Add shellcheck disable directives for heredoc markdown backticks

[Copilot]

Plan: Add shellcheck disable directives for markdown heredoc false positives ✅ COMPLETE

Problem

Static analysis identified 945 false positive warnings (SC2006/SC2287) from shellcheck misinterpreting markdown backticks in heredoc documentation blocks as command substitution.

Changes Made

Source modifications:

• pkg/workflow/sh.go - Added shellcheckDisableBackticks constant and updated 1 usage
• pkg/workflow/compiler_yaml.go - Updated 3 usages to use the constant
• pkg/workflow/prompt_step.go - Updated 1 usage to use the constant
• All 74 workflow .lock.yml files regenerated (no functional changes)

Refactoring:

• Extracted literal string "# shellcheck disable=SC2006,SC2287\n" to a constant shellcheckDisableBackticks in sh.go
• Updated all 5 locations to use the constant for better maintainability
• Added documentation explaining why the directive is needed

Results

Before Fix:

• 953 total actionlint findings
• 945 SC2006/SC2287 false positives

After Fix:

• 34 total actionlint findings (unrelated errors)
• 0 SC2006/SC2287 warnings ✅

Impact

✅ 99.2% reduction in shellcheck false positives (945 → 0)
✅ Build successful
✅ All unit tests pass
✅ All 74 workflows compiled successfully
✅ No functional changes to workflow execution
✅ Improved code maintainability with constant extraction

Verification

✅ Constant defined in pkg/workflow/sh.go with clear documentation
✅ All 5 locations updated to use the constant
✅ Compiled workflows still contain correct shellcheck disable directives
✅ Tests pass and workflows compile successfully

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[task] Add shellcheck disable directives for markdown heredoc false positives</issue_title>
<issue_description>## Objective
Add shellcheck disable directives to heredoc blocks in compiled workflows to suppress 945 false positive warnings (SC2006/SC2287) caused by markdown backticks in prompt documentation.

Context

Static analysis scan identified 945 false positives from shellcheck misinterpreting markdown backticks (e.g., /tmp/gh-aw/agent/) in heredoc documentation as command substitution. These are not actual security issues but create noise in linting output.

Related to discussion #3527.

Approach

Apply the fix template from /tmp/gh-aw/cache-memory/fix-templates/actionlint-sc2006-sc2287-heredoc-backticks.md:

1. Identify heredoc blocks in workflow compilation code that write markdown with backticks
2. Add shellcheck disable comment above affected heredoc blocks:

   # shellcheck disable=SC2006,SC2287
   cat >> "$GH_AW_PROMPT" << PROMPT_EOF
   ...markdown content with backticks...
   PROMPT_EOF

3. This should be done in the Go compiler code that generates the prompt writing step

Files to Modify

• pkg/workflow/compiler.go or related workflow generation files where heredoc prompt writing is generated
• Any other workflow compilation code that generates heredoc blocks with markdown content

Acceptance Criteria

• Shellcheck disable directives added to heredoc generation in compiler
• Recompile workflows with make recompile
• Re-run gh aw compile --actionlint shows reduced findings (945 fewer warnings)
• Verify compiled .lock.yml files contain disable directives
• No functional changes to workflow execution

Impact

Reduces linting findings from 953 to 8 (99.2% reduction), making actionlint output more useful for identifying real issues.
Related to #3527

AI generated by Plan Command for discussion #3527</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [task] Add shellcheck disable directives for markdown heredoc false positives #3541

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[pelikhan]

@copilot move literal to a constant to reuse in the other locations

[Copilot]

Extracted the literal to constant shellcheckDisableBackticks in pkg/workflow/sh.go and updated all 5 locations to use it. Commit b478905

[Copilot]

Pull Request Overview

This PR adds shellcheck disable directives (# shellcheck disable=SC2006,SC2287) to suppress false positive warnings in generated GitHub Actions workflow YAML files. These warnings occur because shellcheck incorrectly interprets markdown backticks within heredoc content as shell command substitution syntax.

Key Changes:

• Added explanatory comments and disable directives in three Go compiler files that generate heredoc blocks
• Regenerated 79+ .lock.yml workflow files with the new directives

Reviewed Changes

Copilot reviewed 76 out of 76 changed files in this pull request and generated no comments.

File	Description
pkg/workflow/sh.go	Added shellcheck disable directive to WritePromptTextToYAML function for heredoc generation
pkg/workflow/prompt_step.go	Added shellcheck disable directive to appendPromptStepWithHeredoc function
pkg/workflow/compiler_yaml.go	Added shellcheck disable directives to three heredoc locations in generatePrompt function
.github/workflows/*.lock.yml (79 files)	Generated workflow files with shellcheck disable directives added to all heredoc blocks containing prompts

The changes are consistent, well-documented, and properly address false positive shellcheck warnings. The comment "shellcheck disable directive suppresses false positives from markdown backticks" accurately explains the purpose of the directives.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.