Most likely someone submitted a pull request that abused the GitHub token of the Action running on new PRs in order to edit all the other pull requests.

If you watch the PRs history, you can see that the user github-actions edited them. This user is the default one when a GitHub Action (the pipeline OP refers to) alters the repo. So someone probably submitted a pull request abusing the GitHub token when the Action ran on their PR.

I’m surprised that it wasn’t the case already, but I’m all for it.

In addition to the BIOS settings, I had to create a systemd service that prevents Linux from disabling Wake-on-LAN on shutdown.

Yeah, I use Caddy for that, as I only use DNS-01 for local-only services.

I have been using BunkerWeb for the past 4 years and have been mostly happy with it. Its default settings are sometimes a bit agressive but you can change those globally or service per service.