search

csvalpha / sofia

S.O.F.I.A. - Streepsysteem der C.S.V. Alpha
https://streep.csvalpha.nl
MIT License
5 stars 2 forks source link

chore(deps): update dependency rhysd/actionlint to v1.7.4 #914

Open renovate[bot] opened 9 months ago

renovate[bot] commented 9 months ago

This PR contains the following updates:

Package Update Change
rhysd/actionlint minor 1.6.26 -> 1.7.4

Release Notes

rhysd/actionlint (rhysd/actionlint) ### [`v1.7.4`](https://redirect.github.com/rhysd/actionlint/releases/tag/v1.7.4) [Compare Source](https://redirect.github.com/rhysd/actionlint/compare/v1.7.3...v1.7.4) - Disallow using popular actions which run on `node16` runner. The `node16` runner [will reach the end of life on November 12](https://github.blog/changelog/2024-09-25-end-of-life-for-actions-node16/). - In case of the error, please update your actions to the latest version so that they run on the latest `node20` runner. - If you're using self-hosted runner and you cannot upgrade your runner to `node20` soon, please consider to ignore the error by the `paths` configuration described below. - Provide the configuration for ignoring errors by regular expressions in `actionlint.yml` (or `actionlint.yaml`). Please see the [document](https://redirect.github.com/rhysd/actionlint/blob/v1.7.4/docs/config.md) for more details. ([#​217](https://redirect.github.com/rhysd/actionlint/issues/217), [#​342](https://redirect.github.com/rhysd/actionlint/issues/342)) - The `paths` in the configuration file is a mapping from the file path glob pattern to the corresponding configuration. The `ignore` configuration is a list of regular expressions to match error messages (similar to the `-ignore` command line option). ```yaml paths: ``` ### This pattern matches any YAML file under the '.github/workflows/' directory. .github/workflows/**/*.yaml ignore: ### Ignore the specific error from shellcheck - 'shellcheck reported issue in this script: SC2086:.+' ### This pattern only matches '.github/workflows/release.yaml' file. .github/workflows/self-hosted.yaml ignore: ### Ignore errors from the old runner check. This may be useful for (outdated) self-hosted runner environment. - 'the runner of ".+" action is too old to run on GitHub Actions' ``` - This configuration was not implemented initially because I wanted to keep the configuration as minimal as possible. However, due to several requests for it, the configuration has now been added. - Untrusted inputs check is safely skipped inside specific function calls. ([#​459](https://redirect.github.com/rhysd/actionlint/issues/459), thanks [@​IlyaGulya](https://redirect.github.com/IlyaGulya)) - For example, the following step contains the untrusted input `github.head_ref`, but it is safe because it's passed to the `contains()` argument. ```yaml - run: echo "is_release_branch=${{ contains(github.head_ref, 'release') }}" >> "$GITHUB_OUTPUT" ``` - For more details, please read the [rule document](https://redirect.github.com/rhysd/actionlint/blob/v1.7.4/docs/checks.md#untrusted-inputs). - Recognize `gcr.io` and `gcr.dev` as the correct container registry hosts. ([#​463](https://redirect.github.com/rhysd/actionlint/issues/463), thanks [@​takaidohigasi](https://redirect.github.com/takaidohigasi)) - Note that it is recommended explicitly specifying the scheme like `docker://gcr.io/...`. - Remove `macos-x.0` runner labels which are no longer available. ([#​452](https://redirect.github.com/rhysd/actionlint/issues/452)) - Disable shellcheck [`SC2043`](https://www.shellcheck.net/wiki/SC2043) rule because it can cause false positives on checking `run:`. ([#​355](https://redirect.github.com/rhysd/actionlint/issues/355)) - The [rule document](https://redirect.github.com/rhysd/actionlint/blob/v1.7.4/docs/checks.md#check-shellcheck-integ) was updated as well. ([#​466](https://redirect.github.com/rhysd/actionlint/issues/466), thanks [@​risu729](https://redirect.github.com/risu729)) - Fix the error message when detecting cycles in `needs` dependencies was not deterministic. - Fix the check for `format()` function was not applied when the function name contains upper case like `Format()`. Note that function names in `${{ }}` placeholders are case-insensitive. - Update the popular actions data set to the latest. - This includes the [new `ref` and `commit` outputs](https://redirect.github.com/actions/checkout/pull/1180) of `actions/checkout`. - Add [`actions/cache/save`](https://redirect.github.com/actions/cache/tree/main/save) and [`actions/cache/restore`](https://redirect.github.com/actions/cache/tree/main/restore) to the popular actions data set. - Links in the [README.md](https://redirect.github.com/rhysd/actionlint/blob/main/README.md) now point to the document of the latest version tag instead of HEAD of `main` branch. - Add [`Linter.LintStdin`](https://pkg.go.dev/github.com/rhysd/actionlint#Linter.LintStdin) method dedicated to linting STDIN instead of handling STDIN in `Command`. - (Dev) Add new [`check-checks` script](https://redirect.github.com/rhysd/actionlint/tree/main/scripts/check-checks) to maintain the ['Checks' document](https://redirect.github.com/rhysd/actionlint/blob/main/docs/checks.md). It automatically updates the outputs and playground links for example inputs in the document. It also checks the document is up-to-date on CI. Please read the [document](https://redirect.github.com/rhysd/actionlint/blob/main/scripts/check-checks/README.md) for more details. ### [`v1.7.3`](https://redirect.github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v173---2024-09-29) [Compare Source](https://redirect.github.com/rhysd/actionlint/compare/v1.7.2...v1.7.3) - Remove `macos-11` runner labels because [macOS 11 runner was dropped on 6/28/2024](https://github.blog/changelog/2024-05-20-actions-upcoming-changes-to-github-hosted-macos-runners/#macos-11-deprecation-and-removal). ([#​451](https://redirect.github.com/rhysd/actionlint/issues/451), thanks [@​muzimuzhi](https://redirect.github.com/muzimuzhi)) - Support `macos-15`, `macos-15-large`, and `macos-15-xlarge` runner labels. The macOS 15 runner is not globally available yet, but [they are available in beta](https://redirect.github.com/actions/runner-images?tab=readme-ov-file#available-images). ([#​453](https://redirect.github.com/rhysd/actionlint/issues/453), thanks [@​muzimuzhi](https://redirect.github.com/muzimuzhi)) - Release artifact includes checksums for the released binaries. The file name is `actionlint_{version}_checksums.txt`. ([#​449](https://redirect.github.com/rhysd/actionlint/issues/449)) - For example, the checksums for v1.7.3 can be found [here](https://redirect.github.com/rhysd/actionlint/releases/download/v1.7.3/actionlint\_1.7.3\_checksums.txt). - Fix `download-path` output is missing in `actions/download-artifact@v3` action. ([#​442](https://redirect.github.com/rhysd/actionlint/issues/442)) - Note that the latest version `actions/download-artifact@v4` was not affected by this issue. - Support Go 1.23. [Documentation](https://redirect.github.com/rhysd/actionlint/blob/v1.7.3/docs/checks.md) \[Changes]\[v1.7.3] ### [`v1.7.2`](https://redirect.github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v172---2024-09-23) [Compare Source](https://redirect.github.com/rhysd/actionlint/compare/v1.7.1...v1.7.2) - Fix child processes to run in parallel. - Update the popular actions data set to the latest. ([#​442](https://redirect.github.com/rhysd/actionlint/issues/442), [#​445](https://redirect.github.com/rhysd/actionlint/issues/445), [#​446](https://redirect.github.com/rhysd/actionlint/issues/446), [#​447](https://redirect.github.com/rhysd/actionlint/issues/447), thanks [@​maikelvdh](https://redirect.github.com/maikelvdh)) - Add support for checking branch filters on [`merge_group` event](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#merge_group). ([#​448](https://redirect.github.com/rhysd/actionlint/issues/448), thanks [@​muzimuzhi](https://redirect.github.com/muzimuzhi)) - [The playground](https://rhysd.github.io/actionlint/) now supports both light and dark modes and automatically applies the system's theme. - Fix releasing a failure on making a new winget package. ([#​438](https://redirect.github.com/rhysd/actionlint/issues/438), thanks [@​vedantmgoyal9](https://redirect.github.com/vedantmgoyal9)) \[Changes]\[v1.7.2] ### [`v1.7.1`](https://redirect.github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v171---2024-05-28) [Compare Source](https://redirect.github.com/rhysd/actionlint/compare/v1.7.0...v1.7.1) - Support `ubuntu-24.04` runner label, which was [recently introduced as beta](https://github.blog/changelog/2024-05-14-github-hosted-runners-public-beta-of-ubuntu-24-04-is-now-available/). ([#​425](https://redirect.github.com/rhysd/actionlint/issues/425), thanks [@​bitcoin-tools](https://redirect.github.com/bitcoin-tools)) - Remove the support for `macos-10` runner label which was [officially dropped about 2 years ago](https://github.blog/changelog/2022-07-20-github-actions-the-macos-10-15-actions-runner-image-is-being-deprecated-and-will-be-removed-by-8-30-22/). - Remove the support for `windows-2016` runner label which was [officially dropped about 2 years ago](https://github.blog/changelog/2021-10-19-github-actions-the-windows-2016-runner-image-will-be-removed-from-github-hosted-runners-on-march-15-2022/). - Document URLs used in help output and links in the playground prefer specific version tag rather than `main` branch. For example, - Before: https://github.com/rhysd/actionlint/tree/main/docs - After: https://github.com/rhysd/actionlint/tree/v1.7.1/docs - Fix actionlint wrongly reports an error when using `ghcr.io` or `docker.io` at `image` field of action metadata file of Docker action without `docker://` scheme. ([#​428](https://redirect.github.com/rhysd/actionlint/issues/428)) ```yaml runs: using: 'docker' ``` ### This should be OK image: 'ghcr.io/user/repo:latest' - Fix checking `preactjs/compressed-size-action@v2` usage caused a false positive. ([#​422](https://redirect.github.com/rhysd/actionlint/issues/422)) - Fix an error message when invalid escaping is found in globs. - The design of the [playground page](https://rhysd.github.io/actionlint/) is overhauled following the upgrade of bulma package to v1. - Current actionlint version is shown in the heading. - The color theme is changed to the official dark theme. - The list of useful links is added to the bottom of the page as 'Resources' section. [Changes][v1.7.1] ### [`v1.7.0`](https://redirect.github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v170---2024-05-08) [Compare Source](https://redirect.github.com/rhysd/actionlint/compare/v1.6.27...v1.7.0) - From this version, actionlint starts to check action metadata file `action.yml` (or `action.yaml`). At this point, only very basic checks are implemented and contents of `steps:` are not checked yet. - It checks properties under `runs:` section (e.g. `main:` can be specified when it is a JavaScript action), `branding:` properties, and so on. ```yaml name: 'My action' author: '...' ``` ### ERROR: 'description' section is missing branding: ### ERROR: Invalid icon name icon: dog runs: ### ERROR: Node.js runtime version is too old using: 'node12' ### ERROR: The source file being run by this action does not exist main: 'this-file-does-not-exist.js' ### ERROR: 'env' configuration is only allowed for Docker actions env: SOME_VAR: SOME_VALUE ``` - actionlint still focuses on checking workflow files. So there is no way to directly specify `action.yml` as an argument of `actionlint` command. actionlint checks all local actions which are used by given workflows. If you want to use actionlint for your action development, prepare a test/example workflow which uses your action, and check it with actionlint instead. - Checks for `steps:` contents are planned to be implemented. Since several differences are expected between `steps:` in workflow file and `steps:` in action metadata file (e.g. available contexts), the implementation is delayed to later version. And the current implementation of action metadata parser is ad hoc. I'm planning a large refactorying and breaking changes Go API around it are expected. - Add `runner.environment` property. ([#​412](https://redirect.github.com/rhysd/actionlint/issues/412)) ```yaml - run: echo 'Run by GitHub-hosted runner' if: runner.environment == 'github-hosted' ``` - Using outdated popular actions is now detected at error. See [the document](https://redirect.github.com/rhysd/actionlint/blob/main/docs/checks.md#detect-outdated-popular-actions) for more details. - Here 'outdated' means actions which use runtimes no longer supported by GitHub-hosted runners such as `node12`. ```yaml ``` ### ERROR: actions/checkout@v2 is using the outdated runner 'node12' - uses: actions/checkout@v2 ``` - Support `attestations` permission which was [recently added to GitHub Actions as beta](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). ([#​418](https://redirect.github.com/rhysd/actionlint/issues/418), thanks [@​bdehamer](https://redirect.github.com/bdehamer)) ```yaml permissions: id-token: write contents: read attestations: write ``` - Check comparison expressions more strictly. Arbitrary types of operands can be compared as [the official document](https://docs.github.com/en/actions/learn-github-actions/expressions#operators) explains. However, comparisons between some types are actually meaningless because the values are converted to numbers implicitly. actionlint catches such meaningless comparisons as errors. Please see [the check document](https://redirect.github.com/rhysd/actionlint/blob/main/docs/checks.md#check-comparison-types) for more details. ```yaml on: workflow_call: inputs: timeout: type: boolean jobs: test: runs-on: ubuntu-latest steps: - run: echo 'called!' ``` ### ERROR: Comparing string to object is always evaluated to false if: ${{ github.event == 'workflow_call' }} - run: echo 'timeout is too long' ### ERROR: Comparing boolean value with `>` doesn't make sense if: ${{ inputs.timeout > 60 }} - Follow the update that `macos-latest` is now an alias to `macos-14` runner. - Support a custom python shell by `pyflakes` rule. - Add workaround actionlint reports that `dorny/paths-filter`'s `predicate-quantifier` input is not defined. ([#​416](https://redirect.github.com/rhysd/actionlint/issues/416)) - Fix the type of a conditional expression by comparison operators is wider than expected by implementing type narrowing. ([#​384](https://redirect.github.com/rhysd/actionlint/issues/384)) - For example, the type of following expression should be `number` but it was actually `string | number` and actionlint complained that `timeout-minutes` must take a number value. ```yaml timeout-minutes: ${{ env.FOO && 10 || 60 }} ``` - Fix `${{ }}` placeholder is not available at `jobs..services`. ([#​402](https://redirect.github.com/rhysd/actionlint/issues/402)) ```yaml jobs: test: services: ${{ fromJSON('...') }} runs-on: ubuntu-latest steps: - run: ... - Do not check outputs of `google-github-actions/get-secretmanager-secrets` because this action sets outputs dynamically. ([#​404](https://redirect.github.com/rhysd/actionlint/issues/404)) - Fix `defaults.run` is ignored on detecting the shell used in `run:`. ([#​409](https://redirect.github.com/rhysd/actionlint/issues/409)) ```yaml defaults: run: shell: pwsh jobs: test: runs-on: ubuntu-latest steps: ``` ### This was wrongly detected as bash script - run: $Env:FOO = "FOO" - Fix parsing a syntax error reported from pyflakes when checking a Python script in `run:`. ([#​411](https://redirect.github.com/rhysd/actionlint/issues/411)) ```yaml - run: print( shell: python - Skip checking `exclude:` items in `matrix:` when they are constructed from `${{ }}` dynamically. ([#​414](https://redirect.github.com/rhysd/actionlint/issues/414)) ```yaml matrix: foo: ['a', 'b'] exclude: ``` ### actionlint complained this value didn't exist in matrix combinations - foo: ${{ env.EXCLUDE_FOO }} - Fix checking `exclude:` items when `${{ }}` is used in nested arrays at matrix items. ```yaml matrix: foo: - ["${{ fromJSON('...') }}"] exclude: ### actionlint complained this value didn't match to any matrix combinations - foo: ['foo'] - Update popular actions data set. New major versions are added and the following actions are newly added. - `peaceiris/actions-hugo` - `actions/attest-build-provenance` - `actions/add-to-project` - `octokit/graphql-action` - Update Go dependencies to the latest. - Reduce the size of `actionlint` executable by removing redundant data from popular actions data set. - x86\_64 executable binary size was reduced from 6.9MB to 6.7MB (2.9% smaller). - Wasm binary size was reduced from 9.4MB to 8.9MB (5.3% smaller). - Describe how to [integrate actionlint to Pulsar Edit](https://web.pulsar-edit.dev/packages/linter-github-actions) in [the document](https://redirect.github.com/rhysd/actionlint/blob/main/docs/usage.md#pulsar-edit). ([#​408](https://redirect.github.com/rhysd/actionlint/issues/408), thanks [@​mschuchard](https://redirect.github.com/mschuchard)) - Update outdated action versions in the usage document. ([#​413](https://redirect.github.com/rhysd/actionlint/issues/413), thanks [@​naglis](https://redirect.github.com/naglis)) \[Changes]\[v1.7.0] ### [`v1.6.27`](https://redirect.github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v1627---2024-02-24) [Compare Source](https://redirect.github.com/rhysd/actionlint/compare/v1.6.26...v1.6.27) - Add macOS 14 runner labels for [Apple Silicon support](https://github.blog/changelog/2024-01-30-github-actions-macos-14-sonoma-is-now-available/). The following labels are added. (thanks [@​harryzcy](https://redirect.github.com/harryzcy), [#​392](https://redirect.github.com/rhysd/actionlint/issues/392)) - `macos-14` - `macos-14-xlarge` - `macos-14-large` - Remove `ubuntu-18.04` runner label from runners list since [it is no longer supported](https://github.blog/changelog/2022-08-09-github-actions-the-ubuntu-18-04-actions-runner-image-is-being-deprecated-and-will-be-removed-by-12-1-22/). ([#​363](https://redirect.github.com/rhysd/actionlint/issues/363)) - Allow glob patterns in `self-hosted-runner.labels` configuration. For example, the following configuration defines any runner labels prefixed with `private-linux-`. (thanks [@​kishaningithub](https://redirect.github.com/kishaningithub), [#​378](https://redirect.github.com/rhysd/actionlint/issues/378)) ```yaml self-hosted-runner: labels: - private-linux-* ``` - Fix a race condition bug when `-format` option is used for linting multiple workflow files. Thanks [@​ReinAchten-TomTom](https://redirect.github.com/ReinAchten-TomTom) for your help on the investigation. ([#​370](https://redirect.github.com/rhysd/actionlint/issues/370)) - Fix a race condition due to conflicts between some goroutine which starts to run shellcheck process and other goroutine which starts to wait until all processes finish. - The popular actions data set was updated to the latest and the following actions were newly added. (thanks [@​jmarshall](https://redirect.github.com/jmarshall), [#​380](https://redirect.github.com/rhysd/actionlint/issues/380)) - `google-github-actions/auth` - `google-github-actions/get-secretmanager-secrets` - `google-github-actions/setup-gcloud` - `google-github-actions/upload-cloud-storage` - `pulumi/actions` - `pypa/gh-action-pypi-publish` - Add support for larger runner labels. The following labels are added. (thanks [@​therealdwright](https://redirect.github.com/therealdwright), [#​371](https://redirect.github.com/rhysd/actionlint/issues/371)) - `windows-latest-8-cores` - `ubuntu-latest-4-cores` - `ubuntu-latest-8-cores` - `ubuntu-latest-16-cores` - The following WebHook types are supported for `pull_request` event. - `enqueued` - `dequeued` - `milestoned` - `demilestoned` - Explain how to control shellckeck behavior in the [shellcheck rule document](https://redirect.github.com/rhysd/actionlint/blob/main/docs/checks.md#check-shellcheck-integ). Use `SHELLCHECK_OPTS` environment variable to pass arguments to shellcheck. See [the shellcheck's official document](https://redirect.github.com/koalaman/shellcheck/wiki/Integration#environment-variables) for more details. ``` ```

Configuration

πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.