From 2feed3a086d4e53bcb2495366629234766865e5e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Nov 2025 10:15:07 +0000
Subject: [PATCH] chore(deps): bump the github-actions-dependencies group with
 3 updates

Bumps the github-actions-dependencies group with 3 updates:
- [docker/setup-docker-action](https://github.com/docker/setup-docker-action)
- [hoverkraft-tech/ci-github-nodejs](https://github.com/hoverkraft-tech/ci-github-nodejs)
- [hoverkraft-tech/ci-github-common](https://github.com/hoverkraft-tech/ci-github-common)

---
updated-dependencies:
- dependency-name: docker/setup-docker-action
  dependency-version: 4.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: hoverkraft-tech/ci-github-nodejs
  dependency-version: 0.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: hoverkraft-tech/ci-github-common
  dependency-version: 0.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>
---
 .github/workflows/__check-action.yml        |  2 +-
 .github/workflows/__check-dist.yml          |  2 +-
 .github/workflows/__check-nodejs.yml        |  2 +-
 .github/workflows/__shared-ci.yml           |  2 +-
 .github/workflows/greetings.yml             |  2 +-
 .github/workflows/main-ci.yml               | 45 ++++++++++++++++-----
 .github/workflows/need-fix-to-issue.yml     |  2 +-
 .github/workflows/semantic-pull-request.yml |  2 +-
 .github/workflows/stale.yml                 |  2 +-
 9 files changed, 43 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/__check-action.yml b/.github/workflows/__check-action.yml
index b0873df..c97464b 100644
--- a/.github/workflows/__check-action.yml
+++ b/.github/workflows/__check-action.yml
@@ -262,7 +262,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Docker
-        uses: docker/setup-docker-action@3fb92d6d9c634363128c8cce4bc3b2826526370a # v4.4.0
+        uses: docker/setup-docker-action@efe9e3891a4f7307e689f2100b33a155b900a608 # v4.5.0
         with:
           context: test-context
 
diff --git a/.github/workflows/__check-dist.yml b/.github/workflows/__check-dist.yml
index f9fa637..2cca280 100644
--- a/.github/workflows/__check-dist.yml
+++ b/.github/workflows/__check-dist.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@4d7c1ed87c18493fc4c2dbae4dbde46cf251c9a7 # 0.16.1
+      - uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@0264395060bbde4ec3276b6dca84f0db828070f3 # 0.17.0
 
       - name: Build dist/ Directory
         id: package
diff --git a/.github/workflows/__check-nodejs.yml b/.github/workflows/__check-nodejs.yml
index 384ad84..eabcebc 100644
--- a/.github/workflows/__check-nodejs.yml
+++ b/.github/workflows/__check-nodejs.yml
@@ -10,7 +10,7 @@ permissions:
 
 jobs:
   test-nodejs:
-    uses: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml@4d7c1ed87c18493fc4c2dbae4dbde46cf251c9a7 # 0.16.1
+    uses: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml@0264395060bbde4ec3276b6dca84f0db828070f3 # 0.17.0
     permissions:
       id-token: write
       security-events: write
diff --git a/.github/workflows/__shared-ci.yml b/.github/workflows/__shared-ci.yml
index 84eeda1..d8d5570 100644
--- a/.github/workflows/__shared-ci.yml
+++ b/.github/workflows/__shared-ci.yml
@@ -13,7 +13,7 @@ permissions:
 
 jobs:
   linter:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@b7dd413209df265bef8d7eb0efb117eaabc684c4 # 0.27.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0
     with:
       linter-env: |
         FILTER_REGEX_EXCLUDE=dist/**/*
diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml
index c5e2031..05319fa 100644
--- a/.github/workflows/greetings.yml
+++ b/.github/workflows/greetings.yml
@@ -13,4 +13,4 @@ permissions:
 
 jobs:
   greetings:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml@b7dd413209df265bef8d7eb0efb117eaabc684c4 # 0.27.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/greetings.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0
diff --git a/.github/workflows/main-ci.yml b/.github/workflows/main-ci.yml
index a038b2a..e9586f3 100644
--- a/.github/workflows/main-ci.yml
+++ b/.github/workflows/main-ci.yml
@@ -10,32 +10,37 @@ on:
   schedule:
     - cron: "25 8 * * 1"
 
-permissions:
-  actions: read
-  contents: read
-  packages: read
-  security-events: write
-  statuses: write
-  # FIXME: This is a workaround for having workflow ref. See https://github.com/orgs/community/discussions/38659
-  id-token: write
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions: {}
+
 jobs:
   ci:
     uses: ./.github/workflows/__shared-ci.yml
+    permissions:
+      actions: read
+      contents: read
+      packages: read
+      security-events: write
+      statuses: write
+      id-token: write
     secrets: inherit
 
   release:
     needs: ci
     if: github.event_name != 'schedule'
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    outputs:
+      artifact-id: ${{ steps.upload-artifact.outputs.artifact-id }}
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: 📖 Generate documentation
+        id: generate-documentation
         uses: hoverkraft-tech/ci-dokumentor@c46a1a108957237cf485103a80b060c35c7dba33 # 0.2.2
         with:
           source: action.yml
@@ -46,7 +51,7 @@ jobs:
           app-id: ${{ vars.CI_BOT_APP_ID }}
           private-key: ${{ secrets.CI_BOT_APP_PRIVATE_KEY }}
 
-      - uses: hoverkraft-tech/ci-github-common/actions/create-and-merge-pull-request@b7dd413209df265bef8d7eb0efb117eaabc684c4 # 0.27.0
+      - uses: hoverkraft-tech/ci-github-common/actions/create-and-merge-pull-request@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0
         with:
           github-token: ${{ steps.generate-token.outputs.token }}
           branch: docs/actions-workflows-documentation-update
@@ -56,3 +61,23 @@ jobs:
             docs: update actions and workflows documentation
 
             [skip ci]
+
+      - id: upload-artifact
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        with:
+          name: documentation-files-${{ github.run_id }}
+          path: |
+            ${{ steps.generate-documentation.outputs.destination }}
+            .github/logo.svg
+
+  sync-docs:
+    needs: release
+    if: needs.release.outputs.artifact-id
+    uses: hoverkraft-tech/public-docs/.github/workflows/sync-docs-dispatcher.yml@c40c17f7d6a8090950b3ef4bfc70502707a6bb9f # 0.3.0
+    permissions:
+      contents: read
+    with:
+      artifact-id: ${{ needs.release.outputs.artifact-id }}
+      github-app-id: ${{ vars.CI_BOT_APP_ID }}
+    secrets:
+      github-app-key: ${{ secrets.CI_BOT_APP_PRIVATE_KEY }}
diff --git a/.github/workflows/need-fix-to-issue.yml b/.github/workflows/need-fix-to-issue.yml
index 4de47f6..164ddab 100644
--- a/.github/workflows/need-fix-to-issue.yml
+++ b/.github/workflows/need-fix-to-issue.yml
@@ -21,7 +21,7 @@ permissions:
 
 jobs:
   main:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml@b7dd413209df265bef8d7eb0efb117eaabc684c4 # 0.27.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0
     with:
       manual-commit-ref: ${{ inputs.manual-commit-ref }}
       manual-base-ref: ${{ inputs.manual-base-ref }}
diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml
index eadb52b..ca52151 100644
--- a/.github/workflows/semantic-pull-request.yml
+++ b/.github/workflows/semantic-pull-request.yml
@@ -13,4 +13,4 @@ permissions:
 
 jobs:
   main:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml@b7dd413209df265bef8d7eb0efb117eaabc684c4 # 0.27.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/semantic-pull-request.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 341d908..71dab5a 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -10,4 +10,4 @@ permissions:
 
 jobs:
   main:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/stale.yml@b7dd413209df265bef8d7eb0efb117eaabc684c4 # 0.27.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/stale.yml@5f11437c716059f30c635f90055060e4ef8b31a0 # 0.28.0