Skip to content

ci(security-scan): skip gh-aw generated *.lock.yml in actionlint#22

Merged
WomB0ComB0 merged 1 commit into
mainfrom
ci/actionlint-skip-ghaw-locks
Jun 11, 2026
Merged

ci(security-scan): skip gh-aw generated *.lock.yml in actionlint#22
WomB0ComB0 merged 1 commit into
mainfrom
ci/actionlint-skip-ghaw-locks

Conversation

@WomB0ComB0

@WomB0ComB0 WomB0ComB0 commented Jun 11, 2026

Copy link
Copy Markdown
Member

Agentic-workflow rollout across the org made every PR red on scan / actionlint: actionlint flags gh-aw's generated *.lock.yml (a concurrency.queue key its pinned version doesn't recognize + info-level SC2086/SC2015 in embedded run scripts). Those files are machine-generated and validated by gh aw lint/gh aw compile.

This lints hand-written workflows fully and skips only the generated locks — fixes the gate across all repos that call this reusable scan (npm, crates, research, … the full gh-aw fleet).

@WomB0ComB0 @claude
ci(security-scan): skip gh-aw generated *.lock.yml in actionlint
98a25d8 
gh-aw lock files are machine-generated and validated by `gh aw lint`;
actionlint flags false-positives in them (concurrency.queue key its version
doesn't know + info-level shellcheck in embedded scripts), failing the gate
on every repo running agentic workflows. Lint hand-written workflows fully,
skip the generated locks.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@gemini-code-assist

gemini-code-assist Bot commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@coderabbitai

coderabbitai Bot commented Jun 11, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@WomB0ComB0, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 31 minutes and 18 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: aa7d1d6d-2b3d-48a4-b229-68cb585e6c18

📥 Commits

Reviewing files that changed from the base of the PR and between b48036a and 98a25d8.

📒 Files selected for processing (1)
  • .github/workflows/security-scan.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/actionlint-skip-ghaw-locks

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@WomB0ComB0 WomB0ComB0 merged commit 73b9edb into main Jun 11, 2026
7 checks passed
@WomB0ComB0 WomB0ComB0 deleted the ci/actionlint-skip-ghaw-locks branch June 11, 2026 04:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@WomB0ComB0