chore(manifest): bump YiAgent/OpenCI SHA to 25e3f66

[YiWang24]

Summary

Bump the YiAgent/OpenCI self-reference SHA in `manifest.yml` and every workflow ref to `25e3f66` (the merge commit of #48). This propagates the entry-workflow permission fixes to downstream consumers and unblocks the cascade of stacked PRs (#52, #53, #55, #57, #58, #61, #63, #65) — they now point to a SHA that has the matching reusable-workflow permissions.

Auto-generated via `bash scripts/bump-self-sha.sh`.

Test plan

• `verify-sha-consistency` passes (357 uses, 0 errors)
• actionlint clean
• After merge: stacked PRs auto-rebase and turn green

---

^{Need help on this PR? Tag @codesmith with what you need.}

• Let Codesmith autofix CI failures and bot reviews

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions CI/CD infrastructure to use the latest versions of reusable workflow definitions and build dependencies. All automated pipelines now run with current versions, including agent verification, continuous integration, deployment automation, documentation generation, release management, and issue operations workflows. These updates enhance the reliability and consistency of the build and deployment processes.

[qodo-code-review]

ⓘ You've reached your Qodo monthly free-tier limit. Reviews pause until next month — upgrade your plan to continue now, or link your paid account if you already have one.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 43fe69d4-2afd-4fe2-9398-8b776f88e596

📥 Commits

Reviewing files that changed from the base of the PR and between 25e3f66 and 755151a.

📒 Files selected for processing (13)

• .github/workflows/agent.yml
• .github/workflows/ci-self-test.yml
• .github/workflows/ci.yml
• .github/workflows/dependencies.yml
• .github/workflows/deploy.yml
• .github/workflows/docs.yml
• .github/workflows/issue-ops.yml
• .github/workflows/observability.yml
• .github/workflows/on-maintenance.yml
• .github/workflows/pull-request.yml
• .github/workflows/release.yml
• .github/workflows/reusable-ci.yml
• manifest.yml

---

📝 Walkthrough

Walkthrough

This PR updates pinned commit SHAs for reusable GitHub Actions workflows across 12 workflow configuration files and the manifest, upgrading all references from commit 50ce4563... to 25e3f66f....

Changes

Workflow and Manifest Dependency Pin Update

Layer / File(s)	Summary
Workflow Job References .github/workflows/agent.yml, .github/workflows/ci-self-test.yml, .github/workflows/ci.yml, .github/workflows/dependencies.yml, .github/workflows/deploy.yml, .github/workflows/docs.yml, .github/workflows/issue-ops.yml, .github/workflows/observability.yml, .github/workflows/on-maintenance.yml, .github/workflows/pull-request.yml, .github/workflows/release.yml	Each workflow's jobs.*.uses pin for YiAgent/OpenCI/.github/workflows/reusable-*.yml is updated from commit 50ce4563... to 25e3f66f.... Updates span agent, CI, self-test, dependency, deployment, documentation, issue operations, observability, maintenance, PR checks, and release workflows.
Reusable CI Workflow Action Pins .github/workflows/reusable-ci.yml	The resolve-openci action reference in 8 jobs (preflight, detect-language, build-docker, scan-image, sign-image, check-migration, eval-smoke, agent) is repinned to commit 25e3f66f....
Manifest Dependency Entry manifest.yml	The deps["YiAgent/OpenCI"] entry is updated from 50ce4563... to 25e3f66f... to reflect the new pinned dependency version.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix(workflows): update pinned SHA to commit with reusable/ directory #36: Both PRs update the same reusable-workflow SHA pins across .github/workflows files, reflecting a coordinated dependency upgrade.
• fix(workflows): standardize model/api-base-url params for custom LLM #38: Both PRs modify GitHub Actions workflow uses: references and manifest dependency pins for the same YiAgent/OpenCI reusable workflows.
• refactor(workflows): SDLC-standard naming + reusable/ subdirectory #27: The main PR pins to a new OpenCI commit that likely contains reusable workflow updates; this retrieved PR refactors those reusable workflows, making the SHA update necessary.

Poem

🐰 Hop, hop—the pins are set anew,
From old commit to fresh and true!
Dependencies dance in harmony,
Workflows flow with consistency,
The rabbit's work makes sure it's done right!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and specifically describes the main change: updating the YiAgent/OpenCI SHA reference to 25e3f66 across all workflow files and the manifest.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/bump-sha-after-48

---

_{Review rate limit: 9/10 reviews remaining, refill in 6 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[YiWang24]

Will reopen after #52, #53, #55, #57, #58, #61, #63, #65 merge, since they touch the same workflow ref lines and would conflict.