From d05509588187ecbdc2df28d5e17ad5118b999c02 Mon Sep 17 00:00:00 2001
From: LizardByte-bot <108553330+LizardByte-bot@users.noreply.github.com>
Date: Sat, 14 Feb 2026 14:25:40 +0000
Subject: [PATCH 01/10] chore: update global workflows

---
 .github/workflows/_codeql.yml      | 11 ++++++-----
 .github/workflows/_common-lint.yml |  5 +++--
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/_codeql.yml b/.github/workflows/_codeql.yml
index 15c5a6f..5569a2e 100644
--- a/.github/workflows/_codeql.yml
+++ b/.github/workflows/_codeql.yml
@@ -4,16 +4,13 @@
 # the above-mentioned repo.
 
 name: CodeQL
-permissions:
-  actions: read
-  contents: read
-  security-events: write
+permissions: {}
 
 on:
+  pull_request:
   push:
     branches:
       - master
-  pull_request:
   schedule:
     - cron: '00 12 * * 0'  # every Sunday at 12:00 UTC
 
@@ -26,3 +23,7 @@ jobs:
     name: CodeQL
     uses: LizardByte/.github/.github/workflows/__call-codeql.yml@master
     if: ${{ github.repository != 'LizardByte/.github' }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
diff --git a/.github/workflows/_common-lint.yml b/.github/workflows/_common-lint.yml
index 80be0cc..e7760cb 100644
--- a/.github/workflows/_common-lint.yml
+++ b/.github/workflows/_common-lint.yml
@@ -4,8 +4,7 @@
 # the above-mentioned repo.
 
 name: common lint
-permissions:
-  contents: read
+permissions: {}
 
 on:
   pull_request:
@@ -19,3 +18,5 @@ jobs:
     name: Common Lint
     uses: LizardByte/.github/.github/workflows/__call-common-lint.yml@master
     if: ${{ github.repository != 'LizardByte/.github' }}
+    permissions:
+      contents: read

From 450b15f1e69a5645b29d4515cebcb60c6ea22034 Mon Sep 17 00:00:00 2001
From: ReenigneArcher <42013603+ReenigneArcher@users.noreply.github.com>
Date: Sat, 14 Feb 2026 09:52:50 -0500
Subject: [PATCH 02/10] Pass GH_BOT_NAME via workflow input

Update GitHub Actions workflow to stop mapping GH_BOT_NAME as a secret and instead pass it as the action input `gh_bot_name`. The jekyll-build action expects the bot name via its inputs, so move the variable from the secrets block to `with` to match the action's parameters.
---
 .github/workflows/update-pages.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/update-pages.yml b/.github/workflows/update-pages.yml
index fb537d6..8dfa3d2 100644
--- a/.github/workflows/update-pages.yml
+++ b/.github/workflows/update-pages.yml
@@ -38,9 +38,9 @@ jobs:
     uses: LizardByte/LizardByte.github.io/.github/workflows/jekyll-build.yml@master
     secrets:
       GH_BOT_EMAIL: ${{ secrets.GH_BOT_EMAIL }}
-      GH_BOT_NAME: ${{ vars.GH_BOT_NAME }}
       GH_BOT_TOKEN: ${{ secrets.GH_BOT_TOKEN }}
     with:
       clean_gh_pages: true
+      gh_bot_name: ${{ vars.GH_BOT_NAME }}
       site_artifact: 'prep'
       target_branch: 'gh-pages'

From f82edf99cf137129bbf15c1efe653b468c6fc9e7 Mon Sep 17 00:00:00 2001
From: LizardByte-bot <108553330+LizardByte-bot@users.noreply.github.com>
Date: Tue, 3 Mar 2026 03:55:23 +0000
Subject: [PATCH 03/10] chore: update global workflows

---
 .github/workflows/_common-lint.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/_common-lint.yml b/.github/workflows/_common-lint.yml
index e7760cb..276fca5 100644
--- a/.github/workflows/_common-lint.yml
+++ b/.github/workflows/_common-lint.yml
@@ -20,3 +20,4 @@ jobs:
     if: ${{ github.repository != 'LizardByte/.github' }}
     permissions:
       contents: read
+      pull-requests: read

From fc851927b922d1a2677ce9aba4b6d0a5f50b2ba1 Mon Sep 17 00:00:00 2001
From: LizardByte-bot <108553330+LizardByte-bot@users.noreply.github.com>
Date: Sat, 28 Mar 2026 02:15:03 +0000
Subject: [PATCH 04/10] chore: update global workflows

---
 .github/dependabot.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 70774ed..368a4cd 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -81,7 +81,9 @@ updates:
     open-pull-requests-limit: 10
 
   - package-ecosystem: "pip"
-    directory: "/"
+    directories:
+      - "/"
+      - "/*"
     rebase-strategy: disabled
     schedule:
       interval: "cron"

From 80bab9faf3084ee211490790427fa4e32157a3f4 Mon Sep 17 00:00:00 2001
From: LizardByte-bot <108553330+LizardByte-bot@users.noreply.github.com>
Date: Sat, 28 Mar 2026 03:37:49 +0000
Subject: [PATCH 05/10] chore: update global workflows

---
 .github/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 368a4cd..bef3a49 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -83,7 +83,7 @@ updates:
   - package-ecosystem: "pip"
     directories:
       - "/"
-      - "/*"
+      - "/**"
     rebase-strategy: disabled
     schedule:
       interval: "cron"

From 7d302c0da74cbc79b63c757d9ed95e93049574ba Mon Sep 17 00:00:00 2001
From: LizardByte-bot <108553330+LizardByte-bot@users.noreply.github.com>
Date: Sat, 28 Mar 2026 13:13:03 +0000
Subject: [PATCH 06/10] chore: update global workflows

---
 .github/dependabot.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index bef3a49..55397d1 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -84,6 +84,7 @@ updates:
     directories:
       - "/"
       - "/**"
+      - "/**/**"  # https://github.com/dependabot/dependabot-core/issues/14569
     rebase-strategy: disabled
     schedule:
       interval: "cron"

From 79dbf3a18d835983109a913b31f0b61c510d1c60 Mon Sep 17 00:00:00 2001
From: LizardByte-bot <108553330+LizardByte-bot@users.noreply.github.com>
Date: Sat, 28 Mar 2026 13:34:44 +0000
Subject: [PATCH 07/10] chore: update global workflows

---
 .github/dependabot.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 55397d1..42f147c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -15,7 +15,10 @@ updates:
     open-pull-requests-limit: 10
 
   - package-ecosystem: "docker"
-    directory: "/"
+    directories:
+      - "/"
+      - "/**"
+      - "/**/**"
     rebase-strategy: disabled
     schedule:
       interval: "cron"

From 72ff4ba3f58f7da25cb5d70bb5767dc7ac6badda Mon Sep 17 00:00:00 2001
From: LizardByte-bot <108553330+LizardByte-bot@users.noreply.github.com>
Date: Thu, 2 Apr 2026 03:47:23 +0000
Subject: [PATCH 08/10] chore: update global workflows

---
 .github/dependabot.yml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 42f147c..53fc337 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -16,15 +16,16 @@ updates:
 
   - package-ecosystem: "docker"
     directories:
-      - "/"
-      - "/**"
-      - "/**/**"
+      - "/**/*"
     rebase-strategy: disabled
     schedule:
       interval: "cron"
       cronjob: "30 1 * * *"
       timezone: "America/New_York"
     open-pull-requests-limit: 10
+    groups:
+      monorepo-dependencies:
+        group-by: dependency-name
 
   - package-ecosystem: "github-actions"
     directories:
@@ -38,6 +39,8 @@ updates:
       timezone: "America/New_York"
     open-pull-requests-limit: 10
     groups:
+      monorepo-dependencies:
+        group-by: dependency-name
       docker-actions:
         applies-to: version-updates
         patterns:
@@ -85,9 +88,7 @@ updates:
 
   - package-ecosystem: "pip"
     directories:
-      - "/"
-      - "/**"
-      - "/**/**"  # https://github.com/dependabot/dependabot-core/issues/14569
+      - "/**/*"
     rebase-strategy: disabled
     schedule:
       interval: "cron"
@@ -95,6 +96,8 @@ updates:
       timezone: "America/New_York"
     open-pull-requests-limit: 10
     groups:
+      monorepo-dependencies:
+        group-by: dependency-name
       pytest-dependencies:
         applies-to: version-updates
         patterns:

From dd0fb723b841ee85cf1717dbf1f05ff5cb85ce60 Mon Sep 17 00:00:00 2001
From: LizardByte-bot <108553330+LizardByte-bot@users.noreply.github.com>
Date: Sat, 11 Apr 2026 19:10:50 +0000
Subject: [PATCH 09/10] chore: update global workflows

---
 .github/dependabot.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 53fc337..9ce306a 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -39,8 +39,6 @@ updates:
       timezone: "America/New_York"
     open-pull-requests-limit: 10
     groups:
-      monorepo-dependencies:
-        group-by: dependency-name
       docker-actions:
         applies-to: version-updates
         patterns:

From 19b18890ebe6468c0d7759426c487bf4ae20d789 Mon Sep 17 00:00:00 2001
From: LizardByte-bot <108553330+LizardByte-bot@users.noreply.github.com>
Date: Sun, 12 Apr 2026 02:23:11 +0000
Subject: [PATCH 10/10] chore: update global workflows

---
 .github/workflows/_top-issues.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 .github/workflows/_top-issues.yml

diff --git a/.github/workflows/_top-issues.yml b/.github/workflows/_top-issues.yml
new file mode 100644
index 0000000..3072822
--- /dev/null
+++ b/.github/workflows/_top-issues.yml
@@ -0,0 +1,27 @@
+---
+# This workflow is centrally managed in https://github.com/LizardByte/.github/
+# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in
+# the above-mentioned repo.
+
+# Create a top issues dashboard
+
+name: Top issues
+permissions: {}
+
+on:
+  schedule:
+    - cron: '0 6/12 * * *'
+  workflow_dispatch:
+
+concurrency:
+  group: 'top-issues'
+  cancel-in-progress: true
+
+jobs:
+  top-issues:
+    name: Top issues
+    uses: LizardByte/.github/.github/workflows/__call-top-issues.yml@master
+    if: github.repository_owner == 'LizardByte'
+    permissions:
+      contents: read
+      issues: write