Run plugin SHA bump nightly instead of weekly

Upstream plugins move daily; a weekly sweep with a 20-bump cap can fall behind. Each run force-resets the bump branch, so stale unmerged PRs are replaced rather than piling up.
Bump 20 plugin SHA pin(s) to upstream HEAD (#1904 )
2026-05-18 20:22:40 +00:00 · 2026-05-18 18:02:05 +00:00 · 2026-05-18 18:52:12 +01:00 · 2026-05-18 08:59:59 -07:00
2 changed files with 21 additions and 3 deletions
--- a/.claude-plugin/marketplace.json
+++ b/.claude-plugin/marketplace.json
@@ -1787,6 +1787,22 @@
      },
      "homepage": "https://help.sap.com/docs/MDK"
    },
+    {
+      "name": "save-to-spotify",
+      "description": "Create polished audio episodes with TTS narration, rich timelines, cover images, and save them to Spotify via the save-to-spotify CLI.",
+      "author": {
+        "name": "Spotify"
+      },
+      "category": "productivity",
+      "source": {
+        "source": "git-subdir",
+        "url": "https://github.com/spotify/save-to-spotify.git",
+        "path": "plugin",
+        "ref": "main",
+        "sha": "b3d362f7851d184098dcb220ba2fab10c996d1f2"
+      },
+      "homepage": "https://github.com/spotify/save-to-spotify"
+    },
    {
      "name": "security-guidance",
      "description": "Security reminder hook that warns about potential security issues when editing files, including command injection, XSS, and unsafe code patterns",
--- a/.github/workflows/bump-plugin-shas.yml
+++ b/.github/workflows/bump-plugin-shas.yml
@@ -1,8 +1,10 @@
 name: Bump Plugin SHAs

-# Weekly sweep: for each external entry whose upstream HEAD has moved past
+# Nightly sweep: for each external entry whose upstream HEAD has moved past
 # its pinned SHA, validate at the new SHA with `claude plugin validate`
-# inline, then open one PR with all passing bumps.
+# inline, then open one PR with all passing bumps. Each run force-resets the
+# bump/plugin-shas branch, so a previous night's unmerged PR is replaced (and
+# its review state discarded) — review and merge same-day to avoid churn.
 #
 # Bot-free — uses the default GITHUB_TOKEN. PRs opened with GITHUB_TOKEN don't
 # trigger on:pull_request workflows, so the policy scan (`Scan Plugins`, a
@@ -14,7 +16,7 @@ name: Bump Plugin SHAs

 on:
  schedule:
-    - cron: '23 7 * * 1'  # Monday 07:23 UTC
+    - cron: '23 7 * * *'  # Daily 07:23 UTC
  workflow_dispatch:
    inputs:
      max_bumps:
Author	SHA1	Message	Date
tobin	4798ba27c3	Run plugin SHA bump nightly instead of weekly Upstream plugins move daily; a weekly sweep with a 20-bump cap can fall behind. Each run force-resets the bump branch, so stale unmerged PRs are replaced rather than piling up.	2026-05-18 18:02:05 +00:00
github-actions[bot]	0c54d4ac15	Bump 20 plugin SHA pin(s) to upstream HEAD (#1904 ) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-05-18 18:52:12 +01:00
Bryan Thompson	61b760aafc	Add save-to-spotify plugin (#1905 )	2026-05-18 08:59:59 -07:00