From 09d04de619cbe9b42298cf5455a2e98418e88f69 Mon Sep 17 00:00:00 2001 From: Steve Dudenhoeffer Date: Sun, 28 Jun 2026 00:15:28 -0400 Subject: [PATCH] docs: align review-reusable.yml header comments with the @v1 recommendation PR #12's own review flagged that the reusable's own header still said pin @/@main while the example+README now recommend @v1. Update the header to recommend @v1 (or @) consistently. Co-Authored-By: Claude Opus 4.8 (1M context) --- .gitea/workflows/review-reusable.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/review-reusable.yml b/.gitea/workflows/review-reusable.yml index ae6625f..c97a1e0 100644 --- a/.gitea/workflows/review-reusable.yml +++ b/.gitea/workflows/review-reusable.yml @@ -6,7 +6,7 @@ # jobs: # review: # if: ... # actor gate for the comment trigger -# uses: steve/gadfly/.gitea/workflows/review-reusable.yml@ +# uses: steve/gadfly/.gitea/workflows/review-reusable.yml@v1 # secrets: # forward ONLY what the reviewer needs # OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }} # CLAUDE_CODE_OAUTH_TOKEN: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} @@ -25,8 +25,9 @@ # # Advisory only — never blocks a merge. The image is pinned to an immutable # :sha- tag here (act_runner caches :latest); bump it per Gadfly release. -# Consumers should likewise pin `uses: ...@` (not @main) so a push to this -# repo can't silently change the code that runs with their forwarded secrets. +# Consumers should pin `uses: ...@v1` — a curated release tag moved on deliberate +# releases, so central tuning here propagates without per-consumer edits — or a +# full `@` for an immutable pin. Avoid `@main` (moves on every push). name: Gadfly review (reusable)