From 5f2ca802bb94ea0f2964e03fee0b29f742cde4e0 Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 20 Jun 2026 07:46:12 +0000 Subject: [PATCH] ci(governance): pin governance-reusable to standards@main SHA Pins governance.yml's reusable-workflow ref from the moving @main to the commit it currently resolves to, 78b29005efe954822c86c553b40523b9fdae78d4 (read from the passing run's referenced_workflows metadata). Clears the OpenSSF Pinned-Dependencies / DependencyPinning finding. This is the CURRENT, fixed standards bundle (identical to what has been passing as @main) -- not the broken e0caf115 commit #31 had to revert (that older version checked out standards at the caller's SHA). Trade-off: governance no longer auto-tracks standards@main; bump this SHA when the standards bundle updates. Co-Authored-By: Claude Opus 4.8 Claude-Session: https://claude.ai/code/session_01Y2MWTAqX2x7goVJzjFB4j5 --- .github/workflows/governance.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/governance.yml b/.github/workflows/governance.yml index 653ef98..fc3b8c9 100644 --- a/.github/workflows/governance.yml +++ b/.github/workflows/governance.yml @@ -31,4 +31,4 @@ permissions: jobs: governance: - uses: hyperpolymath/standards/.github/workflows/governance-reusable.yml@main + uses: hyperpolymath/standards/.github/workflows/governance-reusable.yml@78b29005efe954822c86c553b40523b9fdae78d4 # standards@main, pinned 2026-06-20