fix: use base64 -w 0 in checkout fetch step to prevent header corruption with long PATs

[Copilot]

The Fetch additional refs step was broken for fine-grained PATs (github_pat_..., 82-93+ chars). Linux base64 wraps at 76 characters by default, so encoding x-access-token:<long-pat> produced a multi-line string used verbatim as a git HTTP header — causing every run to fail with fatal: unable to access '...': Failed sending HTTP request.

Changes

• pkg/workflow/checkout_manager.go: Add -w 0 to base64 call in generateFetchStepLines to disable line wrapping
• pkg/workflow/checkout_manager_test.go: Assert base64 -w 0 is present in generated fetch step
• .github/workflows/smoke-update-cross-repo-pr.lock.yml: Recompiled

- header=$(printf "x-access-token:%s" "${GH_AW_FETCH_TOKEN}" | base64)
+ header=$(printf "x-access-token:%s" "${GH_AW_FETCH_TOKEN}" | base64 -w 0)

[Copilot]

Pull request overview

Fixes git fetch authentication failures when using long fine-grained PATs by preventing base64 from line-wrapping the generated Authorization header.

Changes:

• Disable base64 line wrapping in the generated “Fetch additional refs” step (base64 -w 0).
• Add/extend unit test coverage to assert the no-wrap flag is included in generated YAML.
• Regenerate the affected compiled workflow lock file to reflect the updated fetch step.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
pkg/workflow/checkout_manager.go	Updates generated fetch-step header encoding to use base64 -w 0 to avoid multi-line headers with long tokens.
pkg/workflow/checkout_manager_test.go	Adds assertion ensuring the generated step includes base64 -w 0.
.github/workflows/smoke-update-cross-repo-pr.lock.yml	Recompiled workflow output to include the updated fetch-step command.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.