From ce2477d42a269e602db5f46f872c5968f026a878 Mon Sep 17 00:00:00 2001
From: Roshan Gorasia <roshan.gorasia@checkout.com>
Date: Tue, 26 May 2026 10:20:27 +0100
Subject: [PATCH 1/3] chore: add stale PR GitHub Action

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/standards-stale.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 .github/workflows/standards-stale.yaml

diff --git a/.github/workflows/standards-stale.yaml b/.github/workflows/standards-stale.yaml
new file mode 100644
index 00000000..c8c644ad
--- /dev/null
+++ b/.github/workflows/standards-stale.yaml
@@ -0,0 +1,16 @@
+name: "Stale PRs"
+
+permissions:
+  pull-requests: write
+  issues: write
+
+on:
+  schedule:
+    # runs daily at 9am
+    - cron: '0 9 * * *'
+
+jobs:
+  stale:
+    name: Stale
+    uses: processout/actions/.github/workflows/standards-stale.yaml@v1
+    secrets: inherit

From e163295f9c10560b620aefd2afd7ca19de1a4380 Mon Sep 17 00:00:00 2001
From: Roshan Gorasia <roshan.gorasia@checkout.com>
Date: Tue, 26 May 2026 10:26:37 +0100
Subject: [PATCH 2/3] chore: drop secrets: inherit from stale workflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The shared standards-stale workflow only uses actions/stale@v9 which
runs on GITHUB_TOKEN — no custom secrets are declared. Removing
secrets: inherit follows least-privilege principle.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/standards-stale.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/standards-stale.yaml b/.github/workflows/standards-stale.yaml
index c8c644ad..a087ada1 100644
--- a/.github/workflows/standards-stale.yaml
+++ b/.github/workflows/standards-stale.yaml
@@ -13,4 +13,3 @@ jobs:
   stale:
     name: Stale
     uses: processout/actions/.github/workflows/standards-stale.yaml@v1
-    secrets: inherit

From 9ec8dc592f1fc75b2a58f38c689a9230853b8ad0 Mon Sep 17 00:00:00 2001
From: Roshan Gorasia <roshan.gorasia@checkout.com>
Date: Tue, 26 May 2026 10:31:26 +0100
Subject: [PATCH 3/3] chore: exclude .github/** from version bump check

Workflow-only PRs (e.g. adding GitHub Actions) don't touch the JS
library and shouldn't require a version bump.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/version-bump.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml
index 2407e6f4..103bcbac 100644
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@@ -1,6 +1,9 @@
 name: Check version bumped
 
-on: [ pull_request ]
+on:
+  pull_request:
+    paths-ignore:
+      - '.github/**'
 
 jobs:
   check-version-bumped: