P1 — deploy-k8s.yaml:
- Add set -euo pipefail to all run blocks
- Replace sed-based image tag patching with yq for YAML-safe updates
- Add source commit SHA and CI run link to deploy commit messages
- Install yq v4.44.1 as prerequisite step
P1 — build-push.yaml:
- Add runner input parameter for future ARM64 self-hosted runners
(default: ubuntu-latest with QEMU emulation)
P2 — test-python.yaml:
- Add pyproject.toml support (pip install -e) before requirements.txt fallback
P2 — build-push.yaml:
- Pin catthehacker/ubuntu container image to act-22.04 (was act-latest)
Ref: CON-578
290b9a9eb9