block workflow name

.github/workflows/pr-auditor.yml

@@ -1,20 +1,25 @@
-# See https://docs.sourcegraph.com/dev/background-information/ci#pr-auditor
-name: pr-auditor
+# � SECURITY PLACEHOLDER - DO NOT USE THIS WORKFLOW NAME �
+#
+# This workflow previously existed and was compromised. This placeholder file
+# exists to allow blocking this workflow name in GitHub's branch protection rules.
+#
+# This prevents anyone from:
+# 1. Using a cached/previous version of a workflow with this name
+# 2. Re-creating a malicious workflow using this known-compromised name
+#
+# If you need to create a similar workflow, please use a
+# different name
+
+name: "[BLOCKED] Workflow name placeholder"
+
 on:
-  pull_request_target:
-    types: [ closed, edited, opened, synchronize, ready_for_review ]
+  workflow_dispatch:
 
 jobs:
-  check-pr:
+  blocked:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-        with: { repository: 'sourcegraph/sourcegraph' }
-      - uses: actions/setup-go@v2
-        with: { go-version: '1.18' }
-
-      - run: ./dev/pr-auditor/check-pr.sh
-        env:
-          GITHUB_EVENT_PATH: ${{ env.GITHUB_EVENT_PATH }}
-          GITHUB_TOKEN: ${{ secrets.CODENOTIFY_GITHUB_TOKEN }}
-          GITHUB_RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+      - name: This workflow is blocked
+        run: |
+          echo "� A workflow with this name was previously compromised and is now blocked."
+          exit 1