Fix SC2012: Replace ls with find in all workflow sources and generated code

[Copilot]

Shellcheck SC2012 warns against parsing ls output due to fragility with special characters in filenames. This PR eliminates all 37 instances across workflow sources and compiler code.

Changes

Workflow source files (23 files, 32 occurrences)

• Simple listings: ls -la <path> → find <path> -maxdepth 1 -ls
• Wildcard patterns: ls -la dir/*.yml → find dir -name "*.yml" -type f
• Bash tool allowlists: Updated to permit find equivalents instead of ls

Compiler code generation (4 files)

• Asset listings (publish_assets.go): Safe output asset directory inspection
• Log discovery (copilot_srt.go): Time-sorted directory finding via find -printf '%T@ %p\n' | sort -rn
• Node.js path detection (claude_engine.go, codex_engine.go): Changed from ls /opt/hostedtoolcache/node | head -1 to find -maxdepth 1 -type d | head -1 | xargs basename

Agent documentation (1 file)

• Updated inline bash examples in speckit-dispatcher.agent.md

Example

Before:

ls -la /tmp/gh-aw/safeoutputs/assets/
NODE_BIN_PATH="$(ls /opt/hostedtoolcache/node | head -1)/x64/bin"

After:

find /tmp/gh-aw/safeoutputs/assets/ -maxdepth 1 -ls
NODE_BIN_PATH="$(find /opt/hostedtoolcache/node -maxdepth 1 -type d | head -1 | xargs basename)/x64/bin"

All 126 workflows regenerated. Actionlint confirms zero SC2012 warnings.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/user
  • Triggering command: /usr/bin/gh gh api user --jq .login -json GO111MODULE 0.1-go1.25.0.linux-amd64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE 0.1-go1.25.0.linux-amd64/pkg/too-buildtags env -json GO111MODULE 0.1-go1.25.0.linux-amd64/bin/go GOINSECURE GOMOD GOMODCACHE rg/toolchain@v0.0.1-go1.25.0.lin-buildtags (http block)
  • Triggering command: /usr/bin/gh gh api user --jq .login om/nonexistent/repo l/linux_amd64/vet /home/REDACTED/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.0.linux-amd64/pkg/tool/linux_amd64/co--json -json GO111MODULE ux-amd64/pkg/too--show-toplevel /home/REDACTED/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.0.linrev-parse -o ference.git -trimpath /usr/bin/git -p main l/linux_amd64/li/tmp/validate-js-1183722102.cjs git (http block)
  • Triggering command: /usr/bin/gh gh api user --jq .login ithub/workflows 3594796/b301/vet.cfg (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[plan] Fix SC2012: Replace ls with find in 41 workflows</issue_title>
<issue_description>## Objective

Fix 72 occurrences of shellcheck SC2012 info-level issues across 41 workflows by replacing ls parsing with find commands for more robust filename handling.

Problem

Using ls output in scripts can fail with special characters in filenames (spaces, newlines, etc.):

ls -t *.yml | head -5  # ❌ Breaks with spaces/special chars

Solution

Use find with proper formatting:

find . -name "*.yml" -type f -printf '%T@ %p\n' | sort -rn | head -5 | cut -d' ' -f2

Impact

While info-level, this improves robustness when:

• Filenames contain spaces or special characters
• Operating in directories with varied file naming conventions
• Processing user-generated or external files

Approach

1. Identify all ls usage patterns in workflow .md files
2. Determine the intent of each ls command (sorting, filtering, etc.)
3. Replace with equivalent find commands
4. Test locally if possible for common patterns
5. Recompile workflows: make recompile
6. Verify with actionlint

Common Patterns to Fix

# Pattern 1: List by time
ls -t pattern | head -n    → find + sort + head

# Pattern 2: List all files
ls pattern                  → find -name pattern

# Pattern 3: List with size
ls -lh pattern             → find -printf with custom format

Files to Modify

41 workflow .md files in .github/workflows/ (72 total occurrences)

Acceptance Criteria

• All 72 SC2012 issues resolved
• Equivalent functionality preserved
• actionlint shows 0 SC2012 issues
• Workflows compile successfully
  Related to [plan] Address static analysis findings from actionlint/shellcheck #7896

AI generated by Plan Command for discussion #7889

Comments on the Issue (you are @copilot in this section)

• Fixes [plan] Fix SC2012: Replace ls with find in 41 workflows #7898

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.