From 31842fbf4e3891b6c21a3aeba2d2ef63200e472c Mon Sep 17 00:00:00 2001 From: "Jonathan D.A. Jewell" <6759885+hyperpolymath@users.noreply.github.com> Date: Thu, 14 May 2026 14:33:00 +0100 Subject: [PATCH] fix(ci): repair YAML block-scalar in workflow-linter Check Permissions step MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. This affects 60 estate consumers (same workflow file copy-pasted). This PR replaces the broken 2-line echo with two valid one-line echoes that preserve the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed. --- .github/workflows/workflow-linter.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/workflow-linter.yml b/.github/workflows/workflow-linter.yml index 4c2d2ba..57784f8 100644 --- a/.github/workflows/workflow-linter.yml +++ b/.github/workflows/workflow-linter.yml @@ -54,8 +54,8 @@ jobs: fi done if [ $failed -eq 1 ]; then - echo "Add 'permissions: - contents: read' at workflow level" + echo "Add 'permissions:'" + echo " contents: read' at workflow level" exit 1 fi echo "All workflows have permissions declared"