Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency rhysd/actionlint to v1.7.5 #547

Open
wants to merge 1 commit into
base: staging
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 18, 2023

This PR contains the following updates:

Package Update Change
rhysd/actionlint minor 1.6.25 -> 1.7.5

Release Notes

rhysd/actionlint (rhysd/actionlint)

v1.7.5

Compare Source

  • Strictly check available contexts in ${{ }} placeholders following the 'Context availability' table in the official document.
    • For example, jobs.<job>.env allows github context but jobs.<job>.services.<service>.env doesn't allow any contexts. Now actionlint can catch the mistake.
      jobs:
        test:
          runs-on: ubuntu-latest
          env:

OK. github context is available here.

      COMMIT_SHA: ${{ github.sha }}
    services:
      redis:
        image: redis
        env:

ERROR: No context is available here.

          COMMIT_SHA: ${{ github.sha }}
    steps:
      - ...
```
  • Check a string literal passed to fromJSON() call. This pattern is popular to create array or object constants because GitHub Actions does not provide the literal syntax for them. See the document for more details. (#​464)
    jobs:
      test:

ERROR: Key 'mac' does not exist in the object returned by the fromJSON()

  runs-on: ${{ fromJSON('{"win":"windows-latest","linux":"ubuntul-latest"}')['mac'] }}
  steps:
    - run: echo This is a special branch!

ERROR: Broken JSON string passed to fromJSON.

      if: contains(fromJSON('["main","release","dev"'), github.ref_name)
- Allow passing command arguments to `-shellcheck` argument. ([#&#8203;483](https://redirect.github.com/rhysd/actionlint/issues/483), thanks [@&#8203;anuraaga](https://redirect.github.com/anuraaga))
- This is useful when you want to use alternative build of shellcheck like [go-shellcheck](https://redirect.github.com/wasilibs/go-shellcheck/).
  ```sh
  actionlint -shellcheck="go run github.com/wasilibs/go-shellcheck/cmd/shellcheck@latest"
  ```
- Support undocumented `repository_visibility`, `artifact_cache_size_limit`, `step_summary`, `output`, `state` properties in `github` context. ([#&#8203;489](https://redirect.github.com/rhysd/actionlint/issues/489), thanks [@&#8203;rasa](https://redirect.github.com/rasa) for adding `repository_visibility` property)
- Remove `macos-12` runner label from known labels because it was [dropped](https://redirect.github.com/actions/runner-images/issues/10721) from GitHub-hosted runners on Dec. 3 and is no longer available.
- Add `windows-2025` runner label to the known labels. The runner is in [public preview](https://github.blog/changelog/2024-12-19-windows-server-2025-is-now-in-public-preview/). ([#&#8203;491](https://redirect.github.com/rhysd/actionlint/issues/491), thanks [@&#8203;ericcornelissen](https://redirect.github.com/ericcornelissen))
- Add `black` to the list of colors for `branding.color` action metadata. ([#&#8203;485](https://redirect.github.com/rhysd/actionlint/issues/485), thanks [@&#8203;eifinger](https://redirect.github.com/eifinger))
- Add `table` to the list of icons for `branding.icon` action metadata.
- Fix parsing escaped `{` in `format()` function call's first argument.
- Fix the incorrect `join()` function overload. `join(s1: string, s2: string)` was wrongly accepted.
- Update popular actions data set to the latest.
- Add `download-artifact/v3-node20` to the data set. ([#&#8203;468](https://redirect.github.com/rhysd/actionlint/issues/468))
- Fix missing the `reviewdog/action-hadolint@v1` action input. ([#&#8203;487](https://redirect.github.com/rhysd/actionlint/issues/487), thanks [@&#8203;mi-wada](https://redirect.github.com/mi-wada))
- Link to the documents of the stable version in actionlint `man` page and `-help` output.
- Refactor `LintStdin()` API example and some unit tests. ([#&#8203;472](https://redirect.github.com/rhysd/actionlint/issues/472), [#&#8203;475](https://redirect.github.com/rhysd/actionlint/issues/475), thanks [@&#8203;alexandear](https://redirect.github.com/alexandear))
- Improve the configuration example in `actionlint.yaml` document to explain glob patterns for `paths`. ([#&#8203;481](https://redirect.github.com/rhysd/actionlint/issues/481))

[Changes][v1.7.5]

<a id="v1.7.4"></a>

v1.7.4

Compare Source

  • Disallow the usage of popular actions that run on node16 runner. The node16 runner will reach the end of life on November 12.
    • In case of the error, please update your actions to the latest version so that they run on the latest node20 runner.
    • If you're using self-hosted runner and you cannot upgrade your runner to node20 soon, please consider to ignore the error by the paths configuration described below.
  • Provide the configuration for ignoring errors by regular expressions in actionlint.yml (or actionlint.yaml). Please see the document for more details. (#​217, #​342)
    • The paths is a mapping from the file path glob pattern to the corresponding configuration. The ignore configuration is a list of regular expressions to match error messages (similar to the -ignore command line option).
      paths:

This pattern matches any YAML file under the '.github/workflows/' directory.

  .github/workflows/**/*.yaml:
    ignore:

Ignore the specific error from shellcheck

      - 'shellcheck reported issue in this script: SC2086:.+'

This pattern only matches '.github/workflows/release.yaml' file.

  .github/workflows/self-hosted.yaml:
    ignore:

Ignore errors from the old runner check. This may be useful for (outdated) self-hosted runner environment.

      - 'the runner of ".+" action is too old to run on GitHub Actions'
```
  • This configuration was not implemented initially because I wanted to keep the configuration as minimal as possible. However, due to several requests for it, the configuration has now been added.
  • Untrusted inputs check is safely skipped inside specific function calls. (#​459, thanks @​IlyaGulya)
    • For example, the following step contains the untrusted input github.head_ref, but it is safe because it's passed to the contains() argument.
      - run: echo "is_release_branch=${{ contains(github.head_ref, 'release') }}" >> "$GITHUB_OUTPUT"
    • For more details, please read the rule document.
  • Recognize gcr.io and gcr.dev as the correct container registry hosts. (#​463, thanks @​takaidohigasi)
    • Note that it is recommended explicitly specifying the scheme like docker://gcr.io/....
  • Remove macos-x.0 runner labels which are no longer available. (#​452)
  • Disable shellcheck SC2043 rule because it can cause false positives on checking run:. (#​355)
  • Fix the error message was not deterministic when detecting cycles in needs dependencies.
  • Fix the check for format() function was not applied when the function name contains upper case like Format(). Note that function names in ${{ }} placeholders are case-insensitive.
  • Update the popular actions data set to the latest.
  • Add actions/cache/save and actions/cache/restore to the popular actions data set.
  • Links in the README.md now point to the document of the latest version tag instead of HEAD of main branch.
  • Add Linter.LintStdin method dedicated to linting STDIN instead of handling STDIN in Command.
  • (Dev) Add new check-checks script to maintain the 'Checks' document. It automatically updates the outputs and playground links for example inputs in the document. It also checks the document is up-to-date on CI. Please read the document for more details.

Documentation

[Changes][v1.7.4]

v1.7.3

Compare Source

  • Remove macos-11 runner labels because macOS 11 runner was dropped on 6/28/2024. (#​451, thanks @​muzimuzhi)
  • Support macos-15, macos-15-large, and macos-15-xlarge runner labels. The macOS 15 runner is not globally available yet, but they are available in beta. (#​453, thanks @​muzimuzhi)
  • Release artifact includes checksums for the released binaries. The file name is actionlint_{version}_checksums.txt. (#​449)
    • For example, the checksums for v1.7.3 can be found here.
  • Fix download-path output is missing in actions/download-artifact@v3 action. (#​442)
    • Note that the latest version actions/download-artifact@v4 was not affected by this issue.
  • Support Go 1.23.

Documentation

[Changes][v1.7.3]

v1.7.2

Compare Source

[Changes][v1.7.2]

v1.7.1

Compare Source

This should be OK

image: 'ghcr.io/user/repo:latest'
- Fix checking `preactjs/compressed-size-action@v2` usage caused a false positive. ([#&#8203;422](https://redirect.github.com/rhysd/actionlint/issues/422))
- Fix an error message when invalid escaping is found in globs.
- The design of the [playground page](https://rhysd.github.io/actionlint/) is overhauled following the upgrade of bulma package to v1.
- Current actionlint version is shown in the heading.
- The color theme is changed to the official dark theme.
- The list of useful links is added to the bottom of the page as 'Resources' section.

[Changes][v1.7.1]

<a id="v1.7.0"></a>

v1.7.0

Compare Source

  • From this version, actionlint starts to check action metadata file action.yml (or action.yaml). At this point, only very basic checks are implemented and contents of steps: are not checked yet.
    • It checks properties under runs: section (e.g. main: can be specified when it is a JavaScript action), branding: properties, and so on.
      name: 'My action'
      author: '...'

ERROR: 'description' section is missing

branding:

ERROR: Invalid icon name

  icon: dog

runs:

ERROR: Node.js runtime version is too old

  using: 'node12'

ERROR: The source file being run by this action does not exist

  main: 'this-file-does-not-exist.js'

ERROR: 'env' configuration is only allowed for Docker actions

  env:
    SOME_VAR: SOME_VALUE
```
  • actionlint still focuses on checking workflow files. So there is no way to directly specify action.yml as an argument of actionlint command. actionlint checks all local actions which are used by given workflows. If you want to use actionlint for your action development, prepare a test/example workflow which uses your action, and check it with actionlint instead.
  • Checks for steps: contents are planned to be implemented. Since several differences are expected between steps: in workflow file and steps: in action metadata file (e.g. available contexts), the implementation is delayed to later version. And the current implementation of action metadata parser is ad hoc. I'm planning a large refactorying and breaking changes Go API around it are expected.
  • Add runner.environment property. (#​412)
    - run: echo 'Run by GitHub-hosted runner'
      if: runner.environment == 'github-hosted'
  • Using outdated popular actions is now detected at error. See the document for more details.
    • Here 'outdated' means actions which use runtimes no longer supported by GitHub-hosted runners such as node12.

ERROR: actions/checkout@v2 is using the outdated runner 'node12'

- uses: actions/checkout@v2
```
  • Support attestations permission which was recently added to GitHub Actions as beta. (#​418, thanks @​bdehamer)
    permissions:
      id-token: write
      contents: read
      attestations: write
  • Check comparison expressions more strictly. Arbitrary types of operands can be compared as the official document explains. However, comparisons between some types are actually meaningless because the values are converted to numbers implicitly. actionlint catches such meaningless comparisons as errors. Please see the check document for more details.
    on:
      workflow_call:
        inputs:
          timeout:
            type: boolean
    
    jobs:
      test:
        runs-on: ubuntu-latest
        steps:
          - run: echo 'called!'

ERROR: Comparing string to object is always evaluated to false

      if: ${{ github.event == 'workflow_call' }}
    - run: echo 'timeout is too long'

ERROR: Comparing boolean value with > doesn't make sense

      if: ${{ inputs.timeout > 60 }}
- Follow the update that `macos-latest` is now an alias to `macos-14` runner.
- Support a custom python shell by `pyflakes` rule.
- Add workaround actionlint reports that `dorny/paths-filter`'s `predicate-quantifier` input is not defined. ([#&#8203;416](https://redirect.github.com/rhysd/actionlint/issues/416))
- Fix the type of a conditional expression by comparison operators is wider than expected by implementing type narrowing. ([#&#8203;384](https://redirect.github.com/rhysd/actionlint/issues/384))
- For example, the type of following expression should be `number` but it was actually `string | number` and actionlint complained that `timeout-minutes` must take a number value.
  ```yaml
  timeout-minutes: ${{ env.FOO && 10 || 60 }}
  ```
- Fix `${{ }}` placeholder is not available at `jobs.<job_id>.services`. ([#&#8203;402](https://redirect.github.com/rhysd/actionlint/issues/402))
```yaml
jobs:
  test:
    services: ${{ fromJSON('...') }}
    runs-on: ubuntu-latest
    steps:
      - run: ...
  • Do not check outputs of google-github-actions/get-secretmanager-secrets because this action sets outputs dynamically. (#​404)
  • Fix defaults.run is ignored on detecting the shell used in run:. (#​409)
    defaults:
      run:
        shell: pwsh
    jobs:
      test:
        runs-on: ubuntu-latest
        steps:

This was wrongly detected as bash script

    - run: $Env:FOO = "FOO"
- Fix parsing a syntax error reported from pyflakes when checking a Python script in `run:`. ([#&#8203;411](https://redirect.github.com/rhysd/actionlint/issues/411))
```yaml
- run: print(
  shell: python
  • Skip checking exclude: items in matrix: when they are constructed from ${{ }} dynamically. (#​414)
    matrix:
      foo: ['a', 'b']
      exclude:

actionlint complained this value didn't exist in matrix combinations

  - foo: ${{ env.EXCLUDE_FOO }}
- Fix checking `exclude:` items when `${{ }}` is used in nested arrays at matrix items.
```yaml
matrix:
  foo:
    - ["${{ fromJSON('...') }}"]
  exclude:
### actionlint complained this value didn't match to any matrix combinations
    - foo: ['foo']
  • Update popular actions data set. New major versions are added and the following actions are newly added.
    • peaceiris/actions-hugo
    • actions/attest-build-provenance
    • actions/add-to-project
    • octokit/graphql-action
  • Update Go dependencies to the latest.
  • Reduce the size of actionlint executable by removing redundant data from popular actions data set.
    • x86_64 executable binary size was reduced from 6.9MB to 6.7MB (2.9% smaller).
    • Wasm binary size was reduced from 9.4MB to 8.9MB (5.3% smaller).
  • Describe how to integrate actionlint to Pulsar Edit in the document. (#​408, thanks @​mschuchard)
  • Update outdated action versions in the usage document. (#​413, thanks @​naglis)

[Changes][v1.7.0]

v1.6.27

Compare Source

  • Add macOS 14 runner labels for Apple Silicon support. The following labels are added. (thanks @​harryzcy, #​392)
    • macos-14
    • macos-14-xlarge
    • macos-14-large
  • Remove ubuntu-18.04 runner label from runners list since it is no longer supported. (#​363)
  • Allow glob patterns in self-hosted-runner.labels configuration. For example, the following configuration defines any runner labels prefixed with private-linux-. (thanks @​kishaningithub, #​378)
    self-hosted-runner:
      labels:
        - private-linux-*
  • Fix a race condition bug when -format option is used for linting multiple workflow files. Thanks @​ReinAchten-TomTom for your help on the investigation. (#​370)
  • Fix a race condition due to conflicts between some goroutine which starts to run shellcheck process and other goroutine which starts to wait until all processes finish.
  • The popular actions data set was updated to the latest and the following actions were newly added. (thanks @​jmarshall, #​380)
    • google-github-actions/auth
    • google-github-actions/get-secretmanager-secrets
    • google-github-actions/setup-gcloud
    • google-github-actions/upload-cloud-storage
    • pulumi/actions
    • pypa/gh-action-pypi-publish
  • Add support for larger runner labels. The following labels are added. (thanks @​therealdwright, #​371)
    • windows-latest-8-cores
    • ubuntu-latest-4-cores
    • ubuntu-latest-8-cores
    • ubuntu-latest-16-cores
  • The following WebHook types are supported for pull_request event.
    • enqueued
    • dequeued
    • milestoned
    • demilestoned
  • Explain how to control shellckeck behavior in the shellcheck rule document. Use SHELLCHECK_OPTS environment variable to pass arguments to shellcheck. See the shellcheck's official document for more details.

v1.6.26

Compare Source

  • Several template fields and template actions were added. All fields and actions are listed in the document. Please read it for more details. (#​311)
    • By these additions, now actionlint can output the result in the SARIF format. SARIF is a format for the output of static analysis tools used by GitHub CodeQL. the example Go template to format actionlint output in SARIF.
      actionlint -format "$(cat /path/to/sarif_template.txt)" > output.json
    • allKinds returns the kinds (lint rules) information as an array. You can include what lint rules are defined in the command output.
    • toPascalCase converts snake case (foo_bar) or kebab case (foo-bar) into pascal case (FooBar).
  • Report an error when the condition at if: is always evaluated to true. See the check document to know more details. (#​272)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Sep 18, 2023
@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch from a115743 to c1c2c2e Compare September 21, 2023 20:38
@renovate renovate bot changed the title chore(deps): update dependency rhysd/actionlint to v1.6.26 chore(deps): update dependency rhysd/actionlint to v1.6.27 Feb 24, 2024
@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch from c1c2c2e to 35e6a43 Compare February 24, 2024 16:15
@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch from 35e6a43 to 8ec7c4f Compare May 8, 2024 20:35
@renovate renovate bot changed the title chore(deps): update dependency rhysd/actionlint to v1.6.27 chore(deps): update dependency rhysd/actionlint to v1.7.0 May 8, 2024
@renovate renovate bot changed the title chore(deps): update dependency rhysd/actionlint to v1.7.0 chore(deps): update dependency rhysd/actionlint to v1.7.1 May 28, 2024
@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch from 8ec7c4f to 39b740a Compare May 28, 2024 13:47
@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch 2 times, most recently from 98086f2 to 09a85ea Compare September 9, 2024 08:33
@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch from 09a85ea to f17a340 Compare September 23, 2024 18:18
@renovate renovate bot changed the title chore(deps): update dependency rhysd/actionlint to v1.7.1 chore(deps): update dependency rhysd/actionlint to v1.7.2 Sep 23, 2024
@renovate renovate bot changed the title chore(deps): update dependency rhysd/actionlint to v1.7.2 chore(deps): update dependency rhysd/actionlint to v1.7.3 Sep 29, 2024
@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch from f17a340 to f2ed2e1 Compare September 29, 2024 13:29
@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch from f2ed2e1 to 91e02ce Compare October 13, 2024 17:04
@renovate renovate bot changed the title chore(deps): update dependency rhysd/actionlint to v1.7.3 chore(deps): update dependency rhysd/actionlint to v1.7.4 Nov 4, 2024
@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch from 91e02ce to 267b3e5 Compare November 4, 2024 13:47
@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch from 267b3e5 to 440430f Compare December 28, 2024 13:29
@renovate renovate bot changed the title chore(deps): update dependency rhysd/actionlint to v1.7.4 chore(deps): update dependency rhysd/actionlint to v1.7.5 Dec 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants