Skip to content

chore: reliable workflow linting via lint-workflows.sh (#81)#82

Merged
j7an merged 3 commits into
mainfrom
chore/81-lint-workflows
Jun 6, 2026
Merged

chore: reliable workflow linting via lint-workflows.sh (#81)#82
j7an merged 3 commits into
mainfrom
chore/81-lint-workflows

Conversation

@j7an
Copy link
Copy Markdown
Owner

@j7an j7an commented Jun 6, 2026

Summary

Adds scripts/lint-workflows.sh, a thin actionlint wrapper that always runs the
known non-hanging mode (actionlint -shellcheck= -pyflakes= .github/workflows/*.yml),
plus a stub-based bats test and docs in README.md and .claude/CLAUDE.md.

Default actionlint hangs on .github/workflows/dependency-safety.yml because its
large inlined Scan and report block interacts badly with actionlint's ShellCheck
orchestration. The hang is a tool limitation, not a workflow syntax error, and is
pre-existing on main (not introduced by #80).

What this does / does not change

  • ✅ One reliable, documented command: ./scripts/lint-workflows.sh
  • ✅ Bats contract test proves the non-hanging mode is invoked (runs in CI's existing bats job)
  • ✅ ShellCheck stays a separate, optional signal (shellcheck scripts/*.sh) with known findings
  • ❌ No runtime change to dependency-safety.yml
  • ❌ No CI actionlint job
  • ❌ No INLINE_PAIRS / inline-sync change
  • ❌ Does not fix the pre-existing ShellCheck findings (out of scope)

Verification

  • bats tests/ green (215 tests, incl. 6 new)
  • ./scripts/lint-workflows.sh completes in ~0.01s, exit 0 (real actionlint 1.7.12, no hang)
  • shellcheck scripts/lint-workflows.sh clean
  • ./scripts/check-inline-sync.sh and ./scripts/lint-workflow-call.sh still pass

Fixes #81.

j7an added 3 commits June 6, 2026 09:28
@j7an
chore: add lint-workflows.sh actionlint wrapper (non-hanging mode)
0429b9c 
Default actionlint hangs on dependency-safety.yml's large inlined block;
the wrapper runs 'actionlint -shellcheck= -pyflakes=' so structural
linting completes deterministically. Stub-based bats test proves the
non-hanging mode is invoked. Refs #81
@j7an
docs: document the workflow validation stack and lint-workflows.sh
61a6f52 
Adds a 'Validating workflow changes' section listing the local checks and
explaining why default actionlint hangs on dependency-safety.yml. Refs #81
@j7an
docs: add lint-workflows.sh to CLAUDE.md commands and note the hang
9bb07d9 
Documents the reliable workflow-lint command, why default actionlint hangs
on the inlined reusable workflow, and that ShellCheck is a separate layer.
Refs #81
@j7an j7an merged commit 29bcd57 into main Jun 6, 2026
7 checks passed
@j7an j7an deleted the chore/81-lint-workflows branch June 6, 2026 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Make workflow linting reliable for large inlined reusable workflows

1 participant

@j7an