chore: update feature-ideation uses: SHA to v1 (ee22b42)

[don-petry]

Updates the uses: SHA in .github/workflows/feature-ideation.yml to match the new v1 tag after PR #102 merged.

• Old SHA: 208ec2d (previous v1)
• New SHA: ee22b42 (merge commit of feat(feature-ideation): add curated reputable source list for Mary #102)

Also removes the "bump SHA after tag update" reminder comment since it's now done.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated internal workflow configurations for feature ideation processes. No end-user visible changes.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0cc0f9f8-d25c-4005-a379-ebeba2f37ab0

📥 Commits

Reviewing files that changed from the base of the PR and between 126c144 and f610b2b.

📒 Files selected for processing (2)

• .github/workflows/feature-ideation.yml
• standards/workflows/feature-ideation.yml

---

📝 Walkthrough

Walkthrough

Updated GitHub Actions reusable workflow commit SHA references in two workflow files to consolidate both to the same target commit ee22b427cbce9ecadcf2b436acb57c3adf0cb63d for the feature-ideation workflow.

Changes

Cohort / File(s)	Summary
Reusable Workflow Reference Updates .github/workflows/feature-ideation.yml, standards/workflows/feature-ideation.yml	Updated reusable workflow commit SHA pinning to ee22b427cbce9ecadcf2b436acb57c3adf0cb63d, aligning both workflow references to the same revision.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• Add Feature Ideation workflow as standard for BMAD-enabled repos #81: Updates the uses: commit SHA for the org reusable feature-ideation workflow that this PR references
• feat(workflows): pin reusable callers to @v1 and document tier model #88: Modifies the same reusable-workflow uses: reference pinning for the feature-ideation caller
• feat(feature-ideation): add curated reputable source list for Mary #102: Updates the same reusable workflow uses: commit SHA in feature-ideation workflow stubs

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main change: updating the feature-ideation workflow SHA reference to v1 with the specific commit hash (ee22b42), which aligns with the primary purpose of both file modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/bump-v1-sha

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates the feature-ideation workflow caller stub to point at the latest v1-tagged reusable workflow commit, removing the now-stale “bump SHA” reminder.

Changes:

• Bumps the pinned uses: ref for petry-projects/.github/.github/workflows/feature-ideation-reusable.yml from 208ec2d... to ee22b42....
• Removes the “bump SHA after tag update” reminder from the uses: line comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[don-petry]

Superseded by automated re-review at 078ec43204361cae11308f94fcadc0733eb173ca — click to expand prior review.

Automated review — APPROVED

Risk: LOW
Reviewed commit: 27f14fe92b0d079327ac6d1065c3b0e8b050b4e2
Cascade: triage → deep (see triage: haiku 4.5 → deep: sonnet 4.6 + duck: gpt-5.4 → audit: opus 4.6 for models)

Summary

This PR updates two pinned SHA references for a reusable GitHub Actions workflow from stale values to ee22b42, which is confirmed to be the exact commit the v1 tag points to in the same repo. All CI checks pass (Lint, ShellCheck, CodeQL, SonarCloud, AgentShield, Feature Ideation Tests), and the change follows correct SHA-pinning security practice. No secrets, credentials, schema changes, or logic modifications are involved.

Findings

Info

• .github/workflows/feature-ideation.yml:66 — SHA ee22b42... verified against v1 tag via GitHub API — tag and pin are in sync.
• standards/workflows/feature-ideation.yml:91 — Both caller stubs now reference the same verified SHA (updated from ae9709f... to ee22b42...).
• .github/workflows/feature-ideation.yml:66 — Removal of # bump SHA after tag update reminder comment is appropriate now that the SHA bump is complete.

CI status

All CI checks pass: Lint, ShellCheck, CodeQL, SonarCloud, AgentShield, Feature Ideation Tests.

---

Reviewed by the don-petry PR-review cascade (triage: haiku 4.5 → deep: sonnet 4.6 + duck: gpt-5.4 → audit: opus 4.6). Reply with @don-petry if you need a human.

[donpetry-bot]

Reviewed by the don-petry PR-review cascade (triage: haiku 4.5 → deep: sonnet 4.6 + duck: gpt-5.4 → audit: opus 4.6). Reply with @don-petry if you need a human.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[donpetry-bot]

Automated review — APPROVED ✓

Risk: LOW
Reviewed commit: a191bfcfa6fc014ce4d88ea3ba70860a890233d4
Review mode: triage-approved (single reviewer)

Summary

Single-line CI workflow change pinning petry-projects/.github/.github/workflows/agent-shield-reusable.yml from the mutable @v1 tag to the exact commit SHA 0cb4bba11d7563bf197ad805f12fb8639e4879e4, with the # v1 human-readable comment retained and the with: required-files: AGENTS.md input preserved. Verified via gh api repos/petry-projects/.github/git/refs/tags/v1 that the pinned SHA matches the actual commit currently behind the v1 tag. Conforms to the org action-pinning policy and follows the same pattern as the recently merged #127 (auto-rebase-reusable.yml SHA pin).

Linked issue analysis

Closes #114 — a compliance-audit finding for unpinned-actions-agent-shield.yml flagging that agent-shield.yml had 1 action not pinned to SHA. The PR addresses exactly that line; no other unpinned references remain in this workflow.

Findings

No issues found.

• SHA pin verified against upstream tag v1 (matches 0cb4bba11d7563bf197ad805f12fb8639e4879e4).
• Repo-specific with: inputs preserved unchanged.
• No secrets, permissions, or trigger surface modified.
• Pre-existing missing trailing newline on the file is unchanged by this PR; out of scope.

CI status

All required checks green: AgentShield, Claude Code, CodeQL (Analyze actions), Dependency audit (ecosystem detect), SonarCloud / SonarCloud Code Analysis (Quality Gate passed, 0 new issues), CodeRabbit. Dependabot auto-merge and ecosystem-specific audit jobs correctly skipped (no matching ecosystems / not a Dependabot PR). CodeRabbit posted a rate-limit notice but its status check reports SUCCESS; gemini-code-assist skipped due to unsupported file type. Mergeable: yes; merge state BLOCKED only on the required human review.

---

Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.