[Code Quality] Systematically address actionlint findings across all workflows

[github-actions]

Description

Static analysis using actionlint has identified linting issues across 147 agentic workflow files. With 346 total findings affecting all workflows, many issues are likely similar patterns that can be fixed systematically.

Suggested Changes

Phase 1: Categorize actionlint findings (0.5 days)

1. Run actionlint on all workflows and collect findings
2. Group findings by error code and pattern:
   • Expression syntax issues
   • Deprecated action usage
   • Missing required properties
   • Type mismatches
   • Shell syntax issues
3. Identify top 3-5 most common patterns

Phase 2: Create targeted fix workflows (1 day)

For each common pattern, create a targeted fix:

• Use gh aw fix codemods where applicable
• Create validation rules to prevent recurrence
• Document the pattern and fix approach

Phase 3: Apply fixes and validate (0.5 days)

1. Apply fixes to workflows
2. Run make recompile to regenerate lock files
3. Verify actionlint findings reduced
4. Run CI to ensure no regressions

Expected Common Patterns

Based on typical actionlint findings:

• Expression syntax errors in ${{ }} blocks
• Deprecated GitHub Actions versions
• Missing permissions: blocks
• Shell quoting issues in run: blocks
• Type mismatches in inputs/outputs

Files Affected

• All 147 workflow files in .github/workflows/*.md
• Potential validation additions in pkg/workflow/*_validation.go
• Possible new codemods in pkg/codemod/

Success Criteria

• All actionlint findings categorized by type
• Top 3-5 patterns identified and documented
• Fixes applied to reduce findings by 50%+
• No CI regressions introduced
• Validation rules added to prevent recurrence
• Documentation updated with common patterns

Source

Extracted from Static Analysis Report discussion #14235

Metrics from report:

• Tools Used: zizmor, poutine, actionlint
• Total Findings: 346
• Workflows Scanned: 147
• Workflows with Issues: 147 (100%)

Priority

High - 100% of workflows affected, systematic fix can improve quality across entire codebase.

AI generated by Discussion Task Miner - Code Quality Improvement Agent

• expires on Feb 8, 2026, 1:29 AM UTC

[github-actions]

🍪 Issue Monster has assigned this to Copilot!

I've identified this issue as a good candidate for automated resolution and assigned it to the Copilot agent.

The Copilot agent will analyze the issue and create a pull request with the fix.

Om nom nom! 🍪

AI generated by Issue Monster