From 9eb562d7265bf142aed9efbad724e45dd1eff8bb Mon Sep 17 00:00:00 2001
From: ChristophShyper <45788587+ChristophShyper@users.noreply.github.com>
Date: Sun, 24 May 2026 21:16:59 +0200
Subject: [PATCH 1/2] feat: add Triglav as end-to-end test orchestrator

---
 .../workflows/auto-pull-request-create.yml    |  3 +-
 .github/workflows/auto-release-create.yml     |  3 +-
 .github/workflows/manual-e2e-validate.yml     | 30 ++++++++++++++++++
 .../manual-release-branch-prepare.yml         |  1 +
 README.md                                     | 31 ++++++++++++++++---
 5 files changed, 62 insertions(+), 6 deletions(-)
 create mode 100644 .github/workflows/manual-e2e-validate.yml

diff --git a/.github/workflows/auto-pull-request-create.yml b/.github/workflows/auto-pull-request-create.yml
index e7b56cf..288bd49 100644
--- a/.github/workflows/auto-pull-request-create.yml
+++ b/.github/workflows/auto-pull-request-create.yml
@@ -9,9 +9,10 @@ on:
       - dependabot/**
 
 permissions:
-  contents: read
+  contents: write
   packages: write
   pull-requests: write
+  issues: write
 
 jobs:
   call:
diff --git a/.github/workflows/auto-release-create.yml b/.github/workflows/auto-release-create.yml
index a032b2e..4c783a8 100644
--- a/.github/workflows/auto-release-create.yml
+++ b/.github/workflows/auto-release-create.yml
@@ -21,7 +21,8 @@ on:
 permissions:
   contents: write
   packages: write
-  pull-requests: read
+  pull-requests: write
+  issues: write
 
 jobs:
   call:
diff --git a/.github/workflows/manual-e2e-validate.yml b/.github/workflows/manual-e2e-validate.yml
new file mode 100644
index 0000000..5353984
--- /dev/null
+++ b/.github/workflows/manual-e2e-validate.yml
@@ -0,0 +1,30 @@
+name: (Manual) E2E Validate
+
+on:
+  workflow_dispatch:
+    inputs:
+      mode:
+        description: Validation mode
+        required: false
+        default: ref
+        type: choice
+        options:
+          - ref
+          - image
+      image_tag:
+        description: Image tag used when mode=image (for example v1.2.3-test or v1.2.3-rc)
+        required: false
+        default: ""
+        type: string
+
+permissions:
+  contents: write
+  packages: read
+
+jobs:
+  e2e:
+    uses: devops-infra/triglav/.github/workflows/e2e-action-commit-push.yml@master
+    with:
+      mode: ${{ inputs.mode }}
+      image_tag: ${{ inputs.image_tag }}
+    secrets: inherit
diff --git a/.github/workflows/manual-release-branch-prepare.yml b/.github/workflows/manual-release-branch-prepare.yml
index b06ea09..1a302ec 100644
--- a/.github/workflows/manual-release-branch-prepare.yml
+++ b/.github/workflows/manual-release-branch-prepare.yml
@@ -27,6 +27,7 @@ permissions:
   contents: write
   packages: write
   pull-requests: write
+  issues: write
 
 jobs:
   call:
diff --git a/README.md b/README.md
index 7b23f3f..1d0e184 100644
--- a/README.md
+++ b/README.md
@@ -108,7 +108,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Change something
         run: |
           find . -type f -name "*.md" -print0 | xargs -0 sed -i "s/foo/bar/g"
@@ -132,7 +132,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Change something
         run: |
           find . -type f -name "*.md" -print0 | xargs -0 sed -i "s/foo/bar/g"
@@ -171,7 +171,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository with full history
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0  # Required for force_with_lease
       - name: Make some changes
@@ -277,7 +277,7 @@ jobs:
   action-commit-push:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - uses: devops-infra/action-commit-push@v1.3.1
         id: Pin patch version
@@ -304,6 +304,29 @@ If you have any questions or need help, please:
 - 📝 Create an [issue](https://github.com/devops-infra/action-commit-push/issues)
 - 🌟 Star this repository if you find it useful!
 
+## 🧪 End-to-End Validation
+Use the manual workflow `.github/workflows/manual-e2e-validate.yml` to validate this action against the centralized E2E repository.
+
+- `mode=ref` validates ref-oriented E2E paths against stable pinned action refs.
+- `mode=image` is wired but currently placeholder-only in the central E2E workflow for this action.
+
+CI/CD automation also runs these E2E checks automatically:
+
+- Pull requests: E2E validation runs through reusable org workflows.
+- Release branch prepare: E2E validation runs against release candidate refs.
+- Release create: E2E validation runs against production release refs.
+
+Example trigger inputs:
+
+```text
+mode=ref
+```
+
+```text
+mode=image
+image_tag=v1.2.3-test
+```
+
 ## Forking
 To publish images from a fork, set these variables so Task uses your registry identities:
 `DOCKER_USERNAME`, `DOCKER_ORG_NAME`, `GITHUB_USERNAME`, `GITHUB_ORG_NAME`.

From 49994846bba83b8d17671af9cbc5a62f041dbbfc Mon Sep 17 00:00:00 2001
From: ChristophShyper <45788587+ChristophShyper@users.noreply.github.com>
Date: Sun, 24 May 2026 22:26:35 +0200
Subject: [PATCH 2/2] fix: enhance force-with-lease handling for
 action-commit-push

---
 entrypoint.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 49fad98..607a26c 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -98,6 +98,7 @@ else
 fi
 
 SKIP_BRANCH_CREATION=false
+RESET_REQUIRES_FORCE_WITH_LEASE=false
 if [[ -z ${FILES_CHANGED} && "${INPUT_AMEND}" != "true" && -z "${INPUT_TARGET_BRANCH}" ]] && ! input_true "${INPUT_ALLOW_EMPTY_COMMIT}"; then
   SKIP_BRANCH_CREATION=true
   BRANCH="$(get_current_branch)"
@@ -169,6 +170,7 @@ if [[ "${SKIP_BRANCH_CREATION}" != "true" ]]; then
             echo "[ERROR] Failed to hard reset '${BRANCH}' to origin/${MAIN_BRANCH}"
             exit 1
           }
+          RESET_REQUIRES_FORCE_WITH_LEASE=true
         else
           echo "[INFO] Rebasing branch onto ${MAIN_BRANCH}..."
           git rebase "origin/${MAIN_BRANCH}" || {
@@ -249,8 +251,12 @@ fi
 if [[ "${INPUT_FORCE}" == "true" ]]; then
   echo "[INFO] Force pushing changes using --force"
   git push --force origin "${BRANCH}"
-elif [[ "${INPUT_FORCE_WITH_LEASE}" == "true" ]]; then
-  echo "[INFO] Force pushing changes with lease"
+elif [[ "${INPUT_FORCE_WITH_LEASE}" == "true" || "${RESET_REQUIRES_FORCE_WITH_LEASE}" == "true" ]]; then
+  if [[ "${RESET_REQUIRES_FORCE_WITH_LEASE}" == "true" && "${INPUT_FORCE_WITH_LEASE}" != "true" ]]; then
+    echo "[INFO] Force pushing changes with lease (required after reset_target_branch=true)"
+  else
+    echo "[INFO] Force pushing changes with lease"
+  fi
   git push --force-with-lease origin "${BRANCH}"
 elif [[ "${SKIP_BRANCH_CREATION}" != "true" && ( -n ${FILES_CHANGED} || "${INPUT_AMEND}" == "true" || -n "${INPUT_TARGET_BRANCH}" ) ]]; then
   echo "[INFO] Pushing changes"