Summary
Two GitHub Actions workflows fail at startup (0s) on every push to main with
"This run likely failed because of a workflow file issue." These are
workflow-file/config errors — the workflow is rejected before any job runs, so
main shows a persistent red status even though the actual builds are healthy.
| Workflow |
Status on main |
ci.yml (CI) |
✅ pass |
docs.yaml (Docs) |
✅ pass |
codeql.yml (Analyze) |
❌ fail @ 0s — workflow file issue |
vscode-ci.yml (VS Code Extension CI) |
❌ fail @ 0s — workflow file issue |
Root causes confirmed with actionlint.
Root cause 1 — .github/workflows/codeql.yml (line ~99)
The paths input to github/codeql-action/init is a YAML sequence, but the
action input must be a scalar string (newline/comma-separated). The list makes
the with: block invalid, so the workflow fails to start.
.github/workflows/codeql.yml:100:13: expected scalar node for string value but found sequence node with "!!seq" tag [syntax-check]
# Before
with:
languages: javascript-typescript
paths:
- packages/vscode-extension/src
# After
with:
languages: javascript-typescript
paths: packages/vscode-extension/src
Impact: CodeQL (C#/TypeScript), DevSkim, and PSRule SARIF uploads to the
Security tab are not running on main.
Root cause 2 — .github/workflows/vscode-ci.yml (line 164)
The Publish to VS Marketplace (Pre-release) step uses the secrets context in
an if: conditional, which is not allowed. The expression is rejected and the
workflow fails to start.
.github/workflows/vscode-ci.yml:164:17: context "secrets" is not allowed here. available contexts are "env", "github", "inputs", "job", "matrix", "needs", "runner", "steps", "strategy", "vars". [expression]
The step already maps the secret to env.VSCE_PAT, so the fix is to test the
env context (which is allowed in if:):
# Before
if: ${{ secrets.VSCE_PAT != '' }}
# After
if: ${{ env.VSCE_PAT != '' }}
Actions
Follow-ups (out of scope here)
Non-fatal shellcheck warnings flagged by actionlint (do not block runs, worth a
later cleanup):
ci.yml — SC2086, SC2129
vscode-ci.yml — SC2012, SC2035, SC2086
release-vscode.yml — SC2012, SC2035, SC2086
release-psdocs.yml, release-psdocs-azure.yml — SC2086
Findings generated from actionlint on the workflow files; verified against the
0s startup failures shown in recent Actions runs on main.
Summary
Two GitHub Actions workflows fail at startup (0s) on every push to
mainwith"This run likely failed because of a workflow file issue." These are
workflow-file/config errors — the workflow is rejected before any job runs, so
mainshows a persistent red status even though the actual builds are healthy.mainci.yml(CI)docs.yaml(Docs)codeql.yml(Analyze)vscode-ci.yml(VS Code Extension CI)Root causes confirmed with
actionlint.Root cause 1 —
.github/workflows/codeql.yml(line ~99)The
pathsinput togithub/codeql-action/initis a YAML sequence, but theaction input must be a scalar string (newline/comma-separated). The list makes
the
with:block invalid, so the workflow fails to start.Impact: CodeQL (C#/TypeScript), DevSkim, and PSRule SARIF uploads to the
Security tab are not running on
main.Root cause 2 —
.github/workflows/vscode-ci.yml(line 164)The
Publish to VS Marketplace (Pre-release)step uses thesecretscontext inan
if:conditional, which is not allowed. The expression is rejected and theworkflow fails to start.
The step already maps the secret to
env.VSCE_PAT, so the fix is to test theenvcontext (which is allowed inif:):Actions
codeql.yml— makepathsa scalar string.vscode-ci.yml— changeif: secrets.VSCE_PAT→if: env.VSCE_PAT.actionlint(no[syntax-check]/[expression]errors remain).main.Follow-ups (out of scope here)
Non-fatal
shellcheckwarnings flagged byactionlint(do not block runs, worth alater cleanup):
ci.yml— SC2086, SC2129vscode-ci.yml— SC2012, SC2035, SC2086release-vscode.yml— SC2012, SC2035, SC2086release-psdocs.yml,release-psdocs-azure.yml— SC2086Findings generated from
actionlinton the workflow files; verified against the0s startup failures shown in recent Actions runs on
main.