[FEATURE] Github workflow linter and security validator

[Shurtu-gal]

Why do we need this improvement?

At the moment, we run a basic validation action on every PR that checks GitHub Actions workflow files against a JSON Schema. While useful for catching simple syntax errors, this validation is limited and does not cover logic, security, or permission-related issues.

Related to: #257

How will this change help?

We recently had security breaches and would like to curb them.

Screenshots

No response

How could it be implemented/designed?

Tasks:

• Run zizmor on existing GitHub Actions workflows and fix reported security issues.
• Run actionlint on existing workflows and update them to pass validation.
• Integrate actions-permissions to detect insecure permissions.
• Ensure all workflows explicitly define permissions: and avoid implicit defaults.
• Create a unified workflow-validation GitHub Action combining all selected checks

🚧 Breaking changes

No

👀 Have you checked for similar open issues?

• I checked and didn't find a similar issue

🏢 Have you read the Contributing Guidelines?

• I have read the Contributing Guidelines

Are you willing to work on this issue?

Yes I am willing to submit a PR!

[Shurtu-gal]

/bounty-candidate

[asyncapi-bot]

❌ @Shurtu-gal is not authorized to use the Bounty Program's commands.
These commands can only be used by members of the Bounty Team.

[aeworxet]

Bounty Issue's service comment

Text labels: bounty/2026-03, bounty/advanced, bounty/coding
First assignment to regular contributors: 2026-02-20 00:00:00 UTC+12:00
End Of Life after: 2026-03-31 23:59:59 UTC-12:00

@asyncapi/bounty_team

The Bounty Program is not a Mentorship Program. The accepted level of Bounty Program Participants is Middle/Senior.

Regular contributors should explain in meaningful words how they are going to approach the resolution process when expressing a desire to work on this Bounty Issue.

[katara-Jayprakash]

/assign

[aeworxet]

@katara-Jayprakash, please explain, in clear terms, how you will approach resolving this Bounty Issue, and refrain from starting work until you are assigned. Force-pushing through or imposing a PR will achieve nothing.

[Shurtu-gal]

I wish to work on this bounty issue.