تشغيل أي مهارة في Manus بنقرة واحدة

$pwd:

updating-workflows

Name: Updating Workflows
Author: SocketDev

// Executes the GitHub Actions SHA pin cascade when a socket-registry action or workflow changes. Creates PRs in dependency order, waits for merges, and propagates the final SHA to all consuming repos. Use when workflow files or actions change, or when asked to update workflows or cascade SHAs.

تشغيل في Manus

$ git log --oneline --stat

stars:٤٠

forks:٢

updated:٢٨ مايو ٢٠٢٦ في ٠٦:٥٩

مستكشف الملفات

2 ملفات

SKILL.md

readonly

name: updating-workflows description: Executes the GitHub Actions SHA pin cascade when a socket-registry action or workflow changes. Creates PRs in dependency order, waits for merges, and propagates the final SHA to all consuming repos. Use when workflow files or actions change, or when asked to update workflows or cascade SHAs. user-invocable: true allowed-tools: Bash(pnpm:), Bash(npm:), Bash(git:), Bash(node:), Bash(rg:), Bash(grep:), Bash(find:), Bash(ls:), Bash(cat:), Bash(head:), Bash(tail:), Bash(wc:), Bash(diff:*), Read, Grep, Glob, Edit---

Updating Workflows

Executes the SHA pin cascade defined in reference.md.

When to use

After modifying any action in .github/actions/
After modifying a reusable workflow (ci.yml or provenance.yml)
When a dependency changes in an action (Node.js, pnpm, sfw binary)
As part of the /update-workflows command

Process

Phase 1: Identify what changed

Determine which layer was modified (see reference.md for layer definitions). The cascade starts from the layer above the change.

Progress:
- [ ] Identified changed layer
- [ ] Determined starting layer for cascade

Phase 2: Create PRs in layer order

For each layer from the starting layer through Layer 3:

Wait for previous PR to merge before starting the next layer
Get the post-merge SHA from main — NEVER use a SHA from a PR branch:
```
git fetch origin main && git rev-parse origin/main
```

Verify the SHA exists on GitHub before writing it into any file:

gh api repos/SocketDev/socket-registry/commits/<sha> --jq '.sha'

Create branch: git checkout -b chore/ci-cascade-layer-N
Replace old SHA with new SHA in all files at this layer only
Verify no stale refs: grep -rn "SocketDev/socket-registry" .github/ | grep "@" | grep -v "<new-sha>"
Don't clobber third-party SHAs (actions/checkout, etc.)
Commit: chore(ci): bump socket-registry action refs to main (<short-sha>)
Push and create PR
Wait for merge before proceeding to next layer

After Layer 3 merges, record the merge SHA. This is the propagation SHA.

Progress:
- [ ] Layer 2a PR (if needed)
- [ ] Layer 2b PR (if needed)
- [ ] Layer 3 PR -> propagation SHA: ________

Phase 3: Update Layer 4

Pin all _local-not-for-reuse-* workflows to the propagation SHA (Layer 3 merge SHA). Create a PR, wait for merge.

Progress:
- [ ] Layer 4 PR

Phase 4: Propagate to external repos

All external repos pin to the propagation SHA (NOT the Layer 4 merge SHA).

Push directly to main: socket-btm, sdxgen, ultrathink
Create PRs: socket-cli, socket-lib, socket-sdk-js, socket-packageurl-js

Note: the sdxgen repo's local checkout lives at ../socket-sdxgen/ but the GitHub remote is SocketDev/sdxgen. Use the bare name for gh commands.

Progress:
- [ ] socket-btm
- [ ] socket-cli
- [ ] socket-lib
- [ ] socket-sdk-js
- [ ] socket-packageurl-js
- [ ] sdxgen
- [ ] ultrathink

Phase 5: Verify

For each updated repo, confirm no stale SHAs remain:

grep -rn "SocketDev/socket-registry" .github/ | grep "@" | grep -v "<propagation-sha>"

related-skills.json

نفس المستودع

scanning-quality.md

from "SocketDev/socket-registry"

Scans the codebase for bugs, logic errors, cache races, workflow problems, insecure defaults, security regressions in the diff, and variant analysis on prior findings. Spawns specialized Task agents per scan type, deduplicates findings, and produces an A-F prioritized report. Use when preparing a release, investigating quality issues, running pre-merge checks, or whenever a recent diff touches security-sensitive code.

2026-05-2940

release.md

from "SocketDev/socket-registry"

Orchestrates a release by chaining quality-scan and security-scan as gates, generating a changelog, bumping the version, and offering to publish. Use when preparing a release, cutting a new version, or when `/release-changelog` is invoked.

2026-05-1840

updating-upstream.md

from "SocketDev/socket-registry"

Bumps git submodules declared in `.gitmodules` to their latest stable upstream tag, for submodules NOT managed by an lockstep `version-pin` row. Reads the `# <name>-<version>` comment above each submodule as the current pin, finds the latest stable tag (excluding pre-releases), checks out, updates the comment, commits atomically. Invoked by the `updating` umbrella skill; can also be invoked standalone.

2026-05-1840

package.json

"author": "SocketDev"

"repository": "SocketDev/socket-registry"

فتح مستودع GitHub عرض مستودعات المنشئ

$ install --global

$ download --local

تشغيل في Manus

$ useful --forSOC

مطوّرو البرمجياتمهن الحاسوب والرياضيات15-1252L4

Updating Workflows

Executes the SHA pin cascade defined in reference.md.

When to use

After modifying any action in .github/actions/
After modifying a reusable workflow (ci.yml or provenance.yml)
When a dependency changes in an action (Node.js, pnpm, sfw binary)
As part of the /update-workflows command

Process

Phase 1: Identify what changed

Determine which layer was modified (see reference.md for layer definitions). The cascade starts from the layer above the change.

Progress:
- [ ] Identified changed layer
- [ ] Determined starting layer for cascade

Phase 2: Create PRs in layer order

For each layer from the starting layer through Layer 3:

Wait for previous PR to merge before starting the next layer
Get the post-merge SHA from main — NEVER use a SHA from a PR branch:
```
git fetch origin main && git rev-parse origin/main
```

Verify the SHA exists on GitHub before writing it into any file:

gh api repos/SocketDev/socket-registry/commits/<sha> --jq '.sha'

Create branch: git checkout -b chore/ci-cascade-layer-N
Replace old SHA with new SHA in all files at this layer only
Verify no stale refs: grep -rn "SocketDev/socket-registry" .github/ | grep "@" | grep -v "<new-sha>"
Don't clobber third-party SHAs (actions/checkout, etc.)
Commit: chore(ci): bump socket-registry action refs to main (<short-sha>)
Push and create PR
Wait for merge before proceeding to next layer

After Layer 3 merges, record the merge SHA. This is the propagation SHA.

Progress:
- [ ] Layer 2a PR (if needed)
- [ ] Layer 2b PR (if needed)
- [ ] Layer 3 PR -> propagation SHA: ________

Phase 3: Update Layer 4

Pin all _local-not-for-reuse-* workflows to the propagation SHA (Layer 3 merge SHA). Create a PR, wait for merge.

Progress:
- [ ] Layer 4 PR

Phase 4: Propagate to external repos

All external repos pin to the propagation SHA (NOT the Layer 4 merge SHA).

Push directly to main: socket-btm, sdxgen, ultrathink
Create PRs: socket-cli, socket-lib, socket-sdk-js, socket-packageurl-js

Note: the sdxgen repo's local checkout lives at ../socket-sdxgen/ but the GitHub remote is SocketDev/sdxgen. Use the bare name for gh commands.

Progress:
- [ ] socket-btm
- [ ] socket-cli
- [ ] socket-lib
- [ ] socket-sdk-js
- [ ] socket-packageurl-js
- [ ] sdxgen
- [ ] ultrathink

Phase 5: Verify

For each updated repo, confirm no stale SHAs remain:

grep -rn "SocketDev/socket-registry" .github/ | grep "@" | grep -v "<propagation-sha>"

updating-workflows

Updating Workflows

When to use

Process

Phase 1: Identify what changed

Phase 2: Create PRs in layer order

Phase 3: Update Layer 4

Phase 4: Propagate to external repos

Phase 5: Verify

المزيد من هذا المستودع

المزيد من هذا المستودع

Updating Workflows

When to use

Process

Phase 1: Identify what changed

Phase 2: Create PRs in layer order

Phase 3: Update Layer 4

Phase 4: Propagate to external repos

Phase 5: Verify