diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 30cead0369..f03f420c0c 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -1,6 +1,6 @@
 ---
 name: "Lint"
-on: # yamllint disable-line rule:truthy
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - "!dependabot/*"
@@ -20,7 +20,7 @@ jobs:
       - name: "Check Licenses"
         uses: "authzed/actions/go-license-check@main"
         with:
-          ignore: "buf.build" # Has no license information
+          ignore: "buf.build"  # Has no license information
 
   go-lint:
     name: "Lint Go"
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 82edb83552..aadfcadeec 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -1,6 +1,6 @@
 ---
 name: "Security"
-on: # yamllint disable-line rule:truthy
+on:  # yamllint disable-line rule:truthy
   push:
     branches:
       - "!dependabot/*"
@@ -16,7 +16,7 @@ env:
 jobs:
   codeql:
     name: "CodeQL Analyze"
-    if: "${{ github.event_name == 'pull_request' }}" # workaround to https://github.com/github/codeql-action/issues/1537
+    if: "${{ github.event_name == 'pull_request' }}"  # workaround to https://github.com/github/codeql-action/issues/1537
     runs-on: "buildjet-8vcpu-ubuntu-2204"
     timeout-minutes: "${{ (matrix.language == 'swift' && 120) || 360 }}"
     permissions:
diff --git a/internal/services/integrationtesting/testconfigs/caveatmultiplebranchessamerel.yaml b/internal/services/integrationtesting/testconfigs/caveatmultiplebranchessamerel.yaml
index 74bd3912d9..79871d6f7d 100644
--- a/internal/services/integrationtesting/testconfigs/caveatmultiplebranchessamerel.yaml
+++ b/internal/services/integrationtesting/testconfigs/caveatmultiplebranchessamerel.yaml
@@ -1,3 +1,4 @@
+---
 schema: >-
   definition user {}