diff --git a/.github/workflows/bump-plugin-shas.yml b/.github/workflows/bump-plugin-shas.yml index 107ebf5..371a4f1 100644 --- a/.github/workflows/bump-plugin-shas.yml +++ b/.github/workflows/bump-plugin-shas.yml @@ -57,7 +57,7 @@ jobs: # createCommitOnBranch-based bump so commits are signed by GitHub and # satisfy the org-level required_signatures ruleset on main. - - uses: anthropics/claude-plugins-community/.github/actions/bump-plugin-shas@a27629fc8c11488cc3e25ec527bb28196c5db04f + - uses: anthropics/claude-plugins-community/.github/actions/bump-plugin-shas@426e469f322952061102b286b378c0c9733a0934 id: bump with: marketplace-path: .claude-plugin/marketplace.json diff --git a/.github/workflows/scan-plugins.yml b/.github/workflows/scan-plugins.yml index 5ec2300..2836984 100644 --- a/.github/workflows/scan-plugins.yml +++ b/.github/workflows/scan-plugins.yml @@ -196,7 +196,7 @@ jobs: continue-on-error: true # Pinned to claude-plugins-community#34 (WIF input support). # TODO: re-pin to a main-branch SHA once #34 merges. - uses: anthropics/claude-plugins-community/.github/actions/scan-plugins@d207465eb6ec02b6f3f1dbb131717830dc9ecc68 + uses: anthropics/claude-plugins-community/.github/actions/scan-plugins@426e469f322952061102b286b378c0c9733a0934 with: # Anthropic auth via Workload Identity Federation — the action # mints a GitHub OIDC token (id-token: write above) and the claude diff --git a/.github/workflows/validate-plugins.yml b/.github/workflows/validate-plugins.yml index 6442ea1..da9bdf2 100644 --- a/.github/workflows/validate-plugins.yml +++ b/.github/workflows/validate-plugins.yml @@ -38,7 +38,7 @@ jobs: with: fetch-depth: 0 - - uses: anthropics/claude-plugins-community/.github/actions/validate-plugins@d207465eb6ec02b6f3f1dbb131717830dc9ecc68 + - uses: anthropics/claude-plugins-community/.github/actions/validate-plugins@426e469f322952061102b286b378c0c9733a0934 with: marketplace-path: .claude-plugin/marketplace.json # Official curated marketplace: SHA-pin (I5) is a HARD error.