ci(deps): bump complytime/org-infra/.github/workflows/reusable_scheduled.yml from 0.2.1 to 0.3.0

[dependabot]

Bumps complytime/org-infra/.github/workflows/reusable_scheduled.yml from 0.2.1 to 0.3.0.

Release notes

Sourced from complytime/org-infra/.github/workflows/reusable_scheduled.yml's releases.

v0.3.0

org-infra 0.3.0

Central reusable GitHub Actions workflows, CI templates, compliance policy assets, and org sync tooling. Downstream repos usually consume this repo via workflow uses: pins or version tags.

Before you upgrade

• Treat workflow YAML updates as potentially breaking for every consumer until you’ve reviewed them.
• Use the Workflows & GitHub Actions section below for PRs that touched pipelines; for exact paths and hunks, open the compare link and narrow Files changed to .github/workflows/.

View full diff: v0.2.1 → v0.3.0

Changes

• feat(crapload): multi-module package resolution and baseline guidance — #253 · @​trevor-vaughan
• fix: follow-up hardening and consistency fixes for crapload workflow — #266 · @​marcusburghardt
• fix(ci): update compliance workflow for providers split and Quay direct fetch — #277 · @​sonupreetam
• feat: self-testing workflows with sync ref transformation — #271 · @​marcusburghardt
• feat(ghcr): support unprotected ref publishing with security gating — #285 · @​trevor-vaughan
• fix(ci): add non-root user to test Containerfile — #291 · @​marcusburghardt
• fix(ci): skip GHCR publish tests on dependabot PRs — #293 · @​marcusburghardt
• refactor(ci): extract trivy image scan into separate reusable workflow — #290 · @​marcusburghardt
• refactor!: rename ampel policy IDs to semantic slugs — #296 · @​marcusburghardt
• fix: skip GazeCRAP regression check when baseline is zero — #298 · @​gvauter
• feat(sync): include website repo in sync pipeline — #305 · @​sonupreetam
• fix: remediate pre-existing zizmor findings blocking CI — #303 · @​marcusburghardt

Maintenance

• ci(deps): bump complytime/org-infra/.github/workflows/reusable_dependabot_reviewer.yml from 0.2.0 to 0.2.1 — #262 · @dependabot[bot]
• ci(deps): bump complytime/org-infra/.github/workflows/reusable_security.yml from 0.2.0 to 0.2.1 — #264 · @dependabot[bot]
• ci(deps): bump complytime/org-infra/.github/workflows/reusable_crapload_analysis.yml from 0.2.0 to 0.2.1 — #263 · @dependabot[bot]
• ci(deps): bump complytime/org-infra/.github/workflows/reusable_deps_reviewer.yml from 0.2.0 to 0.2.1 — #261 · @dependabot[bot]
• ci(deps): bump SonarSource/sonarqube-scan-action from 8.0.0 to 8.1.0 — #265 · @dependabot[bot]
• ci(deps): bump complytime/org-infra/.github/workflows/reusable_scheduled.yml from 0.2.0 to 0.2.1 — #269 · @dependabot[bot]
• ci(deps): bump complytime/org-infra/.github/workflows/reusable_vuln_scan.yml from 0.2.0 to 0.2.1 — #270 · @dependabot[bot]
• ci(deps): bump complytime/org-infra/.github/workflows/reusable_ci.yml from 0.2.0 to 0.2.1 — #268 · @dependabot[bot]
• ci(deps): bump complytime/org-infra/.github/workflows/reusable_compliance.yml from 0.2.0 to 0.2.1 — #267 · @dependabot[bot]
• ci(deps): bump docker/login-action from 4.1.0 to 4.2.0 — #273 · @dependabot[bot]
• ci(deps): bump docker/metadata-action from 6.0.0 to 6.1.0 — #274 · @dependabot[bot]
• ci(deps): bump github/codeql-action from 4.35.5 to 4.36.0 — #275 · @dependabot[bot]
• ci(deps): bump docker/build-push-action from 7.1.0 to 7.2.0 — #272 · @dependabot[bot]
• ci(deps): bump release-drafter/release-drafter from 7.3.0 to 7.3.1 — #283 · @dependabot[bot]
• ci(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0 — #282 · @dependabot[bot]
• chore(deps): bump https://github.com/astral-sh/ruff-pre-commit from v0.15.13 to 0.15.14 — #281 · @dependabot[bot]
• chore(deps): bump ruff from 0.8.4 to 0.15.14 — #280 · @dependabot[bot]
• chore(deps): bump yamllint from 1.35.1 to 1.38.0 — #279 · @dependabot[bot]
• ci(deps): bump tj-actions/changed-files from 45.0.1 to 47.0.6 — #288 · @dependabot[bot]
• ci(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0 — #287 · @dependabot[bot]

... (truncated)

Commits

• 15476ef ci(deps): bump imjasonh/setup-crane from 0.5 to 0.6
• 6e759ed ci(deps): bump actions/checkout from 6.0.2 to 6.0.3
• 66e8217 fix: scope GitHub App token permissions in sync workflow
• 1bc91b8 fix: remediate template-injection in dependabot reviewer
• 47af6a3 fix: remediate template-injection in resuable_publish_quay
• 3741c0e fix: add persist-credentials false to checkout steps
• c18c8d9 feat(sync): include website repo in sync pipeline
• 3b35fd1 ci(deps): bump github/codeql-action from 4.36.0 to 4.36.1
• b99a917 chore(deps): bump ruff from 0.15.14 to 0.15.15
• 6b38015 chore(deps): bump https://github.com/astral-sh/ruff-pre-commit
• Additional commits viewable in compare view

[github-actions]

CRAP Load Analysis

No Go code changes detected in this PR. No CRAP impact.

[github-actions]

🤖 Standardized Dependabot Review Summary 🤖

This PR was processed by the organization's reusable CI pipeline.

Criterion	Status	Detail
Dependencies Review	success	View logs
Calculated Risk	medium	complytime/org-infra/.github/workflows/reusable_scheduled.yml v0.3.0
Release Age	unknown	Release date unavailable — manual review required
Dependency Usage	unavailable	Informational only — does not affect approval

Auto-approval: ⏳ Manual review required

---

Maintainer check list:

1. Ensure the PR passed all CI tests (required status checks).
2. Investigate failures for Major updates or any manual review requirement.
3. Don't overlook breaking changes and changelog information.
4. If the scorecard value is low, consider to contribute to make it higher. Everybody wins!
5. Be diligent. When in doubt, ask another maintainer for additional review.

[marcusburghardt]

LGTM

[marcusburghardt]

@dependabot rebase

[github-actions]

🤖 Standardized Dependabot Review Summary 🤖

This PR was processed by the organization's reusable CI pipeline.

Criterion	Status	Detail
Dependencies Review	success	View logs
Calculated Risk	medium	complytime/org-infra/.github/workflows/reusable_scheduled.yml v0.3.0
Release Age	unknown	Release date unavailable — manual review required
Dependency Usage	1 repos	Informational only — does not affect approval

Auto-approval: ⏳ Manual review required

---

Maintainer check list:

1. Ensure the PR passed all CI tests (required status checks).
2. Investigate failures for Major updates or any manual review requirement.
3. Don't overlook breaking changes and changelog information.
4. If the scorecard value is low, consider to contribute to make it higher. Everybody wins!
5. Be diligent. When in doubt, ask another maintainer for additional review.

[marcusburghardt]

@dependabot rebase

[github-actions]

🤖 Standardized Dependabot Review Summary 🤖

This PR was processed by the organization's reusable CI pipeline.

Criterion	Status	Detail
Dependencies Review	success	View logs
Calculated Risk	medium	complytime/org-infra/.github/workflows/reusable_scheduled.yml v0.3.0
Release Age	unknown	Release date unavailable — manual review required
Dependency Usage	unavailable	Informational only — does not affect approval

Auto-approval: ⏳ Manual review required

---

Maintainer check list:

1. Ensure the PR passed all CI tests (required status checks).
2. Investigate failures for Major updates or any manual review requirement.
3. Don't overlook breaking changes and changelog information.
4. If the scorecard value is low, consider to contribute to make it higher. Everybody wins!
5. Be diligent. When in doubt, ask another maintainer for additional review.

[github-actions]

🤖 Standardized Dependabot Review Summary 🤖

This PR was processed by the organization's reusable CI pipeline.

Criterion	Status	Detail
Dependencies Review	success	View logs
Calculated Risk	medium	complytime/org-infra/.github/workflows/reusable_scheduled.yml v0.3.0
Release Age	unknown	Release date unavailable — manual review required
Dependency Usage	1 repos	Informational only — does not affect approval

Auto-approval: ⏳ Manual review required

---

Maintainer check list:

1. Ensure the PR passed all CI tests (required status checks).
2. Investigate failures for Major updates or any manual review requirement.
3. Don't overlook breaking changes and changelog information.
4. If the scorecard value is low, consider to contribute to make it higher. Everybody wins!
5. Be diligent. When in doubt, ask another maintainer for additional review.