Bump github.com/rhysd/actionlint from 1.7.3 to 1.7.4

[dependabot]

Bumps github.com/rhysd/actionlint from 1.7.3 to 1.7.4.

Release notes

Sourced from github.com/rhysd/actionlint's releases.

v1.7.4

• Disallow the usage of popular actions that run on node16 runner. The node16 runner will reach the end of life on November 12.
  • In case of the error, please update your actions to the latest version so that they run on the latest node20 runner.
  • If you're using self-hosted runner and you cannot upgrade your runner to node20 soon, please consider to ignore the error by the paths configuration described below.
• Provide the configuration for ignoring errors by regular expressions in actionlint.yml (or actionlint.yaml). Please see the document for more details. (#217, #342)
  • The paths is a mapping from the file path glob pattern to the corresponding configuration. The ignore configuration is a list of regular expressions to match error messages (similar to the -ignore command line option).

    paths:
      # This pattern matches any YAML file under the '.github/workflows/' directory.
      .github/workflows/**/*.yaml
        ignore:
          # Ignore the specific error from shellcheck
          - 'shellcheck reported issue in this script: SC2086:.+'
      # This pattern only matches '.github/workflows/release.yaml' file.
      .github/workflows/self-hosted.yaml
        ignore:
          # Ignore errors from the old runner check. This may be useful for (outdated) self-hosted runner environment.
          - 'the runner of ".+" action is too old to run on GitHub Actions'

  • This configuration was not implemented initially because I wanted to keep the configuration as minimal as possible. However, due to several requests for it, the configuration has now been added.
• Untrusted inputs check is safely skipped inside specific function calls. (#459, thanks @​IlyaGulya)
  • For example, the following step contains the untrusted input github.head_ref, but it is safe because it's passed to the contains() argument.

    - run: echo "is_release_branch=${{ contains(github.head_ref, 'release') }}" >> "$GITHUB_OUTPUT"

  • For more details, please read the rule document.
• Recognize gcr.io and gcr.dev as the correct container registry hosts. (#463, thanks @​takaidohigasi)
  • Note that it is recommended explicitly specifying the scheme like docker://gcr.io/....
• Remove macos-x.0 runner labels which are no longer available. (#452)
• Disable shellcheck SC2043 rule because it can cause false positives on checking run:. (#355)
  • The rule document was updated as well. (#466, thanks @​risu729)
• Fix the error message when detecting cycles in needs dependencies was not deterministic.
• Fix the check for format() function was not applied when the function name contains upper case like Format(). Note that function names in ${{ }} placeholders are case-insensitive.
• Update the popular actions data set to the latest.
  • This includes the new ref and commit outputs of actions/checkout.
• Add actions/cache/save and actions/cache/restore to the popular actions data set.
• Links in the README.md now point to the document of the latest version tag instead of HEAD of main branch.
• Add Linter.LintStdin method dedicated to linting STDIN instead of handling STDIN in Command.
• (Dev) Add new check-checks script to maintain the 'Checks' document. It automatically updates the outputs and playground links for example inputs in the document. It also checks the document is up-to-date on CI. Please read the document for more details.

Documentation

Changelog

Sourced from github.com/rhysd/actionlint's changelog.

v1.7.4 - 2024-11-04

• Disallow using popular actions which run on node16 runner. The node16 runner will reach the end of life on November 12.
  • In case of the error, please update your actions to the latest version so that they run on the latest node20 runner.
  • If you're using self-hosted runner and you cannot upgrade your runner to node20 soon, please consider to ignore the error by the paths configuration described below.
• Provide the configuration for ignoring errors by regular expressions in actionlint.yml (or actionlint.yaml). Please see the document for more details. (#217, #342)
  • The paths in the configuration file is a mapping from the file path glob pattern to the corresponding configuration. The ignore configuration is a list of regular expressions to match error messages (similar to the -ignore command line option).

    paths:
      # This pattern matches any YAML file under the '.github/workflows/' directory.
      .github/workflows/**/*.yaml
        ignore:
          # Ignore the specific error from shellcheck
          - 'shellcheck reported issue in this script: SC2086:.+'
      # This pattern only matches '.github/workflows/release.yaml' file.
      .github/workflows/self-hosted.yaml
        ignore:
          # Ignore errors from the old runner check. This may be useful for (outdated) self-hosted runner environment.
          - 'the runner of ".+" action is too old to run on GitHub Actions'

  • This configuration was not implemented initially because I wanted to keep the configuration as minimal as possible. However, due to several requests for it, the configuration has now been added.
• Untrusted inputs check is safely skipped inside specific function calls. (#459, thanks @​IlyaGulya)
  • For example, the following step contains the untrusted input github.head_ref, but it is safe because it's passed to the contains() argument.

    - run: echo "is_release_branch=${{ contains(github.head_ref, 'release') }}" >> "$GITHUB_OUTPUT"

  • For more details, please read the rule document.
• Recognize gcr.io and gcr.dev as the correct container registry hosts. (#463, thanks @​takaidohigasi)
  • Note that it is recommended explicitly specifying the scheme like docker://gcr.io/....
• Remove macos-x.0 runner labels which are no longer available. (#452)
• Disable shellcheck SC2043 rule because it can cause false positives on checking run:. (#355)
  • The rule document was updated as well. (#466, thanks @​risu729)
• Fix the error message when detecting cycles in needs dependencies was not deterministic.
• Fix the check for format() function was not applied when the function name contains upper case like Format(). Note that function names in ${{ }} placeholders are case-insensitive.
• Update the popular actions data set to the latest.
  • This includes the new ref and commit outputs of actions/checkout.
• Add actions/cache/save and actions/cache/restore to the popular actions data set.
• Links in the README.md now point to the document of the latest version tag instead of HEAD of main branch.
• Add Linter.LintStdin method dedicated to linting STDIN instead of handling STDIN in Command.
• (Dev) Add new check-checks script to maintain the 'Checks' document. It automatically updates the outputs and playground links for example inputs in the document. It also checks the document is up-to-date on CI. Please read the document for more details.

Documentation

[Changes][v1.7.4]

Commits

• 5db9d9c bump up version to v1.7.4
• 416f0b3 check all before git push
• b85cb82 do not run go generate on checks in pre-push hook
• e09485d fix generate-popular-actions to read/write outdated actions in JSONL
• 679440f add actions/cache/save and actions/cache/restore to popular actions
• 799bea3 fall back to . when os.Getwd returns an error
• 0c0a521 Merge branch 'paths-config' (fix #342, fix #217)
• c7a09e0 update readme document to link to the latest stable version of docs
• c270d66 test detecting config file already existing before generating new one
• a93bb53 use cwd when given path is empty on LintRepository and GenerateDefaultConfig
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)