actionlint
actionlint copied to clipboard
rhysd
:octocat: Static checker for GitHub Actions workflow files
actionlint assumes that in reusable workflows, you're either inheriting secrets or declare them. It is possible to mix them though. Consider this: ``` on: workflow_call: secrets: repositoryUrl: required: false jobs:...
Consider the below workflow, which has two problems. I have ran this through the [actionlint playground](https://rhysd.github.io/actionlint/#eJxtUDFywzAM2/0KxEM82Q/QXcYMfUVPtulaiSq6InW5/L6S3DodupEgCYDgYBrgwfG+eH68T9b7AgAubEllrwEKdvQ0/7bATItNXg00JvqDyhTdpo6DQXutR+CI2UktdaVDqz2uIn0lFzM7FuvlxabPjQxGZk82NM2Nx+rnIxLp7iSmIH3RSmMKmnpvlUTrSJS2w35fNg1oWhmdMULac9L8IIL9pIsdJ2OqdneIu2xH7m77h+ENsnLyc4Fe+0v+eA9t+EkLpwu6kk+H8xmn6mgonMMuLkNOsf0GnstzZQ==) but no problems were found. ```yaml on: workflow_call: inputs: enabled: default: true description: "Enable...
Currently, docs suggest this setup ```yaml name: Lint GitHub Actions workflows on: [push, pull_request] jobs: actionlint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Download actionlint id: get_actionlint run: bash
👋 I know you document how to use actionlint in a pipeline, it's also handy being able to run it locally. We use actionlint in our pipelines and actionlint not...
Actionlint complains `"with" section is alias node but mapping node is expected [syntax-check]` on valid YAML syntax when anchors and aliases are used with mapping nodes: ```yaml - name: Run...
Minimal example: ```yaml name: test on: push: jobs: x: runs-on: ubuntu-latest if: ${{ github.repository }} == "a/a" steps: - name: a run: echo "a" ``` This doesn't [emit any errors](https://rhysd.github.io/actionlint/#eJwljcEKwyAQRO9+xSC52t6FfIwWWy3NKu4utIT8e6K9DAzzZobCljwksZhK3gBNOXtj3jXysN8hQFdidwHQqCTqPmFWRlSeHsu+41Uka7z11CoXqf2H48C6woZ7sJNkSY3/ew40j8N0c98jPXK9cHsCCkErNg==)....
I would like to be warned if a step is using user input inside the "run" part of a step to mitigate [the risk of script injections](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections). Inputs includes: -...
Hello there -- we use an Action -- specifically https://github.com/actions/stale -- and with a recent release we noticed this linter (invoked via https://github.com/github/super-linter) isn't happy about it. Sample workflow config:...
When you run actionlint in a workflow it is unable to indicate which line the error is on: https://github.com/toast-gear/actionlint-test/pull/3/checks
I'd like to use this container as part of a workflow in GitHub Actions, however when I try to do so the `actions/checkout` action the action fails: ``` Deleting the...