actionlint
actionlint copied to clipboard
rhysd
:octocat: Static checker for GitHub Actions workflow files
We've adopted actionlint across all our org's repos. We love it. But we're also using [ruff](https://github.com/astral-sh/ruff/) to lint Python everywhere. So for us it would be great to have the...
This PR addresses the "Pin Actions to a full length commit SHA" part of https://github.com/rhysd/actionlint/issues/198 by optionally enforcing that actions are pinned to (full) commit hashes. This can be enabled...
If a workflow is triggered only by pushes to a specific branch, any checks for this branch within the jobs are redundant and should be removed. For example: ```yaml on:...
I updated `actionlint` to the `v1.7.1` which caught a stray `actions/checkout@v2` in the codebase, which is awesome. However, it didn't catch another instance where someone had pinned to `actions/checkout@master`. Due...
It would be useful to me if Actionlint could report when globs in `on.*.paths` don't match any files. The following shell pipeline approximates what I'd like to do: ```shell git...
As it's unnecessary (as the needed PR will be opened by workflow runs in this, the original "upstream" repository) and only causes noise in forks. See for example [this run](https://github.com/muzimuzhi/actionlint/actions/runs/11305433070/job/31444920812#annotation:7:100)...
Using reusable workflow as a step is not supported by Github Actions. However, actionlint currently does not warn about this behavior. Now it does 🙂
`actionlint` accepts four `macos-X.0` (`X` is one of 11, 12, 13, 14) runner labels, but none of them are found in the [list of labels](https://github.com/actions/runner-images?tab=readme-ov-file#available-images) for GitHub-hosted runner images. Among...
### Description: When using `actionlint` to check GitHub Actions workflows, I encountered a warning indicating that `github.head_ref` is potentially untrusted when used directly in an inline script. However, this warning...
## context It would be nice to have consistent action inputs so this is more predictable. Perhaps the default opinion can be kebab case and be configurable? ## options ###...
