fix(ci): repair YAML block-scalar in workflow-linter Check Permissions step#35
Merged
Merged
Conversation
…s step
`workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains:
```yaml
echo "Add 'permissions:
contents: read' at workflow level"
```
The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned.
This affects 60 estate consumers (same workflow file copy-pasted). This PR replaces the broken 2-line echo with two valid one-line echoes that preserve the user-facing message:
```yaml
echo "Add 'permissions:'"
echo " contents: read' at workflow level"
```
After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
|
This was referenced May 14, 2026
Merged
Merged
fix(ci): repair YAML block-scalar in workflow-linter Check Permissions step
hyperpolymath/im-docs#17
Merged
fix(ci): repair YAML block-scalar in workflow-linter Check Permissions step
hyperpolymath/ochrance#8
Merged
hyperpolymath
added a commit
to hyperpolymath/patallm-gallery
that referenced
this pull request
May 14, 2026
…s step (#46) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/odds-and-sods-package-manager
that referenced
this pull request
May 14, 2026
…s step (#20) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/ochrance-framework
that referenced
this pull request
May 14, 2026
…s step (#4) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/ochrance
that referenced
this pull request
May 14, 2026
…s step (#8) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/nickel-augmentation
that referenced
this pull request
May 14, 2026
…s step (#3) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/nextgen-databases
that referenced
this pull request
May 14, 2026
…s step (#14) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/nexia-list
that referenced
this pull request
May 14, 2026
…s step (#4) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/modshells
that referenced
this pull request
May 14, 2026
…s step (#35) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/lcb-website
that referenced
this pull request
May 14, 2026
…s step (#11) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/ipv6-tools
that referenced
this pull request
May 14, 2026
…s step (#4) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/ipfs-overlay
that referenced
this pull request
May 14, 2026
…s step (#48) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/im-docs
that referenced
this pull request
May 14, 2026
…s step (#17) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/hyperpolymath.github.io
that referenced
this pull request
May 14, 2026
…s step (#3) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/game-server-admin
that referenced
this pull request
May 14, 2026
…s step (#7) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/double-track-browser
that referenced
this pull request
May 14, 2026
…s step (#18) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/docmatrix
that referenced
this pull request
May 14, 2026
…s step (#11) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/developer-ecosystem
that referenced
this pull request
May 14, 2026
…s step (#60) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/conative-gating
that referenced
this pull request
May 14, 2026
…s step (#41) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/cloud-sync-tuner
that referenced
this pull request
May 14, 2026
…s step (#8) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/civic-connect
that referenced
this pull request
May 14, 2026
…s step (#32) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/cccp
that referenced
this pull request
May 14, 2026
…s step (#5) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/bunsenite
that referenced
this pull request
May 14, 2026
…s step (#32) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/boinc-boinc
that referenced
this pull request
May 14, 2026
…s step (#20) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/asdf-tool-plugins
that referenced
this pull request
May 14, 2026
…s step (#18) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/academic-workflow-suite
that referenced
this pull request
May 14, 2026
…s step (#179) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/aerie
that referenced
this pull request
May 14, 2026
…s step (#21) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/boj-server
that referenced
this pull request
May 14, 2026
…s step (#64) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
hyperpolymath
added a commit
to hyperpolymath/ambientops
that referenced
this pull request
May 14, 2026
…s step (#39) `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
workflow-linter.ymlfails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. Therun: |block contains:The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the
run: |block scalar. YAML terminates the block at the first line and treatscontents: read' at workflow level"as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned.This affects 60 estate consumers (same workflow file copy-pasted). This PR replaces the broken 2-line echo with two valid one-line echoes that preserve the user-facing message:
After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed.