Add lint workflow claude skill

[michalchecinski]

🎟️ Tracking

📔 Objective

Add the bitwarden-github-workflows plugin, which provides a lint-workflows skill that runs Bitwarden's bwwl linter against GitHub Actions workflow files and automatically fixes detected errors.

[github-actions]

Checkmarx One – Scan Summary & Details – b0f79635-2309-4a34-95ef-08f808d7d62c

Great job! No new security vulnerabilities introduced in this pull request

[theMickster]

Hi @michalchecinski 👋🏼
Will you please fill out the PR description with a Jira story and details on the work being submitted for review? If you don't have a Jira story yet, then will you please write up a good story under Epic PM-33452. Thank you very much!

[SaintPatrck]

🤔 I almost missed "Fix only errors, not warnings or other findings." What do you think about moving this to Step 2? In my head it makes sense to filter non-errors when parsing the output.

🌱 Along those same lines, would there be value in adding a flag to bwwl so it only returns errors? That would reduce the amount of "thinking" Claude must do before starting the real work we want it do.

[michalchecinski]

Moved the ask to filter the results. Also, I've added the error only option to the workflow linter here.

[github-actions]

Bitwarden Claude Code Review

Overall Assessment: APPROVE

This PR adds a new bitwarden-github-workflows plugin with a lint-workflows skill that drives Bitwarden's bwwl linter to detect and auto-fix errors in GitHub Actions workflow files. The plugin structure is complete with plugin.json, marketplace entry, CHANGELOG, and README. The SKILL.md provides clear step-by-step execution instructions with appropriate error handling guidance and reporting templates.

No new findings. The previously identified critical issue (missing plugin.json) has been resolved.

[theMickster]

Seems like we addressed some of these things in another PR. I'm a little confused though, Is this one supposed to be still opened?

[theMickster]

⚠️ Please trim down the skill description to something more along the lines of what we have done here. We are intentionally keeping these details out of the README.md because we intend to have the SKILL.md speak for itself. Also, too much detail like the following become overly burdensome to maintain overtime.

[theMickster]

❌ We need to consider changing this to the actual engineering team that will maintain the plugin overtime.

Please consider adding the BRE team as a co-owner to the plugin in the code owners file.

[theMickster]

♻️ Please make this more generic to describe the vision for what the plugin will contain over time.

[theMickster]

⛏️ Let's try to trim this down as well to only 2-bullets. Adding four bullets per skill is going to become a pain to maintain over time.

[theMickster]

🤔 I don't like that we have introduced the github name here specifically because it ties us into a specific platform plugin (we do have a couple of these, but I am strongly considering removing the atlassian-reader skill altogether now that we have the MCP in place).

We have followed the pattern of either persona plugins or very specific utility plugins.
How about one of these instead?

1. bitwarden-devops-engineer
   • a neutral, broad, well-known name
   • allows us to group all sorts of skills independent of how we name internal teams
   • does not refer to a specific bitwarden team/role per-sey
2. bitwarden-build-release-engineer
   • a more targeted name to a bitwarden role
   • could set a implied/perceived division that encourages someone to build a bitwarden-shot-engineer that has too many cross-applicable skills

My advice and preference is the first. Thoughts?

[michalchecinski]

@theMickster @SaintPatrck I'm going to close this PR, as @vgrassia added a refined skill in his PR as a part of broader BRE skills initiative. Let's work on those there.