chore: use signed commits in auto-vetting workflow

[bronzelle-cw]

Summary

This updates dependabot-auto-vet to use peter-evans/create-pull-request for signed commits and pins the action to an immutable commit SHA (c0f553fe549906ede9cf27b5156039d195d2ece0, v8.1.0) to align with supply-chain hardening policy. It also guards PR-specific steps

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Checkout Ref Resolution The fallback expression for ref in the checkout step may not work outside pull_request events; consider using github.head_ref or adding an explicit guard for non-PR workflows. ref: ${{ github.event.pull_request.head.sha || github.sha }} Expose Outputs Scope The "Expose commit outputs" step runs on all events and can fail if signed_commit didn't run. Scope it to pull_request or add an if guard to avoid errors in other contexts. - name: Expose commit outputs id: commit if: always() run: |

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Safely fallback checkout ref Referencing github.event.pull_request.head.sha when the event is not a PR can cause the checkout step to fail. Use a conditional expression to fall back safely to github.sha outside PRs. .github/workflows/dependabot-auto-vet.yml [32-33] with: - ref: ${{ github.event.pull_request.head.sha || github.sha }} + ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} Suggestion importance[1-10]: 8 __ Why: Without checking github.event_name, referencing github.event.pull_request.head.sha on non-PR events can break the checkout step, so this change improves workflow robustness.	Medium

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 49ddfb44d4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.38%. Comparing base (b398b4d) to head (18a3f71).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2451      +/-   ##
==========================================
+ Coverage   84.36%   84.38%   +0.01%     
==========================================
  Files         141      141              
  Lines       10803    10808       +5     
==========================================
+ Hits         9114     9120       +6     
+ Misses       1689     1688       -1     

Flag	Coverage Δ
contracts-rocks-asset-transit-desk	43.62% <ø> (ø)
contracts-rocks-balance-freezer	42.71% <ø> (ø)
contracts-rocks-balance-tracker	43.06% <ø> (+0.02%)	⬆️
contracts-rocks-base	43.62% <ø> (ø)
contracts-rocks-blueprint	43.97% <ø> (ø)
contracts-rocks-capybara-finance	44.29% <ø> (ø)
contracts-rocks-capybara-finance-v2	44.36% <ø> (ø)
contracts-rocks-card-payment-processor	44.06% <ø> (ø)
contracts-rocks-card-payment-processor-v2	44.36% <ø> (ø)
contracts-rocks-cashier	43.97% <ø> (ø)
contracts-rocks-credit-agent	43.26% <ø> (ø)
contracts-rocks-multisig	43.95% <ø> (ø)
contracts-rocks-net-yield-distributor	43.99% <ø> (+0.02%)	⬆️
contracts-rocks-periphery	42.71% <ø> (ø)
contracts-rocks-shared-wallet-controller	44.00% <ø> (ø)
contracts-rocks-token	44.06% <ø> (ø)
contracts-rocks-treasury	43.68% <ø> (ø)
e2e-admin-password	22.83% <ø> (-0.02%)	⬇️
e2e-clock-stratus	25.69% <ø> (ø)
e2e-genesis	27.22% <ø> (ø)
e2e-importer-offline	59.98% <ø> (-0.20%)	⬇️
e2e-rpc-downloader	54.96% <ø> (-0.20%)	⬇️
e2e-stratus	57.60% <ø> (ø)
leader-follower-	61.69% <ø> (+0.02%)	⬆️
rust-tests	30.76% <ø> (+0.11%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.