---
name: edit-workflow
description: "GitHub Actions conventions and SHA pinning rules. Use before modifying workflow files in .github/."
---

# Edit Workflow

GitHub Actions conventions. Run this skill before modifying workflow files in `.github/`.

## When to Use

- Before creating or modifying any GitHub Actions workflow file
- When adding new third-party actions to a workflow

## When NOT to Use

- For non-GitHub CI systems
- For local scripts in `.github/scripts/`

## Action Version Pinning (Required)

All actions must be pinned to commit SHA with version comment:

```yaml
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
```

- Never use version tags alone (`@v4` is wrong)
- Local actions (`./.github/actions/*`) are exempt from pinning

## Validation

Run `uv run tox -e static` before committing — this runs `actionlint` to validate YAML syntax and structure.