[Issue]: Fix shellcheck warnings (SC2086, SC2129) in workflow files #298
Description
Issue Description
Actionlint reports shellcheck warnings in two workflow files that should be remediated for consistency with the fix applied in PR #246.
Affected files:
.github/workflows/markdown-lint.yml(lines 39, 56-64).github/workflows/codeql-analysis.yml(lines 47-52)
Warnings:
| Code | Description | Fix |
|---|---|---|
| SC2086 | Double quote to prevent globbing and word splitting | Quote $GITHUB_STEP_SUMMARY and $GITHUB_ENV variables |
| SC2129 | Consider using grouped redirects | Use { cmd1; cmd2; } >> file instead of individual redirects |
Additional Context
Prior art: PR #246 (merged 2026-01-22) fixed identical warnings in extension-publish*.yml files using the same pattern:
# SC2086: Quote environment variables
echo "..." >> "$GITHUB_STEP_SUMMARY"
# SC2129: Group multiple writes
{
echo "## Header"
echo "**Key:** value"
} >> "$GITHUB_STEP_SUMMARY"Discovery: These warnings surfaced during investigation of Dependabot PR #295 (upload-artifact v6 migration). The warnings are informational but should be fixed for code quality consistency.
Research: .copilot-tracking/research/2026-01-26-upload-artifact-v6-migration-research.md