CI: remove manual PowerShell install from test-proxy job (e2e-tests.yml) by priya-kinthali · Pull Request #703 · actions/setup-dotnet (original) (raw)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances the security of the test-proxy job in the e2e tests workflow by replacing the ubuntu:22.04 base container image with mcr.microsoft.com/devcontainers/dotnet:10.0, which comes with PowerShell pre-installed. This change eliminates the need for a manual PowerShell installation step that previously downloaded and installed packages using wget and dpkg, which posed a security risk due to potential malicious package substitution.

Changes:

• Switched container image from ubuntu:22.04 to mcr.microsoft.com/devcontainers/dotnet:10.0
• Removed the manual PowerShell installation step that used insecure wget/dpkg commands

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.