chore(manifest): bump YiAgent/OpenCI SHA to 18974fad

[YiWang24]

Automated SHA bump: 4e1ecadc to 18974fad

The YiAgent/OpenCI self-reference SHA in manifest.yml was stale. Updated to the latest main HEAD so all reusable workflow calls resolve correctly.

Generated by the on-main-bump-sha workflow.

---

^{Need help on this PR? Tag @codesmith with what you need.}

• Let Codesmith autofix CI failures and bot reviews

Summary by CodeRabbit

Release Notes

• Chores
  • Updated pinned versions of GitHub Actions workflows across all CI/CD pipelines to use newer upstream releases, affecting continuous integration, deployment, documentation, testing, and infrastructure automation workflows.

[qodo-code-review]

ⓘ You've reached your Qodo monthly free-tier limit. Reviews pause until next month — upgrade your plan to continue now, or link your paid account if you already have one.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: bdf4caeb-43c9-456f-b615-cdd7a595785f

📥 Commits

Reviewing files that changed from the base of the PR and between 18974fa and 1ba0b5b.

📒 Files selected for processing (13)

• .github/workflows/agent.yml
• .github/workflows/ci-self-test.yml
• .github/workflows/ci.yml
• .github/workflows/dependencies.yml
• .github/workflows/deploy.yml
• .github/workflows/docs.yml
• .github/workflows/issue-ops.yml
• .github/workflows/observability.yml
• .github/workflows/on-maintenance.yml
• .github/workflows/pull-request.yml
• .github/workflows/release.yml
• .github/workflows/reusable-ci.yml
• manifest.yml

---

📝 Walkthrough

Walkthrough

This PR updates the pinned commit SHA of the YiAgent/OpenCI reusable workflows and actions from 4e1ecadc2505761f104f3fd8d255eee4eb369d90 to 18974fad6e74e1853a8c857538766809918a82ad across multiple GitHub Actions workflow files and the manifest dependency declaration.

Changes

Unified OpenCI Pinned SHA Update

Layer / File(s)	Summary
Manifest Dependency manifest.yml	Central dependency pin for YiAgent/OpenCI is updated to the new commit SHA.
Workflow Reusable References .github/workflows/agent.yml, ci-self-test.yml, ci.yml, dependencies.yml, deploy.yml, docs.yml, issue-ops.yml, observability.yml, on-maintenance.yml, pull-request.yml, release.yml	All workflow files that call YiAgent/OpenCI reusable workflows (reusable-agent.yml, reusable-self-test.yml, reusable-ci.yml, reusable-deps.yml, reusable-stg.yml, reusable-prd.yml, reusable-docs.yml, reusable-issue.yml, reusable-observability.yml, reusable-maintenance.yml, reusable-pr.yml, reusable-release.yml) are pinned to the new commit SHA.
Reusable Workflow Internal Actions .github/workflows/reusable-ci.yml	Internal action references to YiAgent/OpenCI/actions/_common/resolve-openci within the reusable CI workflow are updated to the new commit SHA across eight job steps (preflight, detect-language, build-docker, scan-image, sign-image, check-migration, eval-smoke, agent).

Suggested labels

area:ci

Possibly related PRs

• YiAgent/OpenCI#38: Updates pinned YiAgent/OpenCI commit SHAs in the same workflow files across the codebase.
• YiAgent/OpenCI#88: Performs the same pinned SHA update pattern across the same workflow uses: lines and manifest deps, only to a different target SHA.
• YiAgent/OpenCI#35: Modifies the same GitHub Actions reusable workflow uses: references across multiple workflow files.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A hop through workflows, a commit so new,
Pinned references gleaming, from old SHA through,
Eighteen jobs dancing, the manifest aligned,
One consistent update, of the cleanest kind!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore(manifest): bump YiAgent/OpenCI SHA to 18974fa' directly and clearly summarizes the main change: updating a dependency SHA in the manifest file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/bump-self-sha-18974fad

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[YiWang24]

Superseded by chore/bump-self-sha-b015ea6c (bump to b015ea6).