diff --git a/.gitea/workflows/adversarial-review.yml b/.gitea/workflows/adversarial-review.yml index fb882ce..fca7329 100644 --- a/.gitea/workflows/adversarial-review.yml +++ b/.gitea/workflows/adversarial-review.yml @@ -41,7 +41,7 @@ jobs: # Tracks gadfly's v1 release tag — a curated pointer re-moved on each release # (unlike @main, which moves on every push). Central swarm tuning propagates # here automatically; the tradeoff vs a full sha pin is that v1 is mutable. - uses: steve/gadfly/.gitea/workflows/review-reusable.yml@7bc3c982fa7b72367034c673f7812bf05e9c503e + uses: steve/gadfly/.gitea/workflows/review-reusable.yml@5007597cf921dc3f0a83c708878facfe65fd8e8b # Least privilege: forward only the review secrets (not `secrets: inherit`, # which would expose every repo secret). GITEA_TOKEN is the automatic token. secrets: