Update pre-commit hook rhysd/actionlint to v1.7.0

[renovate[bot]]

This PR contains the following updates:

Package	Type	Update	Change
rhysd/actionlint	repository	minor	v1.6.27 -> v1.7.0

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

rhysd/actionlint (rhysd/actionlint)

### [`v1.7.0`](https://togithub.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v170---08-May-2024) [Compare Source](https://togithub.com/rhysd/actionlint/compare/v1.6.27...v1.7.0) - From this version, actionlint starts to check action metadata file `action.yml` (or `action.yaml`). At this point, only very basic checks are implemented and contents of `steps:` are not checked yet. - It checks properties under `runs:` section (e.g. `main:` can be specified when it is a JavaScript action), `branding:` properties, and so on. ```yaml name: 'My action' author: '...' ``` ### ERROR: 'description' section is missing branding: ### ERROR: Invalid icon name icon: dog runs: ### ERROR: Node.js runtime version is too old using: 'node12' ### ERROR: The source file being run by this action does not exist main: 'this-file-does-not-exist.js' ### ERROR: 'env' configuration is only allowed for Docker actions env: SOME_VAR: SOME_VALUE ``` - actionlint still focuses on checking workflow files. So there is no way to directly specify `action.yml` as an argument of `actionlint` command. actionlint checks all local actions which are used by given workflows. If you want to use actionlint for your action development, prepare a test/example workflow which uses your action, and check it with actionlint instead. - Checks for `steps:` contents are planned to be implemented. Since several differences are expected between `steps:` in workflow file and `steps:` in action metadata file (e.g. available contexts), the implementation is delayed to later version. And the current implementation of action metadata parser is ad hoc. I'm planning a large refactorying and breaking changes Go API around it are expected. - Add `runner.environment` property. ([#​412](https://togithub.com/rhysd/actionlint/issues/412)) ```yaml - run: echo 'Run by GitHub-hosted runner' if: runner.environment == 'github-hosted' ``` - Using outdated popular actions is now detected at error. See [the document](https://togithub.com/rhysd/actionlint/blob/main/docs/checks.md#detect-outdated-popular-actions) for more details. - Here 'outdated' means actions which use runtimes no longer supported by GitHub-hosted runners such as `node12`. ```yaml ``` ### ERROR: actions/checkout@v2 is using the outdated runner 'node12' - uses: actions/checkout@v2 ``` - Support `attestations` permission which was [recently added to GitHub Actions as beta](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). ([#​418](https://togithub.com/rhysd/actionlint/issues/418), thanks [@​bdehamer](https://togithub.com/bdehamer)) ```yaml permissions: id-token: write contents: read attestations: write ``` - Check comparison expressions more strictly. Arbitrary types of operands can be compared as [the official document](https://docs.github.com/en/actions/learn-github-actions/expressions#operators) explains. However, comparisons between some types are actually meaningless because the values are converted to numbers implicitly. actionlint catches such meaningless comparisons as errors. Please see [the check document](https://togithub.com/rhysd/actionlint/blob/main/docs/checks.md#check-comparison-types) for more details. ```yaml on: workflow_call: inputs: timeout: type: boolean jobs: test: runs-on: ubuntu-latest steps: - run: echo 'called!' ``` ### ERROR: Comparing string to object is always evaluated to false if: ${{ github.event == 'workflow_call' }} - run: echo 'timeout is too long' ### ERROR: Comparing boolean value with `>` doesn't make sense if: ${{ inputs.timeout > 60 }} - Follow the update that `macos-latest` is now an alias to `macos-14` runner. - Support a custom python shell by `pyflakes` rule. - Add workaround actionlint reports that `dorny/paths-filter`'s `predicate-quantifier` input is not defined. ([#​416](https://togithub.com/rhysd/actionlint/issues/416)) - Fix the type of a conditional expression by comparison operators is wider than expected by implementing type narrowing. ([#​384](https://togithub.com/rhysd/actionlint/issues/384)) - For example, the type of following expression should be `number` but it was actually `string | number` and actionlint complained that `timeout-minutes` must take a number value. ```yaml timeout-minutes: ${{ env.FOO && 10 || 60 }} ``` - Fix `${{ }}` placeholder is not available at `jobs..services`. ([#​402](https://togithub.com/rhysd/actionlint/issues/402)) ```yaml jobs: test: services: ${{ fromJSON('...') }} runs-on: ubuntu-latest steps: - run: ... - Do not check outputs of `google-github-actions/get-secretmanager-secrets` because this action sets outputs dynamically. ([#​404](https://togithub.com/rhysd/actionlint/issues/404)) - Fix `defaults.run` is ignored on detecting the shell used in `run:`. ([#​409](https://togithub.com/rhysd/actionlint/issues/409)) ```yaml defaults: run: shell: pwsh jobs: test: runs-on: ubuntu-latest steps: ``` ### This was wrongly detected as bash script - run: $Env:FOO = "FOO" - Fix parsing a syntax error reported from pyflakes when checking a Python script in `run:`. ([#​411](https://togithub.com/rhysd/actionlint/issues/411)) ```yaml - run: print( shell: python - Skip checking `exclude:` items in `matrix:` when they are constructed from `${{ }}` dynamically. ([#​414](https://togithub.com/rhysd/actionlint/issues/414)) ```yaml matrix: foo: ['a', 'b'] exclude: ``` ### actionlint complained this value didn't exist in matrix combinations - foo: ${{ env.EXCLUDE_FOO }} - Fix checking `exclude:` items when `${{ }}` is used in items of nested arrays. ```yaml matrix: foo: - ["${{ fromJSON('...') }}"] exclude: ### actionlint complained this value didn't match to any matrix combinations - foo: ['foo'] - Update popular actions data set. New major versions are added and the following actions are newly added. - `peaceiris/actions-hugo` - `actions/attest-build-provenance` - `actions/add-to-project` - `octokit/graphql-action` - Update Go dependencies to the latest. - Reduce the size of `actionlint` executable by removing redundant data from popular actions data set. - x86\_64 executable binary size was reduced from 6.9MB to 6.7MB (2.9% smaller). - Wasm binary size was reduced from 9.4MB to 8.9MB (5.3% smaller). - Describe how to [integrate actionlint to Pulsar Edit](https://web.pulsar-edit.dev/packages/linter-github-actions) in [the document](https://togithub.com/rhysd/actionlint/blob/main/docs/usage.md#pulsar-edit). ([#​408](https://togithub.com/rhysd/actionlint/issues/408), thanks [@​mschuchard](https://togithub.com/mschuchard)) - Update outdated action versions in the usage document. ([#​413](https://togithub.com/rhysd/actionlint/issues/413), thanks [@​naglis](https://togithub.com/naglis)) \[Changes]\[v1.7.0]

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.