From 2d9a7a848c787c918ff0461ce44b250b0ef108c3 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 15 May 2026 21:01:38 +0000 Subject: [PATCH] fix(ci): bump sonarcloud reusable workflow SHA and pin remaining @main refs Update sonarcloud.yml to org reusable workflow SHA 6bad2f898 (which upgrades to sonarqube-scan-action v7.2.0 and resolves the /analysis/analyses 404 bug on new projects), and correct sonar-organization to williaby (the actual SonarCloud account name). Pin all remaining @main references to ByronWilliamsCPA/.github reusable workflows to SHA e067cdb7294f6221dbde74ef1f4c3ca735eed570 to satisfy supply-chain pinning requirements. Closes #22 https://claude.ai/code/session_01AhVcx2FwNFMhtwFCNnmh8L --- .github/workflows/codecov.yml | 2 +- .github/workflows/coverage.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/fips-compatibility.yml | 2 +- .github/workflows/mutation-testing.yml | 2 +- .github/workflows/python-compatibility.yml | 2 +- .github/workflows/qlty.yml | 2 +- .github/workflows/reuse.yml | 2 +- .github/workflows/sbom.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/security-analysis.yml | 2 +- .github/workflows/slsa-provenance.yml | 2 +- .github/workflows/sonarcloud.yml | 4 ++-- 13 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 0ea96a6..3a47d2c 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -23,7 +23,7 @@ jobs: name: Upload Coverage # Only run on successful CI completion if: ${{ github.event.workflow_run.conclusion == 'success' }} - uses: ByronWilliamsCPA/.github/.github/workflows/python-codecov.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-codecov.yml@e067cdb7294f6221dbde74ef1f4c3ca735eed570 # main with: artifact-name: 'coverage-reports' coverage-files: '*.xml' diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 2ab1b88..0b25c80 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -23,7 +23,7 @@ jobs: upload-coverage: name: Upload Coverage to Qlty if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }} - uses: ByronWilliamsCPA/.github/.github/workflows/python-qlty-coverage.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-qlty-coverage.yml@e067cdb7294f6221dbde74ef1f4c3ca735eed570 # main with: coverage-artifact-name: coverage-reports coverage-file-path: coverage.xml diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index bce78d9..404271d 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -29,7 +29,7 @@ permissions: jobs: docs: - uses: ByronWilliamsCPA/.github/.github/workflows/python-docs.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-docs.yml@e067cdb7294f6221dbde74ef1f4c3ca735eed570 # main with: python-version: '3.12' docs-directory: 'docs' diff --git a/.github/workflows/fips-compatibility.yml b/.github/workflows/fips-compatibility.yml index a7a6b2a..1bc6377 100644 --- a/.github/workflows/fips-compatibility.yml +++ b/.github/workflows/fips-compatibility.yml @@ -52,7 +52,7 @@ permissions: jobs: fips-check: - uses: ByronWilliamsCPA/.github/.github/workflows/python-fips-compatibility.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-fips-compatibility.yml@e067cdb7294f6221dbde74ef1f4c3ca735eed570 # main with: strict-mode: ${{ github.event.inputs.strict_mode == 'true' }} include-tests: true diff --git a/.github/workflows/mutation-testing.yml b/.github/workflows/mutation-testing.yml index 505a733..5ed2cb3 100644 --- a/.github/workflows/mutation-testing.yml +++ b/.github/workflows/mutation-testing.yml @@ -40,7 +40,7 @@ jobs: name: Mutation Testing # Skip on forks (no PR comment permissions) if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository - uses: ByronWilliamsCPA/.github/.github/workflows/python-mutation.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-mutation.yml@e067cdb7294f6221dbde74ef1f4c3ca735eed570 # main with: python-version: '3.12' source-directory: 'src' diff --git a/.github/workflows/python-compatibility.yml b/.github/workflows/python-compatibility.yml index a8a3845..1c1d5e7 100644 --- a/.github/workflows/python-compatibility.yml +++ b/.github/workflows/python-compatibility.yml @@ -34,7 +34,7 @@ permissions: jobs: compatibility: - uses: ByronWilliamsCPA/.github/.github/workflows/python-compatibility.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-compatibility.yml@e067cdb7294f6221dbde74ef1f4c3ca735eed570 # main with: python-versions: '["3.10", "3.11", "3.12", "3.13"]' operating-systems: '["ubuntu-latest"]' diff --git a/.github/workflows/qlty.yml b/.github/workflows/qlty.yml index 9efc974..d47967d 100644 --- a/.github/workflows/qlty.yml +++ b/.github/workflows/qlty.yml @@ -15,7 +15,7 @@ concurrency: jobs: qlty: if: ${{ github.event.workflow_run.conclusion == 'success' }} - uses: ByronWilliamsCPA/.github/.github/workflows/python-qlty-coverage.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-qlty-coverage.yml@e067cdb7294f6221dbde74ef1f4c3ca735eed570 # main permissions: contents: read actions: read diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 8cfe33a..b1ae2be 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -24,7 +24,7 @@ permissions: read-all jobs: reuse: - uses: ByronWilliamsCPA/.github/.github/workflows/python-reuse.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-reuse.yml@e067cdb7294f6221dbde74ef1f4c3ca735eed570 # main with: generate-spdx: true fail-on-missing: true diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index bd48ad6..348c87a 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -35,7 +35,7 @@ permissions: jobs: sbom: name: SBOM & Security - uses: ByronWilliamsCPA/.github/.github/workflows/python-sbom.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-sbom.yml@e067cdb7294f6221dbde74ef1f4c3ca735eed570 # main with: python-version: '3.12' fail-on-vulnerabilities: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 869ef28..c3e78a2 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -26,7 +26,7 @@ permissions: jobs: scorecard: - uses: ByronWilliamsCPA/.github/.github/workflows/python-scorecard.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-scorecard.yml@e067cdb7294f6221dbde74ef1f4c3ca735eed570 # main with: publish-results: true upload-sarif: true diff --git a/.github/workflows/security-analysis.yml b/.github/workflows/security-analysis.yml index e57facf..684aeca 100644 --- a/.github/workflows/security-analysis.yml +++ b/.github/workflows/security-analysis.yml @@ -34,7 +34,7 @@ permissions: jobs: security: - uses: ByronWilliamsCPA/.github/.github/workflows/python-security-analysis.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-security-analysis.yml@e067cdb7294f6221dbde74ef1f4c3ca735eed570 # main with: source-directory: 'src' python-version: '3.12' diff --git a/.github/workflows/slsa-provenance.yml b/.github/workflows/slsa-provenance.yml index 59c1422..6cae863 100644 --- a/.github/workflows/slsa-provenance.yml +++ b/.github/workflows/slsa-provenance.yml @@ -98,7 +98,7 @@ jobs: slsa: name: SLSA Level 3 needs: [build] - uses: ByronWilliamsCPA/.github/.github/workflows/python-slsa.yml@main + uses: ByronWilliamsCPA/.github/.github/workflows/python-slsa.yml@e067cdb7294f6221dbde74ef1f4c3ca735eed570 # main with: base64-subjects: ${{ needs.build.outputs.hashes }} upload-assets: true diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 1146ca5..e3d32d8 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -32,9 +32,9 @@ permissions: jobs: sonarcloud: - uses: ByronWilliamsCPA/.github/.github/workflows/python-sonarcloud.yml@e8fc83c98c2971ad1ece71573d28171463e30c16 # main + uses: ByronWilliamsCPA/.github/.github/workflows/python-sonarcloud.yml@6bad2f898be1d387b8424e9deddefa519674cb19 # main with: - sonar-organization: byronwilliamscpa + sonar-organization: williaby sonar-project-key: ByronWilliamsCPA_python-libs python-version: '3.12' source-directory: 'src'