From 1fda05fe9d058dbb1ec3dee1146800962820b748 Mon Sep 17 00:00:00 2001
From: Codex <codex@openai.com>
Date: Wed, 25 Mar 2026 12:19:38 +0000
Subject: [PATCH] fix: correct OPM grep pattern in nightly security check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The lua-resty-maxminddb version check was using a space separator
pattern ('lua-resty-maxminddb \K[0-9.]+') that no longer matches
the Dockerfile after issue #56 changed the opm get syntax to use
an equals sign ('opm get package=version').

Empty PINNED caused the step to always enter the "update available"
branch and fail, which in turn triggered the "Open issue on nightly
security failure" step — creating issue #63.

Fixes #63.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/security-nightly.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/security-nightly.yml b/.github/workflows/security-nightly.yml
index b3bf294..8de9763 100644
--- a/.github/workflows/security-nightly.yml
+++ b/.github/workflows/security-nightly.yml
@@ -63,7 +63,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          PINNED=$(grep -oP 'lua-resty-maxminddb \K[0-9.]+' docker/Dockerfile)
+          PINNED=$(grep -oP 'lua-resty-maxminddb=\K[0-9.]+' docker/Dockerfile)
           LATEST=$(gh api repos/anjia0532/lua-resty-maxminddb/releases/latest --jq '.tag_name | ltrimstr("v")')
           echo "Pinned: $PINNED  Latest: $LATEST"
           if [ "$PINNED" != "$LATEST" ]; then