ci: fix all lint-all issues across workflows, actions, docs, and scripts

- docs/reference/makefile.md: fix markdown table column count by removing duplicate pipe
- .github/workflows/pages.yml: update comment for actions/upload-pages-artifact hash pin to match v5.0.0
- .github/workflows/nightly-audit.yml: fix invalid github action jdx/unirtm-action to jdx/mise-action
- .github/workflows/cd.yml: remove redundant blank lines to fix yamllint issue
- .github/actions/harden-runner: add YAML document start marker '---' to all action.yml files
- npm/scripts/build.sh: set executable permissions (+x)

Author: snowdream

.github/actions/harden-runner/audit/action.yml

@@ -1,3 +1,4 @@
+---
 name: "🔒 Harden Runner (Audit)"
 description: "Security Egress Audit using audit profile"
 runs:

.github/actions/harden-runner/full/action.yml

@@ -1,3 +1,4 @@
+---
 name: "🔒 Harden Runner (Full)"
 description: "Security Egress Audit using full profile"
 runs:

.github/actions/harden-runner/minimal/action.yml

@@ -1,3 +1,4 @@
+---
 name: "🔒 Harden Runner (Minimal)"
 description: "Security Egress Audit using minimal profile"
 runs:

.github/actions/harden-runner/standard/action.yml

@@ -1,3 +1,4 @@
+---
 name: "🔒 Harden Runner (Standard)"
 description: "Security Egress Audit using standard profile"
 runs:

.github/workflows/cd.yml

@@ -119,8 +119,6 @@ jobs:
           echo "PATH (first 10):"
           echo "$PATH" | tr ':' '\n' | head -10
 
-
-
           if [ "$EVENT_NAME" = "pull_request" ]; then
             unirtm exec -- commitlint --from "$BASE_SHA" --to "$HEAD_SHA" --verbose
           else

.github/workflows/nightly-audit.yml

@@ -28,7 +28,7 @@ jobs:
           persist-credentials: false
 
       - name: "⚡ Setup unirtm (Tool Manager)"
-        uses: jdx/unirtm-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
+        uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1
 
       - name: "🛡️ Run Security Audit"
         shell: sh

.github/workflows/pages.yml

@@ -89,7 +89,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.WORKFLOW_SECRET || secrets.GITHUB_TOKEN }}
 
       - name: "📦 Stage Assets for Web Deployment"
-        uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v4.1.1
+        uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
         with:
           # Bundles the compiled static site into a secure artifact for GitHub Pages.
           path: docs/.vitepress/dist

docs/reference/makefile.md

@@ -23,7 +23,7 @@ make check    # Run lint + test in sequence
 | --------- | ---------------------------------------------------------- |
 | `help`    | Show all available targets and their descriptions          |
 | `lint`    | Run all pre-commit hooks against all files                 |
-|| `test`    | Execute test suite                                         |
+| `test`    | Execute test suite                                         |
 | `build`   | Build production artifacts                                 |
 | `check`   | Combined lint + test                                       |
 | `clean`   | Remove generated files and caches                          |