From c2cd7809a96a284fc59e0408c8c50294fd76e7ee Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Tue, 10 Mar 2026 12:51:44 -0700
Subject: [PATCH 1/2] Remove unnecessary workflow_call trigger from actionci
 caller workflow

---
 .github/workflows/actionci.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/actionci.yml b/.github/workflows/actionci.yml
index 81a6873e6..9a3f9e2ad 100644
--- a/.github/workflows/actionci.yml
+++ b/.github/workflows/actionci.yml
@@ -7,7 +7,6 @@ on:
     branches:
     - "master"
   pull_request:
-  workflow_call:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}

From 768886a0bee867c581f274f9b7706c3670fd8527 Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Tue, 10 Mar 2026 13:00:49 -0700
Subject: [PATCH 2/2] Remove redundant zizmor.yml workflow

The actionci.yml workflow already calls zizmor as a sub-workflow via
smallstep/workflows, so a separate zizmor.yml is unnecessary.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/zizmor.yml | 17 -----------------
 1 file changed, 17 deletions(-)
 delete mode 100644 .github/workflows/zizmor.yml

diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
deleted file mode 100644
index 0057146c4..000000000
--- a/.github/workflows/zizmor.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: Zizmor security scan
-on:
-  push:
-  workflow_call:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-  security-events: write
-
-jobs:
-  zizmor:
-    uses: smallstep/workflows/.github/workflows/zizmor.yml@main
-    secrets: inherit