The default workflow permissions are overly broad; setting permissions
explicitly at the workflow level ensures excessive permissions are not
unintentionally granted to jobs. For details, see:
https://docs.zizmor.sh/audits/#excessive-permissions
Set `persist-credentials: false` for all uses of `actions/checkout`.
This prevents git credentials from being stored on disk, and fixes the
following Zizmor audit:
https://docs.zizmor.sh/audits/#artipacked
Problem:
Sed thinks the argument starting with `1i` (and triple backticks) is the
suffix for the backup file because it comes right after the `-i` flag.
See for example
https://github.com/neovim/neovim/actions/runs/19774967693/job/56665991723.
Solution:
Explicitly mark it as command using the `-e` flag.
Problem:
scripts/check_urls.vim manually matches urls in the help pages and then
synchronously checks them via curl/wget/powershell. This is extremely
slow (~5 minutes for Nvims runtime on my machine) and prone to errors in
how the urls are matched.
Solution:
- Use Tree-sitter to find the urls in the help pages and `vim.net.request` to
check the responses.
- Add a `lintdocurls` build task and check it in CI (every Friday).
- Reopens a dedicated issue if it finds unreachable URLs.
- Drop the old check_urls.vim script.
