rhysd/actionlint (rhysd/actionlint)
### [`v1.7.1`](https://togithub.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v171---28-May-2024)
[Compare Source](https://togithub.com/rhysd/actionlint/compare/v1.7.0...v1.7.1)
- Support `ubuntu-24.04` runner label, which was [recently introduced as beta](https://github.blog/changelog/2024-05-14-github-hosted-runners-public-beta-of-ubuntu-24-04-is-now-available/). ([#425](https://togithub.com/rhysd/actionlint/issues/425), thanks [@bitcoin-tools](https://togithub.com/bitcoin-tools))
- Remove the support for `macos-10` runner label which was [officially dropped about 2 years ago](https://github.blog/changelog/2022-07-20-github-actions-the-macos-10-15-actions-runner-image-is-being-deprecated-and-will-be-removed-by-8-30-22/).
- Remove the support for `windows-2016` runner label which was [officially dropped about 2 years ago](https://github.blog/changelog/2021-10-19-github-actions-the-windows-2016-runner-image-will-be-removed-from-github-hosted-runners-on-march-15-2022/).
- Document URLs used in help output and links in the playground prefer specific version tag rather than `main` branch. For example,
- Before: https://github.com/rhysd/actionlint/tree/main/docs
- After: https://github.com/rhysd/actionlint/tree/v1.7.1/docs
- Fix actionlint wrongly reports an error when using `ghcr.io` or `docker.io` at `image` field of action metadata file of Docker action without `docker://` scheme. ([#428](https://togithub.com/rhysd/actionlint/issues/428))
```yaml
runs:
using: 'docker'
```
### This should be OK
image: 'ghcr.io/user/repo:latest'
- Fix checking `preactjs/compressed-size-action@v2` usage caused a false positive. ([#422](https://togithub.com/rhysd/actionlint/issues/422))
- Fix an error message when invalid escaping is found in globs.
- The design of the [playground page](https://rhysd.github.io/actionlint/) is overhauled following the upgrade of bulma package to v1.
- Current actionlint version is shown in the heading.
- The color theme is changed to the official dark theme.
- The list of useful links is added to the bottom of the page as 'Resources' section.
[Changes][v1.7.1]
### [`v1.7.0`](https://togithub.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v170---08-May-2024)
[Compare Source](https://togithub.com/rhysd/actionlint/compare/v1.6.27...v1.7.0)
- From this version, actionlint starts to check action metadata file `action.yml` (or `action.yaml`). At this point, only very basic checks are implemented and contents of `steps:` are not checked yet.
- It checks properties under `runs:` section (e.g. `main:` can be specified when it is a JavaScript action), `branding:` properties, and so on.
```yaml
name: 'My action'
author: '...'
```
### ERROR: 'description' section is missing
branding:
### ERROR: Invalid icon name
icon: dog
runs:
### ERROR: Node.js runtime version is too old
using: 'node12'
### ERROR: The source file being run by this action does not exist
main: 'this-file-does-not-exist.js'
### ERROR: 'env' configuration is only allowed for Docker actions
env:
SOME_VAR: SOME_VALUE
```
- actionlint still focuses on checking workflow files. So there is no way to directly specify `action.yml` as an argument of `actionlint` command. actionlint checks all local actions which are used by given workflows. If you want to use actionlint for your action development, prepare a test/example workflow which uses your action, and check it with actionlint instead.
- Checks for `steps:` contents are planned to be implemented. Since several differences are expected between `steps:` in workflow file and `steps:` in action metadata file (e.g. available contexts), the implementation is delayed to later version. And the current implementation of action metadata parser is ad hoc. I'm planning a large refactorying and breaking changes Go API around it are expected.
- Add `runner.environment` property. ([#412](https://togithub.com/rhysd/actionlint/issues/412))
```yaml
- run: echo 'Run by GitHub-hosted runner'
if: runner.environment == 'github-hosted'
```
- Using outdated popular actions is now detected at error. See [the document](https://togithub.com/rhysd/actionlint/blob/main/docs/checks.md#detect-outdated-popular-actions) for more details.
- Here 'outdated' means actions which use runtimes no longer supported by GitHub-hosted runners such as `node12`.
```yaml
```
### ERROR: actions/checkout@v2 is using the outdated runner 'node12'
- uses: actions/checkout@v2
```
- Support `attestations` permission which was [recently added to GitHub Actions as beta](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). ([#418](https://togithub.com/rhysd/actionlint/issues/418), thanks [@bdehamer](https://togithub.com/bdehamer))
```yaml
permissions:
id-token: write
contents: read
attestations: write
```
- Check comparison expressions more strictly. Arbitrary types of operands can be compared as [the official document](https://docs.github.com/en/actions/learn-github-actions/expressions#operators) explains. However, comparisons between some types are actually meaningless because the values are converted to numbers implicitly. actionlint catches such meaningless comparisons as errors. Please see [the check document](https://togithub.com/rhysd/actionlint/blob/main/docs/checks.md#check-comparison-types) for more details.
```yaml
on:
workflow_call:
inputs:
timeout:
type: boolean
jobs:
test:
runs-on: ubuntu-latest
steps:
- run: echo 'called!'
```
### ERROR: Comparing string to object is always evaluated to false
if: ${{ github.event == 'workflow_call' }}
- run: echo 'timeout is too long'
### ERROR: Comparing boolean value with `>` doesn't make sense
if: ${{ inputs.timeout > 60 }}
- Follow the update that `macos-latest` is now an alias to `macos-14` runner.
- Support a custom python shell by `pyflakes` rule.
- Add workaround actionlint reports that `dorny/paths-filter`'s `predicate-quantifier` input is not defined. ([#416](https://togithub.com/rhysd/actionlint/issues/416))
- Fix the type of a conditional expression by comparison operators is wider than expected by implementing type narrowing. ([#384](https://togithub.com/rhysd/actionlint/issues/384))
- For example, the type of following expression should be `number` but it was actually `string | number` and actionlint complained that `timeout-minutes` must take a number value.
```yaml
timeout-minutes: ${{ env.FOO && 10 || 60 }}
```
- Fix `${{ }}` placeholder is not available at `jobs..services`. ([#402](https://togithub.com/rhysd/actionlint/issues/402))
```yaml
jobs:
test:
services: ${{ fromJSON('...') }}
runs-on: ubuntu-latest
steps:
- run: ...
- Do not check outputs of `google-github-actions/get-secretmanager-secrets` because this action sets outputs dynamically. ([#404](https://togithub.com/rhysd/actionlint/issues/404))
- Fix `defaults.run` is ignored on detecting the shell used in `run:`. ([#409](https://togithub.com/rhysd/actionlint/issues/409))
```yaml
defaults:
run:
shell: pwsh
jobs:
test:
runs-on: ubuntu-latest
steps:
```
### This was wrongly detected as bash script
- run: $Env:FOO = "FOO"
- Fix parsing a syntax error reported from pyflakes when checking a Python script in `run:`. ([#411](https://togithub.com/rhysd/actionlint/issues/411))
```yaml
- run: print(
shell: python
- Skip checking `exclude:` items in `matrix:` when they are constructed from `${{ }}` dynamically. ([#414](https://togithub.com/rhysd/actionlint/issues/414))
```yaml
matrix:
foo: ['a', 'b']
exclude:
```
### actionlint complained this value didn't exist in matrix combinations
- foo: ${{ env.EXCLUDE_FOO }}
- Fix checking `exclude:` items when `${{ }}` is used in nested arrays at matrix items.
```yaml
matrix:
foo:
- ["${{ fromJSON('...') }}"]
exclude:
### actionlint complained this value didn't match to any matrix combinations
- foo: ['foo']
- Update popular actions data set. New major versions are added and the following actions are newly added.
- `peaceiris/actions-hugo`
- `actions/attest-build-provenance`
- `actions/add-to-project`
- `octokit/graphql-action`
- Update Go dependencies to the latest.
- Reduce the size of `actionlint` executable by removing redundant data from popular actions data set.
- x86\_64 executable binary size was reduced from 6.9MB to 6.7MB (2.9% smaller).
- Wasm binary size was reduced from 9.4MB to 8.9MB (5.3% smaller).
- Describe how to [integrate actionlint to Pulsar Edit](https://web.pulsar-edit.dev/packages/linter-github-actions) in [the document](https://togithub.com/rhysd/actionlint/blob/main/docs/usage.md#pulsar-edit). ([#408](https://togithub.com/rhysd/actionlint/issues/408), thanks [@mschuchard](https://togithub.com/mschuchard))
- Update outdated action versions in the usage document. ([#413](https://togithub.com/rhysd/actionlint/issues/413), thanks [@naglis](https://togithub.com/naglis))
\[Changes]\[v1.7.0]
### [`v1.6.27`](https://togithub.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v1627---24-Feb-2024)
[Compare Source](https://togithub.com/rhysd/actionlint/compare/v1.6.26...v1.6.27)
- Add macOS 14 runner labels for [Apple Silicon support](https://github.blog/changelog/2024-01-30-github-actions-macos-14-sonoma-is-now-available/). The following labels are added. (thanks [@harryzcy](https://togithub.com/harryzcy), [#392](https://togithub.com/rhysd/actionlint/issues/392))
- `macos-14`
- `macos-14-xlarge`
- `macos-14-large`
- Remove `ubuntu-18.04` runner label from runners list since [it is no longer supported](https://github.blog/changelog/2022-08-09-github-actions-the-ubuntu-18-04-actions-runner-image-is-being-deprecated-and-will-be-removed-by-12-1-22/). ([#363](https://togithub.com/rhysd/actionlint/issues/363))
- Allow glob patterns in `self-hosted-runner.labels` configuration. For example, the following configuration defines any runner labels prefixed with `private-linux-`. (thanks [@kishaningithub](https://togithub.com/kishaningithub), [#378](https://togithub.com/rhysd/actionlint/issues/378))
```yaml
self-hosted-runner:
labels:
- private-linux-*
```
- Fix a race condition bug when `-format` option is used for linting multiple workflow files. Thanks [@ReinAchten-TomTom](https://togithub.com/ReinAchten-TomTom) for your help on the investigation. ([#370](https://togithub.com/rhysd/actionlint/issues/370))
- Fix a race condition due to conflicts between some goroutine which starts to run shellcheck process and other goroutine which starts to wait until all processes finish.
- The popular actions data set was updated to the latest and the following actions were newly added. (thanks [@jmarshall](https://togithub.com/jmarshall), [#380](https://togithub.com/rhysd/actionlint/issues/380))
- `google-github-actions/auth`
- `google-github-actions/get-secretmanager-secrets`
- `google-github-actions/setup-gcloud`
- `google-github-actions/upload-cloud-storage`
- `pulumi/actions`
- `pypa/gh-action-pypi-publish`
- Add support for larger runner labels. The following labels are added. (thanks [@therealdwright](https://togithub.com/therealdwright), [#371](https://togithub.com/rhysd/actionlint/issues/371))
- `windows-latest-8-cores`
- `ubuntu-latest-4-cores`
- `ubuntu-latest-8-cores`
- `ubuntu-latest-16-cores`
- The following WebHook types are supported for `pull_request` event.
- `enqueued`
- `dequeued`
- `milestoned`
- `demilestoned`
- Explain how to control shellckeck behavior in the [shellcheck rule document](https://togithub.com/rhysd/actionlint/blob/main/docs/checks.md#check-shellcheck-integ). Use `SHELLCHECK_OPTS` environment variable to pass arguments to shellcheck. See [the shellcheck's official document](https://togithub.com/koalaman/shellcheck/wiki/Integration#environment-variables) for more details.
```
```
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
1.6.26->1.7.1Release Notes
rhysd/actionlint (rhysd/actionlint)
### [`v1.7.1`](https://togithub.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v171---28-May-2024) [Compare Source](https://togithub.com/rhysd/actionlint/compare/v1.7.0...v1.7.1) - Support `ubuntu-24.04` runner label, which was [recently introduced as beta](https://github.blog/changelog/2024-05-14-github-hosted-runners-public-beta-of-ubuntu-24-04-is-now-available/). ([#425](https://togithub.com/rhysd/actionlint/issues/425), thanks [@bitcoin-tools](https://togithub.com/bitcoin-tools)) - Remove the support for `macos-10` runner label which was [officially dropped about 2 years ago](https://github.blog/changelog/2022-07-20-github-actions-the-macos-10-15-actions-runner-image-is-being-deprecated-and-will-be-removed-by-8-30-22/). - Remove the support for `windows-2016` runner label which was [officially dropped about 2 years ago](https://github.blog/changelog/2021-10-19-github-actions-the-windows-2016-runner-image-will-be-removed-from-github-hosted-runners-on-march-15-2022/). - Document URLs used in help output and links in the playground prefer specific version tag rather than `main` branch. For example, - Before: https://github.com/rhysd/actionlint/tree/main/docs - After: https://github.com/rhysd/actionlint/tree/v1.7.1/docs - Fix actionlint wrongly reports an error when using `ghcr.io` or `docker.io` at `image` field of action metadata file of Docker action without `docker://` scheme. ([#428](https://togithub.com/rhysd/actionlint/issues/428)) ```yaml runs: using: 'docker' ``` ### This should be OK image: 'ghcr.io/user/repo:latest' - Fix checking `preactjs/compressed-size-action@v2` usage caused a false positive. ([#422](https://togithub.com/rhysd/actionlint/issues/422)) - Fix an error message when invalid escaping is found in globs. - The design of the [playground page](https://rhysd.github.io/actionlint/) is overhauled following the upgrade of bulma package to v1. - Current actionlint version is shown in the heading. - The color theme is changed to the official dark theme. - The list of useful links is added to the bottom of the page as 'Resources' section. [Changes][v1.7.1] ### [`v1.7.0`](https://togithub.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v170---08-May-2024) [Compare Source](https://togithub.com/rhysd/actionlint/compare/v1.6.27...v1.7.0) - From this version, actionlint starts to check action metadata file `action.yml` (or `action.yaml`). At this point, only very basic checks are implemented and contents of `steps:` are not checked yet. - It checks properties under `runs:` section (e.g. `main:` can be specified when it is a JavaScript action), `branding:` properties, and so on. ```yaml name: 'My action' author: '...' ``` ### ERROR: 'description' section is missing branding: ### ERROR: Invalid icon name icon: dog runs: ### ERROR: Node.js runtime version is too old using: 'node12' ### ERROR: The source file being run by this action does not exist main: 'this-file-does-not-exist.js' ### ERROR: 'env' configuration is only allowed for Docker actions env: SOME_VAR: SOME_VALUE ``` - actionlint still focuses on checking workflow files. So there is no way to directly specify `action.yml` as an argument of `actionlint` command. actionlint checks all local actions which are used by given workflows. If you want to use actionlint for your action development, prepare a test/example workflow which uses your action, and check it with actionlint instead. - Checks for `steps:` contents are planned to be implemented. Since several differences are expected between `steps:` in workflow file and `steps:` in action metadata file (e.g. available contexts), the implementation is delayed to later version. And the current implementation of action metadata parser is ad hoc. I'm planning a large refactorying and breaking changes Go API around it are expected. - Add `runner.environment` property. ([#412](https://togithub.com/rhysd/actionlint/issues/412)) ```yaml - run: echo 'Run by GitHub-hosted runner' if: runner.environment == 'github-hosted' ``` - Using outdated popular actions is now detected at error. See [the document](https://togithub.com/rhysd/actionlint/blob/main/docs/checks.md#detect-outdated-popular-actions) for more details. - Here 'outdated' means actions which use runtimes no longer supported by GitHub-hosted runners such as `node12`. ```yaml ``` ### ERROR: actions/checkout@v2 is using the outdated runner 'node12' - uses: actions/checkout@v2 ``` - Support `attestations` permission which was [recently added to GitHub Actions as beta](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). ([#418](https://togithub.com/rhysd/actionlint/issues/418), thanks [@bdehamer](https://togithub.com/bdehamer)) ```yaml permissions: id-token: write contents: read attestations: write ``` - Check comparison expressions more strictly. Arbitrary types of operands can be compared as [the official document](https://docs.github.com/en/actions/learn-github-actions/expressions#operators) explains. However, comparisons between some types are actually meaningless because the values are converted to numbers implicitly. actionlint catches such meaningless comparisons as errors. Please see [the check document](https://togithub.com/rhysd/actionlint/blob/main/docs/checks.md#check-comparison-types) for more details. ```yaml on: workflow_call: inputs: timeout: type: boolean jobs: test: runs-on: ubuntu-latest steps: - run: echo 'called!' ``` ### ERROR: Comparing string to object is always evaluated to false if: ${{ github.event == 'workflow_call' }} - run: echo 'timeout is too long' ### ERROR: Comparing boolean value with `>` doesn't make sense if: ${{ inputs.timeout > 60 }} - Follow the update that `macos-latest` is now an alias to `macos-14` runner. - Support a custom python shell by `pyflakes` rule. - Add workaround actionlint reports that `dorny/paths-filter`'s `predicate-quantifier` input is not defined. ([#416](https://togithub.com/rhysd/actionlint/issues/416)) - Fix the type of a conditional expression by comparison operators is wider than expected by implementing type narrowing. ([#384](https://togithub.com/rhysd/actionlint/issues/384)) - For example, the type of following expression should be `number` but it was actually `string | number` and actionlint complained that `timeout-minutes` must take a number value. ```yaml timeout-minutes: ${{ env.FOO && 10 || 60 }} ``` - Fix `${{ }}` placeholder is not available at `jobs.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.