diff --git a/.gitea/workflows/adversarial-review.yml b/.gitea/workflows/adversarial-review.yml index f3b87ec..fb882ce 100644 --- a/.gitea/workflows/adversarial-review.yml +++ b/.gitea/workflows/adversarial-review.yml @@ -41,7 +41,7 @@ jobs: # Tracks gadfly's v1 release tag — a curated pointer re-moved on each release # (unlike @main, which moves on every push). Central swarm tuning propagates # here automatically; the tradeoff vs a full sha pin is that v1 is mutable. - uses: steve/gadfly/.gitea/workflows/review-reusable.yml@v1 + uses: steve/gadfly/.gitea/workflows/review-reusable.yml@7bc3c982fa7b72367034c673f7812bf05e9c503e # Least privilege: forward only the review secrets (not `secrets: inherit`, # which would expose every repo secret). GITEA_TOKEN is the automatic token. secrets: