
 
       - uses: actions/github-script@v6