Security reminder should detect workflow files on Windows paths
Resolved 💬 2 comments Opened Jan 16, 2026 by MaxMiksa Closed Feb 27, 2026
Summary
security_reminder_hook.py checks for .github/workflows/ with forward slashes, so Windows paths can fail to trigger the workflow security reminder.
Steps to Reproduce
- Edit a workflow file on Windows (path contains backslashes, e.g.
.github\workflows\ci.yml). - Trigger the security reminder hook.
Expected Behavior
The workflow security reminder triggers regardless of path separator.
Actual Behavior
No reminder is shown for Windows-style paths.
Proposed Fix
Normalize path separators (e.g., replace \\ with /) before matching.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗