Releases: rhysd/actionlint
Releases · rhysd/actionlint
v1.6.27
- Add macOS 14 runner labels for Apple Silicon support. The following labels are added. (thanks @harryzcy, #392)
macos-14macos-14-xlargemacos-14-large
- Remove
ubuntu-18.04runner label from runners list since it is no longer supported. (#363) - Allow glob patterns in
self-hosted-runner.labelsconfiguration. For example, the following configuration defines any runner labels prefixed withprivate-linux-. (thanks @kishaningithub, #378)self-hosted-runner: labels: - private-linux-*
- Fix a race condition bug when
-formatoption is used for linting multiple workflow files. Thanks @ReinAchten-TomTom for your help on the investigation. (#370) - Fix a race condition due to conflicts between some goroutine which starts to run shellcheck process and other goroutine which starts to wait until all processes finish.
- The popular actions data set was updated to the latest and the following actions were newly added. (thanks @jmarshall, #380)
google-github-actions/authgoogle-github-actions/get-secretmanager-secretsgoogle-github-actions/setup-gcloudgoogle-github-actions/upload-cloud-storagepulumi/actionspypa/gh-action-pypi-publish
- Add support for larger runner labels. The following labels are added. (thanks @therealdwright, #371)
windows-latest-8-coresubuntu-latest-4-coresubuntu-latest-8-coresubuntu-latest-16-cores
- The following WebHook types are supported for
pull_requestevent.enqueueddequeuedmilestoneddemilestoned
- Explain how to control shellckeck behavior in the shellcheck rule document. Use
SHELLCHECK_OPTSenvironment variable to pass arguments to shellcheck. See the shellcheck's official document for more details.# Enable some optional rules SHELLCHECK_OPTS='--enable=avoid-nullary-conditions' actionlint # Disable some rules SHELLCHECK_OPTS='--exclude=SC2129' actionlint - Explicitly specify
docker.iohost name in pre-commit hook. (thanks @gotmax23, #382) - Explain how to report issues and send patches in CONTRIBUTING.md.
- Fix the link to super-linter project. (thanks @zkoppert, #376)
- Add the instruction to install actionlint via the Arch Linux's official repository. (thanks @sorairolake, #381)
- Prefer fixed revisions in the pre-commit usage. (thanks @corneliusroemer, #354)
- Add instructions to use actionlint with Emacs. (thanks @tirimia, #341)
- Add instructions to use actionlint with Vim and Neovim text editors.
- Add
actionlint.RuleBase.Configmethod to get the actionlint configuration passed to rules. (thanks @hugo-syn, #387) - Add
actionlint.ContainsExpressionfunction to check if the given string contains${{ }}placeholders or not. (thanks @hugo-syn, #388) - Support Go 1.22 and set the minimum supported Go version to 1.18 for
x/syspackage. - Update Go dependencies to the latest.
Contributors
jmarshall, kishaningithub, and 9 other contributors
Assets 14
v1.6.26
- Several template fields and template actions were added. All fields and actions are listed in the document. Please read it for more details. (#311)
- By these additions, now actionlint can output the result in the SARIF format. SARIF is a format for the output of static analysis tools used by GitHub CodeQL. the example Go template to format actionlint output in SARIF.
actionlint -format "$(cat /path/to/sarif_template.txt)" > output.json
allKindsreturns the kinds (lint rules) information as an array. You can include what lint rules are defined in the command output.toPascalCaseconverts snake case (foo_bar) or kebab case (foo-bar) into pascal case (FooBar).
- By these additions, now actionlint can output the result in the SARIF format. SARIF is a format for the output of static analysis tools used by GitHub CodeQL. the example Go template to format actionlint output in SARIF.
- Report an error when the condition at
if:is always evaluated to true. See the check document to know more details. (#272)# ERROR: All the following `if:` conditions are always evaluated to true - run: echo 'Commit is pushed' if: | ${{ github.event_name == 'push' }} - run: echo 'Commit is pushed' if: "${{ github.event_name == 'push' }} " - run: echo 'Commit is pushed to main' if: ${{ github.event_name == 'push' }} && ${{ github.ref_name == 'main' }}
- Fix actionlint didn't understand
${{ }}placeholders in environment variable names. (#312)env: "${{ steps.x.outputs.value }}": "..."
- Fix type of matrix row when some expression is assigned to it with
${{ }}(#285)strategy: matrix: test: # Matrix rows are assigned from JSON string - ${{ fromJson(inputs.matrix) }} steps: - run: echo ${{ matrix.test.foo.bar }}
- Fix checking
excludeof matrix was incorrect when some matrix row is dynamically constructed with${{ }}. (#261)strategy: matrix: build-type: - debug - ${{ fromJson(inputs.custom-build-type) }} exclude: # 'release' is not listed in 'build-type' row, but it should not be reported as error # since the second row of 'build-type' is dynamically constructed with ${{ }}. - build-type: release
- Fix checking
excludeof matrix was incorrect when object is nested at row of the matrix. (#249)matrix: os: - name: Ubuntu matrix: ubuntu - name: Windows matrix: windows arch: - name: ARM matrix: arm - name: Intel matrix: intel exclude: # This should exclude { os: { name: Windows, matrix: windows }, arch: {name: ARM, matrix: arm } } - os: matrix: windows arch: matrix: arm
- Fix data race when
actionlint.ymlconfig file is used by multiple goroutines to check multiple workflow files. (#333) - Check keys' case sensitivity. (#302)
steps: # ERROR: 'run:' is correct - ruN: echo "hello"
- Add
numberas input type ofworkflow_dispatchevent. (#316) - Check max number of inputs of
workflow_dispatchevent is 10. - Check numbers at
timeout-minutesandmax-parallelare greater than zero. - Add Go APIs to define a custom rule. Please read the code example to know the usage.
- Make some
RuleBasemethods public which are useful to implement your own custom rule type. (thanks @hugo-syn, #327, #331) OnRulesCreatedfield is added toLinterOptionsstruct. You can modify applied rules with the hook (add your own rule, remove some rule, ...).
- Make some
- Add
NewProject()Go API to create aProjectinstance. - Fix tests failed when sources are downloaded from
.tar.gzlink. (#307) - Improve the pre-commit document to explain all pre-commit hooks by this repository.
- Clarify the regular expression syntax of
-ignoreoption is RE2. (#320) - Use ubuntu-latest runner to create winget release. (thanks @sitiom, #308)
- Update popular actions data set, available contexts, webhook types to the latest.
- Fix typo in
watchwebhook's types (thanks @suzuki-shunsuke, #334) - Add
secret_sourceproperty togithubcontext. (thanks @asml-mdroogle, #339) - Many new major releases are added to the popular actions data set (including
actions/checkout@v4).
- Fix typo in
- Use Go 1.21 to build release binaries.
- Update Go dependencies to the latest. (thanks @harryzcy, #322)
Contributors
suzuki-shunsuke, harryzcy, and 3 other contributors
Assets 14
v1.6.25
- Parse new syntax at
runs-on:. Nowruns-on:can havegroup:andlabels:configurations. Please read the official document for more details. (#280)runs-on: group: ubuntu-runners labels: ubuntu-20.04-16core
- Add support for macOS XL runners.
macos-latest-xl,macos-13-xl,macos-12-xllabels are available atruns-on:. (#299, thanks @woa7) - Find Git project directory from
-stdin-filenamecommand line argument. Even if the workflow content is passed via stdin, actionlint can recognize reusable workflows depended by the workflow using file path passed at-stdin-filenameargument. (#283) - Fix order of errors is not deterministic when multiple errors happen at the same location (file name, line number, column number). It happens only when building actionlint with Go 1.20 or later.
- Fix type name of
watchwebhook. - Fix type of matrix row (property of
matrixcontext) when${{ }}is used in the row value. (#294) - Fix
go install ./...doesn't work. (#297) - Update
actionlintpre-commit hook to use Go toolchain. Now pre-commit automatically installsactionlintcommand so you don't need to install it manually. Note that this hook requires pre-commit v3.0.0 or later. For those who don't have Go toolchain, the previous hook is maintained asactionlint-systemhook. Please read the document to know the usage details. (#301, thanks @Freed-Wu and @dokempf) - Update Go dependencies to the latest.
- Update npm dependencies for playground to the latest and fix optimizing Wasm binary with
wasm-opt. - Update popular actions data set. New major versions and new inputs of many popular actions are now supported like
sparse-checkoutinput ofactions/checkoutaction. (#305) - Fix outdated document for Problem Matchers. (#289, thanks @carlcsaposs-canonical)
- Fix outdated links in document for super-linter. (#303, thanks @gmacario)
- Automate releasing the Winget package with GitHub Actions. (#276, #293, thanks @sitiom)
Contributors
gmacario, dokempf, and 4 other contributors
Assets 14
v1.6.24
- Add support for configuration variables. However actionlint doesn't know what variables are defined in the repository on GitHub. To notify them, you need to configure your variables in your repository.
config-variables: - DEFAULT_RUNNER - DEFAULT_TIMEOUT
- Fix type error when
inputscontext is shared by multiple events. (#263) - Add document for how to install actionlint with winget. (#267, thanks @sitiom)
- Add document for how to integrate actionlint to trunk.io. (#269, thanks @dapirian)
- Add document for how to install actionlint with Nix package manager. (#273, thanks @diohabara)
- Update popular actions data set to the latest
- Add support for Go 1.20 and build release binaries with Go 1.20
Contributors
dapirian, diohabara, and sitiom
Assets 14
v1.6.23
- Fix using
varscontext causes 'undefined context' error. This context is for 'Variables' feature which was recently added to GitHub Actions. (#260)- name: Use variables run: | echo "repository variable : ${{ vars.REPOSITORY_VAR }}" echo "organization variable : ${{ vars.ORGANIZATION_VAR }}" echo "overridden variable : ${{ vars.OVERRIDE_VAR }}" echo "variable from shell environment : $env_var"
- Fix 'no property' error on accessing some
githubcontext's properties which were added recently. (#259) - Update popular actions data set and add some new actions to it
- Playground is improved by making the right pane sticky. It is useful when many errors are reported. (#253, thanks @ericcornelissen)
- Update Go modules dependencies and playground dependencies
Contributors
ericcornelissen
Assets 14
v1.6.22
- Detect deprecated workflow commands such as
set-outputorsave-stateand suggest the alternative. See the document for more details. (#234)# ERROR: This format of 'set-output' workflow command was deprecated - run: echo '::set-output name=foo::bar'
- Fix that
${{ }}expression aton.workflow_call.inputs.<id>.defaultcaused an error. (#235)on: workflow_call: inputs: project: type: string # OK: The default value is generated dynamically default: ${{ github.event.repository.name }}
- Improve type of
inputscontext to grow gradually while checking inputs inworkflow_callevent.on: workflow_call: inputs: input1: type: string # ERROR: `input2` is not defined yet default: ${{ inputs.input2 }} input2: type: string # OK: `input1` was already defined above default: ${{ inputs.input1 }}
- Check types of default values of workflow call inputs even if
${{ }}expression is used.on: workflow_call: inputs: input1: type: boolean input2: type: number # ERROR: Boolean value cannot be assigned to number default: ${{ inputs.input1 }}
- Fix the download script is broken since GHE server does not support the new
set-outputformat yet. (#240) - Replace the deprecated
set-outputworkflow command in our own workflows. (#239, thanks @Mrtenz) - Popular actions data set was updated to the latest as usual.
Contributors
Mrtenz
Assets 14
v1.6.21
- Check contexts availability. Some contexts limit where they can be used. For example,
jobs.<job_id>.envworkflow key does not allow accessingenvcontext, butjobs.<job_id>.steps.envallows. See the official document for the complete list of contexts availability. (#180)actionlint reports the context is not available and what contexts are available as follows:... env: TOPLEVEL: ... jobs: test: runs-on: ubuntu-latest env: # ERROR: 'env' context is not available here JOB_LEVEL: ${{ env.TOPLEVEL }} steps: - env: # OK: 'env' context is available here STEP_LEVEL: ${{ env.TOPLEVEL }} ...
test.yaml:11:22: context "env" is not allowed here. available contexts are "github", "inputs", "matrix", "needs", "secrets", "strategy". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression] | 11 | JOB_LEVEL: ${{ env.TOPLEVEL }} | ^~~~~~~~~~~~ - Check special functions availability. Some functions limit where they can be used. For example, status functions like
success()orfailure()are only available in conditions ofif:. See the official document for the complete list of special functions availability. (#214)actionlint reports... steps: # ERROR: 'success()' function is not available here - run: echo 'Success? ${{ success() }}' # OK: 'success()' function is available here if: success()
success()is not available and where the function is available as follows:test.yaml:8:33: calling function "success" is not allowed here. "success" is only available in "jobs.<job_id>.if", "jobs.<job_id>.steps.if". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression] | 8 | - run: echo 'Success? ${{ success() }}' | ^~~~~~~~~ - Fix
inputscontext is not available inrun-name:section. (#223) - Allow dynamic shell configuration like
shell: ${{ env.SHELL }}. - Fix no error is reported when
on:does not exist at toplevel. (#232) - Fix an error position is not correct when the error happens at root node of workflow AST.
- Fix an incorrect empty event is parsed when
on:section is empty. - Fix the error message when parsing an unexpected key on toplevel. (thanks @norwd, #231)
- Add
in_progresstype toworkflow_runwebhook event trigger. - Describe the actionlint extension for Nova.app in the usage document. (thanks @jbergstroem, #222)
- Note Super-Linter uses a different place for configuration file. (thanks @per-oestergaard, #227)
- Add
actions/setup-dotnet@v3to popular actions data set. generate-availabilityscript was created to scrape the information about contexts and special functions availability from the official document. The information can be used throughactionlint.WorkflowKeyAvailability()Go API. This script is run once a week on CI to keep the information up-to-date.
Contributors
jbergstroem, per-oestergaard, and norwd
Assets 14
v1.6.20
- Support
run-namewhich GitHub introduced recently. It is a name of workflow run dynamically configured. See the official document for more details. (#220)on: push run-name: Deploy by @${{ github.actor }} jobs: ...
- Add
end_columnproperty to JSON representation of error. The property indicates a column of the end position of^~~~~~~indicator in snippet. Note thatend_columnis equal tocolumnwhen the indicator cannot be shown. (#219)$ actionlint -format '{{json .}}' test.yaml | jq [ { "message": "property \"unknown_prop\" is not defined in object type {arch: string; debug: string; name: string; os: string; temp: string; tool_cache: string; workspace: string}", "filepath": "test.yaml", "line": 7, "column": 23, "kind": "expression", "snippet": " - run: echo ${{ runner.unknown_prop }}\n ^~~~~~~~~~~~~~~~~~~", "end_column": 41 } ]
- Overhaul the workflow parser to parse workflow keys in case-insensitive. This is a work derived from the fix of #216. Now the parser parses all workflow keys in case-insensitive way correctly. Note that permission names at
permissions:are exceptionally case-sensitive.- This fixes properties of
inputsforworkflow_dispatchwere not case-insensitive. - This fixes inputs and outputs of local actions were not handled in case-insensitive way.
- This fixes properties of
- Update popular actions data set.
actions/stale@v6was newly added.
v1.6.19
- Fix inputs, outputs, and secrets of reusable workflow should be case-insensitive. (#216)
# .github/workflows/reusable.yaml on: workflow_call: inputs: INPUT_UPPER: type: string input_lower: type: string secrets: SECRET_UPPER: secret_lower: ... # .github/workflows/test.yaml ... jobs: caller: uses: ./.github/workflows/reusable.yaml # Inputs and secrets are case-insensitive. So all the followings should be OK with: input_upper: ... INPUT_LOWER: ... secrets: secret_upper: ... SECRET_LOWER: ...
- Describe how to install specific version of
actionlintbinary with the download script. (#218)
v1.6.18
- This release much enhances checks for local reusable workflow calls. Note that these checks are done for local reusable workflows (starting with
./). (#179).- Detect missing required inputs/secrets and undefined inputs/secrets at
jobs.<job_id>.withandjobs.<job_id>.secrets. See the document for more details.# .github/workflows/reusable.yml on: workflow_call: inputs: name: type: string required: true secrets: password: required: true ... # .github/workflows/test.yml ... jobs: missing-required: uses: ./.github/workflows/reusable.yml with: # ERROR: Undefined input "user" user: rhysd # ERROR: Required input "name" is missing secrets: # ERROR: Undefined secret "credentials" credentials: my-token # ERROR: Required secret "password" is missing
- Type check for reusable workflow inputs at
jobs.<job_id>.with. Types are defined aton.workflow_call.inputs.<name>.typein reusable workflow. actionlint checks types of expressions in workflow calls. See the document for more details.# .github/workflows/reusable.yml on: workflow_call: inputs: id: type: number message: type: string ... # .github/workflows/test.yml ... jobs: type-checks: uses: ./.github/workflows/reusable.yml with: # ERROR: Cannot assign string value to number input. format() returns string value id: ${{ format('runner name is {0}', runner.name) }} # ERROR: Cannot assign null to string input. If you want to pass string "null", use ${{ 'null' }} message: null
- Detect local reusable workflow which does not exist at
jobs.<job_id>.uses. See the document for more details.jobs: test: # ERROR: This workflow file does not exist with: ./.github/workflows/does-not-exist.yml
- Check
needs.<job_id>.outputs.<output_id>in downstream jobs of workflow call jobs. The outputs object is now typed strictly based onon.workflow_call.outputs.<name>in the called reusable workflow. See the document for more details.# .github/workflows/get-build-info.yml on: workflow_call: outputs: version: value: ... description: version of software ... # .github/workflows/test.yml ... jobs: # This job's outputs object is typed as {version: string} get_build_info: uses: ./.github/workflows/get-build-info.yml downstream: needs: [get_build_info] runs-on: ubuntu-latest steps: # OK. `version` is defined in the reusable workflow - run: echo '${{ needs.get_build_info.outputs.version }}' # ERROR: `tag` is not defined in the reusable workflow - run: echo '${{ needs.get_build_info.outputs.tag }}'
- Detect missing required inputs/secrets and undefined inputs/secrets at
- Add missing properties in contexts and improve types of some properties looking at the official contexts document.
github.action_statusrunner.debugservices.<service_id>.ports
- Fix
on.workflow_call.inputs.<name>.descriptionandon.workflow_call.secrets.<name>.descriptionwere incorrectly mandatory. They are actually optional. - Report parse errors when parsing
action.ymlin local actions. They were ignored in previous versions. - Sort the order of properties in an object type displayed in error message. In previous versions, actionlint sometimes displayed
{a: true, b: string}, or it displayed{b: string, a: true}for the same object type. This randomness was caused by random iteration of map values in Go. - Update popular actions data set to the latest.