chore(ci): Ensure stale and no-response workflows are consistent and not vulnerable to injection attacks (#6097)

2 files changed, 28 insertions, 26 deletions

diff --git a/.github/workflows/no-response.yml b/.github/workflows/no-response.yml
index 3d3d8e7e..abaad9db 100644
--- a/.github/workflows/no-response.yml
+++ b/.github/workflows/no-response.yml
@@ -1,32 +1,33 @@
-name: No Response
+name: 'No Response'
 
 # Run as a daily cron at 1:45 AM
 on:
   schedule:
     - cron: '45 1 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
 
 jobs:
   no-response:
-    runs-on: ubuntu-latest
-    if: ${{ github.repository == 'google-gemini/gemini-cli' }}
+    runs-on: 'ubuntu-latest'
+    if: |-
+      ${{ github.repository == 'google-gemini/gemini-cli' }}
     permissions:
-      issues: write
-      pull-requests: write
+      issues: 'write'
+      pull-requests: 'write'
     concurrency:
-      group: ${{ github.workflow }}-no-response
+      group: '${{ github.workflow }}-no-response'
       cancel-in-progress: true
     steps:
-      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639
+      - uses: 'actions/stale@5bef64f19d7facfb25b37b414482c7164d639639' # ratchet:actions/stale@v9
         with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          repo-token: '${{ secrets.GITHUB_TOKEN }}'
           days-before-stale: -1
           days-before-close: 14
           stale-issue-label: 'status/need-information'
-          close-issue-message: >
+          close-issue-message: >-
             This issue was marked as needing more information and has not received a response in 14 days.
             Closing it for now. If you still face this problem, feel free to reopen with more details. Thank you!
           stale-pr-label: 'status/need-information'
-          close-pr-message: >
+          close-pr-message: >-
             This pull request was marked as needing more information and has had no updates in 14 days.
             Closing it for now. You are welcome to reopen with the required info. Thanks for contributing!
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 914e9d57..87354b57 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -1,38 +1,39 @@
-name: Mark stale issues and pull requests
+name: 'Mark stale issues and pull requests'
 
 # Run as a daily cron at 1:30 AM
 on:
   schedule:
     - cron: '30 1 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
 
 jobs:
   stale:
-    runs-on: ubuntu-latest
-    if: ${{ github.repository == 'google-gemini/gemini-cli' }}
+    runs-on: 'ubuntu-latest'
+    if: |-
+      ${{ github.repository == 'google-gemini/gemini-cli' }}
     permissions:
-      issues: write
-      pull-requests: write
+      issues: 'write'
+      pull-requests: 'write'
     concurrency:
-      group: ${{ github.workflow }}-stale
+      group: '${{ github.workflow }}-stale'
       cancel-in-progress: true
     steps:
-      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639
+      - uses: 'actions/stale@5bef64f19d7facfb25b37b414482c7164d639639' # ratchet:actions/stale@v9
         with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          stale-issue-message: >
+          repo-token: '${{ secrets.GITHUB_TOKEN }}'
+          stale-issue-message: >-
             This issue has been automatically marked as stale due to 60 days of inactivity.
             It will be closed in 14 days if no further activity occurs.
-          stale-pr-message: >
+          stale-pr-message: >-
             This pull request has been automatically marked as stale due to 60 days of inactivity.
             It will be closed in 14 days if no further activity occurs.
-          close-issue-message: >
+          close-issue-message: >-
             This issue has been closed due to 14 additional days of inactivity after being marked as stale.
             If you believe this is still relevant, feel free to comment or reopen the issue. Thank you!
-          close-pr-message: >
+          close-pr-message: >-
             This pull request has been closed due to 14 additional days of inactivity after being marked as stale.
             If this is still relevant, you are welcome to reopen or leave a comment. Thanks for contributing!
           days-before-stale: 60
           days-before-close: 14
-          exempt-issue-labels: pinned,security
-          exempt-pr-labels: pinned,security
+          exempt-issue-labels: 'pinned,security'
+          exempt-pr-labels: 'pinned,security'