From 38bc062d20540116b88a33e50433ce872f7fa9c0 Mon Sep 17 00:00:00 2001
From: Ulzii Otgonbaatar <ulzii@kernel.sh>
Date: Thu, 9 Apr 2026 09:32:58 -0600
Subject: [PATCH 1/3] ci: use centralized vuln remediation workflow from infra

Made-with: Cursor
---
 .github/vuln-remediation.json          |  5 +++++
 .github/workflows/vuln-remediation.yml | 17 +++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 .github/vuln-remediation.json
 create mode 100644 .github/workflows/vuln-remediation.yml

diff --git a/.github/vuln-remediation.json b/.github/vuln-remediation.json
new file mode 100644
index 0000000..e4613ca
--- /dev/null
+++ b/.github/vuln-remediation.json
@@ -0,0 +1,5 @@
+{
+  "non_production_paths": [],
+  "skip_packages": [],
+  "ecosystems": ["go"]
+}
diff --git a/.github/workflows/vuln-remediation.yml b/.github/workflows/vuln-remediation.yml
new file mode 100644
index 0000000..aa1a6c4
--- /dev/null
+++ b/.github/workflows/vuln-remediation.yml
@@ -0,0 +1,17 @@
+name: Vulnerability Remediation
+
+on:
+  schedule:
+    - cron: '0 3 * * 3'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  remediate:
+    uses: kernel/infra/.github/workflows/vuln-remediation.yml@main
+    with:
+      go-version-file: 'go.mod'
+    secrets: inherit

From 5089e4b67507416871625559dd04d2376a86b9b4 Mon Sep 17 00:00:00 2001
From: Ulzii Otgonbaatar <ulzii@kernel.sh>
Date: Thu, 9 Apr 2026 09:40:25 -0600
Subject: [PATCH 2/3] ci: replace custom config with socket.yml

Made-with: Cursor
---
 .github/vuln-remediation.json | 5 -----
 socket.yml                    | 1 +
 2 files changed, 1 insertion(+), 5 deletions(-)
 delete mode 100644 .github/vuln-remediation.json
 create mode 100644 socket.yml

diff --git a/.github/vuln-remediation.json b/.github/vuln-remediation.json
deleted file mode 100644
index e4613ca..0000000
--- a/.github/vuln-remediation.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "non_production_paths": [],
-  "skip_packages": [],
-  "ecosystems": ["go"]
-}
diff --git a/socket.yml b/socket.yml
new file mode 100644
index 0000000..22817d2
--- /dev/null
+++ b/socket.yml
@@ -0,0 +1 @@
+version: 2

From 76b7895683e1e1b5362913ef73ef64569d3c34e3 Mon Sep 17 00:00:00 2001
From: Ulzii Otgonbaatar <ulzii@kernel.sh>
Date: Fri, 10 Apr 2026 11:24:54 -0600
Subject: [PATCH 3/3] ci: point vuln remediation at kernel/security-workflows

Made-with: Cursor
---
 .github/workflows/vuln-remediation.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vuln-remediation.yml b/.github/workflows/vuln-remediation.yml
index aa1a6c4..22ee065 100644
--- a/.github/workflows/vuln-remediation.yml
+++ b/.github/workflows/vuln-remediation.yml
@@ -11,7 +11,7 @@ permissions:
 
 jobs:
   remediate:
-    uses: kernel/infra/.github/workflows/vuln-remediation.yml@main
+    uses: kernel/security-workflows/.github/workflows/vuln-remediation.yml@main
     with:
       go-version-file: 'go.mod'
     secrets: inherit