From 79dd437e632d1ba1ae8a1836a52b1aa05bb2fb74 Mon Sep 17 00:00:00 2001
From: SoulPancake <angbpy@gmail.com>
Date: Tue, 2 Jun 2026 11:28:52 +0530
Subject: [PATCH 1/3] chore: skip github release and use gpg signed tag flow

---
 release-please-config.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/release-please-config.json b/release-please-config.json
index a343eb3b..e4a2e4c8 100644
--- a/release-please-config.json
+++ b/release-please-config.json
@@ -2,8 +2,7 @@
   "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
   "release-type": "simple",
   "pull-request-title-pattern": "release: v${version}",
-  "draft": true,
-  "force-tag-creation": true,
+  "skip-github-release": true,
   "packages": {
     ".": {
       "package-name": "",

From 4e25074af30c048c0200546e1e5a2ec6a4639781 Mon Sep 17 00:00:00 2001
From: SoulPancake <angbpy@gmail.com>
Date: Tue, 2 Jun 2026 12:18:21 +0530
Subject: [PATCH 2/3] chore: point reusable workflows to openfga/.github

---
 .github/workflows/main.yaml          | 2 +-
 .github/workflows/pr-title-check.yml | 2 +-
 .github/workflows/release-please.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index 43ac322a..e3b87887 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -154,4 +154,4 @@ jobs:
     needs: [publish-maven-central, publish-github-packages]
     permissions:
       contents: write
-    uses: openfga/sdk-generator/.github/workflows/undraft-release.yml@main
+    uses: openfga/.github/.github/workflows/undraft-release.yml@main
diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml
index e5061b04..90232363 100644
--- a/.github/workflows/pr-title-check.yml
+++ b/.github/workflows/pr-title-check.yml
@@ -10,5 +10,5 @@ jobs:
   pr-title-check:
     permissions:
       pull-requests: read
-    uses: openfga/sdk-generator/.github/workflows/pr-title-check.yml@main
+    uses: openfga/.github/.github/workflows/pr-title-check.yml@main
 
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index 4672d6ee..89d52f4b 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -36,7 +36,7 @@ jobs:
     if: |
       github.event_name == 'workflow_dispatch' ||
       startsWith(github.event.head_commit.message, 'release:')
-    uses: openfga/sdk-generator/.github/workflows/release-please.yml@main
+    uses: openfga/.github/.github/workflows/release-please.yml@main
     with:
       trigger-event:   ${{ github.event_name }}
       bump-type:       ${{ inputs.bump-type || 'auto' }}

From d6f16a6841aaee71df9fb568f4acda42d3d87b3e Mon Sep 17 00:00:00 2001
From: SoulPancake <angbpy@gmail.com>
Date: Tue, 2 Jun 2026 13:02:05 +0530
Subject: [PATCH 3/3] chore: add least-privilege top-level permissions to
 pr-title workflow

---
 .github/workflows/pr-title-check.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml
index 90232363..748e0ddd 100644
--- a/.github/workflows/pr-title-check.yml
+++ b/.github/workflows/pr-title-check.yml
@@ -6,6 +6,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   pr-title-check:
     permissions: