Summary
The shared reusable workflows in this repo (e.g., check-semantic-pr.yml) are currently referenced via @main across all 12+ reqstool repos. This prevents Renovate/Dependabot from tracking version updates and makes it hard to pin for supply-chain security.
Proposal
- Tag this repo with semver (e.g.,
v1.0.0)
- Update all repos to reference
@v1 instead of @main
- This enables Renovate to track and auto-update the shared workflow reference
Affected repos
All repos that reference reqstool/.github/.github/workflows/check-semantic-pr.yml@main:
- reqstool-client
- reqstool-python-decorators
- reqstool-python-hatch-plugin
- reqstool-python-poetry-plugin
- reqstool-java-annotations
- reqstool-java-maven-plugin
- reqstool-java-gradle-plugin
- reqstool-typescript-tags
- reqstool-vscode-extension
- reqstool-demo
- reqstool-ai
- reqstool-test-packages
🤖 Generated with Claude Code
Summary
The shared reusable workflows in this repo (e.g.,
check-semantic-pr.yml) are currently referenced via@mainacross all 12+ reqstool repos. This prevents Renovate/Dependabot from tracking version updates and makes it hard to pin for supply-chain security.Proposal
v1.0.0)@v1instead of@mainAffected repos
All repos that reference
reqstool/.github/.github/workflows/check-semantic-pr.yml@main:🤖 Generated with Claude Code