Merge branch 'main' into shellcheck-the-shells

.github/actions/test-flavor/action.yaml

@@ -20,7 +20,18 @@ runs:
     - name: Test latest tag deployment for flavor
       id: set-required
       run: |
-        git clone --depth 1 --branch $(git describe --tags `git rev-list --tags --max-count=1`) $(git remote get-url origin) upgrade-test
+        # Check if any tag exists
+        TAG=$(git describe --tags $(git rev-list --tags --max-count=1) 2>/dev/null || echo "")
+
+        if [ -z "$TAG" ]; then
+          echo "No Git tags found. Skipping step."
+          exit 0
+        fi
+
+        # Clone the repository with the latest tag
+        git clone --depth 1 --branch "$TAG" $(git remote get-url origin) upgrade-test
         cd upgrade-test
+
+        # Extract upgrade flavors and set output
         echo "upgrade-flavors=$(cat zarf.yaml | yq '.components[] | select(.only | has("flavor")) | .only.flavor' | paste -s -d, -)" >> "$GITHUB_OUTPUT"
       shell: bash

.github/workflows/callable-ci-docs-shim.yaml

@@ -0,0 +1,20 @@
+name: CI Docs Shim
+
+on:
+  workflow_call:
+    inputs:
+      flavor:
+        required: true
+        type: string
+      type:
+        required: true
+        type: string
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - name: Shim for ${{ inputs.type }} ${{ inputs.flavor }}
+        run: |
+          echo "Documentation-only change detected; marking ${{ inputs.type }} ${{ inputs.flavor }} as successful."

.github/workflows/commitlint.yaml → .github/workflows/callable-commitlint.yaml

@@ -1,4 +1,4 @@
-name: Metadata
+name: PR Title Check
 
 on:
   # This workflow is triggered on pull requests to the main branch.
@@ -11,9 +11,8 @@ on:
   workflow_call:
 
 jobs:
-  validate:
+  run:
     runs-on: ubuntu-latest
-    name: Validate PR Title
     permissions:
       pull-requests: read # Allows reading pull request metadata.
       contents: read  # Allows pulling repo contents.

.github/workflows/lint.yaml → .github/workflows/callable-lint.yaml

@@ -1,17 +1,16 @@
-name: Scan
+name: Lint
 
 on:
   # This workflow is triggered on pull requests to the main branch.
   pull_request:
     # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
-    types: [milestoned, opened, synchronize]
+    types: [milestoned, opened, reopened, synchronize]
   # This allows other repositories to call this workflow in a reusable way
   workflow_call:
 
 jobs:
-  validate:
+  run:
     runs-on: ubuntu-latest
-    name: Lint
     permissions:
       contents: read # Allows reading the repo contents
 
@@ -21,12 +20,17 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Environment setup
-        uses: ./.github/actions/setup
+      - name: Install UDS CLI
+        uses: defenseunicorns/setup-uds@v1.0.0
         with:
-          registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
-          registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
-          ghToken: ${{ secrets.GITHUB_TOKEN }}
+          version: v0.17.0
+
+      - name: Environment setup
+        run: |
+          uds run actions:setup-environment \
+          --set GH_TOKEN="${{ secrets.GITHUB_TOKEN }}"
+
+        shell: bash
 
       - name: Install lint deps
         run: |