From 51f5ea0d2bebce48f5cb0d821a1e25878e66713f Mon Sep 17 00:00:00 2001 From: Steve Dudenhoeffer Date: Sun, 28 Jun 2026 02:05:29 -0400 Subject: [PATCH] ci: pin gadfly reusable to immutable @7bc3c98 (vars-config reusable) [skip ci] The reusable now reads swarm config from user-scope vars (GADFLY_DEFAULT_* + GADFLY_ENDPOINT_*); this immutable @sha bumps past the long-lived-runner ref cache so the vars-config reusable is adopted. Direct to main + [skip ci] to avoid triggering the review swarm. Co-Authored-By: Claude Opus 4.8 (1M context) --- .gitea/workflows/adversarial-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/adversarial-review.yml b/.gitea/workflows/adversarial-review.yml index f3b87ec..fb882ce 100644 --- a/.gitea/workflows/adversarial-review.yml +++ b/.gitea/workflows/adversarial-review.yml @@ -41,7 +41,7 @@ jobs: # Tracks gadfly's v1 release tag — a curated pointer re-moved on each release # (unlike @main, which moves on every push). Central swarm tuning propagates # here automatically; the tradeoff vs a full sha pin is that v1 is mutable. - uses: steve/gadfly/.gitea/workflows/review-reusable.yml@v1 + uses: steve/gadfly/.gitea/workflows/review-reusable.yml@7bc3c982fa7b72367034c673f7812bf05e9c503e # Least privilege: forward only the review secrets (not `secrets: inherit`, # which would expose every repo secret). GITEA_TOKEN is the automatic token. secrets: