Skip to content

Releases: rhysd/actionlint

v1.6.22

01 Nov 12:21
Compare
Choose a tag to compare
  • Detect deprecated workflow commands such as set-output or save-state and suggest the alternative. See the document for more details. (#234)
    # ERROR: This format of 'set-output' workflow command was deprecated
    - run: echo '::set-output name=foo::bar'
  • Fix that ${{ }} expression at on.workflow_call.inputs.<id>.default caused an error. (#235)
    on:
      workflow_call:
        inputs:
          project:
            type: string
            # OK: The default value is generated dynamically
            default: ${{ github.event.repository.name }}
  • Improve type of inputs context to grow gradually while checking inputs in workflow_call event.
    on:
      workflow_call:
        inputs:
          input1:
            type: string
            # ERROR: `input2` is not defined yet
            default: ${{ inputs.input2 }}
          input2:
            type: string
            # OK: `input1` was already defined above
            default: ${{ inputs.input1 }}
  • Check types of default values of workflow call inputs even if ${{ }} expression is used.
    on:
      workflow_call:
        inputs:
          input1:
            type: boolean
          input2:
            type: number
            # ERROR: Boolean value cannot be assigned to number
            default: ${{ inputs.input1 }}
  • Fix the download script is broken since GHE server does not support the new set-output format yet. (#240)
  • Replace the deprecated set-output workflow command in our own workflows. (#239, thanks @Mrtenz)
  • Popular actions data set was updated to the latest as usual.

v1.6.21

09 Oct 15:08
Compare
Choose a tag to compare
  • Check contexts availability. Some contexts limit where they can be used. For example, jobs.<job_id>.env workflow key does not allow accessing env context, but jobs.<job_id>.steps.env allows. See the official document for the complete list of contexts availability. (#180)
    ...
    
    env:
      TOPLEVEL: ...
    
    jobs:
      test:
        runs-on: ubuntu-latest
        env:
          # ERROR: 'env' context is not available here
          JOB_LEVEL: ${{ env.TOPLEVEL }}
        steps:
          - env:
              # OK: 'env' context is available here
              STEP_LEVEL: ${{ env.TOPLEVEL }}
            ...
    actionlint reports the context is not available and what contexts are available as follows:
    test.yaml:11:22: context "env" is not allowed here. available contexts are "github", "inputs", "matrix", "needs", "secrets", "strategy". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression]
       |
    11 |       JOB_LEVEL: ${{ env.TOPLEVEL }}
       |                      ^~~~~~~~~~~~
    
  • Check special functions availability. Some functions limit where they can be used. For example, status functions like success() or failure() are only available in conditions of if:. See the official document for the complete list of special functions availability. (#214)
    ...
    
    steps:
      # ERROR: 'success()' function is not available here
      - run: echo 'Success? ${{ success() }}'
        # OK: 'success()' function is available here
        if: success()
    actionlint reports success() is not available and where the function is available as follows:
    test.yaml:8:33: calling function "success" is not allowed here. "success" is only available in "jobs.<job_id>.if", "jobs.<job_id>.steps.if". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression]
      |
    8 |       - run: echo 'Success? ${{ success() }}'
      |                                 ^~~~~~~~~
    
  • Fix inputs context is not available in run-name: section. (#223)
  • Allow dynamic shell configuration like shell: ${{ env.SHELL }}.
  • Fix no error is reported when on: does not exist at toplevel. (#232)
  • Fix an error position is not correct when the error happens at root node of workflow AST.
  • Fix an incorrect empty event is parsed when on: section is empty.
  • Fix the error message when parsing an unexpected key on toplevel. (thanks @norwd, #231)
  • Add in_progress type to workflow_run webhook event trigger.
  • Describe the actionlint extension for Nova.app in the usage document. (thanks @jbergstroem, #222)
  • Note Super-Linter uses a different place for configuration file. (thanks @per-oestergaard, #227)
  • Add actions/setup-dotnet@v3 to popular actions data set.
  • generate-availability script was created to scrape the information about contexts and special functions availability from the official document. The information can be used through actionlint.WorkflowKeyAvailability() Go API. This script is run once a week on CI to keep the information up-to-date.

v1.6.20

30 Sep 13:22
Compare
Choose a tag to compare
  • Support run-name which GitHub introduced recently. It is a name of workflow run dynamically configured. See the official document for more details. (#220)
    on: push
    run-name: Deploy by @${{ github.actor }}
    
    jobs:
      ...
  • Add end_column property to JSON representation of error. The property indicates a column of the end position of ^~~~~~~ indicator in snippet. Note that end_column is equal to column when the indicator cannot be shown. (#219)
    $ actionlint -format '{{json .}}' test.yaml | jq
    [
      {
        "message": "property \"unknown_prop\" is not defined in object type {arch: string; debug: string; name: string; os: string; temp: string; tool_cache: string; workspace: string}",
        "filepath": "test.yaml",
        "line": 7,
        "column": 23,
        "kind": "expression",
        "snippet": "      - run: echo ${{ runner.unknown_prop }}\n                      ^~~~~~~~~~~~~~~~~~~",
        "end_column": 41
      }
    ]
  • Overhaul the workflow parser to parse workflow keys in case-insensitive. This is a work derived from the fix of #216. Now the parser parses all workflow keys in case-insensitive way correctly. Note that permission names at permissions: are exceptionally case-sensitive.
    • This fixes properties of inputs for workflow_dispatch were not case-insensitive.
    • This fixes inputs and outputs of local actions were not handled in case-insensitive way.
  • Update popular actions data set. actions/stale@v6 was newly added.

v1.6.19

22 Sep 03:30
Compare
Choose a tag to compare
  • Fix inputs, outputs, and secrets of reusable workflow should be case-insensitive. (#216)
    # .github/workflows/reusable.yaml
    on:
      workflow_call:
        inputs:
          INPUT_UPPER:
            type: string
          input_lower:
            type: string
        secrets:
          SECRET_UPPER:
          secret_lower:
    ...
    
    # .github/workflows/test.yaml
    ...
    
    jobs:
      caller:
        uses: ./.github/workflows/reusable.yaml
        # Inputs and secrets are case-insensitive. So all the followings should be OK
        with:
          input_upper: ...
          INPUT_LOWER: ...
        secrets:
          secret_upper: ...
          SECRET_LOWER: ...
  • Describe how to install specific version of actionlint binary with the download script. (#218)

v1.6.18

17 Sep 13:48
Compare
Choose a tag to compare
  • This release much enhances checks for local reusable workflow calls. Note that these checks are done for local reusable workflows (starting with ./). (#179).
    • Detect missing required inputs/secrets and undefined inputs/secrets at jobs.<job_id>.with and jobs.<job_id>.secrets. See the document for more details.
      # .github/workflows/reusable.yml
      on:
        workflow_call:
          inputs:
            name:
              type: string
              required: true
          secrets:
            password:
              required: true
      ...
      
      # .github/workflows/test.yml
      ...
      
      jobs:
        missing-required:
          uses: ./.github/workflows/reusable.yml
          with:
            # ERROR: Undefined input "user"
            user: rhysd
            # ERROR: Required input "name" is missing
          secrets:
            # ERROR: Undefined secret "credentials"
            credentials: my-token
            # ERROR: Required secret "password" is missing
    • Type check for reusable workflow inputs at jobs.<job_id>.with. Types are defined at on.workflow_call.inputs.<name>.type in reusable workflow. actionlint checks types of expressions in workflow calls. See the document for more details.
      # .github/workflows/reusable.yml
      on:
        workflow_call:
          inputs:
            id:
              type: number
            message:
              type: string
      ...
      
      # .github/workflows/test.yml
      ...
      
      jobs:
        type-checks:
          uses: ./.github/workflows/reusable.yml
          with:
            # ERROR: Cannot assign string value to number input. format() returns string value
            id: ${{ format('runner name is {0}', runner.name) }}
            # ERROR: Cannot assign null to string input. If you want to pass string "null", use ${{ 'null' }}
            message: null
    • Detect local reusable workflow which does not exist at jobs.<job_id>.uses. See the document for more details.
      jobs:
        test:
          # ERROR: This workflow file does not exist
          with: ./.github/workflows/does-not-exist.yml
    • Check needs.<job_id>.outputs.<output_id> in downstream jobs of workflow call jobs. The outputs object is now typed strictly based on on.workflow_call.outputs.<name> in the called reusable workflow. See the document for more details.
      # .github/workflows/get-build-info.yml
      on:
        workflow_call:
          outputs:
            version:
              value: ...
              description: version of software
      ...
      
      # .github/workflows/test.yml
      ...
      
      jobs:
        # This job's outputs object is typed as {version: string}
        get_build_info:
          uses: ./.github/workflows/get-build-info.yml
        downstream:
          needs: [get_build_info]
          runs-on: ubuntu-latest
          steps:
            # OK. `version` is defined in the reusable workflow
            - run: echo '${{ needs.get_build_info.outputs.version }}'
            # ERROR: `tag` is not defined in the reusable workflow
            - run: echo '${{ needs.get_build_info.outputs.tag }}'
  • Add missing properties in contexts and improve types of some properties looking at the official contexts document.
    • github.action_status
    • runner.debug
    • services.<service_id>.ports
  • Fix on.workflow_call.inputs.<name>.description and on.workflow_call.secrets.<name>.description were incorrectly mandatory. They are actually optional.
  • Report parse errors when parsing action.yml in local actions. They were ignored in previous versions.
  • Sort the order of properties in an object type displayed in error message. In previous versions, actionlint sometimes displayed {a: true, b: string}, or it displayed {b: string, a: true} for the same object type. This randomness was caused by random iteration of map values in Go.
  • Update popular actions data set to the latest.

v1.6.17

28 Aug 14:57
Compare
Choose a tag to compare
  • Allow workflow calls are available in matrix jobs. See the official announcement for more details. (#197)
    jobs:
      ReuseableMatrixJobForDeployment:
        strategy:
          matrix:
            target: [dev, stage, prod]
        uses: octocat/octo-repo/.github/workflows/deployment.yml@main
        with:
          target: ${{ matrix.target }}
  • Allow nested workflow calls. See the official announcement for more details. (#201)
    on: workflow_call
    
    jobs:
      call-another-reusable:
        uses: path/to/another-reusable.yml@v1
  • Fix job outputs should be passed to needs.*.outputs of only direct children. Until v1.6.16, they are passed to any downstream jobs. (#151)
    jobs:
      first:
        runs-on: ubuntu-latest
        outputs:
          first: 'output from first job'
        steps:
          - run: echo 'first'
    
      second:
        needs: [first]
        runs-on: ubuntu-latest
        outputs:
          second: 'output from second job'
        steps:
          - run: echo 'second'
    
      third:
        needs: [second]
        runs-on: ubuntu-latest
        steps:
          - run: echo '${{ toJSON(needs.second.outputs) }}'
          # ERROR: `needs.first` does not exist, but v1.6.16 reported no error
          - run: echo '${{ toJSON(needs.first.outputs) }}'
    When you need both needs.first and needs.second, add the both to needs:.
      third:
        needs: [first, second]
        runs-on: ubuntu-latest
        steps:
          # OK
          -  echo '${{ toJSON(needs.first.outputs) }}'
  • Fix }} in string literals are detected as end marker of placeholder ${{ }}. (#205)
    jobs:
      test:
        runs-on: ubuntu-latest
        strategy:
          # This caused an incorrect error until v1.6.16
          matrix: ${{ fromJSON('{"foo":{}}') }}
  • Fix working-directory: should not be available with uses: in steps. working-directory: is only available with run:. (#207)
    steps:
      - uses: actions/checkout@v3
        # ERROR: `working-directory:` is not available here
        working-directory: ./foo
  • The working directory for running actionlint command can be set via WorkingDir field of LinterOptions struct. When it is empty, the return value from os.Getwd will be used.
  • Update popular actions data set. actions/configure-pages@v2 was added.
  • Use Go 1.19 on CI by default. It is used to build release binaries.
  • Update dependencies (go-yaml/yaml v3.0.1).
  • Update playground dependencies (except for CodeMirror v6).

v1.6.16

19 Aug 10:41
Compare
Choose a tag to compare
  • Allow an empty object at permissions:. You can use it to disable permissions for all of the available scopes. (#170, #171, thanks @peaceiris)
    permissions: {}
  • Support github.triggering_actor context value. (#190, thanks @stefreak)
  • Rename step-id rule to id rule. Now the rule checks both job IDs and step IDs. See the document for more details. (#182)
    jobs:
      # ERROR: '.' cannot be contained in ID
      v1.2.3:
        runs-on: ubuntu-latest
        steps:
          - run: echo 'job ID with version'
            # ERROR: ID cannot contain spaces
            id: echo for test
      # ERROR: ID cannot start with numbers
      2d-game:
        runs-on: ubuntu-latest
        steps:
          - run: echo 'oops'
  • Accessing env context in jobs.<id>.if is now reported as error. (#155)
    jobs:
      test:
        runs-on: ubuntu-latest
        # ERROR: `env` is not available here
        if: ${{ env.DIST == 'arch' }}
        steps:
          - run: ...
  • Fix actionlint wrongly typed some matrix value when the matrix is expanded with ${{ }}. For example, matrix.foo in the following code is typed as {x: string}, but it should be any because it is initialized with the value from fromJSON. (#145)
    strategy:
      matrix:
        foo: ${{ fromJSON(...) }}
        exclude:
          - foo:
              x: y
  • Fix incorrect type check when multiple runner labels are set to runs-on: via expanding ${{ }} for selecting self-hosted runners. (#164)
    jobs:
      test:
        strategy:
          matrix:
            include:
              - labels: ["self-hosted", "macOS", "X64"]
              - labels: ["self-hosted", "linux"]
        # actionlint incorrectly reported type error here
        runs-on: ${{ matrix.labels }}
  • Fix usage of local actions (uses: ./path/to/action) was not checked when multiple workflow files were passed to actionlint command. (#173)
  • Allow description: is missing in secrets: of reusable workflow call definition since it is optional. (#174)
  • Fix type of propery of github.event.inputs is string unlike inputs context. See the document for more details. (#181)
    on:
      workflow_dispatch:
        inputs:
          is-valid:
            # Type of `inputs.is-valid` is bool
            # Type of `github.event.inputs.is-valid` is string
            type: boolean
  • Fix crash when a value is expanded with ${{ }} at continue-on-error:. (#193)
  • Fix some error was caused by some other error. For example, the following code reported two errors. '" is not available for string literal' error caused another 'one placeholder should be included in boolean value string' error. This was caused because the ${{ x == "foo" }} placeholder was not counted due to the previous type error.
    if: ${{ x == "foo" }}
  • Add support for merge_group workflow trigger.
  • Add official actions to manage GitHub Pages to popular actions data set.
    • actions/configure-pages@v1
    • actions/deploy-pages@v1
    • actions/upload-pages-artifact@v1
  • Update popular actions data set to the latest. Several new major versions and new inputs of actions were added to it.
  • Describe how to install actionlint via Chocolatey, scoop, and AUR in the installation document. (#167, #168, thanks @sitiom)
  • VS Code extension for actionlint was created by @arahatashun. See the document for more details.
  • Describe how to use the Docker image at step of GitHub Actions workflow. See the document for the details. (#146)
    - uses: docker://rhysd/actionlint:latest
      with:
        args: -color
  • Clarify the behavior if empty strings are set to some command line options in documents. -shellcheck= disables shellcheck integration and -pyflakes= disables pyflakes integration. (#156)
  • Update Go module dependencies.

v1.6.15

28 Jun 11:15
Compare
Choose a tag to compare
  • Fix referring env context from env: at step level caused an error. env: at toplevel and job level cannot refer env context, but env: at step level can. (#158)
    on: push
    
    env:
      # ERROR: 'env:' at toplevel cannot refer 'env' context
      ERROR1: ${{ env.PATH }}
    
    jobs:
      my_job:
        runs-on: ubuntu-latest
        env:
          # ERROR: 'env:' at job level cannot refer 'env' context
          ERROR2: ${{ env.PATH }}
        steps:
          - run: echo "$THIS_IS_OK"
            env:
              # OK: 'env:' at step level CAN refer 'env' context
              THIS_IS_OK: ${{ env.PATH }}
  • Docker image for linux/arm64 is now provided. It is useful for M1 Mac users. (#159, thanks @politician)
  • Fix the download script did not respect the version specified via the first argument. (#162, thanks @mateiidavid)

v1.6.14

26 Jun 12:29
Compare
Choose a tag to compare
  • Some filters are exclusive in events at on:. Now actionlint checks the exclusive filters are used in the same event. paths and paths-ignore, branches and branches-ignore, tags and tags-ignore are exclusive. See the document for the details.
    on:
      push:
        # ERROR: Both 'paths' and 'paths-ignore' filters cannot be used for the same event
        paths: ...
        paths-ignore: ...
  • Some event filters are checked more strictly. Some filters are only available with specific events. Now actionlint checks the limitation. See the document for complete list of such filters.
    on:
      release:
        # ERROR: 'tags' filter is only available for 'push' event
        tags: v*.*.*
  • Paths starting/ending with spaces are now reported as error.
  • Inputs of workflow which specify both default and required are now reported as error. When required is specified at input of workflow call, a caller of it must specify value of the input. So the default value will never be used. (#154, thanks @sksat)
    on:
      workflow_call:
        inputs:
          my_input:
            description: test
            type: string
            # ERROR: The default value 'aaa' will never be used
            required: true
            default: aaa
  • Fix inputs of workflow_dispatch are set to inputs context as well as github.event.inputs. This was added by the recent change of GitHub Actions. (#152)
    on:
      workflow_dispatch:
        inputs:
          my_input:
            type: string
            required: true
    jobs:
      my_job:
        runs-on: ubuntu-latest
        steps:
          - run: echo ${{ github.event.inputs.my_input }}
          # Now the input is also set to `inputs` context
          - run: echo ${{ inputs.my_input }}
  • Improve that env context is now not defined in values of env:, id: and uses:. actionlint now reports usage of env context in such places as type errors. (#158)
    runs-on: ubuntu-latest
    env:
      FOO: aaa
    steps:
      # ERROR: 'env' context is not defined in values of 'env:', 'id:' and 'uses:'
      - uses: test/${{ env.FOO }}@main
        env:
          BAR: ${{ env.FOO }}
        id: foo-${{ env.FOO }}
  • actionlint command gains -stdin-filename command line option. When it is specified, the file name is used on reading input from stdin instead of <stdin>. (#157, thanks @arahatashun)
    # Error message shows foo.yml as file name where the error happened
    ... | actionlint -stdin-filename foo.yml -
  • The download script allows to specify a directory path to install actionlint executable with the second argument of the script. For example, the following command downloads /path/to/bin/actionlint:
    # Downloads the latest stable version at `/path/to/bin/actionlint`
    bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) latest /path/to/bin
    # Downloads actionlint v1.6.14 at `/path/to/bin/actionlint`
    bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.6.14 /path/to/bin
  • Update popular actions data set including goreleaser-action@v3, setup-python@v4, aks-set-context@v3.
  • Update Go dependencies including go-yaml/yaml v3.

v1.6.13

18 May 10:34
Compare
Choose a tag to compare
  • secrets: inherit in reusable workflow is now supported (#138)
    on:
      workflow_dispatch:
    
    jobs:
      pass-secrets-to-workflow:
        uses: ./.github/workflows/called-workflow.yml
        secrets: inherit
    This means that actionlint cannot know the workflow inherits secrets or not when checking a reusable workflow. To support secrets: inherit without giving up on checking secrets context, actionlint assumes the followings. See the document for the details.
    • when secrets: is omitted in a reusable workflow, the workflow inherits secrets from a caller
    • when secrets: exists in a reusable workflow, the workflow inherits no other secret
  • macos-12 runner is now supported (#134, thanks @shogo82148)
  • ubuntu-22.04 runner is now supported (#142, thanks @shogo82148)
  • concurrency is available on reusable workflow call (#136)
    jobs:
      checks:
        concurrency:
          group: ${{ github.ref }}-${{ github.workflow }}
          cancel-in-progress: true
        uses: ./path/to/workflow.yaml
  • pre-commit hook now uses a fixed version of actionlint. For example, the following configuration continues to use actionlint v1.6.13 even if v1.6.14 is released. (#116)
    repos:
      - repo: https://github.com/rhysd/actionlint
        rev: v1.6.13
        hooks:
          - id: actionlint-docker
  • Update popular actions data set including new versions of docker/*, haskell/actions/setup, actions/setup-go, ... (#140, thanks @bflad)
  • Update Go module dependencies