To report a bug, please submit a new ticket on GitHub. It's helpful to search similar tickets before making it.
https://github.com/rhysd/actionlint/issues/new
Providing a reproducible workflow content is much appreciated. If only a small snippet of workflow is provided or no input is provided at all, such issue tickets may get lower priority since they are occasionally time consuming to investigate.
Thank you for taking your time to improve this project. To send a patch, please submit a new pull request on GitHub. It's helpful to check if a similar patch was rejected in the past before making it. actionlint focuses on detecting mistakes so adding rules related to styles or conventions is basically not accepted.
https://github.com/rhysd/actionlint/pulls
Before submitting your PR, please ensure the following points:
- Confirm build/tests/lints passed. How to run them is described in the following sections.
- If you added a new feature, consider to add tests and explain it in the usage document.
- If you added a new public API, consider to add tests and a doc comment for the API.
make (3.81 or later) is useful to run each tasks and reduce redundant builds/tests.
go build ./cmd/actionlint
./actionlint -hor
make buildmake build generates some sources with go generate. When you want to avoid it, add SKIP_GO_GENERATE=1 to make arguments.
Since actionlint doesn't use any cgo features, setting CGO_ENABLED=0 environment variable is recommended to avoid troubles
around linking libc. make build does this by default.
go testor
make teststaticcheck is used to lint Go sources.
staticcheck ./...or
make lintFuzz tests use go-fuzz. Install go-fuzz and go-fuzz-build in your system.
Since there are multiple fuzzing targets, -func argument is necessary. Specify a target which you want to run.
# Create first corpus
go-fuzz-build ./fuzz
# Run fuzzer
go-fuzz -bin ./actionlint_fuzz-fuzz.zip -func FuzzParseor
make fuzz FUZZ_FUNC=FuzzParseWhen releasing v1.2.3 as example:
- Ensure all changes were already pushed to remote by checking
git push origin masteroutputsEverything up-to-date - Run
bash ./scripts/bump-version.bash 1.2.3 - Wait until the CI release job completes successfully:
- GoReleaser builds release binaries and make pre-release at GitHub and updates Homebrew formula
- The CI job also updates version string in
./scripts/download-actionlint.bash
- Open the pre-release at release page with browser
- Write up release notes, uncheck pre-release checkbox and publish the new release
- Run
changelog-from-release > CHANGELOG.mdlocally to update CHANGELOG.md and make a commit for the change - Run
git pullto merge upstream changes to localmainbranch and rungit push origin main - Update the playground by
./playground/deploy.bashif it is not updated yet for the release
actionlint.1 manual is generated from actionlint.1.ronn by ronn.
ronn ./man/actionlint.1.ronnor
make ./man/actionlint.1Visit playground/README.md.
Run deploy.bash at root of repository. It does:
- Ensure to install dependencies and to build
main.wasm - Copy all assets to
./playground-distdirectory - Optimize
main.wasmwithwasm-optwhich is a part of Binaryen toolchain - Switch branch to
gh-pages - Move all files in
./playground-distto root of repository and add to repository - Make commit for deployment
# Prepare deployment
bash ./playground/deploy.bash
# Check it works fine by visiting localhost:1234
npm run serve
# If it looks good, deploy it
git pushpopular_actions.go is generated automatically with go generate. The command runs
generate-popular-actions script.
The script also can detect new releases of popular actions on GitHub by giving -d flag.
Detecting new release and updating popular_actions.go are run weekly on CI by generate
workflow. Runs can be checked here.
all_webhooks.go is a table all webhooks supported by GitHub Actions to trigger workflows. Note that
not all webhooks are supported by GitHub Actions.
It is generated automatically with go generate. The command runs generate-webhook-events
script.
It fetches events-that-trigger-workflows.md,
parses the markdown document, and extracts webhook names and their types. For more details, see
README.md at the script.
Updating all_webhooks.go is run weekly on CI by generate workflow.
actionlint-matcher.json is a matcher configuration to extract error annotations from outputs
of actionlint command. See the document for its usage.
The regular expression is complicated because it can matches to outputs which contain ANSI color escape sequences. So the JSON file is not modified manually.
It is generated by generate-actionlint-matcher script. See the README.md file for the
usage of the script and how to run the tests for it.
availability.go is a table for conversion from workflow key (like jobs.<job_id>.if) to availability of
contexts and special functions. GitHub Actions limits contexts and functions in certain places. For example:
- limited workflow keys can access
secretscontext jobs.<job_id>.ifandjobs.<job_id>.steps.ifcan usealways()function.
availability.go is generated from the contexts document
using generate-availability script. It is run through go generate in rule_expression.go.
See the readme of the script for the usage of the script.
Update for availability.go is run weekly on CI by generate workflow.
- All examples in 'Checks' document are put in the examples directory and tested in
linter_test.go. - I cloned GitHub top 1000 repositories and extracted 1400+ workflow files. And I tried actionlint with the collected workflow files. All bugs found while the trial were fixed and I confirmed no more false positives.