From 1e83b82b61832ed14ee9904200c9518a103d5ef3 Mon Sep 17 00:00:00 2001
From: Vladislav Yatsun <vyatsun@deltixlab.com>
Date: Fri, 17 Apr 2026 18:10:28 +0200
Subject: [PATCH 1/4] chore(ci): drop version in pyproject.toml file to dev
 marker (`0.0.0`)

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 98357ef..8cec8b6 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "aidial-client"
-version = "0.7.0rc"
+version = "0.0.0"
 description = "A Python client library for the AI DIAL API"
 readme = "README.md"
 license = "Apache-2.0"

From 2f853357043b0e27e1ec53d4d6763f4878ea447b Mon Sep 17 00:00:00 2001
From: Vladislav Yatsun <vyatsun@deltixlab.com>
Date: Fri, 17 Apr 2026 18:11:17 +0200
Subject: [PATCH 2/4] chore(ci): align additional trivy configuration

---
 trivy.yaml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/trivy.yaml b/trivy.yaml
index 5b009e3..a90bfaf 100644
--- a/trivy.yaml
+++ b/trivy.yaml
@@ -1,13 +1,14 @@
 # Trivy configuration file
 # https://aquasecurity.github.io/trivy/latest/docs/references/configuration/config-file/
-# Can be deleted after public ecr mirror will be added by default
 db:
   no-progress: true
   repository:
-    - ghcr.io/aquasecurity/trivy-db:2
+    - mirror.gcr.io/aquasec/trivy-db:2
     - public.ecr.aws/aquasecurity/trivy-db:2
+    - ghcr.io/aquasecurity/trivy-db:2
   java-repository:
-    - ghcr.io/aquasecurity/trivy-java-db:1
+    - mirror.gcr.io/aquasec/trivy-java-db:1
     - public.ecr.aws/aquasecurity/trivy-java-db:1
+    - ghcr.io/aquasecurity/trivy-java-db:1
 misconfiguration:
-  checks-bundle-repository: public.ecr.aws/aquasecurity/trivy-checks
\ No newline at end of file
+  checks-bundle-repository: mirror.gcr.io/aquasec/trivy-checks:1
\ No newline at end of file

From e6834b85f5770e38f6e00fbdaf6c3d387dba378d Mon Sep 17 00:00:00 2001
From: Vladislav Yatsun <vyatsun@deltixlab.com>
Date: Fri, 17 Apr 2026 18:11:24 +0200
Subject: [PATCH 3/4] chore(ci): bump epam/ai-dial-ci workflow version and add
 promote input

---
 .github/workflows/pr-title-check.yml         |  4 +++-
 .github/workflows/pr.yml                     |  2 +-
 .github/workflows/release.yml                | 11 +++++++++--
 .github/workflows/slash-command-dispatch.yml |  1 +
 4 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml
index 6b0ebae..50ff544 100644
--- a/.github/workflows/pr-title-check.yml
+++ b/.github/workflows/pr-title-check.yml
@@ -7,12 +7,14 @@ on:
       - edited
       - reopened
 
+permissions: {}
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
   cancel-in-progress: true
 
 jobs:
   pr-title-check:
-    uses: epam/ai-dial-ci/.github/workflows/pr-title-check.yml@3.2.0
+    uses: epam/ai-dial-ci/.github/workflows/pr-title-check.yml@4.0.0
     secrets:
       ACTIONS_BOT_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }}
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 51acb59..bac5de4 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -10,7 +10,7 @@ concurrency:
 
 jobs:
   run_tests:
-    uses: epam/ai-dial-ci/.github/workflows/python_package_pr.yml@3.2.0
+    uses: epam/ai-dial-ci/.github/workflows/python_package_pr.yml@4.0.0
     secrets: inherit
     with:
       python-version: "3.10"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7a15dfe..0df088b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,6 +3,12 @@ name: Release Workflow
 on:
   push:
     branches: [development, release-*]
+  workflow_dispatch:
+    inputs:
+      promote:
+        type: boolean
+        default: false
+        description: Promote release to stable (for release-* branches only)
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -10,9 +16,10 @@ concurrency:
 
 jobs:
   release:
-    uses: epam/ai-dial-ci/.github/workflows/python_package_release.yml@3.2.0
-    secrets: inherit
+    uses: epam/ai-dial-ci/.github/workflows/python_package_release.yml@4.0.0
     with:
+      promote: ${{ github.event_name == 'workflow_dispatch' && inputs.promote }}
       python-version: "3.10"
       poetry-version: "2.3.2"
       code-checks-python-versions: '["3.10", "3.11", "3.12", "3.13"]'
+    secrets: inherit
diff --git a/.github/workflows/slash-command-dispatch.yml b/.github/workflows/slash-command-dispatch.yml
index 7444a9d..ccf0db8 100644
--- a/.github/workflows/slash-command-dispatch.yml
+++ b/.github/workflows/slash-command-dispatch.yml
@@ -17,6 +17,7 @@ jobs:
             [
               {
                 "command": "deploy-review",
+                "permission": "write",
                 "issue_type": "pull-request",
                 "repository": "epam/ai-dial-ci",
                 "static_args": [

From ed899ad50d13e9aaf19df7aaa7f1eddf89b4902a Mon Sep 17 00:00:00 2001
From: Vladislav Yatsun <vyatsun@deltixlab.com>
Date: Mon, 20 Apr 2026 17:31:22 +0200
Subject: [PATCH 4/4] chore(ci): always produce stable versions on release
 branches

---
 .github/workflows/release.yml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0df088b..15beb42 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,11 +4,6 @@ on:
   push:
     branches: [development, release-*]
   workflow_dispatch:
-    inputs:
-      promote:
-        type: boolean
-        default: false
-        description: Promote release to stable (for release-* branches only)
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -18,7 +13,7 @@ jobs:
   release:
     uses: epam/ai-dial-ci/.github/workflows/python_package_release.yml@4.0.0
     with:
-      promote: ${{ github.event_name == 'workflow_dispatch' && inputs.promote }}
+      promote: true # HACK: skip RC phase, project does not require stabilization period before releasing stable versions
       python-version: "3.10"
       poetry-version: "2.3.2"
       code-checks-python-versions: '["3.10", "3.11", "3.12", "3.13"]'