Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Author: Andreas-Garcia

docs/workflows.md

@@ -31,7 +31,7 @@ Runs the full test suite with pytest.
 - **Pull request** targeting `main` or `develop`
 - **Callable** by other workflows via **`workflow_call`** (optional **`test_path`** input)
 
-**Jobs:** **pre-commit** – checkout, Python 3.14, `pip install -e ".[dev]"`, `pre-commit run --all-files` (see [docs/ci/python-project-standards.md](ci/python-project-standards.md)); **check-vars-and-secrets** – validates required **GitHub Variables** (no **`DB_APP_*`** / **`DB_SUPERUSER_PASSWORD`** / **`DJANGO_SECRET_KEY`** / **`TMTA_USERNAME`** secrets for pytest: the **pytest** job injects the same disposable defaults as [`docker-compose.yml`](docker-compose.yml) — **`htmt_api`**, **`htmt_api_user`** / **`htmt_api_password`**, superuser **`postgres`**, **`DJANGO_SECRET_KEY=dev-only-secret-key`**, and workflow-level **`TMTA_USERNAME=tmta`**); **pytest** (Pytest) – checkout → lowercase **`GHCR_IMAGE_NAMESPACE`** → **`docker logout ghcr.io`** then **`docker login ghcr.io`** (**`GITHUB_TOKEN`** as lowercase **`GITHUB_REPOSITORY_OWNER`**, job **`packages: read`**) so **`afp`** pulls are authenticated (avoids **`unauthorized`** on private/internal GHCR images). Optional secrets **`GHCR_READ_PACKAGES_USERNAME`** / **`GHCR_READ_PACKAGES_TOKEN`** (classic PAT) if **`GITHUB_TOKEN`** still cannot pull until the **`afp`** package grants this repo **Read** under **Package → Actions access** → build **`api`** → pull **`db`** / **`afp`** → **`docker compose up --wait`** → **`docker compose run api`** (pytest + JUnit on workspace mount) → publish test results → teardown.
+**Jobs:** **pre-commit** – checkout, Python 3.14, `pip install -e ".[dev]"`, `pre-commit run --all-files` (see [docs/ci/python-project-standards.md](ci/python-project-standards.md)); **check-vars-and-secrets** – validates required **GitHub Variables** (no **`DB_APP_*`** / **`DB_SUPERUSER_PASSWORD`** / **`DJANGO_SECRET_KEY`** / **`TMTA_USERNAME`** secrets for pytest: the **pytest** job injects the same disposable defaults as [`docker-compose.yml`](../docker-compose.yml) — **`htmt_api`**, **`htmt_api_user`** / **`htmt_api_password`**, superuser **`postgres`**, **`DJANGO_SECRET_KEY=dev-only-secret-key`**, and workflow-level **`TMTA_USERNAME=tmta`**); **pytest** (Pytest) – checkout → lowercase **`GHCR_IMAGE_NAMESPACE`** → **`docker logout ghcr.io`** then **`docker login ghcr.io`** (**`GITHUB_TOKEN`** as lowercase **`GITHUB_REPOSITORY_OWNER`**, job **`packages: read`**) so **`afp`** pulls are authenticated (avoids **`unauthorized`** on private/internal GHCR images). Optional secrets **`GHCR_READ_PACKAGES_USERNAME`** / **`GHCR_READ_PACKAGES_TOKEN`** (classic PAT) if **`GITHUB_TOKEN`** still cannot pull until the **`afp`** package grants this repo **Read** under **Package → Actions access** → build **`api`** → pull **`db`** / **`afp`** → **`docker compose up --wait`** → **`docker compose run api`** (pytest + JUnit on workspace mount) → publish test results → teardown.
 
 **Environment:** `ci_test` (repository/org **Variables** for image paths and app naming; optional **`GHCR_READ_PACKAGES_*`** secrets for **`afp`** pulls only).