diff --git a/.github/workflows/agent-shield.yml b/.github/workflows/agent-shield.yml index 8704981d..7e0f9208 100644 --- a/.github/workflows/agent-shield.yml +++ b/.github/workflows/agent-shield.yml @@ -30,4 +30,4 @@ permissions: jobs: agent-shield: - uses: petry-projects/.github/.github/workflows/agent-shield-reusable.yml@v1 + uses: petry-projects/.github/.github/workflows/agent-shield-reusable.yml@d3d768dabb7f28cc63283cdfe48630da53700e50 # v1 diff --git a/.github/workflows/dev-lead.yml b/.github/workflows/dev-lead.yml index 25cc7785..8d6112e7 100644 --- a/.github/workflows/dev-lead.yml +++ b/.github/workflows/dev-lead.yml @@ -43,14 +43,7 @@ permissions: {} jobs: dev-lead: - # Pinned to the moving dev-lead/stable channel tag, not @main, so a broken - # change to dev-lead can no longer gate its own fix (the self-host circular - # dependency). Promotion is done by moving the dev-lead/stable tag centrally; this - # caller is never edited on release. agent_ref threads the same channel into - # dev-lead's own scripts/prompts checkout. See ci-standards.md#dev-lead-agent. - uses: petry-projects/.github-private/.github/workflows/dev-lead-reusable.yml@ded84ce4820dce379f177f9992beb74483f6d6b4 # dev-lead/ring1 - with: - agent_ref: dev-lead/ring1 + uses: petry-projects/.github-private/.github/workflows/dev-lead-reusable.yml@5a9a2476575cfcf0e730993f589587db054219f1 # main secrets: inherit permissions: contents: write diff --git a/.gitleaksignore b/.gitleaksignore index 15a64718..8d0d2cce 100644 --- a/.gitleaksignore +++ b/.gitleaksignore @@ -22,13 +22,13 @@ # Not a real credential — BMAD knowledge-base documentation only. e8cc0956c901e454aed61e7b10857e6a1a412881:_bmad/tea/testarch/knowledge/api-testing-patterns.md:generic-api-key:681 -# Commit e8cc0956: _bmad/_config/files-manifest.csv (lines 281, 282, 284, 300, -# 409, 433) — CSV rows of the form "","". The hash -# column is a content-addressable fingerprint of BMAD skill files; gitleaks' -# generic-api-key rule flags high-entropy hex strings. These are file-content -# checksums, not API keys. The file paths make the context unambiguous: -# api-request.md, api-testing-patterns.md, auth-session.md, email-auth.md, -# step-03a-subagent-api.md, step-04a-subagent-api-failing.md +# Commits e8cc0956, aec934f9: _bmad/_config/files-manifest.csv (lines 281, 282, +# 284, 300, 409, 433) — CSV rows of the form "","". +# The hash column is a content-addressable fingerprint of BMAD skill files; +# gitleaks' generic-api-key rule flags high-entropy hex strings. These are +# file-content checksums, not API keys. The file paths make the context +# unambiguous: api-request.md, api-testing-patterns.md, auth-session.md, +# email-auth.md, step-03a-subagent-api.md, step-04a-subagent-api-failing.md e8cc0956c901e454aed61e7b10857e6a1a412881:_bmad/_config/files-manifest.csv:generic-api-key:281 e8cc0956c901e454aed61e7b10857e6a1a412881:_bmad/_config/files-manifest.csv:generic-api-key:282 e8cc0956c901e454aed61e7b10857e6a1a412881:_bmad/_config/files-manifest.csv:generic-api-key:284