From 9738eef67f2d41c8fb833f598dc5998c88c5e0c1 Mon Sep 17 00:00:00 2001 From: cplieger Date: Thu, 9 Jul 2026 21:04:34 +0000 Subject: [PATCH 1/5] chore(sync): synced local '.github/workflows/ci.yaml' with remote '.github/workflow-templates/ci.yml' --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6d03249..db0e55a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -25,4 +25,4 @@ permissions: jobs: ci: - uses: cplieger/ci/.github/workflows/ci.yaml@33c2c631511429daf9a541d58a716ebfa16ca84f # v2 + uses: cplieger/ci/.github/workflows/ci.yaml@7230bd68a8fc108425117e3f9a0462bb89f40644 # v2 From adffd45af103cd7ea6f718ae397221e43a38a409 Mon Sep 17 00:00:00 2001 From: cplieger Date: Thu, 9 Jul 2026 21:04:34 +0000 Subject: [PATCH 2/5] chore(sync): synced local '.github/workflows/codeql.yml' with remote '.github/workflow-templates/codeql.yml' --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 57bd937..43cc61a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,4 +16,4 @@ jobs: security-events: write contents: read actions: read - uses: cplieger/ci/.github/workflows/codeql.yaml@33c2c631511429daf9a541d58a716ebfa16ca84f # v2 + uses: cplieger/ci/.github/workflows/codeql.yaml@7230bd68a8fc108425117e3f9a0462bb89f40644 # v2 From 4d8daea84c3fbe236599a47535ac313cda1adc7f Mon Sep 17 00:00:00 2001 From: cplieger Date: Thu, 9 Jul 2026 21:04:34 +0000 Subject: [PATCH 3/5] chore(sync): synced local '.github/workflows/security.yml' with remote '.github/workflow-templates/security.yml' --- .github/workflows/security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 4e201fe..de8ccad 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -22,4 +22,4 @@ jobs: permissions: contents: read security-events: write - uses: cplieger/ci/.github/workflows/security-scan.yaml@33c2c631511429daf9a541d58a716ebfa16ca84f # v2 + uses: cplieger/ci/.github/workflows/security-scan.yaml@7230bd68a8fc108425117e3f9a0462bb89f40644 # v2 From cabbade73e27f5ba0388981be732503705c4c96f Mon Sep 17 00:00:00 2001 From: cplieger Date: Thu, 9 Jul 2026 21:04:34 +0000 Subject: [PATCH 4/5] chore(sync): synced local '.github/workflows/coverage.yml' with remote '.github/workflow-templates/coverage.yml' --- .github/workflows/coverage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 7c001c2..85cc272 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -27,4 +27,4 @@ jobs: # NOTE: pin this @SHA to the ci release tag that first contains # coverage.yaml when cutting that tag (see ci.md "Updating and propagating"). # Renovate then tracks the `# v2` comment and bumps the digest thereafter. - uses: cplieger/ci/.github/workflows/coverage.yaml@33c2c631511429daf9a541d58a716ebfa16ca84f # v2 + uses: cplieger/ci/.github/workflows/coverage.yaml@7230bd68a8fc108425117e3f9a0462bb89f40644 # v2 From 89c2ca40262ffd9c63956380c0068c0a3cd33aca Mon Sep 17 00:00:00 2001 From: cplieger Date: Thu, 9 Jul 2026 21:04:34 +0000 Subject: [PATCH 5/5] chore(sync): synced local '.github/workflows/release.yaml' with remote '.github/workflow-templates/release.yml' --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 057177b..203d4c6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,7 +34,7 @@ jobs: id-token: write attestations: write security-events: write - uses: cplieger/ci/.github/workflows/release.yaml@33c2c631511429daf9a541d58a716ebfa16ca84f # v2 + uses: cplieger/ci/.github/workflows/release.yaml@7230bd68a8fc108425117e3f9a0462bb89f40644 # v2 # Forward only the two Docker Hub publish credentials the reusable pipeline # actually declares and consumes, rather than `secrets: inherit` (which # exposes every repo secret to the reusable-workflow trust boundary). Both