Skip to content

chore(ci): bump public-workflows pins to v2.9.3#93

Merged
nsportsman merged 1 commit into
mainfrom
chore/bump-public-workflows-v2.9.3
Jun 8, 2026
Merged

chore(ci): bump public-workflows pins to v2.9.3#93
nsportsman merged 1 commit into
mainfrom
chore/bump-public-workflows-v2.9.3

Conversation

@nsportsman

Copy link
Copy Markdown
Contributor

Bumps all praetorian-inc/public-workflows reusable-workflow pins to v2.9.3 (0c602372f3d0d038912dd08e159ecc83954a4995). Org-wide drift sweep: v2.9.3 carries the go-ci/go-sec preflight fix (compare API needs only contents:read, eliminating the logless startup_failure on narrow-permission callers) and the opus-4.8 'thinking' reviewer fix (>= v2.6.4). No caller max_turns change needed — drift default is now 45 in v2.9.3.

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@coderabbitai

coderabbitai Bot commented Jun 8, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@nsportsman, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 53 minutes and 33 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 26bfa74e-bfb8-4f60-9bfe-5a4ea95d9639

📥 Commits

Reviewing files that changed from the base of the PR and between 828c675 and 2641d74.

📒 Files selected for processing (9)
  • .github/workflows/ci.yml
  • .github/workflows/claude-code.yml
  • .github/workflows/claude-md-drift.yml
  • .github/workflows/codex-code.yml
  • .github/workflows/external-contribution.yml
  • .github/workflows/gemini-code.yml
  • .github/workflows/release.yml
  • .github/workflows/secrets-scan.yml
  • .github/workflows/verify-pins.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/bump-public-workflows-v2.9.3

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gemini Review

Critical Issues

None.

Security

No security concerns flagged.

Suggestions

No suggestions.


Reviewed by Gemini (gemini-3.1-pro-preview)

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Review

Critical issues

None. All 9 workflow files bump cleanly to a single consistent commit SHA (0c602372f3d0d038912dd08e159ecc83954a4995, labeled v2.9.3). Pure pin bump, no caller-side config changes.

Security

  • Pins remain full 40-char commit SHAs (not tags), preserving immutable supply-chain pinning — good. Worth a one-time confirmation that 0c602372... is the actual commit the v2.9.3 tag points to in praetorian-inc/public-workflows, since the SHA is what's trusted and the version comment is advisory only.
  • No permissions blocks were changed; callers retain their existing least-privilege scopes.

Test coverage

N/A — CI workflow pin bump only, no *.go/*.ts/*.py production code touched.

No critical issues — LGTM pending human review.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Codex Review

No critical issues — LGTM pending human review.

Checked git diff HEAD^1 HEAD, git diff --check, and YAML parsing for the changed workflow files. Sandbox DNS blocked fetching public-workflows for deeper callee inspection.


Reviewed by Codex (gpt-5.5)

@nsportsman nsportsman merged commit bb9d8c3 into main Jun 8, 2026
16 checks passed
@nsportsman nsportsman deleted the chore/bump-public-workflows-v2.9.3 branch June 8, 2026 06:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant