Fixed syntax for workflow

Author: russell-stern

.github/workflows/vault-audit-commands.yml

@@ -9,8 +9,8 @@ on:
     types: [created]
 
 jobs:
+  # Parses the command, checks auth, handles skip, and outputs whether to run the audit
   handle-command:
-    # Only run on PR comments containing a vault-audit command
     if: |
       github.event.issue.pull_request != null &&
       (
@@ -23,6 +23,10 @@ jobs:
       issues: write
       pull-requests: write
       statuses: write
+    outputs:
+      run_audit: ${{ steps.cmd.outputs.type == 'run' && steps.auth.outputs.authorized == 'true' }}
+      head_sha: ${{ steps.pr.outputs.head_sha }}
+      base_sha: ${{ steps.pr.outputs.base_sha }}
 
     steps:
       - name: Check commenter authorization
@@ -101,15 +105,17 @@ jobs:
           gh pr comment ${{ github.event.issue.number }} \
             --body "🔍 Vault audit triggered by @${{ github.event.comment.user.login }} — running now. Results will appear as a new comment when complete."
 
-      - name: Trigger vault audit
-        if: steps.cmd.outputs.type == 'run'
-        uses: smartcontractkit/cre-docs/.github/workflows/vault-audit.yml@main
-        with:
-          pr_number: ${{ github.event.issue.number }}
-          head_sha: ${{ steps.pr.outputs.head_sha }}
-          base_sha: ${{ steps.pr.outputs.base_sha }}
-          chainlink_repo: ${{ github.repository }}
-        secrets:
-          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-          CRE_DOCS_TOKEN: ${{ secrets.CRE_DOCS_TOKEN }}
-          CHAINLINK_TOKEN: ${{ github.token }}
+  # Reusable workflows must be called as a top-level job, not a step
+  run-audit:
+    needs: handle-command
+    if: needs.handle-command.outputs.run_audit == 'true'
+    uses: smartcontractkit/cre-docs/.github/workflows/vault-audit.yml@main
+    with:
+      pr_number: ${{ github.event.issue.number }}
+      head_sha: ${{ needs.handle-command.outputs.head_sha }}
+      base_sha: ${{ needs.handle-command.outputs.base_sha }}
+      chainlink_repo: ${{ github.repository }}
+    secrets:
+      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+      CRE_DOCS_TOKEN: ${{ secrets.CRE_DOCS_TOKEN }}
+      CHAINLINK_TOKEN: ${{ github.token }}

.github/workflows/vault-audit-thread-resolved.yml

@@ -9,11 +9,12 @@ on:
     types: [resolved]
 
 jobs:
-  check-overrides:
+  check-auth:
     runs-on: ubuntu-latest
     permissions:
-      statuses: write
       pull-requests: read
+    outputs:
+      authorized: ${{ steps.auth.outputs.authorized }}
 
     steps:
       - name: Check resolver authorization
@@ -31,12 +32,17 @@ jobs:
             echo "authorized=false" >> $GITHUB_OUTPUT
           fi
 
-      - name: Run override check
-        if: steps.auth.outputs.authorized == 'true'
-        uses: smartcontractkit/cre-docs/.github/workflows/vault-audit-override-check.yml@main
-        with:
-          pr_number: ${{ github.event.pull_request.number }}
-          head_sha: ${{ github.event.pull_request.head.sha }}
-          chainlink_repo: ${{ github.repository }}
-        secrets:
-          CHAINLINK_TOKEN: ${{ github.token }}
+  # Reusable workflows must be called as a top-level job, not a step
+  run-override-check:
+    needs: check-auth
+    if: needs.check-auth.outputs.authorized == 'true'
+    uses: smartcontractkit/cre-docs/.github/workflows/vault-audit-override-check.yml@main
+    permissions:
+      statuses: write
+      pull-requests: read
+    with:
+      pr_number: ${{ github.event.pull_request.number }}
+      head_sha: ${{ github.event.pull_request.head.sha }}
+      chainlink_repo: ${{ github.repository }}
+    secrets:
+      CHAINLINK_TOKEN: ${{ github.token }}