Use cpflow 5.1.1 release tag

.controlplane/docs/testing-cpflow-github-actions.md

@@ -1,7 +1,7 @@
 # Testing cpflow GitHub Actions Changes
 
 Generic reusable-workflow behavior belongs upstream in the
-[`control-plane-flow` CI automation guide](https://github.com/shakacode/control-plane-flow/blob/main/docs/ci-automation.md).
+[`control-plane-flow` CI automation guide](https://github.com/shakacode/control-plane-flow/blob/v5.1.1/docs/ci-automation.md).
 Use this repo note only as the canary checklist for
 `react-webpack-rails-tutorial`.
 
@@ -30,9 +30,9 @@ bin/conductor-exec bin/test-cpflow-github-flow ruby /path/to/control-plane-flow/
 ```
 
 Leave `CPFLOW_VERSION` unset while testing a commit SHA. After the upstream PR
-ships in a release tag, repin wrappers to that tag. Use `v5.1.0` only for
-changes already included in that tag; keep this promotion-hardening canary on an
-immutable commit SHA until the upstream hardening PR is released.
+ships in a release tag, repin wrappers to that tag. Use `v5.1.1` for the
+promotion-hardening and release-runner timeout fixes; use immutable commit SHAs
+only for future unreleased upstream PR tests.
 
 ## Review App Canary
 

.controlplane/readme.md

@@ -23,7 +23,7 @@ You can see the definition of Postgres and Redis in the `.controlplane/templates
 
 This repo uses the generated `cpflow-*` GitHub Actions wrappers. Keep the
 generic behavior documented upstream in the
-[`control-plane-flow` CI automation guide](https://github.com/shakacode/control-plane-flow/blob/main/docs/ci-automation.md);
+[`control-plane-flow` CI automation guide](https://github.com/shakacode/control-plane-flow/blob/v5.1.1/docs/ci-automation.md);
 this section only lists the values that are specific to this app.
 
 ### Review Apps and Staging
@@ -571,22 +571,22 @@ configuration.
 ### Updating Generated cpflow Workflows
 
 Keep the reusable-workflow mechanics in the upstream
-[`control-plane-flow` CI automation guide](https://github.com/shakacode/control-plane-flow/blob/main/docs/ci-automation.md).
+[`control-plane-flow` CI automation guide](https://github.com/shakacode/control-plane-flow/blob/v5.1.1/docs/ci-automation.md).
 For this repo, the update loop is:
 
-1. Generate from the desired `cpflow` release with `--staging-branch master`.
-2. Keep generated refs on a release tag once the upstream hardening changes ship.
-   This branch temporarily pins refs to
-   `d8877ca0c9c1d88947f322903e4a4344641029ba` to use merged-but-unreleased
-   upstream promotion hardening and the release-runner timeout fix before the
-   next release tag.
-   Leave `CPFLOW_VERSION` unset while testing a commit SHA.
-3. Keep app names and GitHub settings aligned with `.controlplane/controlplane.yml`.
-4. Validate locally:
+1. Update the bundled `cpflow` gem to the desired release.
+2. Refresh generated wrappers from that release with `--staging-branch master`.
+3. Keep generated refs on the same release tag as the bundled `cpflow` gem.
+   This branch pins refs to `v5.1.1`, which includes upstream promotion
+   hardening and the release-runner timeout fix. Use a full commit SHA only for
+   short-lived upstream testing and leave `CPFLOW_VERSION` unset in that case.
+4. Keep app names and GitHub settings aligned with `.controlplane/controlplane.yml`.
+5. Validate locally:
 
 ```bash
-bin/conductor-exec ruby /path/to/control-plane-flow/bin/cpflow generate-github-actions --staging-branch master
-bin/conductor-exec bin/test-cpflow-github-flow ruby /path/to/control-plane-flow/bin/cpflow
+bin/conductor-exec bundle update cpflow
+bin/conductor-exec bundle exec cpflow update-github-actions --staging-branch master
+bin/conductor-exec bin/test-cpflow-github-flow bundle exec cpflow
 ```
 
 Then open a normal PR, wait for GitHub Actions, and test a real review-app

.controlplane/shakacode-team.md

@@ -115,14 +115,12 @@ cpflow apply-template app postgres redis daily-task rails \
 ```
 
 Advanced optional settings are documented upstream in the
-[`control-plane-flow` CI automation guide](https://github.com/shakacode/control-plane-flow/blob/main/docs/ci-automation.md).
-
-Current workflow wrappers are temporarily pinned to upstream
-`control-plane-flow` commit `d8877ca0c9c1d88947f322903e4a4344641029ba` to use
-merged-but-unreleased promotion hardening and the release-runner timeout fix
-before they ship in a release tag. Keep release tags as the steady-state
-configuration once the upstream changes are released; use a full commit SHA only
-for short-lived upstream testing and leave `CPFLOW_VERSION` unset in that case.
+[`control-plane-flow` CI automation guide](https://github.com/shakacode/control-plane-flow/blob/v5.1.1/docs/ci-automation.md).
+
+Current workflow wrappers pin `control-plane-flow` release tag `v5.1.1`, which
+includes promotion hardening and the release-runner timeout fix. Keep release
+tags as the steady-state configuration; use a full commit SHA only for
+short-lived upstream testing and leave `CPFLOW_VERSION` unset in that case.
 
 If staging moves off `master`, update both `STAGING_APP_BRANCH` and the branch
 filter in `.github/workflows/cpflow-deploy-staging.yml`.

.github/cpflow-help.md

@@ -2,7 +2,7 @@
 
 These commands are generated by [cpflow](https://github.com/shakacode/control-plane-flow).
 For full setup, version-pinning, and troubleshooting details, see the upstream
-[CI automation guide](https://github.com/shakacode/control-plane-flow/blob/d8877ca0c9c1d88947f322903e4a4344641029ba/docs/ci-automation.md).
+[CI automation guide](https://github.com/shakacode/control-plane-flow/blob/v5.1.1/docs/ci-automation.md).
 
 ## Pull Request Commands
 
@@ -110,15 +110,12 @@ production org, using production-only secrets and values.
 
 ## Version Locking
 
-Generated wrappers normally pin Control Plane Flow with a release tag, for
-example `v5.1.0`. This branch temporarily pins the wrappers to upstream commit
-`d8877ca0c9c1d88947f322903e4a4344641029ba` while using merged-but-unreleased
-production promotion hardening plus the release-runner timeout fix. Reusable
-review-app, staging, cleanup, and helper workflows pin that ref in their
-`uses:` entry.
-Production promotion pins the same ref in its control-plane-flow checkout step
-so the caller-owned job can keep `environment: production` and receive
-production environment secrets directly.
+Generated wrappers pin Control Plane Flow with a release tag, for example
+`v5.1.1`. Reusable review-app, staging, cleanup, and
+helper workflows pin the tag in their `uses:` ref. Production promotion pins
+the same tag in the `Checkout control-plane-flow actions` step so the
+caller-owned job can keep `environment: production` and receive production
+environment secrets directly.
 
 Leave `CPFLOW_VERSION` unset so the workflow builds cpflow from the same
 checked-out upstream source. If you set `CPFLOW_VERSION`, it must match the

.github/workflows/cpflow-cleanup-stale-review-apps.yml

@@ -12,6 +12,6 @@ jobs:
   cleanup:
     # Cleanup targets the current inferred review-app prefix. If you changed
     # naming conventions, manually delete review apps under the old prefix.
-    uses: shakacode/control-plane-flow/.github/workflows/cpflow-cleanup-stale-review-apps.yml@d8877ca0c9c1d88947f322903e4a4344641029ba
+    uses: shakacode/control-plane-flow/.github/workflows/cpflow-cleanup-stale-review-apps.yml@v5.1.1
     secrets:
       CPLN_TOKEN_STAGING: ${{ secrets.CPLN_TOKEN_STAGING }}

.github/workflows/cpflow-delete-review-app.yml

@@ -31,6 +31,6 @@ jobs:
       github.event_name == 'workflow_dispatch'
     # This `if:` mirrors the upstream job guard to avoid a billable workflow_call
     # when the event does not match. Keep both conditions in sync.
-    uses: shakacode/control-plane-flow/.github/workflows/cpflow-delete-review-app.yml@d8877ca0c9c1d88947f322903e4a4344641029ba
+    uses: shakacode/control-plane-flow/.github/workflows/cpflow-delete-review-app.yml@v5.1.1
     secrets:
       CPLN_TOKEN_STAGING: ${{ secrets.CPLN_TOKEN_STAGING }}

.github/workflows/cpflow-deploy-review-app.yml

@@ -30,7 +30,7 @@ jobs:
        github.event.issue.pull_request &&
        contains(fromJson('["+review-app-deploy","+review-app-deploy\n","+review-app-deploy\r\n"]'), github.event.comment.body) &&
        contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association))
-    uses: shakacode/control-plane-flow/.github/workflows/cpflow-deploy-review-app.yml@d8877ca0c9c1d88947f322903e4a4344641029ba
+    uses: shakacode/control-plane-flow/.github/workflows/cpflow-deploy-review-app.yml@v5.1.1
     secrets:
       CPLN_TOKEN_STAGING: ${{ secrets.CPLN_TOKEN_STAGING }}
       DOCKER_BUILD_SSH_KEY: ${{ secrets.DOCKER_BUILD_SSH_KEY }}

.github/workflows/cpflow-deploy-staging.yml

@@ -16,7 +16,7 @@ permissions:
 
 jobs:
   deploy-staging:
-    uses: shakacode/control-plane-flow/.github/workflows/cpflow-deploy-staging.yml@d8877ca0c9c1d88947f322903e4a4344641029ba
+    uses: shakacode/control-plane-flow/.github/workflows/cpflow-deploy-staging.yml@v5.1.1
     with:
       staging_app_branch_default: "master"
     secrets:

.github/workflows/cpflow-help-command.yml

@@ -23,4 +23,4 @@ jobs:
        contains(fromJson('["+review-app-help","+review-app-help\n","+review-app-help\r\n"]'), github.event.comment.body) &&
        contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)) ||
       github.event_name == 'workflow_dispatch'
-    uses: shakacode/control-plane-flow/.github/workflows/cpflow-help-command.yml@d8877ca0c9c1d88947f322903e4a4344641029ba
+    uses: shakacode/control-plane-flow/.github/workflows/cpflow-help-command.yml@v5.1.1

.github/workflows/cpflow-promote-staging-to-production.yml

@@ -69,7 +69,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           repository: shakacode/control-plane-flow
-          ref: d8877ca0c9c1d88947f322903e4a4344641029ba
+          ref: v5.1.1
           path: .cpflow
           persist-credentials: false
 
@@ -179,7 +179,7 @@ jobs:
           cpln_cli_version: ${{ vars.CPLN_CLI_VERSION }}
           cpflow_version: ${{ vars.CPFLOW_VERSION }}
           # The setup action validates CPFLOW_VERSION against this full workflow ref.
-          control_plane_flow_ref: shakacode/control-plane-flow/.github/workflows/cpflow-promote-staging-to-production.yml@d8877ca0c9c1d88947f322903e4a4344641029ba
+          control_plane_flow_ref: shakacode/control-plane-flow/.github/workflows/cpflow-promote-staging-to-production.yml@v5.1.1
 
       # Runs after Setup production environment so the pinned Ruby (>= 3.1) is on PATH.
       # YAML.load_file(..., aliases: true) is not supported on Ruby 3.0 (system Ruby on ubuntu-22.04).

.github/workflows/cpflow-review-app-help.yml

@@ -18,4 +18,4 @@ jobs:
     # to PR-open help. Remove it, or uncomment and adapt this guard, if forks or
     # clones should stay quiet until Control Plane is configured:
     #   if: vars.REVIEW_APP_PREFIX != '' || vars.CPLN_ORG_STAGING != ''
-    uses: shakacode/control-plane-flow/.github/workflows/cpflow-review-app-help.yml@d8877ca0c9c1d88947f322903e4a4344641029ba
+    uses: shakacode/control-plane-flow/.github/workflows/cpflow-review-app-help.yml@v5.1.1

Gemfile

@@ -5,7 +5,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
 ruby "3.4.6"
 
-gem "cpflow", "5.1.0", require: false
+gem "cpflow", "5.1.1", require: false
 gem "react_on_rails_pro", "16.7.0.rc.3"
 gem "shakapacker", "10.1.0"
 

Gemfile.lock

@@ -143,7 +143,7 @@ GEM
       term-ansicolor (~> 1.6)
       thor (>= 0.20.3, < 2.0)
       tins (~> 1.16)
-    cpflow (5.1.0)
+    cpflow (5.1.1)
       dotenv (~> 3.1)
       jwt (~> 3.1)
       psych (~> 5.2)
@@ -529,7 +529,7 @@ DEPENDENCIES
   capybara-screenshot
   coffee-rails
   coveralls_reborn (~> 0.25.0)
-  cpflow (= 5.1.0)
+  cpflow (= 5.1.1)
   database_cleaner
   debug (>= 1.0.0)
   factory_bot_rails