KooshaPari · KooshaPari · May 6, 2026 · May 6, 2026 · May 6, 2026 · May 7, 2026
@@ -0,0 +1,5 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Phenotype org
+    url: https://github.com/KooshaPari
+    about: Other Phenotype-ecosystem repos and discussions
@@ -1,16 +1,19 @@
 name: Alert sync issues
 on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master, develop]
   schedule:
     - cron: '17 * * * *'
   workflow_dispatch:
-
 permissions:
   contents: read
   issues: write
 
 jobs:
   sync:
-    uses: KooshaPari/phenoShared/.github/workflows/alert-sync-issues.yml@main
+    uses: KooshaPari/phenoShared/.github/workflows/alert-sync-issues.yml@438e2e71e448c9f1f47f184d3ca4acbb28928677
     with:
       auto-label: auto-alert-sync
       min_severity: high
@@ -1,8 +1,11 @@
 name: Auto Merge Gate
 
 on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master, develop]
   workflow_dispatch:
-
 permissions:
   contents: read
   pull-requests: write
@@ -12,12 +15,13 @@ jobs:
     if: |
       (github.event_name != 'pull_request_review') ||
       (github.event.review.state == 'APPROVED')
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Enable auto-merge for labeled PRs
         if: |
           contains(github.event.pull_request.labels.*.name, 'automerge') &&
           !contains(github.event.pull_request.labels.*.name, 'do-not-merge')
-        uses: peter-evans/enable-pull-request-automerge@a660677d5469627102a1c1e11409dd063606628d # v3with:
+        peter-evans/enable-pull-request-automerge@2b17150d25bd548fc41a48d3c6891cc520a07ff0 # v3
+        with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           merge-method: squash
@@ -1,8 +1,11 @@
 name: ci-rerun-flaky
 
 on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master, develop]
   workflow_dispatch:
-
 permissions:
   actions: write
   contents: read
@@ -12,10 +15,11 @@ jobs:
   rerun-failed-jobs:
     name: rerun-failed-jobs
     if: github.event.label.name == 'ci:rerun-flaky'
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Rerun failed CI jobs and remove rerun label
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7with:
+        actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v7
+        with:
           script: |
             const label = 'ci:rerun-flaky';
             const { owner, repo } = context.repo;

@@ -1,4 +1,8 @@
 name: CI
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 
 on:
   push:
@@ -11,25 +15,28 @@ permissions:
 
 jobs:
   test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     strategy:
       matrix:
         go-version: ['1.21', '1.22']
 
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4- name: Refresh models catalog
-        run: |
+      - actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231 # v4
+        name: Refresh models catalog
+      - run: |
           git fetch --depth 1 https://github.com/router-for-me/models.git main
           mkdir -p pkg/llmproxy/registry/models
           git show FETCH_HEAD:models.json > pkg/llmproxy/registry/models/models.json
 
       - name: Setup Go
-        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5with:
+        actions/setup-go@78961f6f84d799cd858575bb931c3e51d3b13290 # v5
+        with:
           go-version: ${{ matrix.go-version }}
 
       - name: Cache Go modules
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4with:
+        actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
+        with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
@@ -45,10 +52,11 @@ jobs:
         run: go test ./... -v -race -coverprofile=coverage.out
 
       - name: Upload coverage
-        uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3with:
+        codecov/codecov-action@ca0a928a4cb3911011e868128a5cd90437c12db1 # v3
+        with:
           files: ./coverage.out
 
 
   phenotype-validate:
-    runs-on: ubuntu-latest
-    uses: KooshaPari/phenotypeActions/.github/workflows/validate-governance.yml@main
+    runs-on: ubuntu-24.04
+    uses: KooshaPari/phenotypeActions/.github/workflows/validate-governance.yml@48772d7560c964fff01a209742429f24283e96cf
@@ -1,8 +1,11 @@
 name: codeql
 
 on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master, develop]
   workflow_dispatch:
-
 permissions:
   actions: read
   contents: read
@@ -12,28 +15,31 @@ jobs:
   analyze:
     name: Analyze (Go)
     if: ${{ !startsWith(github.head_ref, 'ci/fix-migrated-router-20260225060000-feature_ampcode-alias') }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
         language: [go]
     steps:
       - name: Checkout
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4- name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4with:
+        actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231 # v4
+        name: Initialize CodeQL
+        github/codeql-action/init@115001ba8d0198846992657731666b08686c8ded # v4
+        with:
           languages: ${{ matrix.language }}
           config-file: .github/codeql/codeql-config.yml
       - name: Set up Go
-        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5with:
+        actions/setup-go@78961f6f84d799cd858575bb931c3e51d3b13290 # v5
+        with:
           go-version-file: go.mod
           cache: true
       - name: Build
         run: go build ./...
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4analyze-skip-for-migrated-router-fix:
+        github/codeql-action/analyze@115001ba8d0198846992657731666b08686c8ded # v4analyze-skip-for-migrated-router-fix:
     name: Analyze (Go)
     if: ${{ startsWith(github.head_ref, 'ci/fix-migrated-router-20260225060000-feature_ampcode-alias') }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Skip CodeQL build for migrated router compatibility branch
         run: echo "Skipping CodeQL build for migrated router compatibility branch."
@@ -1,8 +1,11 @@
 name: coderabbit-rate-limit-retry
 
 on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master, develop]
   workflow_dispatch:
-
 permissions:
   checks: write
   contents: read
@@ -12,10 +15,11 @@ permissions:
 jobs:
   retrigger:
     name: retrigger-coderabbit-on-rate-limit
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Re-request CodeRabbit when backlog is high and check is stale
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7with:
+        actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v7
+        with:
           script: |
             const owner = context.repo.owner;
             const repo = context.repo.repo;
@@ -166,7 +170,7 @@ jobs:
                 status: "completed",
                 conclusion: pass ? "success" : "failure",
                 output: {
-                  title: pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked",
+                  title: "pass ? "CodeRabbit gate passed" : "CodeRabbit gate blocked","
                   summary,
                 },
               });

@@ -1,8 +1,11 @@
 name: docker-image
 
 on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master, develop]
   workflow_dispatch:
-
 env:
   APP_NAME: CLIProxyAPI
   DOCKERHUB_REPO: ${{ secrets.DOCKERHUB_USERNAME }}/cli-proxy-api-plus
@@ -12,16 +15,19 @@ permissions:
 
 jobs:
   docker_amd64:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4- name: Refresh models catalog
+        actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231 # v4
+      - name: Refresh models catalog
         run: |
           git fetch --depth 1 https://github.com/router-for-me/models.git main
           git show FETCH_HEAD:models.json > internal/registry/models/models.json
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3- name: Login to DockerHub
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3with:
+        docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+      - name: Login to DockerHub
+        docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+        with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Generate Build Metadata
@@ -30,7 +36,8 @@ jobs:
           echo COMMIT=`git rev-parse --short HEAD` >> $GITHUB_ENV
           echo BUILD_DATE=`date -u +%Y-%m-%dT%H:%M:%SZ` >> $GITHUB_ENV
       - name: Build and push (amd64)
-        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6with:
+        docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
+        with:
           context: .
           platforms: linux/amd64
           push: true
@@ -46,13 +53,16 @@ jobs:
     runs-on: ubuntu-24.04-arm
     steps:
       - name: Checkout
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4- name: Refresh models catalog
+        actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231 # v4
+      - name: Refresh models catalog
         run: |
           git fetch --depth 1 https://github.com/router-for-me/models.git main
           git show FETCH_HEAD:models.json > internal/registry/models/models.json
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3- name: Login to DockerHub
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3with:
+        docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+      - name: Login to DockerHub
+        docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+        with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Generate Build Metadata
@@ -61,7 +71,8 @@ jobs:
           echo COMMIT=`git rev-parse --short HEAD` >> $GITHUB_ENV
           echo BUILD_DATE=`date -u +%Y-%m-%dT%H:%M:%SZ` >> $GITHUB_ENV
       - name: Build and push (arm64)
-        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6with:
+        docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
+        with:
           context: .
           platforms: linux/arm64
           push: true
@@ -74,15 +85,18 @@ jobs:
             ${{ env.DOCKERHUB_REPO }}:${{ env.VERSION }}-arm64
 
   docker_manifest:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs:
       - docker_amd64
       - docker_arm64
     steps:
       - name: Checkout
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5@11bd71901bbe5b1630ceea73d27597364c9af683 # v4- name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3- name: Login to DockerHub
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3with:
+        actions/checkout@900f2210b1d28bbbd0bd22d17926b9e224e8f231 # v4
+      - name: Set up Docker Buildx
+        docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+      - name: Login to DockerHub
+        docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+        with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Generate Build Metadata
@@ -102,7 +116,7 @@ jobs:
             "${DOCKERHUB_REPO}:${VERSION}-arm64"
       - name: Cleanup temporary tags
         continue-on-error: true
-        env:
+      - env:
           DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
           DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
         run: |