fix(ci): repair YAML block-scalar in workflow-linter Check Permissions step#56
Merged
Merged
Conversation
…s step
`workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains:
```yaml
echo "Add 'permissions:
contents: read' at workflow level"
```
The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned.
Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message:
```yaml
echo "Add 'permissions:'"
echo " contents: read' at workflow level"
```
After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
workflow-linter.ymlfails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. Therun: |block contains:The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the
run: |block scalar. YAML terminates the block at the first line and treatscontents: read' at workflow level"as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned.Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message:
After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.