From 72feea43573d093cd475562b9db702cfd40f3fbb Mon Sep 17 00:00:00 2001 From: cplieger Date: Fri, 10 Jul 2026 00:05:19 +0000 Subject: [PATCH 1/5] chore(sync): synced local '.github/workflows/ci.yaml' with remote '.github/workflow-templates/ci.yml' --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 04c6911..d85ea67 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -25,4 +25,4 @@ permissions: jobs: ci: - uses: cplieger/ci/.github/workflows/ci.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 + uses: cplieger/ci/.github/workflows/ci.yaml@696eb4cd19badd0ea7061abedfaa2906008d5092 # v2 From ec7b5b4b427816fd0dad1c0f859d3f8b5a61030f Mon Sep 17 00:00:00 2001 From: cplieger Date: Fri, 10 Jul 2026 00:05:19 +0000 Subject: [PATCH 2/5] chore(sync): synced local '.github/workflows/codeql.yml' with remote '.github/workflow-templates/codeql.yml' --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0ee6eb2..04f96d9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,4 +16,4 @@ jobs: security-events: write contents: read actions: read - uses: cplieger/ci/.github/workflows/codeql.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 + uses: cplieger/ci/.github/workflows/codeql.yaml@696eb4cd19badd0ea7061abedfaa2906008d5092 # v2 From fce54ad7d9257ee59945b24c87b3004f6da54cb6 Mon Sep 17 00:00:00 2001 From: cplieger Date: Fri, 10 Jul 2026 00:05:19 +0000 Subject: [PATCH 3/5] chore(sync): synced local '.github/workflows/security.yml' with remote '.github/workflow-templates/security.yml' --- .github/workflows/security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 55a74f1..ef593e6 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -22,4 +22,4 @@ jobs: permissions: contents: read security-events: write - uses: cplieger/ci/.github/workflows/security-scan.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 + uses: cplieger/ci/.github/workflows/security-scan.yaml@696eb4cd19badd0ea7061abedfaa2906008d5092 # v2 From 0cc1a018f6a0c679f4c2019085bb36979c000870 Mon Sep 17 00:00:00 2001 From: cplieger Date: Fri, 10 Jul 2026 00:05:19 +0000 Subject: [PATCH 4/5] chore(sync): synced local '.github/workflows/coverage.yml' with remote '.github/workflow-templates/coverage.yml' --- .github/workflows/coverage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 09e0eba..c2707da 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -27,4 +27,4 @@ jobs: # NOTE: pin this @SHA to the ci release tag that first contains # coverage.yaml when cutting that tag (see ci.md "Updating and propagating"). # Renovate then tracks the `# v2` comment and bumps the digest thereafter. - uses: cplieger/ci/.github/workflows/coverage.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 + uses: cplieger/ci/.github/workflows/coverage.yaml@696eb4cd19badd0ea7061abedfaa2906008d5092 # v2 From 72bdab3b41af0da583c974fd07e4a3715c8e4463 Mon Sep 17 00:00:00 2001 From: cplieger Date: Fri, 10 Jul 2026 00:05:19 +0000 Subject: [PATCH 5/5] chore(sync): synced local '.github/workflows/release.yaml' with remote '.github/workflow-templates/release.yml' --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7273f10..05a877f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,7 +34,7 @@ jobs: id-token: write attestations: write security-events: write - uses: cplieger/ci/.github/workflows/release.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 + uses: cplieger/ci/.github/workflows/release.yaml@696eb4cd19badd0ea7061abedfaa2906008d5092 # v2 # Forward only the two Docker Hub publish credentials the reusable pipeline # actually declares and consumes, rather than `secrets: inherit` (which # exposes every repo secret to the reusable-workflow trust boundary). Both