even those were formatted.

.github/actions/setup-base/action.yml

@@ -1,5 +1,5 @@
-name: 'Setup Build Base Composite Action'
+name: "Setup Build Base Composite Action"
-description: 'Base build actions for Meshtastic Platform IO steps'
+description: "Base build actions for Meshtastic Platform IO steps"
 
 runs:
   using: "composite"

.github/workflows/sec_sast_flawfinder.yml

@@ -10,31 +10,31 @@ on:
 
 jobs:
   flawfinder:
-      runs-on: ubuntu-latest
+    runs-on: ubuntu-latest
-      name: Flawfinder
+    name: Flawfinder
 
-      steps:
+    steps:
-        # step 1
+      # step 1
-        - name: clone application source code
+      - name: clone application source code
-          uses: actions/checkout@v3
+        uses: actions/checkout@v3
 
-        # step 2
+      # step 2
-        - name: flawfinder_scan
+      - name: flawfinder_scan
-          uses: david-a-wheeler/flawfinder@2.0.19
+        uses: david-a-wheeler/flawfinder@2.0.19
-          with:
+        with:
-            arguments: '--sarif ./'
+          arguments: "--sarif ./"
-            output: 'flawfinder_report.sarif'
+          output: "flawfinder_report.sarif"
 
-        # step 3
+      # step 3
-        - name: save report as pipeline artifact
+      - name: save report as pipeline artifact
-          uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v3
-          with:
+        with:
-            name: flawfinder_report.sarif
+          name: flawfinder_report.sarif
-            path: flawfinder_report.sarif
+          path: flawfinder_report.sarif
 
-        # step 4
+      # step 4
-        - name: publish code scanning alerts
+      - name: publish code scanning alerts
-          uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v2
-          with:
+        with:
-            sarif_file: flawfinder_report.sarif
+          sarif_file: flawfinder_report.sarif
-            category: flawfinder
+          category: flawfinder

.github/workflows/sec_sast_semgrep_cron.yml

@@ -6,39 +6,37 @@ on:
     branches:
       - master
   schedule:
-    - cron:  '0 1 * * 6'
+    - cron: "0 1 * * 6"
 
 jobs:
-
   semgrep-full:
-      runs-on: ubuntu-latest
+    runs-on: ubuntu-latest
-      container:
+    container:
-        image: returntocorp/semgrep
+      image: returntocorp/semgrep
 
-      steps:
+    steps:
+      # step 1
+      - name: clone application source code
+        uses: actions/checkout@v3
 
-        # step 1
+      # step 2
-        - name: clone application source code
+      - name: full scan
-          uses: actions/checkout@v3
+        run: |
+          semgrep \
+            --sarif --output report.sarif \
+            --metrics=off \
+            --config="p/default"
 
-        # step 2
+      # step 3
-        - name: full scan
+      - name: save report as pipeline artifact
-          run: |
+        uses: actions/upload-artifact@v3
-            semgrep \
+        with:
-              --sarif --output report.sarif \
+          name: report.sarif
-              --metrics=off \
+          path: report.sarif
-              --config="p/default"
 
-        # step 3
+      # step 4
-        - name: save report as pipeline artifact
+      - name: publish code scanning alerts
-          uses: actions/upload-artifact@v3
+        uses: github/codeql-action/upload-sarif@v2
-          with:
+        with:
-            name: report.sarif
+          sarif_file: report.sarif
-            path: report.sarif
+          category: semgrep
-
-        # step 4
-        - name: publish code scanning alerts
-          uses: github/codeql-action/upload-sarif@v2
-          with:
-            sarif_file: report.sarif
-            category: semgrep

.github/workflows/sec_sast_semgrep_pull.yml

@@ -1,17 +1,14 @@
 ---
 name: Semgrep Differential Scan
-on:
+on: pull_request
-  pull_request
 
 jobs:
-
   semgrep-diff:
     runs-on: ubuntu-latest
     container:
       image: returntocorp/semgrep
 
     steps:
-
       # step 1
       - name: clone application source code
         uses: actions/checkout@v3