fixup

Signed-off-by: Frederic BIDON <fredbi@yahoo.com>

Author: fredbi

.claude/skills/github-actions.md

@@ -57,18 +57,26 @@ if: inputs.enable-signing == 'true'
 
 ### GitHub Workflow Commands
 
-Use workflow commands for user-visible messages:
+Use workflow commands for user-visible messages with **double colon separator**:
 
-```yaml
-# ✅ CORRECT - Shows as annotation in GitHub UI
+```bash
+# ✅ CORRECT - Double colon (::) separator after title
 echo "::notice title=build::Build completed successfully"
 echo "::warning title=race-condition::Merge already in progress"
 echo "::error title=deployment::Failed to deploy"
 
-# ❌ WRONG - Just logs to console
+# ❌ WRONG - Single colon separator
+echo "::notice title=build:Build completed"  # Missing second ':'
+echo "::warning title=x:message"             # Won't display correctly
+
+# ❌ WRONG - Just logs to console (no annotation)
 echo "Build completed"
 ```
 
+**Syntax pattern:** `::LEVEL title=TITLE::MESSAGE`
+- `LEVEL`: notice, warning, or error
+- Double `::` separator is required between title and message
+
 ## Security Best Practices
 
 ### The secrets[inputs.name] Vulnerability
@@ -427,7 +435,22 @@ Brief description of what the action does.
 
 ## Common Gotchas
 
-1. **Boolean input comparisons**: GitHub Actions inputs are strongly typed, with no "JS-like" truthy logic
+1. **Workflow command syntax**: GitHub Actions workflow commands require **double colon separator**
+   ```bash
+   # ✅ CORRECT - Double :: separator
+   echo "::notice title=success::All tests passed"
+   echo "::warning title=deprecated::This feature is deprecated"
+   echo "::error title=failed::Build failed"
+
+   # ❌ WRONG - Single : separator (won't display correctly)
+   echo "::notice title=success:All tests passed"
+   echo "::warning title=x:message"
+
+   # Pattern: ::LEVEL title=TITLE::MESSAGE
+   # The double :: between title and message is mandatory
+   ```
+
+2. **Boolean input comparisons**: GitHub Actions inputs are strongly typed, with no "JS-like" truthy logic
    ```yaml
    # ❌ WRONG - Boolean true is NOT equal to string 'true'
    on:
@@ -448,12 +471,12 @@ Brief description of what the action does.
    if [[ '${{ inputs.enable-feature }}' == 'true' ]]; then  # Works in bash
    ```
 
-2. **Expression evaluation in descriptions**: Don't use `${{ }}` in action.yml description fields
-3. **Race conditions**: Always use optimistic execution + error handling, never check-then-act
-4. **Secret exposure**: Never use `secrets[inputs.name]` - always use explicit secret parameters
-5. **Branch deletion**: Use `wait-pending-jobs` before merging to prevent failures in non-required jobs
-6. **Idempotency**: `gh pr merge --auto` is NOT idempotent - handle "Merge already in progress" error
-7. **TOCTOU vulnerabilities**: State can change between check and action - handle at runtime
+3. **Expression evaluation in descriptions**: Don't use `${{ }}` in action.yml description fields
+4. **Race conditions**: Always use optimistic execution + error handling, never check-then-act
+5. **Secret exposure**: Never use `secrets[inputs.name]` - always use explicit secret parameters
+6. **Branch deletion**: Use `wait-pending-jobs` before merging to prevent failures in non-required jobs
+7. **Idempotency**: `gh pr merge --auto` is NOT idempotent - handle "Merge already in progress" error
+8. **TOCTOU vulnerabilities**: State can change between check and action - handle at runtime
 
 ## Testing Workflows
 

.github/workflows/go-test-monorepo.yml

@@ -95,7 +95,7 @@ jobs:
           cache-dependency-path: '**/go.sum'
       -
         name: Detect go version
-        id: detect-test-work-supported
+        id: detect-test-work
         run: |
           go_minor_version=$(echo '${{ steps.go-setup.outputs.go-version }}'|cut -d' ' -f3|cut -d'.' -f2)
           echo "go-minor-version=${go_minor_version}" >> "${GITHUB_OUTPUT}"
@@ -113,10 +113,7 @@ jobs:
         uses: go-openapi/gh-actions/install/gotestsum@6c7952706aa7afa9141262485767d9270ef5b00b # v1.3.0
       -
         name: Run unit tests on all modules in this repo (go1.25+ with go.work)
-        if: >
-          ${{
-              needs.lint.outputs.is_monorepo == 'true' && steps.detect-test-work-supported.outputs.supported == 'true'
-          }}
+        if: ${{ needs.lint.outputs.is_monorepo == 'true' && steps.detect-test-work.outputs.supported == 'true' }}
         # with go.work file enabled, go test recognizes sub-modules and collects all packages to be covered
         # without specifying -coverpkg.
         #
@@ -139,7 +136,7 @@ jobs:
         name: Run unit tests on all modules in this repo (<go1.25 or no go.work)
         if: >
           ${{
-              needs.lint.outputs.is_monorepo == 'true' && steps.detect-test-work-supported.outputs.supported != 'true'
+              needs.lint.outputs.is_monorepo == 'true' && steps.detect-test-work.outputs.supported != 'true'
           }}
         run: |
           declare -a ALL_MODULES
@@ -166,7 +163,7 @@ jobs:
             ${ALL_MODULES[@]}
       -
         name: Run unit tests
-        if: ${{ needs.lint.outputs.is_monorepo != 'true' && needs.lint.outputs.is_monorepo != true }}
+        if: ${{ needs.lint.outputs.is_monorepo != 'true' }}
         run: >
           gotestsum
           --jsonfile 'unit.report.${{ matrix.os }}-${{ matrix.go }}.json'