[task] Fix SC2086 shellcheck warnings in high-priority workflows (batch 1/3) #3092
Description
Objective
Fix SC2086 shellcheck warnings (unquoted variables) in the first batch of affected workflows to improve code reliability and prevent potential word splitting issues.
Context
Static analysis identified 120+ instances of unquoted variables across 22 workflows. This task addresses the first batch of 7 high-traffic workflows. Part of discussion #3090.
Approach
Add double quotes around all variable references in shell script blocks within workflow markdown files.
Common Patterns to Fix
-
GITHUB_ENV assignments:
# Before echo "VAR=value" >> $GITHUB_ENV # After echo "VAR=value" >> "$GITHUB_ENV"
-
Git commands:
# Before git diff origin/$DEFAULT_BRANCH...$GITHUB_SHA # After git diff "origin/$DEFAULT_BRANCH...$GITHUB_SHA"
-
GitHub API calls:
# Before gh api .../pulls/$PR_NUMBER/reviewers # After gh api .../pulls/"$PR_NUMBER"/reviewers
Files to Modify
.github/workflows/artifacts-summary.md.github/workflows/audit-workflows.md.github/workflows/blog-auditor.md.github/workflows/brave.md.github/workflows/changeset.md.github/workflows/ci-doctor.md.github/workflows/cli-version-checker.md
Acceptance Criteria
- All unquoted variables in shell script blocks have double quotes added
- No changes to logic or command behavior
- Workflows recompile successfully:
gh aw compile --actionlint - No SC2086 warnings remain in modified workflows
- All formatting and indentation preserved
Implementation Notes
- Only modify the source
.mdfiles, NOT the.lock.ymlfiles - Preserve all existing formatting and structure
- Test compilation after changes
- Verify no new issues introduced
Related to 🔍 Static Analysis Report - November 4, 2025 #3090
AI generated by Plan Command for discussion #3090