From 5707619ff85ab11177ba8a900e80d3a511e1295d Mon Sep 17 00:00:00 2001 From: cplieger Date: Thu, 9 Jul 2026 19:04:21 +0000 Subject: [PATCH 1/5] chore(sync): synced local '.github/workflows/ci.yaml' with remote '.github/workflow-templates/ci.yml' --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a1c32d8..6d03249 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -25,4 +25,4 @@ permissions: jobs: ci: - uses: cplieger/ci/.github/workflows/ci.yaml@1b09083ca7977dcb8a26b63940026b95310a69ea # v2 + uses: cplieger/ci/.github/workflows/ci.yaml@33c2c631511429daf9a541d58a716ebfa16ca84f # v2 From 472780f864511051e9300619e2fed09c0f8e0bee Mon Sep 17 00:00:00 2001 From: cplieger Date: Thu, 9 Jul 2026 19:04:21 +0000 Subject: [PATCH 2/5] chore(sync): synced local '.github/workflows/codeql.yml' with remote '.github/workflow-templates/codeql.yml' --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c42743c..57bd937 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,4 +16,4 @@ jobs: security-events: write contents: read actions: read - uses: cplieger/ci/.github/workflows/codeql.yaml@1b09083ca7977dcb8a26b63940026b95310a69ea # v2 + uses: cplieger/ci/.github/workflows/codeql.yaml@33c2c631511429daf9a541d58a716ebfa16ca84f # v2 From 8125a931b9ec2ae3928472a21948ea78d7cfd6b1 Mon Sep 17 00:00:00 2001 From: cplieger Date: Thu, 9 Jul 2026 19:04:21 +0000 Subject: [PATCH 3/5] chore(sync): synced local '.github/workflows/security.yml' with remote '.github/workflow-templates/security.yml' --- .github/workflows/security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index e2b2346..4e201fe 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -22,4 +22,4 @@ jobs: permissions: contents: read security-events: write - uses: cplieger/ci/.github/workflows/security-scan.yaml@1b09083ca7977dcb8a26b63940026b95310a69ea # v2 + uses: cplieger/ci/.github/workflows/security-scan.yaml@33c2c631511429daf9a541d58a716ebfa16ca84f # v2 From 801a866cd5ba5920e27ebefe174d741e151cc2e2 Mon Sep 17 00:00:00 2001 From: cplieger Date: Thu, 9 Jul 2026 19:04:21 +0000 Subject: [PATCH 4/5] chore(sync): synced local '.github/workflows/coverage.yml' with remote '.github/workflow-templates/coverage.yml' --- .github/workflows/coverage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 8ff6461..7c001c2 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -27,4 +27,4 @@ jobs: # NOTE: pin this @SHA to the ci release tag that first contains # coverage.yaml when cutting that tag (see ci.md "Updating and propagating"). # Renovate then tracks the `# v2` comment and bumps the digest thereafter. - uses: cplieger/ci/.github/workflows/coverage.yaml@1b09083ca7977dcb8a26b63940026b95310a69ea # v2 + uses: cplieger/ci/.github/workflows/coverage.yaml@33c2c631511429daf9a541d58a716ebfa16ca84f # v2 From 4c6868195bdc9e27445f88c27f4dfe428b87da7e Mon Sep 17 00:00:00 2001 From: cplieger Date: Thu, 9 Jul 2026 19:04:21 +0000 Subject: [PATCH 5/5] chore(sync): synced local '.github/workflows/release.yaml' with remote '.github/workflow-templates/release.yml' --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0ef13a7..057177b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,7 +34,7 @@ jobs: id-token: write attestations: write security-events: write - uses: cplieger/ci/.github/workflows/release.yaml@1b09083ca7977dcb8a26b63940026b95310a69ea # v2 + uses: cplieger/ci/.github/workflows/release.yaml@33c2c631511429daf9a541d58a716ebfa16ca84f # v2 # Forward only the two Docker Hub publish credentials the reusable pipeline # actually declares and consumes, rather than `secrets: inherit` (which # exposes every repo secret to the reusable-workflow trust boundary). Both