Skip to content

feat(infra): block curly quotes#2414

Closed
Mason Daugherty (mdrxy) wants to merge 2 commits intomainfrom
mdrxy/curly-quote-linter
Closed

feat(infra): block curly quotes#2414
Mason Daugherty (mdrxy) wants to merge 2 commits intomainfrom
mdrxy/curly-quote-linter

Conversation

@mdrxy
Copy link
Copy Markdown
Member

@mdrxy Mason Daugherty (mdrxy) commented Jan 30, 2026
edited
Loading

leaving here, would love for member of docs team to take over or close

  • AI-written
  • i think the CURLY_QUOTE_PATTERN is wrong
  • not tested
  • maybe this is something better for a Vale config?

github-advanced-security[bot]
github-advanced-security AI found potential problems Jan 30, 2026
View reviewed changes
Comment thread .github/workflows/check-curly-quotes.yml
Comment on lines +15 to +25
name: Check for curly quotes
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout code
uses: actions/checkout@v6

- name: Check for curly quotes
run: |
chmod +x scripts/check_curly_quotes.sh
./scripts/check_curly_quotes.sh

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 3 months ago

In general, the fix is to add an explicit permissions block to the workflow (either at the top level so it applies to all jobs, or directly under the specific job) and restrict GITHUB_TOKEN to the least privileges required. This workflow only checks out the repository and runs a script, so contents: read is sufficient.

The best minimally invasive fix here is to add a job-level permissions block under check-curly-quotes: specifying contents: read. This keeps the change tightly scoped to the job that CodeQL flagged and avoids assumptions about other jobs (none are shown). Concretely, in .github/workflows/check-curly-quotes.yml, under jobs: check-curly-quotes: name: Check for curly quotes, insert a permissions: mapping with contents: read at the standard indentation level. No imports or other definitions are needed; this is pure workflow configuration.

Suggested changeset 1
.github/workflows/check-curly-quotes.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/check-curly-quotes.yml b/.github/workflows/check-curly-quotes.yml
--- a/.github/workflows/check-curly-quotes.yml
+++ b/.github/workflows/check-curly-quotes.yml
@@ -14,6 +14,8 @@
   check-curly-quotes:
     name: Check for curly quotes
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     timeout-minutes: 5
     steps:
       - name: Checkout code
EOF
@@ -14,6 +14,8 @@
check-curly-quotes:
name: Check for curly quotes
runs-on: ubuntu-latest
permissions:
contents: read
timeout-minutes: 5
steps:
- name: Checkout code
Copilot is powered by AI and may make mistakes. Always verify output.
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jan 30, 2026

Mintlify preview ID generated: preview-mdrxyc-1769799350-4025b53

@lnhsingh Lauren Hirata Singh (lnhsingh) deleted the mdrxy/curly-quote-linter branch February 12, 2026 18:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lnhsingh Lauren Hirata Singh (lnhsingh) Awaiting requested review from lnhsingh

@katmayb Kathryn May (katmayb) Awaiting requested review from katmayb

@npentrel Naomi Pentrel (npentrel) Awaiting requested review from npentrel

Assignees

@npentrel Naomi Pentrel (npentrel)

Labels

ci docs-infra internal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mdrxy @github-advanced-security @npentrel