Skip to content

chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 4b12bfe#57

Merged
williaby merged 2 commits into
mainfrom
renovate/https-github.com-byronwilliamscpa-.github-digest
Jun 29, 2026
Merged

chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 4b12bfe#57
williaby merged 2 commits into
mainfrom
renovate/https-github.com-byronwilliamscpa-.github-digest

Conversation

@williaby

@williaby williaby commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Summary

Why

Scheduled patch update, bug fixes and security patches with no API changes.

Changes

This PR contains the following updates:

Package Change Update
https://github.com/ByronWilliamsCPA/.github 671ea6d4b12bfe digest

Impact

  • ✅ Patch update: bug fixes and security patches only
  • ✅ No breaking changes

Acceptance Criteria

  • All CI checks pass

Testing

  • CI gates pass (tests, lint, type checking, security scan)

Notes


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • "after 10pm every weekday,before 5am every weekday,every weekend"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

Copilot AI review requested due to automatic review settings June 10, 2026 02:19
@williaby williaby added dependencies Pull requests that update a dependency file digest-update labels Jun 10, 2026
@coderabbitai

coderabbitai Bot commented Jun 10, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@williaby, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 45 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 186e2b2a-4e43-4097-8b33-0377b21db31f

📥 Commits

Reviewing files that changed from the base of the PR and between 5024679 and c2a32b3.

📒 Files selected for processing (5)
  • .github/workflows/qlty.yml
  • .github/workflows/scorecard.yml
  • .github/workflows/security-analysis.yml
  • docs/reusable-workflow-jobs.yaml
  • renovate.json
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch renovate/https-github.com-byronwilliamscpa-.github-digest

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the pinned commit digest for the ByronWilliamsCPA/.github reusable workflows referenced by this repository, keeping the org workflow inventory in sync with the caller workflows.

Changes:

  • Re-pin the ByronWilliamsCPA/.github reusable workflow references from 671ea6d... to 987d517... in the reusable workflow inventory.
  • Apply the same new digest across the security analysis, Qlty coverage, and Scorecard entries.

@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from 9f2b847 to bdd7053 Compare June 10, 2026 20:12
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 987d517 chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 7198a49 Jun 10, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from bdd7053 to df69070 Compare June 11, 2026 05:19
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 7198a49 chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to bde8fc0 Jun 11, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from df69070 to 564360e Compare June 12, 2026 02:14
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to bde8fc0 chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to d88dd03 Jun 12, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from 564360e to 94fdc78 Compare June 14, 2026 08:15
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to d88dd03 chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 01bb574 Jun 14, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from 94fdc78 to b8643ad Compare June 19, 2026 17:19
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 01bb574 chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to aa39893 Jun 19, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from b8643ad to 1df4a01 Compare June 19, 2026 20:17
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to aa39893 chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 3542af7 Jun 19, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from 1df4a01 to f8f7670 Compare June 19, 2026 23:15
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 3542af7 chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 58cb184 Jun 19, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from f8f7670 to 7534f39 Compare June 20, 2026 02:19
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 58cb184 chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to bf4bdce Jun 20, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from 7534f39 to 30d3f40 Compare June 20, 2026 23:17
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to bf4bdce chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to d4e2acf Jun 20, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from 30d3f40 to c45fb6a Compare June 22, 2026 02:14
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to d4e2acf chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 4acd7b6 Jun 22, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from c45fb6a to 1e205bd Compare June 23, 2026 02:18
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 4acd7b6 chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to ef10bbe Jun 23, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from 1e205bd to eb88306 Compare June 24, 2026 02:16
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to ef10bbe chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to ea33319 Jun 24, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from eb88306 to 8ce1009 Compare June 27, 2026 17:40
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to ea33319 chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 4d0ed4e Jun 27, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from 8ce1009 to 21bee9f Compare June 27, 2026 20:28
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 4d0ed4e chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 8de6560 Jun 27, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from 21bee9f to 656b9b1 Compare June 27, 2026 23:29
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 8de6560 chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 7a85253 Jun 27, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from 656b9b1 to c4052fc Compare June 28, 2026 02:29
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 7a85253 chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 64ad9cf Jun 28, 2026
@williaby williaby force-pushed the renovate/https-github.com-byronwilliamscpa-.github-digest branch from c4052fc to 63cf299 Compare June 28, 2026 23:21
@williaby williaby changed the title chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 64ad9cf chore(deps): Update https://github.com/ByronWilliamsCPA/.github digest to 4b12bfe Jun 28, 2026
@williaby

Copy link
Copy Markdown
Contributor Author

PR Review

PREMISE: QUESTION — The inventory doc advances to the new digest while the three workflow callers it is meant to mirror stay at the old SHA. Renovate config blocks the caller bump, so this class of PR drifts the inventory on every digest bump.

Important — doc/caller pin drift
docs/reusable-workflow-jobs.yaml moves the recorded pin to 4b12bfe, but all three actual callers stay at 671ea6d:

This creates the inventory drift the custom Renovate manager exists to prevent. Root cause is in renovate.json: packageRule[4] constrains the github-actions manager for ByronWilliamsCPA/.github to versioning: semver + followTag: v1, so it will not bump callers that SHA-pin against main. Only the custom regex manager (tracking main HEAD) fires, editing the doc alone. The custom manager's description assumes "callers Renovate already updates," but packageRule[4] blocks exactly that.

Decision needed (not a mechanical fix): either accept the doc as a "latest-main" pointer that leads the callers (and adjust the "inventory/freshness" framing), or relax packageRule[4] / repoint callers to a real v1 release so callers and doc move together.

Clean: new SHA 4b12bfe is reachable on .github main; not superseded; secrets allowlist retained (GitGuardian/Socket green); chore(deps) needs no CHANGELOG entry. renovate/stability-days is a non-blocking minimum-release-age gate.

This bot auto-rebases its branches; BEHIND state may clear without manual action.

🤖 Generated with Claude Code

… in sync

The .github digest bump (PR #57) advanced docs/reusable-workflow-jobs.yaml
to 4b12bfe but left the three workflow callers pinned at 671ea6d, creating
the inventory drift the custom Renovate manager exists to prevent.

Root cause: packageRules[4] applied `versioning: semver` + `followTag: v1`
to ByronWilliamsCPA/.github for the github-actions manager. The .github repo
has no v1 release, and the callers SHA-pin against `main` (`@<sha>  # main`).
Per Renovate's github-actions manager, a non-semver ref like `# main` routes
to the github-digest datasource (digest-pinning updates only); forcing
`versioning: semver`/`followTag: v1` overrode that branch tracking, so the
manager chased a nonexistent v1 tag and never bumped the callers. The doc's
custom regex manager (datasource=git-refs, currentValue=main) was unaffected
and advanced alone, hence the drift.

Fix:
- Remove packageRules[4]. With `pinDigests: true` (packageRules[2]) still in
  place, the github-actions manager tracks the `# main` branch head and bumps
  the caller digests in lockstep with the doc inventory. Verified via
  renovate-config-validator (pre-commit) and Renovate docs.
- Reconcile the current drift: bump the 5 caller refs in security-analysis.yml,
  qlty.yml, and scorecard.yml from 671ea6d to 4b12bfe.

Future v1 migration (preserved from the removed rule's note): once
ByronWilliamsCPA/.github publishes a v1 release and the callers are repointed
to `@<sha>  # v1`, re-add a github-actions packageRule with
`matchPackagePatterns` for the org .github repos to follow the v1 tag.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@williaby

Copy link
Copy Markdown
Contributor Author

pr-fix applied: root-cause + reconcile

Pushed c2a32b3 resolving the doc/caller drift flagged in the review.

Reconciled the drift (this PR now self-consistent):

  • Bumped the 5 caller refs 671ea6d -> 4b12bfe in security-analysis.yml, qlty.yml (3), and scorecard.yml. Doc + callers + actual workflow pins now agree.

Fixed the root cause so it does not recur:

  • Removed packageRules[4] (versioning: semver + followTag: v1 for ByronWilliamsCPA/.github). That rule made the github-actions manager chase a non-existent v1 tag instead of tracking the # main branch digest, so callers froze while the doc's custom regex manager advanced alone. With pinDigests: true (packageRules[2]) still active, the manager now tracks the main head and bumps callers in lockstep with the inventory.

Validation: renovate-config-validator + yamllint + detect-secrets + no-em-dash pre-commit hooks pass; confirmed against an independent model review and Renovate's github-actions manager docs (non-semver # main ref -> github-digest datasource, digest-pinning only).

Future v1 migration (preserved from the removed rule's note): once ByronWilliamsCPA/.github publishes a v1 release and callers are repointed to @<sha> # v1, re-add a github-actions packageRule matching the org .github repos to follow the v1 tag.

Note: branch is still BEHIND base. Merge is not automated (Renovate automerge disabled), so use "Update branch" before merging if you want CI to run against the merged result.

🤖 Generated with Claude Code

@sonarqubecloud

Copy link
Copy Markdown

@williaby williaby added this pull request to the merge queue Jun 29, 2026
Merged via the queue into main with commit 57798c8 Jun 29, 2026
26 checks passed
@williaby williaby deleted the renovate/https-github.com-byronwilliamscpa-.github-digest branch June 29, 2026 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file digest-update

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants