Added workflow violation file

Author: purriza

.github/workflows/badWorkflowExample.yml

@@ -0,0 +1,108 @@
+# VIOLATION: Missing proper header comment block (no purpose, triggers, behaviors, limitations)
+
+name: Bad Workflow
+
+# VIOLATION: No explicit event types specified
+on: [push, pull_request]
+
+# VIOLATION: Permissions not documented with comments explaining why needed
+permissions:
+  contents: write
+  pull-requests: write
+  issues: write
+
+jobs:
+  # VIOLATION: Job name not in kebab-case (should be bad-workflow-job)
+  BadWorkflowJob:
+    runs-on: ubuntu-latest
+    
+    # VIOLATION: Missing conditional execution (no if: conditions)
+    
+    steps:
+      # VIOLATION: Step name not descriptive/action-oriented
+      - name: Checkout
+        uses: actions/checkout@v4
+      
+      # VIOLATION: No step name at all
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+      
+      - name: Run script
+        # VIOLATION: No env: section to pass GitHub Actions values safely
+        run: |
+          echo "Processing files..."
+          
+          # VIOLATION: Missing set -e for error handling
+          
+          # VIOLATION: Variables not initialized before use
+          FILES=${{ github.event.pull_request.changed_files }}
+          
+          # VIOLATION: Unquoted variable expansion (word-splitting risk)
+          echo "Files: $FILES"
+          
+          # VIOLATION: Direct interpolation of GitHub Actions expression (shell injection risk)
+          BRANCH_NAME="${{ github.head_ref }}"
+          
+          # VIOLATION: No error handling or exit codes
+          npm install
+          npm test
+          
+          # VIOLATION: Hardcoded sensitive value (should use secrets)
+          API_KEY="sk-1234567890abcdef"
+          curl -H "Authorization: Bearer $API_KEY" https://api.example.com/data
+          
+          # VIOLATION: No ANSI color codes for logging
+          echo "Success"
+          
+          # VIOLATION: No descriptive comments for complex logic
+          for file in $FILES; do
+            if [[ $file == *.sol ]]; then
+              cat $file | grep "pragma" >> output.txt
+            fi
+          done
+          
+          # VIOLATION: Writing to GITHUB_ENV without quotes
+          echo "RESULT=success" >> $GITHUB_ENV
+      
+      - name: Comment
+        # VIOLATION: No unique marker for comment identification
+        # VIOLATION: No check for existing comments before creating new ones
+        run: |
+          # VIOLATION: Missing set -e
+          
+          COMMENT="Build completed"
+          
+          # VIOLATION: Using GITHUB_TOKEN directly without unsetting it first
+          curl -X POST \
+            -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+            -H "Accept: application/vnd.github.v3+json" \
+            https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments \
+            -d "{\"body\": \"$COMMENT\"}"
+      
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          # VIOLATION: Not descriptive artifact name
+          name: output
+          path: output.txt
+      
+      # VIOLATION: No cleanup of temporary files
+      
+  # VIOLATION: No job dependencies (needs:) when they should exist
+  another_job:
+    runs-on: ubuntu-latest
+    # VIOLATION: No concurrency group to prevent duplicate runs
+    
+    steps:
+      - name: Step without proper error handling
+        run: |
+          # VIOLATION: No set -e
+          # VIOLATION: No error messages with context
+          # VIOLATION: Command that might fail silently
+          rm -rf /tmp/cache || echo "failed"
+          
+          # VIOLATION: No transparency/logging of decisions
+          if [ -f "package.json" ]; then
+            npm install
+          fi