Skip to content

fix(ci): remove invalid workflow permission and lint workflows#58

Merged
hoangsvit merged 3 commits into
mainfrom
fix/invalid-workflow-permission
Jul 14, 2026
Merged

fix(ci): remove invalid workflow permission and lint workflows#58
hoangsvit merged 3 commits into
mainfrom
fix/invalid-workflow-permission

Conversation

@hoangsvit

Copy link
Copy Markdown
Member

Summary

Fix the invalid GitHub Actions workflow error:

(Line: 18, Col: 3): Unexpected value 'metadata'

Root cause

metadata is not a supported key inside the GitHub Actions permissions: block. It was mistakenly added to .github/workflows/dependabot-auto-merge.yml, causing GitHub to reject the entire workflow before any job could start.

Changes

  • Remove metadata: read from the Dependabot auto-merge workflow.
  • Search confirmed that this was the only occurrence in the repository.
  • Add a pinned actionlint validation step to CI.
  • Verify the downloaded actionlint archive using its published SHA-256 checksum.

Expected result

  • dependabot-auto-merge.yml becomes valid again.
  • Future invalid workflow keys and schema errors fail in the normal CI pull request before reaching main.

@qodo-code-review

Copy link
Copy Markdown

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

@eplus-bot

Copy link
Copy Markdown
Contributor

Thank you for creating this pull request and helping make the project better.

We will review / merge it when we are online.

@eplus-bot eplus-bot added needs-review Pull request is ready for maintainer review build-ci Build, CI, release, or project configuration labels Jul 14, 2026
@eplus-bot
eplus-bot self-requested a review July 14, 2026 23:47
@deepsource-io

deepsource-io Bot commented Jul 14, 2026

Copy link
Copy Markdown

DeepSource Code Review

We reviewed changes in c81e8fe...49d256d on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Code Review Summary

Analyzer Status Updated (UTC) Details
JavaScript Jul 14, 2026 11:47p.m. Review ↗

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

@hoangsvit
hoangsvit merged commit 1ffe1de into main Jul 14, 2026
5 of 6 checks passed
@github-actions

Copy link
Copy Markdown
Contributor

Thanks for helping make Gmail Alias Toolkit better!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

build-ci Build, CI, release, or project configuration needs-review Pull request is ready for maintainer review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants