From 934ce87095eb7f1da8f4688be91ed3641c7a0087 Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Fri, 5 Dec 2025 06:25:55 +0000
Subject: [PATCH 1/4] fix(ci): resolve benchmark push and release update
 failures

- Use GITHUB_TOKEN instead of CHARON_TOKEN for benchmark gh-pages push
- Add make_latest: false to prevent immutable release update errors
- Fixes Performance Regression Check authentication failure
- Fixes Auto Versioning target_commitish immutable error
---
 .github/workflows/auto-versioning.yml | 3 ++-
 .github/workflows/benchmark.yml       | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/auto-versioning.yml b/.github/workflows/auto-versioning.yml
index e169bbae..875c26d7 100644
--- a/.github/workflows/auto-versioning.yml
+++ b/.github/workflows/auto-versioning.yml
@@ -97,5 +97,6 @@ jobs:
           tag_name: ${{ steps.determine_tag.outputs.tag }}
           name: Release ${{ steps.determine_tag.outputs.tag }}
           body: ${{ steps.semver.outputs.release_notes }}
+          make_latest: false
         env:
-          CHARON_TOKEN: ${{ secrets.CHARON_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml
index 4c56288c..c8c10cf4 100644
--- a/.github/workflows/benchmark.yml
+++ b/.github/workflows/benchmark.yml
@@ -42,7 +42,7 @@ jobs:
           name: Go Benchmark
           tool: 'go'
           output-file-path: backend/output.txt
-          github-token: ${{ secrets.CHARON_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           auto-push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
           # Show alert with commit comment on detection of performance regression
           alert-threshold: '150%'

From aebae095b4c80fe911915ad77e92e79127fc6bd3 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 5 Dec 2025 06:29:20 +0000
Subject: [PATCH 2/4] chore(deps): update module github.com/expr-lang/expr to
 v1.17.6 (#316)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index a355a76a..cc74b3fc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -133,7 +133,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
             # Renovate tracks these via regex manager in renovate.json
             # TODO: Remove this block once Caddy ships with fixed deps (check v2.10.3+)
             # renovate: datasource=go depName=github.com/expr-lang/expr
-            go get github.com/expr-lang/expr@v1.17.0 || true; \
+            go get github.com/expr-lang/expr@v1.17.6 || true; \
             # renovate: datasource=go depName=github.com/quic-go/quic-go
             go get github.com/quic-go/quic-go@v0.54.1 || true; \
             # renovate: datasource=go depName=github.com/smallstep/certificates

From a060db58de9077e71cb10df4415f07bfd73a776e Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 5 Dec 2025 06:29:42 +0000
Subject: [PATCH 3/4] chore(deps): update module github.com/quic-go/quic-go to
 v0.57.1 (#317)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index cc74b3fc..af4fe847 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -135,7 +135,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
             # renovate: datasource=go depName=github.com/expr-lang/expr
             go get github.com/expr-lang/expr@v1.17.6 || true; \
             # renovate: datasource=go depName=github.com/quic-go/quic-go
-            go get github.com/quic-go/quic-go@v0.54.1 || true; \
+            go get github.com/quic-go/quic-go@v0.57.1 || true; \
             # renovate: datasource=go depName=github.com/smallstep/certificates
             go get github.com/smallstep/certificates@v0.29.0 || true; \
             go mod tidy || true; \

From fa9d548908e7964d68aeb41c8814d626acea609c Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Fri, 5 Dec 2025 06:38:00 +0000
Subject: [PATCH 4/4] fix(ci): correct conditional for release creation step

- Change 'changed' check from truthy string to explicit 'true' comparison
- GitHub Actions treats non-empty strings as truthy, causing step to run unexpectedly
- This was causing the workflow to attempt updating v0.3.0 release when it shouldn't
---
 .github/workflows/auto-versioning.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/auto-versioning.yml b/.github/workflows/auto-versioning.yml
index 875c26d7..f8bb9b08 100644
--- a/.github/workflows/auto-versioning.yml
+++ b/.github/workflows/auto-versioning.yml
@@ -91,7 +91,7 @@ jobs:
           CHARON_TOKEN: ${{ secrets.CHARON_TOKEN }}
 
       - name: Create GitHub Release (tag-only, no workspace changes)
-        if: ${{ steps.semver.outputs.changed && steps.check_release.outputs.exists == 'false' }}
+        if: ${{ steps.semver.outputs.changed == 'true' && steps.check_release.outputs.exists == 'false' }}
         uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
         with:
           tag_name: ${{ steps.determine_tag.outputs.tag }}