ci: track gadfly's v1 release tag instead of a pinned sha
Switch uses: steve/gadfly/.gitea/workflows/review-reusable.yml from a sha pin (@b02b11d) to the moving @v1 release tag, so central swarm tuning propagates without re-pinning this file each time. Tradeoff: v1 is mutable (re-moved on deliberate releases), vs a sha which is immutable — accepted to cut re-pin churn. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -38,9 +38,10 @@ jobs:
|
|||||||
&& (github.actor == 'steve'
|
&& (github.actor == 'steve'
|
||||||
|| github.actor == 'fizi'
|
|| github.actor == 'fizi'
|
||||||
|| github.actor == 'dazed'))
|
|| github.actor == 'dazed'))
|
||||||
# Pinned to an immutable gadfly commit (not @main): a push to gadfly can't
|
# Tracks gadfly's v1 release tag — a curated pointer re-moved on each release
|
||||||
# silently change the code that runs with our forwarded secrets.
|
# (unlike @main, which moves on every push). Central swarm tuning propagates
|
||||||
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@b02b11d69139843665da4cdbf776bc0b3583490d
|
# here automatically; the tradeoff vs a full sha pin is that v1 is mutable.
|
||||||
|
uses: steve/gadfly/.gitea/workflows/review-reusable.yml@v1
|
||||||
# Least privilege: forward only the review secrets (not `secrets: inherit`,
|
# Least privilege: forward only the review secrets (not `secrets: inherit`,
|
||||||
# which would expose every repo secret). GITEA_TOKEN is the automatic token.
|
# which would expose every repo secret). GITEA_TOKEN is the automatic token.
|
||||||
secrets:
|
secrets:
|
||||||
|
|||||||
Reference in New Issue
Block a user