ci: quote name containing colon to fix Scorecard workflow parser (#164)

SebTardif · web-flow · commit ee86729ab6cd · 2026-06-22T19:12:46.000-07:00
The unquoted step name "Strong guard - detect release-please PRs (autorelease: pending label)"
contains "autorelease: pending" (colon + space).

YAML plain scalars cannot contain unquoted "word: " sequences (it looks like start of a new mapping key).

This was causing Scorecard's workflow parser to fail with:
"mapping values are not allowed in this context"

Affecting Pinned-Dependencies, Token-Permissions, Dangerous-Workflow, Packaging, SAST (all went to -1).

Quoting the name makes the scalar safe.

Verified with actionlint and local scorecard run (now gets 10/10 on the checks).

See similar fixes in other projects for names with special chars.

Signed-off-by: Sebastien Tardif &lt;sebtardif@ncf.ca&gt;
diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
@@ -61,7 +61,7 @@ jobs:
       # implemented here (label check below) and via scripts/guard-no-release-merge.sh.
       # See AGENTS.md "Release PRs - Strong Guard" section.
 
-      - name: Strong guard - detect release-please PRs (autorelease: pending label)
+      - name: 'Strong guard - detect release-please PRs (autorelease: pending label)'
         id: release-guard
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
