Fix invalid GitHub workflow structure in apisec-scan.yml

[Copilot]

Problem

The .github/workflows/apisec-scan.yml workflow file was invalid and would not execute properly because it was missing the required GitHub Actions workflow structure. The file had steps at the root level instead of being properly nested under a job definition.

What was broken

   steps:
      - name: APIsec scan
        uses: apisec-inc/apisec-run-scan@025432089674a28ba8fb55f8ab06c10215e772ea
        # ... rest of configuration

This structure is invalid because:

• Missing required name field at the top level
• Missing required on field to specify workflow triggers
• Missing jobs section entirely
• steps at root level instead of nested under a job
• Missing runs-on specification for the execution environment

Solution

Restructured the workflow file to follow the correct GitHub Actions syntax:

name: APIsec Scan

on:
  pull_request:

jobs:
  apisec_scan:
    runs-on: ubuntu-latest
    steps:
      - name: APIsec scan
        uses: apisec-inc/apisec-run-scan@025432089674
        # ... rest of configuration

Changes made

• ✅ Added name: APIsec Scan at the top level
• ✅ Added on: pull_request: to trigger the workflow on pull requests
• ✅ Added jobs: section with apisec_scan: job definition
• ✅ Added runs-on: ubuntu-latest to specify the execution environment
• ✅ Properly nested steps: under the job definition
• ✅ Updated the apisec action reference to use the shorter SHA (025432089674)
• ✅ Cleaned up comments and fixed indentation for consistency
• ✅ Fixed spacing issues in secret references

Validation

• YAML syntax validated with both Python's yaml parser and yamllint
• Structure verified against other working workflows in the repository
• All original functionality preserved (APIsec scanning and SARIF result upload)

The workflow will now be properly recognized and executed by GitHub Actions when pull requests are created.

This pull request was created as a result of the following prompt from Copilot chat.

The current workflow file .github/workflows/apisec-scan.yml is invalid because the steps key is at the root level. The file needs to be restructured so that steps are nested under a job inside the jobs section, with the required on and name fields at the top. The corrected structure should look like this:

name: APIsec Scan

on:
pull_request:

jobs:
apisec_scan:
runs-on: ubuntu-latest
steps:
- name: APIsec scan
uses: apisec-inc/apisec-run-scan@025432089674
with:
apisec-username: ${{ secrets.apisec_username }}
apisec-password: ${{ secrets.apisec_password }}
apisec-project: "VAmPI"
sarif-result-file: "apisec-results.sarif"
- name: Import results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ./apisec-results.sarif

Replace the existing .github/workflows/apisec-scan.yml file with this fixed YAML.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.