Action wrapper for rhysd/actionlint to make using it easier (using an action with automatic version updates instead of manual link + manual update process).
This action will run your repository through actionlint and detect common errors like:
- Calling an
outputorneedsobject that has not been defined: also prevents typos - Run shell check on all
runcommands - And more, check the actionlint documentation for more information
Note
Actionlint does not check for external output, like usage of ${{ input.name }} into the shell commands. The reasoning is that to be able to inject something, you need to have write access to the repo (inputs come either from workflow files or workflow_dispatch events.
Note
Actionlint unfortunately does not support (composite) action definition files.
If there are no errors from actionlint, this action will succeed. If there are errors, this action will fail and output the errors in the logs.
If running in a Pull Request context, then the action will also annotate the changed files with the errors. This is useful to see what errors were introduced by the Pull Request. Note: this only works if you include the pull-requests: write permission in your workflow file.
jobs:
run-actionlint:
runs-on: ubuntu-latest
permissions:
# needed for the checkout action
contents: read
# needed to annotate the files in a pull request with comments
pull-requests: write
steps:
# checkout the source code to analyze
- uses: actions/checkout@v4 # v4
# run the actionlinter, will fail on errors
- uses: devops-actions/actionlint@e7ee33fbf5aa8c9f9ee1145137f3e52e25d6a35b #v0.1.3If you want to pick up the results file and use its contents somewhere else, then use it as follows:
on:
push:
workflow_dispatch:
permissions:
contents: read
pull-requests: write
jobs:
job-1:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: devops-actions/actionlint@e7ee33fbf5aa8c9f9ee1145137f3e52e25d6a35b #v0.1.3
continue-on-error: true
id: action-lint
- uses: actions/upload-artifact@v4
with:
name: actionlint-results
path: ${{ steps.action-lint.outputs.results-file }}Error message: no project was found in any parent directories of ".". check workflows directory is put correctly in your Git repository
Solution: Add a uses: actions/checkout@v4 # v4 to your workflow file, so the repository can be analyzed
If you want to hide certain warnings from shellcheck, then you can use the directives as shown in their docs here:
# shellcheck disable=codeAnother option is to pass in extra shellcheck_opts for the warnings you want to skip:
steps:
- uses: actions/checkout@v4
- uses: devops-actions/actionlint@e7ee33fbf5aa8c9f9ee1145137f3e52e25d6a35b #v0.1.3
continue-on-error: true
id: action-lint
with:
shellcheck_opts: '-e SC2129'In some cases the directives are not picked up (might be depending on the shell it is checking. It can then help to add the shell: your-shell-here specification to your workflow file. I've seen this confusion happening with PowerShell code on a Windows based runner. Shellcheck was analyzing the script of the run step as if it where bash. The shell keyword was not needed for the workflow to run, as the default shell on the Windows runner was PowerShell already. Shellcheck cannot handle that. Specifying the keyword stopped the 'errors' from being reported.