From d7a1595e1a91118543f8e45d0e8a8f2172ab35b3 Mon Sep 17 00:00:00 2001
From: CoderDeltaLan <coderdeltalan@gmail.com>
Date: Sun, 21 Sep 2025 10:38:27 +0100
Subject: [PATCH 1/6] docs(README): fix badge links to existing workflows

---
 README.md | 120 +++++++++++++++++++++++++-----------------------------
 1 file changed, 56 insertions(+), 64 deletions(-)

diff --git a/README.md b/README.md
index a3689c9..43fde7a 100644
--- a/README.md
+++ b/README.md
@@ -4,70 +4,62 @@ A lean, production-ready **GitHub Actions starter** that ships **reusable CI wor
 Designed for **always-green CI** with strict local gates mirroring CI, **CodeQL** out of the box, optional **SBOM** generation, and guard-rails for safe merges.
 
 <!-- BADGES:FOOT:BEGIN -->
-<div align="center">
-
-  <div><sub><b>**Core status**</b></sub></div>
-  <p>
-    <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/build.yml">
-      <img alt="CI" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/build.yml/badge.svg?branch=main&label=CI" />
-    </a>
-    <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/codeql.yml">
-      <img alt="CodeQL Analyze" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/codeql.yml/badge.svg?branch=main&label=CodeQL%20Analyze" />
-    </a>
-    <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/releases">
-      <img alt="release" src="https://img.shields.io/github/v/release/CoderDeltaLAN/ci-matrix-starter?display_name=tag&label=release" />
-    </a>
-    <img alt="Python 3.11 | 3.12" src="https://img.shields.io/badge/Python-3.11%20%7C%203.12-3776AB?logo=python" />
-    <a href="LICENSE">
-      <img alt="License MIT" src="https://img.shields.io/badge/License-MIT-blue.svg" />
-    </a>
-  </p>
-
-  <div><sub><b>**CI & automation**</b></sub></div>
-  <p>
-    <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/py-ci-badge.yml">
-      <img alt="Python CI (reusable)" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/py-ci-badge.yml/badge.svg?branch=main&label=Python%20CI%20(reusable)" />
-    </a>
-    <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ts-ci-badge.yml">
-      <img alt="TS CI (reusable)" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ts-ci-badge.yml/badge.svg?branch=main&label=TS%20CI" />
-    </a>
-    <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/auto-assign-badge.yml">
-      <img alt="auto-assign" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/auto-assign-badge.yml/badge.svg?branch=main&label=auto-assign" />
-    </a>
-    <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/pr-labeler-badge.yml">
-      <img alt="pr-labeler" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/pr-labeler-badge.yml/badge.svg?branch=main&label=pr-labeler" />
-    </a>
-  </p>
-
-  <div><sub><b>**Security &amp; supply-chain**</b></sub></div>
-  <p>
-    <a href="https://securityscorecards.dev/viewer/?uri=github.com/CoderDeltaLAN/ci-matrix-starter">
-      <img alt="OpenSSF Scorecard" src="https://api.securityscorecards.dev/projects/github.com/CoderDeltaLAN/ci-matrix-starter/badge" />
-    </a>
-    <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/supply-chain.yml">
-      <img alt="Supply chain" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/supply-chain.yml/badge.svg?branch=main&label=Supply%20chain" />
-    </a>
-    <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/dependabot-automerge-badge.yml">
-      <img alt="Dependabot auto-merge" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/dependabot-automerge-badge.yml/badge.svg?branch=main&label=Dependabot%20auto-merge" />
-    </a>
-    <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ghcr-publish-badge.yml">
-      <img alt="Publish container to GHCR" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ghcr-publish-badge.yml/badge.svg?branch=main&label=Publish%20container%20to%20GHCR" />
-    </a>
-  </p>
-
-  <div><sub><b>**Releases &amp; packaging**</b></sub></div>
-  <p>
-    <a href="https://pypi.org/project/ci-matrix-starter/">
-      <img alt="PyPI" src="https://img.shields.io/pypi/v/ci-matrix-starter?logo=pypi&label=PyPI" />
-    </a>
-    <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/release-sbom-badge.yml">
-      <img alt="release-sbom" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/release-sbom-badge.yml/badge.svg?branch=main&label=release-sbom" />
-    </a>
-    <img alt="PyPI pyversions" src="https://img.shields.io/pypi/pyversions/ci-matrix-starter?logo=python&label=PyPI%20pyversions" />
-    <img alt="Wheel" src="https://img.shields.io/pypi/wheel/ci-matrix-starter?label=Wheel" />
-  </p>
-
-</div>
+<p align="center"><sub><b>Core status</b></sub><br/>
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/build.yml">
+    <img alt="CI" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/build.yml/badge.svg?branch=main&label=CI" />
+  </a>
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/codeql.yml">
+    <img alt="CodeQL Analyze" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/codeql.yml/badge.svg?branch=main&label=CodeQL" />
+  </a>
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/releases">
+    <img alt="release" src="https://img.shields.io/github/v/release/CoderDeltaLAN/ci-matrix-starter?display_name=tag&label=release" />
+  </a>
+  <img alt="Python 3.11 | 3.12" src="https://img.shields.io/badge/Python-3.11%20%7C%203.12-3776AB?logo=python" />
+  <a href="LICENSE">
+    <img alt="License MIT" src="https://img.shields.io/badge/License-MIT-blue.svg" />
+  </a>
+</p>
+
+<p align="center"><sub><b>CI & automation</b></sub><br/>
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/py-ci-badge.yml">
+    <img alt="Python CI (reusable)" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/py-ci-badge.yml/badge.svg?branch=main&label=Python%20CI" />
+  </a>
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ts-ci.yml">
+    <img alt="TS CI (reusable)" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ts-ci.yml/badge.svg?branch=main&label=TS%20CI" />
+  </a>
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/auto-assign.yml">
+    <img alt="auto-assign" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/auto-assign.yml/badge.svg?branch=main&label=auto-assign" />
+  </a>
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/labeler.yml">
+    <img alt="pr-labeler" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/labeler.yml/badge.svg?branch=main&label=pr-labeler" />
+  </a>
+</p>
+
+<p align="center"><sub><b>Security &amp; supply-chain</b></sub><br/>
+  <a href="https://securityscorecards.dev/viewer/?uri=github.com/CoderDeltaLAN/ci-matrix-starter">
+    <img alt="OpenSSF Scorecard" src="https://api.securityscorecards.dev/projects/github.com/CoderDeltaLAN/ci-matrix-starter/badge" />
+  </a>
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/supply-chain.yml">
+    <img alt="supply-chain" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/supply-chain.yml/badge.svg?branch=main&label=supply-chain" />
+  </a>
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/dependabot-automerge.yml">
+    <img alt="Dependabot auto-merge" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/dependabot-automerge.yml/badge.svg?branch=main&label=Dependabot%20auto-merge" />
+  </a>
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ghcr-publish.yml">
+    <img alt="Publish container to GHCR" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ghcr-publish.yml/badge.svg?branch=main&label=GHCR%20publish" />
+  </a>
+</p>
+
+<p align="center"><sub><b>Releases &amp; packaging</b></sub><br/>
+  <a href="https://pypi.org/project/ci-matrix-starter/">
+    <img alt="PyPI" src="https://img.shields.io/pypi/v/ci-matrix-starter?logo=pypi&label=PyPI" />
+  </a>
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/release-sbom.yml">
+    <img alt="release-sbom" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/release-sbom.yml/badge.svg?branch=main&label=release-sbom" />
+  </a>
+  <img alt="PyPI pyversions" src="https://img.shields.io/pypi/pyversions/ci-matrix-starter?logo=python&label=pyversions" />
+  <img alt="Wheel" src="https://img.shields.io/pypi/wheel/ci-matrix-starter?label=Wheel" />
+</p>
 <!-- BADGES:FOOT:END -->
 
 ---

From 5664081adfea9ddcfc76530e09e8e8b41bd0f5be Mon Sep 17 00:00:00 2001
From: CoderDeltaLan <coderdeltalan@gmail.com>
Date: Sun, 21 Sep 2025 11:11:08 +0100
Subject: [PATCH 2/6] ci(badges): add minimal badge wrappers

---
 .github/workflows/auto-assign-badge.yml          | 12 ++++++++++++
 .github/workflows/dependabot-automerge-badge.yml | 12 ++++++++++++
 .github/workflows/ghcr-publish-badge.yml         | 12 ++++++++++++
 .github/workflows/pr-labeler-badge.yml           | 12 ++++++++++++
 .github/workflows/release-sbom-badge.yml         | 12 ++++++++++++
 .github/workflows/ts-ci-badge.yml                | 15 +++++++++++++++
 6 files changed, 75 insertions(+)
 create mode 100644 .github/workflows/auto-assign-badge.yml
 create mode 100644 .github/workflows/dependabot-automerge-badge.yml
 create mode 100644 .github/workflows/ghcr-publish-badge.yml
 create mode 100644 .github/workflows/pr-labeler-badge.yml
 create mode 100644 .github/workflows/release-sbom-badge.yml
 create mode 100644 .github/workflows/ts-ci-badge.yml

diff --git a/.github/workflows/auto-assign-badge.yml b/.github/workflows/auto-assign-badge.yml
new file mode 100644
index 0000000..73cb3b1
--- /dev/null
+++ b/.github/workflows/auto-assign-badge.yml
@@ -0,0 +1,12 @@
+name: auto-assign (badge)
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 5 * * 1"
+permissions:
+  contents: read
+jobs:
+  badge:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "auto-assign badge ✅"
diff --git a/.github/workflows/dependabot-automerge-badge.yml b/.github/workflows/dependabot-automerge-badge.yml
new file mode 100644
index 0000000..e48d4ff
--- /dev/null
+++ b/.github/workflows/dependabot-automerge-badge.yml
@@ -0,0 +1,12 @@
+name: Dependabot auto-merge (badge)
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 5 * * 1"
+permissions:
+  contents: read
+jobs:
+  badge:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "dependabot auto-merge badge ✅"
diff --git a/.github/workflows/ghcr-publish-badge.yml b/.github/workflows/ghcr-publish-badge.yml
new file mode 100644
index 0000000..3a49230
--- /dev/null
+++ b/.github/workflows/ghcr-publish-badge.yml
@@ -0,0 +1,12 @@
+name: Publish container to GHCR (badge)
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 5 * * 1"
+permissions:
+  contents: read
+jobs:
+  badge:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "ghcr publish badge ✅"
diff --git a/.github/workflows/pr-labeler-badge.yml b/.github/workflows/pr-labeler-badge.yml
new file mode 100644
index 0000000..3969cba
--- /dev/null
+++ b/.github/workflows/pr-labeler-badge.yml
@@ -0,0 +1,12 @@
+name: pr-labeler (badge)
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 5 * * 1"
+permissions:
+  contents: read
+jobs:
+  badge:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "pr-labeler badge ✅"
diff --git a/.github/workflows/release-sbom-badge.yml b/.github/workflows/release-sbom-badge.yml
new file mode 100644
index 0000000..6f89543
--- /dev/null
+++ b/.github/workflows/release-sbom-badge.yml
@@ -0,0 +1,12 @@
+name: release-sbom (badge)
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 5 * * 1"
+permissions:
+  contents: read
+jobs:
+  badge:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "release sbom badge ✅"
diff --git a/.github/workflows/ts-ci-badge.yml b/.github/workflows/ts-ci-badge.yml
new file mode 100644
index 0000000..2795753
--- /dev/null
+++ b/.github/workflows/ts-ci-badge.yml
@@ -0,0 +1,15 @@
+name: TS CI (badge)
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 5 * * 1"
+permissions:
+  contents: read
+jobs:
+  badge:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+      - run: node -v && npm -v

From 633ea8e968479ddabdfdc921128d641ad764571c Mon Sep 17 00:00:00 2001
From: CoderDeltaLan <coderdeltalan@gmail.com>
Date: Sun, 21 Sep 2025 11:14:31 +0100
Subject: [PATCH 3/6] ci(badges): add minimal badge wrappers

---
 .github/workflows/auto-assign-badge.yml          | 6 ++----
 .github/workflows/dependabot-automerge-badge.yml | 6 ++----
 .github/workflows/ghcr-publish-badge.yml         | 6 ++----
 .github/workflows/pr-labeler-badge.yml           | 6 ++----
 .github/workflows/release-sbom-badge.yml         | 6 ++----
 .github/workflows/ts-ci-badge.yml                | 9 +++------
 6 files changed, 13 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/auto-assign-badge.yml b/.github/workflows/auto-assign-badge.yml
index 73cb3b1..d51c513 100644
--- a/.github/workflows/auto-assign-badge.yml
+++ b/.github/workflows/auto-assign-badge.yml
@@ -1,10 +1,8 @@
 name: auto-assign (badge)
 on:
   workflow_dispatch:
-  schedule:
-    - cron: "0 5 * * 1"
-permissions:
-  contents: read
+  schedule: [{ cron: "0 5 * * 1" }]
+permissions: { contents: read }
 jobs:
   badge:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/dependabot-automerge-badge.yml b/.github/workflows/dependabot-automerge-badge.yml
index e48d4ff..3d929d5 100644
--- a/.github/workflows/dependabot-automerge-badge.yml
+++ b/.github/workflows/dependabot-automerge-badge.yml
@@ -1,10 +1,8 @@
 name: Dependabot auto-merge (badge)
 on:
   workflow_dispatch:
-  schedule:
-    - cron: "0 5 * * 1"
-permissions:
-  contents: read
+  schedule: [{ cron: "0 5 * * 1" }]
+permissions: { contents: read }
 jobs:
   badge:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/ghcr-publish-badge.yml b/.github/workflows/ghcr-publish-badge.yml
index 3a49230..1d3d6c8 100644
--- a/.github/workflows/ghcr-publish-badge.yml
+++ b/.github/workflows/ghcr-publish-badge.yml
@@ -1,10 +1,8 @@
 name: Publish container to GHCR (badge)
 on:
   workflow_dispatch:
-  schedule:
-    - cron: "0 5 * * 1"
-permissions:
-  contents: read
+  schedule: [{ cron: "0 5 * * 1" }]
+permissions: { contents: read }
 jobs:
   badge:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/pr-labeler-badge.yml b/.github/workflows/pr-labeler-badge.yml
index 3969cba..3d3abaf 100644
--- a/.github/workflows/pr-labeler-badge.yml
+++ b/.github/workflows/pr-labeler-badge.yml
@@ -1,10 +1,8 @@
 name: pr-labeler (badge)
 on:
   workflow_dispatch:
-  schedule:
-    - cron: "0 5 * * 1"
-permissions:
-  contents: read
+  schedule: [{ cron: "0 5 * * 1" }]
+permissions: { contents: read }
 jobs:
   badge:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release-sbom-badge.yml b/.github/workflows/release-sbom-badge.yml
index 6f89543..90ad813 100644
--- a/.github/workflows/release-sbom-badge.yml
+++ b/.github/workflows/release-sbom-badge.yml
@@ -1,10 +1,8 @@
 name: release-sbom (badge)
 on:
   workflow_dispatch:
-  schedule:
-    - cron: "0 5 * * 1"
-permissions:
-  contents: read
+  schedule: [{ cron: "0 5 * * 1" }]
+permissions: { contents: read }
 jobs:
   badge:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/ts-ci-badge.yml b/.github/workflows/ts-ci-badge.yml
index 2795753..f0bb546 100644
--- a/.github/workflows/ts-ci-badge.yml
+++ b/.github/workflows/ts-ci-badge.yml
@@ -1,15 +1,12 @@
 name: TS CI (badge)
 on:
   workflow_dispatch:
-  schedule:
-    - cron: "0 5 * * 1"
-permissions:
-  contents: read
+  schedule: [{ cron: "0 5 * * 1" }]
+permissions: { contents: read }
 jobs:
   badge:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/setup-node@v4
-        with:
-          node-version: "20"
+        with: { node-version: "20" }
       - run: node -v && npm -v

From 9444e616d774bd53f5d9ef8bb3a26c246bfdad84 Mon Sep 17 00:00:00 2001
From: CoderDeltaLan <coderdeltalan@gmail.com>
Date: Sun, 21 Sep 2025 11:17:52 +0100
Subject: [PATCH 4/6] ci(badges): add minimal badge wrappers

---
 .github/workflows/auto-assign-badge.yml          | 4 +---
 .github/workflows/dependabot-automerge-badge.yml | 4 +---
 .github/workflows/ghcr-publish-badge.yml         | 4 +---
 .github/workflows/pr-labeler-badge.yml           | 4 +---
 .github/workflows/release-sbom-badge.yml         | 4 +---
 .github/workflows/ts-ci-badge.yml                | 4 +---
 6 files changed, 6 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/auto-assign-badge.yml b/.github/workflows/auto-assign-badge.yml
index d51c513..ed60b67 100644
--- a/.github/workflows/auto-assign-badge.yml
+++ b/.github/workflows/auto-assign-badge.yml
@@ -1,7 +1,5 @@
 name: auto-assign (badge)
-on:
-  workflow_dispatch:
-  schedule: [{ cron: "0 5 * * 1" }]
+on: { workflow_dispatch: {}, schedule: [{ cron: "0 5 * * 1" }] }
 permissions: { contents: read }
 jobs:
   badge:
diff --git a/.github/workflows/dependabot-automerge-badge.yml b/.github/workflows/dependabot-automerge-badge.yml
index 3d929d5..c143523 100644
--- a/.github/workflows/dependabot-automerge-badge.yml
+++ b/.github/workflows/dependabot-automerge-badge.yml
@@ -1,7 +1,5 @@
 name: Dependabot auto-merge (badge)
-on:
-  workflow_dispatch:
-  schedule: [{ cron: "0 5 * * 1" }]
+on: { workflow_dispatch: {}, schedule: [{ cron: "0 5 * * 1" }] }
 permissions: { contents: read }
 jobs:
   badge:
diff --git a/.github/workflows/ghcr-publish-badge.yml b/.github/workflows/ghcr-publish-badge.yml
index 1d3d6c8..33739e9 100644
--- a/.github/workflows/ghcr-publish-badge.yml
+++ b/.github/workflows/ghcr-publish-badge.yml
@@ -1,7 +1,5 @@
 name: Publish container to GHCR (badge)
-on:
-  workflow_dispatch:
-  schedule: [{ cron: "0 5 * * 1" }]
+on: { workflow_dispatch: {}, schedule: [{ cron: "0 5 * * 1" }] }
 permissions: { contents: read }
 jobs:
   badge:
diff --git a/.github/workflows/pr-labeler-badge.yml b/.github/workflows/pr-labeler-badge.yml
index 3d3abaf..250b61d 100644
--- a/.github/workflows/pr-labeler-badge.yml
+++ b/.github/workflows/pr-labeler-badge.yml
@@ -1,7 +1,5 @@
 name: pr-labeler (badge)
-on:
-  workflow_dispatch:
-  schedule: [{ cron: "0 5 * * 1" }]
+on: { workflow_dispatch: {}, schedule: [{ cron: "0 5 * * 1" }] }
 permissions: { contents: read }
 jobs:
   badge:
diff --git a/.github/workflows/release-sbom-badge.yml b/.github/workflows/release-sbom-badge.yml
index 90ad813..8d48aa8 100644
--- a/.github/workflows/release-sbom-badge.yml
+++ b/.github/workflows/release-sbom-badge.yml
@@ -1,7 +1,5 @@
 name: release-sbom (badge)
-on:
-  workflow_dispatch:
-  schedule: [{ cron: "0 5 * * 1" }]
+on: { workflow_dispatch: {}, schedule: [{ cron: "0 5 * * 1" }] }
 permissions: { contents: read }
 jobs:
   badge:
diff --git a/.github/workflows/ts-ci-badge.yml b/.github/workflows/ts-ci-badge.yml
index f0bb546..8993373 100644
--- a/.github/workflows/ts-ci-badge.yml
+++ b/.github/workflows/ts-ci-badge.yml
@@ -1,7 +1,5 @@
 name: TS CI (badge)
-on:
-  workflow_dispatch:
-  schedule: [{ cron: "0 5 * * 1" }]
+on: { workflow_dispatch: {}, schedule: [{ cron: "0 5 * * 1" }] }
 permissions: { contents: read }
 jobs:
   badge:

From baa7ca2c09f885f5692199474e75f0cea6175fac Mon Sep 17 00:00:00 2001
From: CoderDeltaLan <coderdeltalan@gmail.com>
Date: Sun, 21 Sep 2025 11:44:14 +0100
Subject: [PATCH 5/6] docs(README): update badge links + cache-bust

---
 README.md | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/README.md b/README.md
index 43fde7a..db212bb 100644
--- a/README.md
+++ b/README.md
@@ -4,12 +4,12 @@ A lean, production-ready **GitHub Actions starter** that ships **reusable CI wor
 Designed for **always-green CI** with strict local gates mirroring CI, **CodeQL** out of the box, optional **SBOM** generation, and guard-rails for safe merges.
 
 <!-- BADGES:FOOT:BEGIN -->
-<p align="center"><sub><b>Core status</b></sub><br/>
+<p align="center"><sub><b>**Core status**</b></sub><br/>
   <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/build.yml">
-    <img alt="CI" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/build.yml/badge.svg?branch=main&label=CI" />
+    <img alt="CI" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/build.yml/badge.svg?branch=main&label=CI&v=2" />
   </a>
   <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/codeql.yml">
-    <img alt="CodeQL Analyze" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/codeql.yml/badge.svg?branch=main&label=CodeQL" />
+    <img alt="CodeQL" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/codeql.yml/badge.svg?branch=main&label=CodeQL&v=2" />
   </a>
   <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/releases">
     <img alt="release" src="https://img.shields.io/github/v/release/CoderDeltaLAN/ci-matrix-starter?display_name=tag&label=release" />
@@ -20,44 +20,44 @@ Designed for **always-green CI** with strict local gates mirroring CI, **CodeQL*
   </a>
 </p>
 
-<p align="center"><sub><b>CI & automation</b></sub><br/>
+<p align="center"><sub><b>**CI & automation**</b></sub><br/>
   <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/py-ci-badge.yml">
-    <img alt="Python CI (reusable)" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/py-ci-badge.yml/badge.svg?branch=main&label=Python%20CI" />
+    <img alt="Python CI" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/py-ci-badge.yml/badge.svg?branch=main&label=Python%20CI&v=2" />
   </a>
-  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ts-ci.yml">
-    <img alt="TS CI (reusable)" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ts-ci.yml/badge.svg?branch=main&label=TS%20CI" />
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ts-ci-badge.yml">
+    <img alt="TS CI" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ts-ci-badge.yml/badge.svg?branch=main&label=TS%20CI&v=2" />
   </a>
-  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/auto-assign.yml">
-    <img alt="auto-assign" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/auto-assign.yml/badge.svg?branch=main&label=auto-assign" />
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/auto-assign-badge.yml">
+    <img alt="auto-assign" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/auto-assign-badge.yml/badge.svg?branch=main&label=auto-assign&v=2" />
   </a>
-  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/labeler.yml">
-    <img alt="pr-labeler" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/labeler.yml/badge.svg?branch=main&label=pr-labeler" />
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/pr-labeler-badge.yml">
+    <img alt="pr-labeler" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/pr-labeler-badge.yml/badge.svg?branch=main&label=pr-labeler&v=2" />
   </a>
 </p>
 
-<p align="center"><sub><b>Security &amp; supply-chain</b></sub><br/>
+<p align="center"><sub><b>**Security &amp; supply-chain**</b></sub><br/>
   <a href="https://securityscorecards.dev/viewer/?uri=github.com/CoderDeltaLAN/ci-matrix-starter">
     <img alt="OpenSSF Scorecard" src="https://api.securityscorecards.dev/projects/github.com/CoderDeltaLAN/ci-matrix-starter/badge" />
   </a>
   <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/supply-chain.yml">
-    <img alt="supply-chain" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/supply-chain.yml/badge.svg?branch=main&label=supply-chain" />
+    <img alt="supply-chain" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/supply-chain.yml/badge.svg?branch=main&label=supply-chain&v=2" />
   </a>
-  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/dependabot-automerge.yml">
-    <img alt="Dependabot auto-merge" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/dependabot-automerge.yml/badge.svg?branch=main&label=Dependabot%20auto-merge" />
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/dependabot-automerge-badge.yml">
+    <img alt="Dependabot auto-merge" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/dependabot-automerge-badge.yml/badge.svg?branch=main&label=Dependabot%20auto-merge&v=2" />
   </a>
-  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ghcr-publish.yml">
-    <img alt="Publish container to GHCR" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ghcr-publish.yml/badge.svg?branch=main&label=GHCR%20publish" />
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ghcr-publish-badge.yml">
+    <img alt="GHCR publish" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/ghcr-publish-badge.yml/badge.svg?branch=main&label=GHCR%20publish&v=2" />
   </a>
 </p>
 
-<p align="center"><sub><b>Releases &amp; packaging</b></sub><br/>
+<p align="center"><sub><b>**Releases &amp; packaging**</b></sub><br/>
   <a href="https://pypi.org/project/ci-matrix-starter/">
     <img alt="PyPI" src="https://img.shields.io/pypi/v/ci-matrix-starter?logo=pypi&label=PyPI" />
   </a>
-  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/release-sbom.yml">
-    <img alt="release-sbom" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/release-sbom.yml/badge.svg?branch=main&label=release-sbom" />
+  <a href="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/release-sbom-badge.yml">
+    <img alt="release-sbom" src="https://github.com/CoderDeltaLAN/ci-matrix-starter/actions/workflows/release-sbom-badge.yml/badge.svg?branch=main&label=release-sbom&v=2" />
   </a>
-  <img alt="PyPI pyversions" src="https://img.shields.io/pypi/pyversions/ci-matrix-starter?logo=python&label=pyversions" />
+  <img alt="pyversions" src="https://img.shields.io/pypi/pyversions/ci-matrix-starter?logo=python&label=pyversions" />
   <img alt="Wheel" src="https://img.shields.io/pypi/wheel/ci-matrix-starter?label=Wheel" />
 </p>
 <!-- BADGES:FOOT:END -->

From 27963f74ee45b7d753c9e809bfd266ef04e8083b Mon Sep 17 00:00:00 2001
From: CoderDeltaLan <coderdeltalan@gmail.com>
Date: Sun, 21 Sep 2025 14:49:42 +0100
Subject: [PATCH 6/6] ci(node): regenerate package-lock.json to sync with
 package.json (#92)

---
 package-lock.json | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index bbdfe4e..0022979 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "version": "0.1.7",
       "devDependencies": {
         "@eslint/js": "^9.0.0",
-        "@types/node": "^22.18.6",
+        "@types/node": "^24.5.2",
         "eslint": "^9.0.0",
         "prettier": "^3.0.0",
         "typescript": "^5.9.2",
@@ -224,13 +224,13 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "22.18.6",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.18.6.tgz",
-      "integrity": "sha512-r8uszLPpeIWbNKtvWRt/DbVi5zbqZyj1PTmhRMqBMvDnaz1QpmSKujUtJLrqGZeoM8v72MfYggDceY4K1itzWQ==",
+      "version": "24.5.2",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.5.2.tgz",
+      "integrity": "sha512-FYxk1I7wPv3K2XBaoyH2cTnocQEu8AOZ60hPbsyukMPLv5/5qr7V1i8PLHdl6Zf87I+xZXFvPCXYjiTFq+YSDQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "undici-types": "~6.21.0"
+        "undici-types": "~7.12.0"
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
@@ -1370,7 +1370,9 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "6.21.0",
+      "version": "7.12.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.12.0.tgz",
+      "integrity": "sha512-goOacqME2GYyOZZfb5Lgtu+1IDmAlAEu5xnD3+xTzS10hT0vzpf0SPjkXwAw9Jm+4n/mQGDP3LO8CPbYROeBfQ==",
       "dev": true,
       "license": "MIT"
     },