Add a new GitHub action to lint workflows

[Nicolapps]

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/@convex-dev/action-cache@69

commit: 9baa8df

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: get-convex/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b9f40ec2-5048-4155-90f0-e0b203dcad93

📥 Commits

Reviewing files that changed from the base of the PR and between a2aa9f6 and 9baa8df.

📒 Files selected for processing (1)

• .github/workflows/test.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/test.yml

---

📝 Walkthrough

Walkthrough

This pull request adds a new GitHub Actions workflow to lint workflow and action files using actionlint and zizmor, with concurrency control and read-only contents permission. It also updates the existing test workflow to set workflow-level permissions to empty and to disable credential persistence in the actions/checkout step.

Sequence Diagram(s)

sequenceDiagram
  participant ComponentA
  participant ComponentB
  ComponentA->>ComponentB: observable interaction

Loading

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description is empty except for template comments and contributor statement, providing no actual explanation of the changes or their purpose.	Add a meaningful description explaining what the linting workflow does, why it was added, and how it benefits the repository.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title describes adding a new GitHub action to lint workflows, which aligns with the primary change of introducing a new lint-workflows.yml file with linting jobs.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch nicolas/add-linting-for-github-actions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/lint-workflows.yml (1)

3-5: ⚡ Quick win

Use a stable concurrency key for push events.

github.run_id is unique per run, so cancel-in-progress won’t cancel earlier runs on push. Use github.ref as fallback to actually dedupe branch runs.

Suggested diff

 concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
   cancel-in-progress: true

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/lint-workflows.yml around lines 3 - 5, The concurrency
group uses github.run_id which is run-unique and prevents cancel-in-progress
from deduping push events; change the fallback from github.run_id to github.ref
so branch refs are used for push workflows (update the concurrency group
expression where "group: ${{ github.workflow }}-${{ github.head_ref ||
github.run_id }}" is defined to use github.ref instead of github.run_id).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/lint-workflows.yml:
- Around line 3-5: The concurrency group uses github.run_id which is run-unique
and prevents cancel-in-progress from deduping push events; change the fallback
from github.run_id to github.ref so branch refs are used for push workflows
(update the concurrency group expression where "group: ${{ github.workflow
}}-${{ github.head_ref || github.run_id }}" is defined to use github.ref instead
of github.run_id).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: get-convex/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 4f9ed53e-e768-45ad-a5a1-04ddf84990f0

📥 Commits

Reviewing files that changed from the base of the PR and between 5bbe38f and a2aa9f6.

📒 Files selected for processing (2)

• .github/workflows/lint-workflows.yml
• .github/workflows/test.yml

[ianmacartney]

is this specifically needed for action-cache? or just a trial of something we'd want for all components?