From 39e7b83bc348a7f34f0e3ec97b03f912d0919282 Mon Sep 17 00:00:00 2001 From: JacobPEvans <20714140+JacobPEvans@users.noreply.github.com> Date: Sun, 24 May 2026 20:22:50 -0400 Subject: [PATCH] chore(ci): add minimal gh-aw-pin-refresh.yml Trims the distributor template to the minimum required for the reusable `_gh-aw-pin-refresh.yml` to function: - Drop `name:` (defaults from filename in the Actions UI) - Drop `workflow_dispatch.inputs.operation` block (reusable workflow defaults to 'compile'; manual upgrade can be re-added when needed) - Drop `with.operation:` (no longer passing an input) - Drop tz-conversion comments on the cron lines Kept: - `permissions: {}` at workflow level - default-deny is best practice - `concurrency:` - prevents overlapping scheduled runs - Job-level `contents: write` + `pull-requests: write` - required by the reusable workflow The distributor template in JacobPEvans/ai-workflows should be slimmed to match so future distributions stay consistent across consumers. Replaces the unsigned distributor-bot commit on this branch with a single signed commit so the required_signatures ruleset passes. Assisted-by: Claude --- .github/workflows/gh-aw-pin-refresh.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/gh-aw-pin-refresh.yml diff --git a/.github/workflows/gh-aw-pin-refresh.yml b/.github/workflows/gh-aw-pin-refresh.yml new file mode 100644 index 0000000..df5b4a4 --- /dev/null +++ b/.github/workflows/gh-aw-pin-refresh.yml @@ -0,0 +1,20 @@ +on: + schedule: + - cron: "0 12 * * 1" # Monday 12:00 UTC + - cron: "0 12 * * 4" # Thursday 12:00 UTC + workflow_dispatch: + +permissions: {} + +concurrency: + group: gh-aw-pin-refresh + cancel-in-progress: false + +jobs: + refresh: + permissions: + contents: write + pull-requests: write + uses: JacobPEvans/.github/.github/workflows/_gh-aw-pin-refresh.yml@main + secrets: + GH_APP_PRIVATE_KEY: ${{ secrets.GH_APP_PRIVATE_KEY }}