diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml index ed80480..b0eebf5 100644 --- a/.github/workflows/dependabot-automerge.yml +++ b/.github/workflows/dependabot-automerge.yml @@ -17,7 +17,7 @@ permissions: jobs: automerge: if: ${{ github.actor == 'dependabot[bot]' }} - uses: modeled-information-format/.github/.github/workflows/reusable-dependabot-automerge.yml@5c856f8118976bfd3bb64a8911f69dc9b00b4cad # reusable-dependabot-automerge.yml @ .github main + uses: modeled-information-format/.github/.github/workflows/reusable-dependabot-automerge.yml@f29366f7dbe223fcf14e8994483fec667faa3164 # reusable-dependabot-automerge.yml @ .github main with: update-types: patch secrets: diff --git a/.github/workflows/quality-gates.yml b/.github/workflows/quality-gates.yml index 1b4d5fd..c70044d 100644 --- a/.github/workflows/quality-gates.yml +++ b/.github/workflows/quality-gates.yml @@ -75,9 +75,13 @@ jobs: contents: read actions: read uses: >- - modeled-information-format/.github/.github/workflows/reusable-scorecard.yml@5c856f8118976bfd3bb64a8911f69dc9b00b4cad + modeled-information-format/.github/.github/workflows/reusable-scorecard.yml@f29366f7dbe223fcf14e8994483fec667faa3164 with: publish-results: false + secrets: + # CI app key so Scorecard scores Branch-Protection from real settings; its + # client-id is vars.CI_CLIENT_APP_ID (read inside the reusable). + app-private-key: ${{ secrets.CI_CLIENT_APP_PRIVATE_KEY }} # --- plugin-constituent gates (NEW reusables, merged #12/#13) --------------- shellcheck: