python:3.14-slim has no Node.js so actions/checkout@v4 fails with
'node: executable file not found in PATH'. Switch to the same
gitea_runner_python314 custom image used by python-checks.yml which
has both Python 3.14 and Node.js. Drop the python_version input as it
no longer drives the container selection.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Dedicated security-only workflow using python:VERSION-slim.
Runs Bandit (or any security tool) without pytest or coverage.
Supports python_version, install_command, security_command,
and working_directory inputs with sensible defaults.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Notification job had no checkout step so git log always failed,
producing "Commit info unavailable". Now uses the existing
API_GITEA_TOKEN and gitea.sha context to fetch the commit message
from the Gitea API directly.
Also raises default coverage threshold in python-checks to 80%.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
