chore: fix workflow-call schema issues

[gentamura]

Summary

• add missing type to release workflow_call input
• use single quotes in pinact failure expression to satisfy workflow syntax

Testing

• act -j actionlint -W .github/workflows/actionlint.yml --container-architecture linux/amd64 (expected reviewdog 404 in act but syntax checked)
• pinact run --check

Summary by CodeRabbit

• Chores
  • Standardized workflow condition syntax to improve consistency (no behavior change).
  • Explicitly declared the release workflow’s "environment" input as a string to strengthen validation and make runs more predictable.

[coderabbitai]

Walkthrough

Two GitHub Actions workflows were edited: pinact.yml normalizes quote characters in an if condition, and release.yml adds an explicit type: string to the on.workflow_call.inputs.environment input. No control-flow or behavioral changes were introduced.

Changes

Cohort / File(s)	Summary of changes
Workflow quoting tweak .github/workflows/pinact.yml	Switched double quotes to single quotes in an if expression comparing a job outcome; purely syntactic, no functional change.
Workflow input schema .github/workflows/release.yml	Added type: string to on.workflow_call.inputs.environment, making the input’s type explicit alongside existing description, required, and default.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• chore: add pinact enforcement #2 — Adds/introduces .github/workflows/pinact.yml; closely related because this PR modifies that workflow's conditional.
• chore: make pinact failure actionable #3 — Modifies .github/workflows/pinact.yml (adds pinact step and remediation gated by the same conditional); related to the quoting/conditional changes here.

Poem

I nibble at YAML by moonlight bright,
Swapping quotes with a careful bite.
I label "environment" — string, neat and small,
So workflows hop and never stall.
Thump-thump, I push — CI sings for all. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "chore: fix workflow-call schema issues" succinctly captures the primary change in the PR—adding the missing type to the release workflow_call input—and is concise, specific, and relevant to the changeset; the secondary change (switching to single quotes in pinact.yml) is a minor syntax tweak and does not make the title misleading. The title avoids noisy details and communicates the main developer intent clearly to a reviewer scanning history. Therefore it satisfactorily summarizes the PR's main purpose.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/fix-workflow-syntax

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ae3727e and cf57aff.

📒 Files selected for processing (2)

• .github/workflows/pinact.yml (1 hunks)
• .github/workflows/release.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/workflows/pinact.yml
• .github/workflows/release.yml

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

.github/workflows/pinact.yml (1)

32-36: Nit: remove unnecessary backslashes before backticks in echo lines.

Backslashes render literally inside single quotes.

Apply this diff:

-          echo '::error::2. Run \`pinact run\` or \`pinact run -u\` locally to update SHAs.'
+          echo '::error::2. Run `pinact run` or `pinact run -u` locally to update SHAs.'

.github/workflows/release.yml (1)

10-14: OIDC perms look right; verify Trusted Publishing wiring.

You have id-token: write. Confirm:

• npm package is configured for Trusted Publishing.
• Repo is added as a Trusted Publisher for the npm org.
• Target GitHub Environment (e.g., production) grants this workflow access.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 626ee4c and ae3727e.

📒 Files selected for processing (2)

• .github/workflows/pinact.yml (1 hunks)
• .github/workflows/release.yml (1 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

.github/workflows/{lint,test,typecheck,release}.yml

📄 CodeRabbit inference engine (AGENTS.md)

Common reusable workflows must exist at .github/workflows/lint.yml, test.yml, typecheck.yml, and release.yml

Files:

• .github/workflows/release.yml

.github/**/*.yml

📄 CodeRabbit inference engine (AGENTS.md)

YAML files use 2-space indentation and filenames use kebab-case with .yml extension

Files:

• .github/workflows/release.yml
• .github/workflows/pinact.yml

.github/workflows/*.yml

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/*.yml: Workflow job IDs are lowercase and concise; step name fields are human-readable
Reference the internal composite action relatively as ./.github/actions/setup-bun so it works with both act and GitHub

Files:

• .github/workflows/release.yml
• .github/workflows/pinact.yml

.github/{workflows,actions}/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

External actions must use stable, versioned tags (e.g., actions/checkout@v5)

Files:

• .github/workflows/release.yml
• .github/workflows/pinact.yml

.github/workflows/release.yml

📄 CodeRabbit inference engine (AGENTS.md)

release.yml uses npm Trusted Publishing (OIDC); ensure target repo/environment is a Trusted Publisher and grants id-token permission

Files:

• .github/workflows/release.yml

.github/workflows/pinact.yml

📄 CodeRabbit inference engine (AGENTS.md)

Include and use pinact.yml workflow to enforce pinned action references

Files:

• .github/workflows/pinact.yml

🧠 Learnings (3)

📓 Common learnings

Learnt from: CR
PR: listee-dev/listee-ci#0
File: AGENTS.md:0-0
Timestamp: 2025-09-20T12:49:53.678Z
Learning: Applies to .github/workflows/pinact.yml : Include and use pinact.yml workflow to enforce pinned action references

📚 Learning: 2025-09-20T12:49:53.678Z

Learnt from: CR
PR: listee-dev/listee-ci#0
File: AGENTS.md:0-0
Timestamp: 2025-09-20T12:49:53.678Z
Learning: Applies to .github/workflows/release.yml : release.yml uses npm Trusted Publishing (OIDC); ensure target repo/environment is a Trusted Publisher and grants id-token permission

Applied to files:

• .github/workflows/release.yml

📚 Learning: 2025-09-20T12:49:53.678Z

Learnt from: CR
PR: listee-dev/listee-ci#0
File: AGENTS.md:0-0
Timestamp: 2025-09-20T12:49:53.678Z
Learning: Applies to .github/workflows/pinact.yml : Include and use pinact.yml workflow to enforce pinned action references

Applied to files:

• .github/workflows/pinact.yml

🔇 Additional comments (1)

.github/workflows/pinact.yml (1)

30-30: Good call switching to single quotes in the if expression.

Prevents YAML parsing conflicts; condition will evaluate as intended.