Releases: rhysd/actionlint
Releases · rhysd/actionlint
v1.6.22
- Detect deprecated workflow commands such as
set-output
orsave-state
and suggest the alternative. See the document for more details. (#234)# ERROR: This format of 'set-output' workflow command was deprecated - run: echo '::set-output name=foo::bar'
- Fix that
${{ }}
expression aton.workflow_call.inputs.<id>.default
caused an error. (#235)on: workflow_call: inputs: project: type: string # OK: The default value is generated dynamically default: ${{ github.event.repository.name }}
- Improve type of
inputs
context to grow gradually while checking inputs inworkflow_call
event.on: workflow_call: inputs: input1: type: string # ERROR: `input2` is not defined yet default: ${{ inputs.input2 }} input2: type: string # OK: `input1` was already defined above default: ${{ inputs.input1 }}
- Check types of default values of workflow call inputs even if
${{ }}
expression is used.on: workflow_call: inputs: input1: type: boolean input2: type: number # ERROR: Boolean value cannot be assigned to number default: ${{ inputs.input1 }}
- Fix the download script is broken since GHE server does not support the new
set-output
format yet. (#240) - Replace the deprecated
set-output
workflow command in our own workflows. (#239, thanks @Mrtenz) - Popular actions data set was updated to the latest as usual.
v1.6.21
- Check contexts availability. Some contexts limit where they can be used. For example,
jobs.<job_id>.env
workflow key does not allow accessingenv
context, butjobs.<job_id>.steps.env
allows. See the official document for the complete list of contexts availability. (#180)actionlint reports the context is not available and what contexts are available as follows:... env: TOPLEVEL: ... jobs: test: runs-on: ubuntu-latest env: # ERROR: 'env' context is not available here JOB_LEVEL: ${{ env.TOPLEVEL }} steps: - env: # OK: 'env' context is available here STEP_LEVEL: ${{ env.TOPLEVEL }} ...
test.yaml:11:22: context "env" is not allowed here. available contexts are "github", "inputs", "matrix", "needs", "secrets", "strategy". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression] | 11 | JOB_LEVEL: ${{ env.TOPLEVEL }} | ^~~~~~~~~~~~
- Check special functions availability. Some functions limit where they can be used. For example, status functions like
success()
orfailure()
are only available in conditions ofif:
. See the official document for the complete list of special functions availability. (#214)actionlint reports... steps: # ERROR: 'success()' function is not available here - run: echo 'Success? ${{ success() }}' # OK: 'success()' function is available here if: success()
success()
is not available and where the function is available as follows:test.yaml:8:33: calling function "success" is not allowed here. "success" is only available in "jobs.<job_id>.if", "jobs.<job_id>.steps.if". see https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability for more details [expression] | 8 | - run: echo 'Success? ${{ success() }}' | ^~~~~~~~~
- Fix
inputs
context is not available inrun-name:
section. (#223) - Allow dynamic shell configuration like
shell: ${{ env.SHELL }}
. - Fix no error is reported when
on:
does not exist at toplevel. (#232) - Fix an error position is not correct when the error happens at root node of workflow AST.
- Fix an incorrect empty event is parsed when
on:
section is empty. - Fix the error message when parsing an unexpected key on toplevel. (thanks @norwd, #231)
- Add
in_progress
type toworkflow_run
webhook event trigger. - Describe the actionlint extension for Nova.app in the usage document. (thanks @jbergstroem, #222)
- Note Super-Linter uses a different place for configuration file. (thanks @per-oestergaard, #227)
- Add
actions/setup-dotnet@v3
to popular actions data set. generate-availability
script was created to scrape the information about contexts and special functions availability from the official document. The information can be used throughactionlint.WorkflowKeyAvailability()
Go API. This script is run once a week on CI to keep the information up-to-date.
v1.6.20
- Support
run-name
which GitHub introduced recently. It is a name of workflow run dynamically configured. See the official document for more details. (#220)on: push run-name: Deploy by @${{ github.actor }} jobs: ...
- Add
end_column
property to JSON representation of error. The property indicates a column of the end position of^~~~~~~
indicator in snippet. Note thatend_column
is equal tocolumn
when the indicator cannot be shown. (#219)$ actionlint -format '{{json .}}' test.yaml | jq [ { "message": "property \"unknown_prop\" is not defined in object type {arch: string; debug: string; name: string; os: string; temp: string; tool_cache: string; workspace: string}", "filepath": "test.yaml", "line": 7, "column": 23, "kind": "expression", "snippet": " - run: echo ${{ runner.unknown_prop }}\n ^~~~~~~~~~~~~~~~~~~", "end_column": 41 } ]
- Overhaul the workflow parser to parse workflow keys in case-insensitive. This is a work derived from the fix of #216. Now the parser parses all workflow keys in case-insensitive way correctly. Note that permission names at
permissions:
are exceptionally case-sensitive.- This fixes properties of
inputs
forworkflow_dispatch
were not case-insensitive. - This fixes inputs and outputs of local actions were not handled in case-insensitive way.
- This fixes properties of
- Update popular actions data set.
actions/stale@v6
was newly added.
v1.6.19
- Fix inputs, outputs, and secrets of reusable workflow should be case-insensitive. (#216)
# .github/workflows/reusable.yaml on: workflow_call: inputs: INPUT_UPPER: type: string input_lower: type: string secrets: SECRET_UPPER: secret_lower: ... # .github/workflows/test.yaml ... jobs: caller: uses: ./.github/workflows/reusable.yaml # Inputs and secrets are case-insensitive. So all the followings should be OK with: input_upper: ... INPUT_LOWER: ... secrets: secret_upper: ... SECRET_LOWER: ...
- Describe how to install specific version of
actionlint
binary with the download script. (#218)
v1.6.18
- This release much enhances checks for local reusable workflow calls. Note that these checks are done for local reusable workflows (starting with
./
). (#179).- Detect missing required inputs/secrets and undefined inputs/secrets at
jobs.<job_id>.with
andjobs.<job_id>.secrets
. See the document for more details.# .github/workflows/reusable.yml on: workflow_call: inputs: name: type: string required: true secrets: password: required: true ... # .github/workflows/test.yml ... jobs: missing-required: uses: ./.github/workflows/reusable.yml with: # ERROR: Undefined input "user" user: rhysd # ERROR: Required input "name" is missing secrets: # ERROR: Undefined secret "credentials" credentials: my-token # ERROR: Required secret "password" is missing
- Type check for reusable workflow inputs at
jobs.<job_id>.with
. Types are defined aton.workflow_call.inputs.<name>.type
in reusable workflow. actionlint checks types of expressions in workflow calls. See the document for more details.# .github/workflows/reusable.yml on: workflow_call: inputs: id: type: number message: type: string ... # .github/workflows/test.yml ... jobs: type-checks: uses: ./.github/workflows/reusable.yml with: # ERROR: Cannot assign string value to number input. format() returns string value id: ${{ format('runner name is {0}', runner.name) }} # ERROR: Cannot assign null to string input. If you want to pass string "null", use ${{ 'null' }} message: null
- Detect local reusable workflow which does not exist at
jobs.<job_id>.uses
. See the document for more details.jobs: test: # ERROR: This workflow file does not exist with: ./.github/workflows/does-not-exist.yml
- Check
needs.<job_id>.outputs.<output_id>
in downstream jobs of workflow call jobs. The outputs object is now typed strictly based onon.workflow_call.outputs.<name>
in the called reusable workflow. See the document for more details.# .github/workflows/get-build-info.yml on: workflow_call: outputs: version: value: ... description: version of software ... # .github/workflows/test.yml ... jobs: # This job's outputs object is typed as {version: string} get_build_info: uses: ./.github/workflows/get-build-info.yml downstream: needs: [get_build_info] runs-on: ubuntu-latest steps: # OK. `version` is defined in the reusable workflow - run: echo '${{ needs.get_build_info.outputs.version }}' # ERROR: `tag` is not defined in the reusable workflow - run: echo '${{ needs.get_build_info.outputs.tag }}'
- Detect missing required inputs/secrets and undefined inputs/secrets at
- Add missing properties in contexts and improve types of some properties looking at the official contexts document.
github.action_status
runner.debug
services.<service_id>.ports
- Fix
on.workflow_call.inputs.<name>.description
andon.workflow_call.secrets.<name>.description
were incorrectly mandatory. They are actually optional. - Report parse errors when parsing
action.yml
in local actions. They were ignored in previous versions. - Sort the order of properties in an object type displayed in error message. In previous versions, actionlint sometimes displayed
{a: true, b: string}
, or it displayed{b: string, a: true}
for the same object type. This randomness was caused by random iteration of map values in Go. - Update popular actions data set to the latest.
v1.6.17
- Allow workflow calls are available in matrix jobs. See the official announcement for more details. (#197)
jobs: ReuseableMatrixJobForDeployment: strategy: matrix: target: [dev, stage, prod] uses: octocat/octo-repo/.github/workflows/deployment.yml@main with: target: ${{ matrix.target }}
- Allow nested workflow calls. See the official announcement for more details. (#201)
on: workflow_call jobs: call-another-reusable: uses: path/to/another-reusable.yml@v1
- Fix job outputs should be passed to
needs.*.outputs
of only direct children. Until v1.6.16, they are passed to any downstream jobs. (#151)When you need bothjobs: first: runs-on: ubuntu-latest outputs: first: 'output from first job' steps: - run: echo 'first' second: needs: [first] runs-on: ubuntu-latest outputs: second: 'output from second job' steps: - run: echo 'second' third: needs: [second] runs-on: ubuntu-latest steps: - run: echo '${{ toJSON(needs.second.outputs) }}' # ERROR: `needs.first` does not exist, but v1.6.16 reported no error - run: echo '${{ toJSON(needs.first.outputs) }}'
needs.first
andneeds.second
, add the both toneeds:
.third: needs: [first, second] runs-on: ubuntu-latest steps: # OK - echo '${{ toJSON(needs.first.outputs) }}'
- Fix
}}
in string literals are detected as end marker of placeholder${{ }}
. (#205)jobs: test: runs-on: ubuntu-latest strategy: # This caused an incorrect error until v1.6.16 matrix: ${{ fromJSON('{"foo":{}}') }}
- Fix
working-directory:
should not be available withuses:
in steps.working-directory:
is only available withrun:
. (#207)steps: - uses: actions/checkout@v3 # ERROR: `working-directory:` is not available here working-directory: ./foo
- The working directory for running
actionlint
command can be set viaWorkingDir
field ofLinterOptions
struct. When it is empty, the return value fromos.Getwd
will be used. - Update popular actions data set.
actions/configure-pages@v2
was added. - Use Go 1.19 on CI by default. It is used to build release binaries.
- Update dependencies (go-yaml/yaml v3.0.1).
- Update playground dependencies (except for CodeMirror v6).
v1.6.16
- Allow an empty object at
permissions:
. You can use it to disable permissions for all of the available scopes. (#170, #171, thanks @peaceiris)permissions: {}
- Support
github.triggering_actor
context value. (#190, thanks @stefreak) - Rename
step-id
rule toid
rule. Now the rule checks both job IDs and step IDs. See the document for more details. (#182)jobs: # ERROR: '.' cannot be contained in ID v1.2.3: runs-on: ubuntu-latest steps: - run: echo 'job ID with version' # ERROR: ID cannot contain spaces id: echo for test # ERROR: ID cannot start with numbers 2d-game: runs-on: ubuntu-latest steps: - run: echo 'oops'
- Accessing
env
context injobs.<id>.if
is now reported as error. (#155)jobs: test: runs-on: ubuntu-latest # ERROR: `env` is not available here if: ${{ env.DIST == 'arch' }} steps: - run: ...
- Fix actionlint wrongly typed some matrix value when the matrix is expanded with
${{ }}
. For example,matrix.foo
in the following code is typed as{x: string}
, but it should beany
because it is initialized with the value fromfromJSON
. (#145)strategy: matrix: foo: ${{ fromJSON(...) }} exclude: - foo: x: y
- Fix incorrect type check when multiple runner labels are set to
runs-on:
via expanding${{ }}
for selecting self-hosted runners. (#164)jobs: test: strategy: matrix: include: - labels: ["self-hosted", "macOS", "X64"] - labels: ["self-hosted", "linux"] # actionlint incorrectly reported type error here runs-on: ${{ matrix.labels }}
- Fix usage of local actions (
uses: ./path/to/action
) was not checked when multiple workflow files were passed toactionlint
command. (#173) - Allow
description:
is missing insecrets:
of reusable workflow call definition since it is optional. (#174) - Fix type of propery of
github.event.inputs
is string unlikeinputs
context. See the document for more details. (#181)on: workflow_dispatch: inputs: is-valid: # Type of `inputs.is-valid` is bool # Type of `github.event.inputs.is-valid` is string type: boolean
- Fix crash when a value is expanded with
${{ }}
atcontinue-on-error:
. (#193) - Fix some error was caused by some other error. For example, the following code reported two errors. '" is not available for string literal' error caused another 'one placeholder should be included in boolean value string' error. This was caused because the
${{ x == "foo" }}
placeholder was not counted due to the previous type error.if: ${{ x == "foo" }}
- Add support for
merge_group
workflow trigger. - Add official actions to manage GitHub Pages to popular actions data set.
actions/configure-pages@v1
actions/deploy-pages@v1
actions/upload-pages-artifact@v1
- Update popular actions data set to the latest. Several new major versions and new inputs of actions were added to it.
- Describe how to install actionlint via Chocolatey, scoop, and AUR in the installation document. (#167, #168, thanks @sitiom)
- VS Code extension for actionlint was created by @arahatashun. See the document for more details.
- Describe how to use the Docker image at step of GitHub Actions workflow. See the document for the details. (#146)
- uses: docker://rhysd/actionlint:latest with: args: -color
- Clarify the behavior if empty strings are set to some command line options in documents.
-shellcheck=
disables shellcheck integration and-pyflakes=
disables pyflakes integration. (#156) - Update Go module dependencies.
v1.6.15
- Fix referring
env
context fromenv:
at step level caused an error.env:
at toplevel and job level cannot referenv
context, butenv:
at step level can. (#158)on: push env: # ERROR: 'env:' at toplevel cannot refer 'env' context ERROR1: ${{ env.PATH }} jobs: my_job: runs-on: ubuntu-latest env: # ERROR: 'env:' at job level cannot refer 'env' context ERROR2: ${{ env.PATH }} steps: - run: echo "$THIS_IS_OK" env: # OK: 'env:' at step level CAN refer 'env' context THIS_IS_OK: ${{ env.PATH }}
- Docker image for linux/arm64 is now provided. It is useful for M1 Mac users. (#159, thanks @politician)
- Fix the download script did not respect the version specified via the first argument. (#162, thanks @mateiidavid)
v1.6.14
- Some filters are exclusive in events at
on:
. Now actionlint checks the exclusive filters are used in the same event.paths
andpaths-ignore
,branches
andbranches-ignore
,tags
andtags-ignore
are exclusive. See the document for the details.on: push: # ERROR: Both 'paths' and 'paths-ignore' filters cannot be used for the same event paths: ... paths-ignore: ...
- Some event filters are checked more strictly. Some filters are only available with specific events. Now actionlint checks the limitation. See the document for complete list of such filters.
on: release: # ERROR: 'tags' filter is only available for 'push' event tags: v*.*.*
- Paths starting/ending with spaces are now reported as error.
- Inputs of workflow which specify both
default
andrequired
are now reported as error. Whenrequired
is specified at input of workflow call, a caller of it must specify value of the input. So the default value will never be used. (#154, thanks @sksat)on: workflow_call: inputs: my_input: description: test type: string # ERROR: The default value 'aaa' will never be used required: true default: aaa
- Fix inputs of
workflow_dispatch
are set toinputs
context as well asgithub.event.inputs
. This was added by the recent change of GitHub Actions. (#152)on: workflow_dispatch: inputs: my_input: type: string required: true jobs: my_job: runs-on: ubuntu-latest steps: - run: echo ${{ github.event.inputs.my_input }} # Now the input is also set to `inputs` context - run: echo ${{ inputs.my_input }}
- Improve that
env
context is now not defined in values ofenv:
,id:
anduses:
. actionlint now reports usage ofenv
context in such places as type errors. (#158)runs-on: ubuntu-latest env: FOO: aaa steps: # ERROR: 'env' context is not defined in values of 'env:', 'id:' and 'uses:' - uses: test/${{ env.FOO }}@main env: BAR: ${{ env.FOO }} id: foo-${{ env.FOO }}
actionlint
command gains-stdin-filename
command line option. When it is specified, the file name is used on reading input from stdin instead of<stdin>
. (#157, thanks @arahatashun)# Error message shows foo.yml as file name where the error happened ... | actionlint -stdin-filename foo.yml -
- The download script allows to specify a directory path to install
actionlint
executable with the second argument of the script. For example, the following command downloads/path/to/bin/actionlint
:# Downloads the latest stable version at `/path/to/bin/actionlint` bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) latest /path/to/bin # Downloads actionlint v1.6.14 at `/path/to/bin/actionlint` bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.6.14 /path/to/bin
- Update popular actions data set including
goreleaser-action@v3
,setup-python@v4
,aks-set-context@v3
. - Update Go dependencies including go-yaml/yaml v3.
v1.6.13
secrets: inherit
in reusable workflow is now supported (#138)This means that actionlint cannot know the workflow inherits secrets or not when checking a reusable workflow. To supporton: workflow_dispatch: jobs: pass-secrets-to-workflow: uses: ./.github/workflows/called-workflow.yml secrets: inherit
secrets: inherit
without giving up on checkingsecrets
context, actionlint assumes the followings. See the document for the details.- when
secrets:
is omitted in a reusable workflow, the workflow inherits secrets from a caller - when
secrets:
exists in a reusable workflow, the workflow inherits no other secret
- when
macos-12
runner is now supported (#134, thanks @shogo82148)ubuntu-22.04
runner is now supported (#142, thanks @shogo82148)concurrency
is available on reusable workflow call (#136)jobs: checks: concurrency: group: ${{ github.ref }}-${{ github.workflow }} cancel-in-progress: true uses: ./path/to/workflow.yaml
- pre-commit hook now uses a fixed version of actionlint. For example, the following configuration continues to use actionlint v1.6.13 even if v1.6.14 is released. (#116)
repos: - repo: https://github.com/rhysd/actionlint rev: v1.6.13 hooks: - id: actionlint-docker
- Update popular actions data set including new versions of
docker/*
,haskell/actions/setup
,actions/setup-go
, ... (#140, thanks @bflad) - Update Go module dependencies