rhysd
org secrets detected as invalid
i have a slew of org secrets defined in my .github/actionlint.yaml, but trunk.io is showing me that they are invalid. im probably doing something wrong, but the docs on how to do this properly are seemingly absent
"resource": "$repo/.github/workflows/workflow.yaml",
"owner": "_generated_diagnostic_collection_name_#3",
"severity": 4,
"message": "Context access might be invalid: MY_ORG_SECRET",
"startLineNumber": 40,
"startColumn": 43,
"endLineNumber": 40,
"endColumn": 76,
"origin": "extHost1"
}]
Is the config file .actionlint.yaml supported?
According to both the actionlint doc and trunk.io doc, only .github/actionlint.y(a)ml is supported.
Is the config file
.actionlint.yamlsupported?According to both the
actionlintdoc and trunk.io doc, only.github/actionlint.y(a)mlis supported.
that is what I have, .github/actionlint.yaml, sorry for the typo with the extra .. ive corrected the mistake above.
fwiw, its honoring my custom internal runners, but not secrets.
Does it reproduce with calling actionlint directly? An example is welcome.
What are the contents of your .github/actionlint.yaml file? Fuzz out anything you wouldn't want to post openly.
this seems fine calling actionlint directly and only an issue when using the trunk.io plugin
# Configuration related to self-hosted runner.
self-hosted-runner:
# Labels of self-hosted runner in array of strings.
labels:
- int-runner-a
secrets:
- ORG_GORELEASER_KEY
rules:
- id: context-access
allow-undefined-secrets: true
That syntax looks different than I expected. The top level keys I know are valid are:
-
self-hosted-runner -
config-variables -
paths
Of these keys, I used:
config-variables:
- MY_SECRET
- MY_SECRET_2
- SOME_ENVIRONMENT_VARIABLE
I'm looking at the latest version of the docs, is it possible you're on a previous version?
EDIT: config-values: -> config-variables: