From 02afb34cf7bf5d80855da149b6fcc1c88582c18f Mon Sep 17 00:00:00 2001
From: Danny Gershman <danny@radiusmethod.com>
Date: Tue, 27 Jan 2026 23:23:26 -0500
Subject: [PATCH 1/3] fix: correct flavour spelling

---
 .github/workflows/release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 1a3ee75..57125eb 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -22,7 +22,7 @@ jobs:
       id-token: write
     strategy:
       matrix:
-        flavor: []
+        flavor: [registry1]
         architecture: [amd64, arm64]
         exclude:
           - flavor: registry1

From 82f95eacb9b1ef22bfff7236067bb607bb8e0cf2 Mon Sep 17 00:00:00 2001
From: Danny Gershman <danny@radiusmethod.com>
Date: Tue, 27 Jan 2026 23:59:00 -0500
Subject: [PATCH 2/3] chore: sync from template repo

---
 .github/workflows/auto-update.yaml  | 23 +++++++++++++++++
 .github/workflows/ci-docs-shim.yaml | 35 --------------------------
 .github/workflows/commitlint.yaml   |  4 +--
 .github/workflows/lint.yaml         |  4 +--
 .github/workflows/release.yaml      |  2 +-
 .github/workflows/scan.yaml         |  4 +--
 .github/workflows/test.yaml         | 39 +++++++++++++++--------------
 .gitignore                          |  1 +
 renovate.json                       |  9 +------
 tasks.yaml                          | 23 ++++++++---------
 10 files changed, 63 insertions(+), 81 deletions(-)
 create mode 100644 .github/workflows/auto-update.yaml
 delete mode 100644 .github/workflows/ci-docs-shim.yaml

diff --git a/.github/workflows/auto-update.yaml b/.github/workflows/auto-update.yaml
new file mode 100644
index 0000000..7aeb7e6
--- /dev/null
+++ b/.github/workflows/auto-update.yaml
@@ -0,0 +1,23 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+name: Auto Update
+
+on:
+  schedule:
+    - cron: 0 14 * * * # daily at 8 AM Central (CST = UTC-6)
+
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+  contents: write # Allows writing content to the repository.
+  packages: read # Allows reading the content of the repository's packages.
+
+# Abort prior jobs in the same workflow / PR
+concurrency:
+  group: auto-update-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  auto-update:
+    uses: defenseunicorns/uds-common/.github/workflows/callable-auto-update.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
+    secrets: inherit # Inherits all secrets from the parent workflow.
diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml
deleted file mode 100644
index fa96902..0000000
--- a/.github/workflows/ci-docs-shim.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-# Copyright 2024 Defense Unicorns
-# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
-
-name: CI Doc Shim
-
-on:
-  pull_request:
-    paths:
-      - "**.md"
-      - "**.jpg"
-      - "**.png"
-      - "**.gif"
-      - "**.svg"
-      - adr/**
-      - docs/**
-      - .gitignore
-      - renovate.json
-      - releaser.yaml
-      - oscal-component.yaml
-      - CODEOWNERS
-      - LICENSE
-      - CONTRIBUTING.md
-      - SECURITY.md
-
-jobs:
-  validate:
-    strategy:
-      matrix:
-        type: [install, upgrade]
-        flavor: []
-    uses: defenseunicorns/uds-common/.github/workflows/callable-ci-docs-shim.yaml@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
-    with:
-      flavor: ${{ matrix.flavor }}
-      type: ${{ matrix.type }}
-    secrets: inherit # Inherits all secrets from the parent workflow.
diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
index e253696..9c359df 100644
--- a/.github/workflows/commitlint.yaml
+++ b/.github/workflows/commitlint.yaml
@@ -11,5 +11,5 @@ on:
     types: [milestoned, opened, edited, synchronize]
 
 jobs:
-  run:
-    uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
+  validate:
+    uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index c3d6d9e..a505931 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -11,6 +11,6 @@ on:
     types: [milestoned, opened, edited, synchronize]
 
 jobs:
-  run:
-    uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
+  validate:
+    uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
     secrets: inherit
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 57125eb..44b8548 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -27,7 +27,7 @@ jobs:
         exclude:
           - flavor: registry1
             architecture: arm64
-    uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
+    uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
     with:
       flavor: ${{ matrix.flavor }}
       options: --set BASE_REPO="ghcr.io/uds-packages"
diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
index e36e334..c481ed5 100644
--- a/.github/workflows/scan.yaml
+++ b/.github/workflows/scan.yaml
@@ -16,7 +16,7 @@ jobs:
     permissions:
       contents: read # Allows reading the content of the repository.
       packages: read # Allows reading the content of the repository's packages.
-      id-token: write # Allows authentication to Chainguard via OIDC.
+      id-token: write # Allows authentication to Rapidfort via OIDC.
       pull-requests: write # Allows writing the scan results comment to the pull request.
-    uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
+    uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
     secrets: inherit # Inherits all secrets from the parent workflow.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 1c7ca13..c60ce78 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -8,27 +8,12 @@ on:
   pull_request:
     # milestoned is added here so that a PR can be re-triggered if it is milestoned.
     types: [milestoned, opened, reopened, synchronize]
-    paths-ignore:
-      - "**.md"
-      - "**.jpg"
-      - "**.png"
-      - "**.gif"
-      - "**.svg"
-      - adr/**
-      - docs/**
-      - .gitignore
-      - renovate.json
-      - .release-please-config.json
-      - release-please-config.json
-      - CODEOWNERS
-      - LICENSE
-      - CONTRIBUTING.md
-      - SECURITY.md
 
 # Permissions for the GITHUB_TOKEN used by the workflow.
 permissions:
   contents: read # Allows reading the content of the repository.
   packages: read # Allows reading the content of the repository's packages.
+  pull-requests: read
   id-token: write
 
 # Abort prior jobs in the same workflow / PR
@@ -41,10 +26,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: test-flavor
-        uses: defenseunicorns/uds-common/.github/actions/test-flavor@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
+        uses: defenseunicorns/uds-common/.github/actions/test-flavor@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
         id: test-flavor
     outputs:
       upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }}
@@ -56,7 +41,7 @@ jobs:
       matrix:
         type: [install, upgrade]
         flavor: [upstream, unicorn, registry1]
-    uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
+    uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
     with:
       timeout: 30
       options: --set BASE_REPO="ghcr.io/uds-packages"
@@ -65,3 +50,19 @@ jobs:
       flavor: ${{ matrix.flavor }}
       type: ${{ matrix.type }}
     secrets: inherit # Inherits all secrets from the parent workflow.
+
+  verify-test:
+    runs-on: ubuntu-latest
+    needs: validate
+    if: always()
+    steps:
+      - name: Check validate result
+        run: |
+          echo "validate result: ${{ needs.validate.result }}"
+
+          if [ "${{ needs.validate.result }}" != "success" ]; then
+            echo "One or more tests failed."
+            exit 1
+          fi
+
+          echo "All tests passed successfully!"
diff --git a/.gitignore b/.gitignore
index 0b0efc6..c48568c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -33,3 +33,4 @@ node_modules/
 .vscode/
 
 config.json
+.claude/settings.local.json
\ No newline at end of file
diff --git a/renovate.json b/renovate.json
index 4a97309..e4aa95a 100644
--- a/renovate.json
+++ b/renovate.json
@@ -13,7 +13,7 @@
       "groupName": "SocketZero Support Dependencies",
       "labels": ["support-deps"],
       "commitMessageTopic": "support-deps",
-      "packagePatterns": ["*"]
+      "matchPackageNames": ["*"]
     },
     {
       "groupName": "SocketZero Package Dependencies",
@@ -21,13 +21,6 @@
       "commitMessageTopic": "package-deps",
       "matchPackageNames": ["!/^mcr\\.microsoft\\.com\\/playwright$/"],
       "matchDatasources": ["docker", "helm", "git-tags"]
-    },
-    {
-      "groupName": "SocketZero Package Dependencies",
-      "labels": ["package-deps"],
-      "commitMessageTopic": "package-deps",
-      "matchPackageNames": ["https://repo1.dso.mil/path/to/application.git"],
-      "allowedVersions": "/^8.+-bb.+/"
     }
   ]
 }
diff --git a/tasks.yaml b/tasks.yaml
index 1a82445..14a897a 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -1,18 +1,18 @@
 # Copyright 2024 Defense Unicorns
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
-
+# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/refs/heads/main/tasks.schema.json
 includes:
   - test: ./tasks/test.yaml
-  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/create.yaml
-  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/lint.yaml
-  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/pull.yaml
-  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/deploy.yaml
-  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/setup.yaml
-  - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/actions.yaml
-  - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/badge.yaml
-  - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/upgrade.yaml
-  - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/compliance.yaml
-  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/publish.yaml
+  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/create.yaml
+  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/lint.yaml
+  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/pull.yaml
+  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/deploy.yaml
+  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/setup.yaml
+  - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/actions.yaml
+  - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/badge.yaml
+  - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/upgrade.yaml
+  - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/compliance.yaml
+  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/publish.yaml
 
 tasks:
   - name: default
@@ -32,7 +32,6 @@ tasks:
   - name: create-deploy-test-bundle
     description: Test and validate cluster is deployed with the package
     actions:
-      - task: create:package
       - task: create:test-bundle
       - task: deploy:test-bundle
       - task: setup:create-doug-user

From 9e5ad19a3482437b26750576541252ac7e929b7b Mon Sep 17 00:00:00 2001
From: Danny Gershman <danny@radiusmethod.com>
Date: Wed, 28 Jan 2026 00:58:43 -0500
Subject: [PATCH 3/3] docs: add commit linting documentation and config

- Add Commit Linting section to CLAUDE.md explaining conventional commits format
- Update uds-common version reference from v1.16.4 to v1.23.0
- Add local commitlint.config.js for local validation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 CLAUDE.md            | 46 ++++++++++++++++++++++++++++++++++++++++++--
 commitlint.config.js |  1 +
 2 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 commitlint.config.js

diff --git a/CLAUDE.md b/CLAUDE.md
index ac9b2e5..8e60677 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -35,7 +35,7 @@ npx playwright test --project=chromium
 
 ### Package Management
 
-The repository uses common UDS tasks imported from `uds-common` v1.16.4:
+The repository uses common UDS tasks imported from `uds-common` v1.23.0:
 - `create:package`, `create:test-bundle` - Package creation
 - `deploy:test-bundle` - Bundle deployment
 - `setup:k3d-test-cluster` - Test cluster setup
@@ -86,4 +86,46 @@ Key Zarf variables defined in root `zarf.yaml`:
 - `DOMAIN` (default: "uds.dev")
 - `SOCKETZERO_CONFIG` - Base64-encoded JSON configuration
 - `SOCKETZERO_LICENSE_ORG` - Organization name for license
-- `SOCKETZERO_LICENSE_KEY` - License key
\ No newline at end of file
+- `SOCKETZERO_LICENSE_KEY` - License key
+
+## Commit Linting
+
+This repository uses [Conventional Commits](https://www.conventionalcommits.org/) format. The CI workflow (`.github/workflows/commitlint.yaml`) validates **PR titles** against this format.
+
+### Format
+
+```
+<type>(<optional scope>): <description>
+```
+
+### Valid Types
+
+- `feat` - New feature
+- `fix` - Bug fix
+- `docs` - Documentation only
+- `style` - Formatting, missing semicolons, etc.
+- `refactor` - Code change that neither fixes a bug nor adds a feature
+- `perf` - Performance improvement
+- `test` - Adding or updating tests
+- `build` - Changes to build system or dependencies
+- `ci` - CI configuration changes
+- `chore` - Other changes that don't modify src or test files
+- `revert` - Reverts a previous commit
+
+### Examples
+
+```
+feat: add redis support
+fix(sso): correct keycloak redirect URL
+chore: sync with uds package template
+docs: update deployment instructions
+```
+
+### Local Validation
+
+Run commitlint locally:
+```bash
+echo "your commit message" | npx commitlint
+```
+
+The configuration is in `commitlint.config.js`.
\ No newline at end of file
diff --git a/commitlint.config.js b/commitlint.config.js
new file mode 100644
index 0000000..28fe5c5
--- /dev/null
+++ b/commitlint.config.js
@@ -0,0 +1 @@
+module.exports = {extends: ['@commitlint/config-conventional']}