diff --git a/.github/workflows/bump-plugin-shas.yml b/.github/workflows/bump-plugin-shas.yml index 4fb48e57..25ad0cd5 100644 --- a/.github/workflows/bump-plugin-shas.yml +++ b/.github/workflows/bump-plugin-shas.yml @@ -51,7 +51,7 @@ jobs: # createCommitOnBranch-based bump so commits are signed by GitHub and # satisfy the org-level required_signatures ruleset on main. - - uses: anthropics/claude-plugins-community/.github/actions/bump-plugin-shas@e2019b2a01f11aa1484c53540b1cfab5eebbc299 + - uses: anthropics/claude-plugins-community/.github/actions/bump-plugin-shas@d207465eb6ec02b6f3f1dbb131717830dc9ecc68 id: bump with: marketplace-path: .claude-plugin/marketplace.json diff --git a/.github/workflows/scan-plugins.yml b/.github/workflows/scan-plugins.yml index 176a99dc..5ec2300f 100644 --- a/.github/workflows/scan-plugins.yml +++ b/.github/workflows/scan-plugins.yml @@ -196,7 +196,7 @@ jobs: continue-on-error: true # Pinned to claude-plugins-community#34 (WIF input support). # TODO: re-pin to a main-branch SHA once #34 merges. - uses: anthropics/claude-plugins-community/.github/actions/scan-plugins@e85f0d65b4fc87f07862e1dcdc467950514414ec + uses: anthropics/claude-plugins-community/.github/actions/scan-plugins@d207465eb6ec02b6f3f1dbb131717830dc9ecc68 with: # Anthropic auth via Workload Identity Federation — the action # mints a GitHub OIDC token (id-token: write above) and the claude diff --git a/.github/workflows/validate-plugins.yml b/.github/workflows/validate-plugins.yml index dea61653..608f3b42 100644 --- a/.github/workflows/validate-plugins.yml +++ b/.github/workflows/validate-plugins.yml @@ -32,7 +32,7 @@ jobs: with: fetch-depth: 0 - - uses: anthropics/claude-plugins-community/.github/actions/validate-plugins@5d75f9912fedf8609e56fa7c7f9d717581c98a3d + - uses: anthropics/claude-plugins-community/.github/actions/validate-plugins@d207465eb6ec02b6f3f1dbb131717830dc9ecc68 with: marketplace-path: .claude-plugin/marketplace.json # Official curated marketplace: SHA-pin (I5) is a HARD error.