* chore(bump-plugin-shas): re-pin to community 426e469f (subdir-existence guard #267)
Picks up anthropics/claude-plugins-community#267 — guards subdir existence
before manifest synthesis, so a strict:false external whose source.path subdir
vanished at the new SHA is a clean "subdir not found" skip instead of a phantom
synthesized manifest + false bump. Clean one-commit pull-forward from a27629fc.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* chore(validate-plugins,scan-plugins): re-pin to community 426e469f
Aligns all three shared community action pins on the same SHA (426e469f). The
validate-plugins/scan-plugins actions are unchanged between d207465 and 426e469f
(only bump-plugin-shas changed in #266/#267) — SHA-consistency, no behavior change.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Bumps the bump-plugin-shas action pin to the new claude-plugins-community SHA
(a27629fc) which adds (1) manifest synthesis for strict:false skills-only
externals — so they can finally be bumped instead of drifting — and (2) an
`only` input to target ONE plugin on demand.
Surfaces the targeting as a `plugin` workflow_dispatch input threaded into the
action's `with:` block, so an operator can run:
gh workflow run bump-plugin-shas.yml --repo anthropics/claude-plugins-official -f plugin=<name>
(e.g. to bump the now-eligible netsuite-suitecloud, a strict:false entry the
old action hard-skipped). Empty `plugin` = unchanged nightly behavior.
The plugin->only->ONLY->bump.sh chain was reviewed (ultra) and e2e-verified live
on claude-plugins-community before this pin bump.
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Re-pin to current upstream HEAD (oracle/netsuite-suitecloud-sdk@master, incl. the
26.1 release). The prior pin was ~2 weeks / 51 commits behind. Metadata-only change
to the source SHA.
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Shorten the description to a concise tagline, add author.url for the
"Made by" link, and point homepage to auth0.com.
Plugin name stays lowercase to match marketplace convention.
Pinned source.sha left intact — maintained by bump-plugin-shas.yml.
Addresses #1736.
Co-authored-by: Bharath Natarajan <166125343+brth31@users.noreply.github.com>
Bumps the pinned SHA (43bacf4 -> cbfc8e8, oracle/netsuite-suitecloud-sdk
master) and expands the skills array to include four skills Oracle has
added upstream since the original consolidation:
- netsuite-owasp-secure-coding
- netsuite-sdf-project-documentation
- netsuite-suitescript-records-reference
- netsuite-suitescript-upgrade
Validated locally with `claude plugin validate` (passes). Author: Oracle
NetSuite (UPL-1.0). Opened manually because the SHA-bump automation skips
skills-only git-subdir entries that have no literal plugin.json.
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* ci: bump validate-plugins action pin to self-healing CLI install
Bumps the pinned validate-plugins action SHA (f846a0bc -> 5d75f99) to pick up
two fixes already merged in claude-plugins-community:
1. Self-healing claude CLI install (community#233): the prior pin's install step
was a bare `npm i -g @anthropic-ai/claude-code@latest && claude --version`,
which intermittently stalled (a 28-min hang -> "native binary not installed")
and jammed whichever bump PR caught it (e.g. desktop-commander #2985). The new
step forces the optional native dep, verifies the binary, re-runs the
postinstall on a miss, and bounds every network step with a timeout.
2. strict:false skills-only manifest synthesis: the prior pin hard-required a
plugin.json for external git-subdir sources, false-failing skills-only entries
that the marketplace server synthesizes a manifest for. This is what blocks
#2997 (learn-with-coursera) and #2312 (netsuite-suitecloud) today; the bumped
action synthesizes a minimal manifest for them instead.
No other change. The action stays on claude-cli-version: latest.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* ci: pin scan-plugins + bump-plugin-shas to self-healing action too
Extend the validate-plugins pin bump (this PR) to the other two shared actions
that install the claude CLI the same flaky way. All three now pin the same
claude-plugins-community SHA (d207465) carrying the self-healing install
(community#233 + #234): force the optional native dep, verify, re-run postinstall
on a miss, timeout every network step, retry with real reinstalls.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* ci: run validate on workflow-file changes (fix required-check deadlock)
A PR touching only .github/workflows/** (e.g. an action-SHA re-pin like this one)
never matched validate-plugins.yml's pull_request path filter, so the required
'validate' check never ran and the PR sat 'Expected — Waiting for status to be
reported' with no way to clear it (workflow_dispatch check runs aren't associated
with the PR, so they don't satisfy the required check; the ruleset has no bypass
actors). Add .github/workflows/** to the trigger so workflow-only PRs validate
in-context and can clear the gate — and so this PR unblocks itself.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>