radiusmethod · dgershman · Jan 28, 2026 · Jan 28, 2026 · Jan 28, 2026 · Jan 28, 2026
diff --git a/.github/workflows/auto-update.yaml b/.github/workflows/auto-update.yaml
@@ -0,0 +1,23 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+name: Auto Update
+
+on:
+  schedule:
+    - cron: 0 14 * * * # daily at 8 AM Central (CST = UTC-6)
+
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+  contents: write # Allows writing content to the repository.
+  packages: read # Allows reading the content of the repository's packages.
+
+# Abort prior jobs in the same workflow / PR
+concurrency:
+  group: auto-update-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  auto-update:
+    uses: defenseunicorns/uds-common/.github/workflows/callable-auto-update.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
+    secrets: inherit # Inherits all secrets from the parent workflow.
diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml
diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
@@ -11,5 +11,5 @@ on:
     types: [milestoned, opened, edited, synchronize]
 
 jobs:
-  run:
-    uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
+  validate:
+    uses: defenseunicorns/uds-common/.github/workflows/callable-commitlint.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -11,6 +11,6 @@ on:
     types: [milestoned, opened, edited, synchronize]
 
 jobs:
-  run:
-    uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
+  validate:
+    uses: defenseunicorns/uds-common/.github/workflows/callable-lint.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
     secrets: inherit
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -22,12 +22,12 @@ jobs:
       id-token: write
     strategy:
       matrix:
-        flavor: []
+        flavor: [registry1]
         architecture: [amd64, arm64]
         exclude:
           - flavor: registry1
             architecture: arm64
-    uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
+    uses: defenseunicorns/uds-common/.github/workflows/callable-publish.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
     with:
       flavor: ${{ matrix.flavor }}
       options: --set BASE_REPO="ghcr.io/uds-packages"

diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
@@ -16,7 +16,7 @@ jobs:
     permissions:
       contents: read # Allows reading the content of the repository.
       packages: read # Allows reading the content of the repository's packages.
-      id-token: write # Allows authentication to Chainguard via OIDC.
+      id-token: write # Allows authentication to Rapidfort via OIDC.
       pull-requests: write # Allows writing the scan results comment to the pull request.
-    uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
+    uses: defenseunicorns/uds-common/.github/workflows/callable-scan.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
     secrets: inherit # Inherits all secrets from the parent workflow.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -8,27 +8,12 @@ on:
   pull_request:
     # milestoned is added here so that a PR can be re-triggered if it is milestoned.
     types: [milestoned, opened, reopened, synchronize]
-    paths-ignore:
-      - "**.md"
-      - "**.jpg"
-      - "**.png"
-      - "**.gif"
-      - "**.svg"
-      - adr/**
-      - docs/**
-      - .gitignore
-      - renovate.json
-      - .release-please-config.json
-      - release-please-config.json
-      - CODEOWNERS
-      - LICENSE
-      - CONTRIBUTING.md
-      - SECURITY.md
 
 # Permissions for the GITHUB_TOKEN used by the workflow.
 permissions:
   contents: read # Allows reading the content of the repository.
   packages: read # Allows reading the content of the repository's packages.
+  pull-requests: read
   id-token: write
 
 # Abort prior jobs in the same workflow / PR
@@ -41,10 +26,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: test-flavor
-        uses: defenseunicorns/uds-common/.github/actions/test-flavor@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
+        uses: defenseunicorns/uds-common/.github/actions/test-flavor@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
         id: test-flavor
     outputs:
       upgrade-flavors: ${{ steps.test-flavor.outputs.upgrade-flavors }}
@@ -56,7 +41,7 @@ jobs:
       matrix:
         type: [install, upgrade]
         flavor: [upstream, unicorn, registry1]
-    uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@f17368a15fae15275792abf7bf4f7f91d1526929 # v1.16.4
+    uses: defenseunicorns/uds-common/.github/workflows/callable-test.yaml@730d22c6e061153d525a6d6f932e108ae952bd46 # v1.23.0
     with:
       timeout: 30
       options: --set BASE_REPO="ghcr.io/uds-packages"
@@ -65,3 +50,19 @@ jobs:
       flavor: ${{ matrix.flavor }}
       type: ${{ matrix.type }}
     secrets: inherit # Inherits all secrets from the parent workflow.
+
+  verify-test:
+    runs-on: ubuntu-latest
+    needs: validate
+    if: always()
+    steps:
+      - name: Check validate result
+        run: |
+          echo "validate result: ${{ needs.validate.result }}"
+
+          if [ "${{ needs.validate.result }}" != "success" ]; then
+            echo "One or more tests failed."
+            exit 1
+          fi
+
+          echo "All tests passed successfully!"
diff --git a/.gitignore b/.gitignore
@@ -33,3 +33,4 @@ node_modules/
 .vscode/
 
 config.json
+.claude/settings.local.json
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -35,7 +35,7 @@ npx playwright test --project=chromium
 
 ### Package Management
 
-The repository uses common UDS tasks imported from `uds-common` v1.16.4:
+The repository uses common UDS tasks imported from `uds-common` v1.23.0:
 - `create:package`, `create:test-bundle` - Package creation
 - `deploy:test-bundle` - Bundle deployment
 - `setup:k3d-test-cluster` - Test cluster setup
@@ -86,4 +86,46 @@ Key Zarf variables defined in root `zarf.yaml`:
 - `DOMAIN` (default: "uds.dev")
 - `SOCKETZERO_CONFIG` - Base64-encoded JSON configuration
 - `SOCKETZERO_LICENSE_ORG` - Organization name for license
-- `SOCKETZERO_LICENSE_KEY` - License key
+- `SOCKETZERO_LICENSE_KEY` - License key
+
+## Commit Linting
+
+This repository uses [Conventional Commits](https://www.conventionalcommits.org/) format. The CI workflow (`.github/workflows/commitlint.yaml`) validates **PR titles** against this format.
+
+### Format
+
+```
+<type>(<optional scope>): <description>
+```
+
+### Valid Types
+
+- `feat` - New feature
+- `fix` - Bug fix
+- `docs` - Documentation only
+- `style` - Formatting, missing semicolons, etc.
+- `refactor` - Code change that neither fixes a bug nor adds a feature
+- `perf` - Performance improvement
+- `test` - Adding or updating tests
+- `build` - Changes to build system or dependencies
+- `ci` - CI configuration changes
+- `chore` - Other changes that don't modify src or test files
+- `revert` - Reverts a previous commit
+
+### Examples
+
+```
+feat: add redis support
+fix(sso): correct keycloak redirect URL
+chore: sync with uds package template
+docs: update deployment instructions
+```
+
+### Local Validation
+
+Run commitlint locally:
+```bash
+echo "your commit message" | npx commitlint
+```
+
+The configuration is in `commitlint.config.js`.
diff --git a/commitlint.config.js b/commitlint.config.js
@@ -0,0 +1 @@
+module.exports = {extends: ['@commitlint/config-conventional']}
diff --git a/renovate.json b/renovate.json
@@ -13,21 +13,14 @@
       "groupName": "SocketZero Support Dependencies",
       "labels": ["support-deps"],
       "commitMessageTopic": "support-deps",
-      "packagePatterns": ["*"]
+      "matchPackageNames": ["*"]
     },
     {
       "groupName": "SocketZero Package Dependencies",
       "labels": ["package-deps"],
       "commitMessageTopic": "package-deps",
       "matchPackageNames": ["!/^mcr\\.microsoft\\.com\\/playwright$/"],
       "matchDatasources": ["docker", "helm", "git-tags"]
-    },
-    {
-      "groupName": "SocketZero Package Dependencies",
-      "labels": ["package-deps"],
-      "commitMessageTopic": "package-deps",
-      "matchPackageNames": ["https://repo1.dso.mil/path/to/application.git"],
-      "allowedVersions": "/^8.+-bb.+/"
     }
   ]
 }
diff --git a/tasks.yaml b/tasks.yaml
@@ -1,18 +1,18 @@
 # Copyright 2024 Defense Unicorns
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
-
+# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/refs/heads/main/tasks.schema.json
 includes:
   - test: ./tasks/test.yaml
-  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/create.yaml
-  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/lint.yaml
-  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/pull.yaml
-  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/deploy.yaml
-  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/setup.yaml
-  - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/actions.yaml
-  - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/badge.yaml
-  - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/upgrade.yaml
-  - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/compliance.yaml
-  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.16.4/tasks/publish.yaml
+  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/create.yaml
+  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/lint.yaml
+  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/pull.yaml
+  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/deploy.yaml
+  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/setup.yaml
+  - actions: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/actions.yaml
+  - badge: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/badge.yaml
+  - upgrade: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/upgrade.yaml
+  - compliance: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/compliance.yaml
+  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v1.23.0/tasks/publish.yaml
 
 tasks:
   - name: default
@@ -32,7 +32,6 @@ tasks:
   - name: create-deploy-test-bundle
     description: Test and validate cluster is deployed with the package
     actions:
-      - task: create:package
       - task: create:test-bundle
       - task: deploy:test-bundle
       - task: setup:create-doug-user
Original file line number	Diff line number	Diff line change
Expand Up		@@ -33,3 +33,4 @@ node_modules/
		.vscode/

		config.json
		.claude/settings.local.json
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		module.exports = {extends: ['@commitlint/config-conventional']}