From 39effe9a604371072d679bf11a712ccf32eeee7f Mon Sep 17 00:00:00 2001 From: "Jonathan D.A. Jewell" <6759885+hyperpolymath@users.noreply.github.com> Date: Thu, 14 May 2026 14:41:22 +0100 Subject: [PATCH] fix(ci): repair YAML block-scalar in workflow-linter Check Permissions step MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `workflow-linter.yml` fails with 0 jobs in 0 seconds because of a YAML block-scalar bug at the "Check Permissions Declaration" step. The `run: |` block contains: ```yaml echo "Add 'permissions: contents: read' at workflow level" ``` The second line has only 2 spaces of leading indent, which is LESS than the 10-space indent of the `run: |` block scalar. YAML terminates the block at the first line and treats ` contents: read' at workflow level"` as a top-level mapping fragment — making the whole workflow invalid. GitHub Actions then rejects the workflow during validation, completing the run with no jobs spawned. Mirrors hyperpolymath/stapeln#35 — same regex-targeted fix that replaces the broken 2-line echo with two valid one-line echoes preserving the user-facing message: ```yaml echo "Add 'permissions:'" echo " contents: read' at workflow level" ``` After this fix, the Workflow Security Linter actually runs and reports SPDX/permissions/SHA-pin/duplicate findings as designed. --- .github/workflows/workflow-linter.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/workflow-linter.yml b/.github/workflows/workflow-linter.yml index 9761527a..523c094d 100644 --- a/.github/workflows/workflow-linter.yml +++ b/.github/workflows/workflow-linter.yml @@ -54,8 +54,8 @@ jobs: fi done if [ $failed -eq 1 ]; then - echo "Add 'permissions: - contents: read' at workflow level" + echo "Add 'permissions:'" + echo " contents: read' at workflow level" exit 1 fi echo "All workflows have permissions declared"