Security reminder should detect workflow files on Windows paths

Resolved 💬 2 comments Opened Jan 16, 2026 by MaxMiksa Closed Feb 27, 2026

Summary

security_reminder_hook.py checks for .github/workflows/ with forward slashes, so Windows paths can fail to trigger the workflow security reminder.

Steps to Reproduce

  1. Edit a workflow file on Windows (path contains backslashes, e.g. .github\workflows\ci.yml).
  2. Trigger the security reminder hook.

Expected Behavior

The workflow security reminder triggers regardless of path separator.

Actual Behavior

No reminder is shown for Windows-style paths.

Proposed Fix

Normalize path separators (e.g., replace \\ with /) before matching.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗