feat: diagnostics reporter and action improvements (#71)

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Ben Heidemann <ben@heidemann.dev>

Author: 3 people

AGENTS.md

@@ -5,7 +5,15 @@
 pnpm install
 ```
 
-## Schema Change Fix
+## Development Guidance
+### Generating Action Types
+From the root directory, run
+```
+pnpm generate-action-types
+```
+to correctly update action types.
+
+### Schema Change Fix
 1. When the schema (source: schemastore) changes, we want to update the types:
   ```bash
   pnpm generate-workflow-types
@@ -17,10 +25,10 @@ pnpm install
    Ensure Coverage remains at 100%. If not, create the necessary test(s) to keep it at 100%.
 
 3. Commit the change
-   a. The branch name should be of the format `chore/schema-update-YYMMDD` if the change only contains schema changes. If the branch contains more changes, use conventional commit and branch naming style.
-   b. The commit message should have the title format `chore: update types` if only schema changes else use conventional commit style.
-   c. You can add more detail to the commit message but be succint and concise.
-   d. Finally, the pre-commit script will run and ensure that workflow files are regenerated. 
+   1. The branch name should be of the format `chore/schema-update-YYMMDD` if the change only contains schema changes. If the branch contains more changes, use conventional commit and branch naming style.
+   2. The commit message should have the title format `chore: update types` if only schema changes else use conventional commit style.
+   3. You can add more detail to the commit message but be succint and concise.
+   4. Finally, the pre-commit script will run and ensure that workflow files are regenerated. 
 
 4. Create the pull request
    a. When you create the PR, be equally succinct and concise in the PR description.

CLAUDE.md

@@ -0,0 +1,24 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+**Note**: This project uses AGENTS.md files for detailed guidance. 
+
+## Primary Reference
+
+Please see `AGENTS.md` in this same directory for the main project documentation and guidance.
+
+## Additional Component-Specific Guidance
+
+For detailed module-specific implementation guides, also check for AGENTS.md files in subdirectories throughout the project.
+These component-specific AGENTS.md files contain targeted guidance for working with those particular areas of the codebase.
+
+## Updating AGENTS.md Files
+
+When you discover new information that would be helpful for future development work, please:
+
+- **Update existing AGENTS.md files** when you learn implementation details, debugging insights, or architectural patterns specific to that component
+- **Create new AGENTS.md files** in relevant directories when working with areas that don't yet have documentation
+- **Add valuable insights** such as common pitfalls, debugging techniques, dependency relationships, or implementation patterns
+
+This helps build a comprehensive knowledge base for the codebase over time.

README.md

@@ -321,6 +321,61 @@ If you want to change how github-actions-workflow-ts generates the yaml files, y
 | refs       | If true, convert duplicate objects into references in YAML                                                                                                                                                                     | `Boolean`       | false                                                                                                                                                                                                                             |
 | headerText | Replace the header text in generated YAML files with your own text. <br>If you want the source filename and path in the text, use `<source-file-path>` in<br>the text and it will be replaced with the path to the source-file.  | `Array<string>` | # ----DO-NOT-MODIFY-THIS-FILE----<br># This file was automatically generated by github-actions-workflow-ts. <br># Instead, modify `<source-file-path>`<br># ----DO-NOT-MODIFY-THIS-FILE---- |
 | dumpOptions | Options for the dump function of js-yaml. See [all the options here](https://github.com/nodeca/js-yaml#dump-object---options-)                                                                                                 | Record <string, any> | Uses the default options                                                                                                                                                                                                  |
+| diagnostics | Configure diagnostic warnings emitted during build. See [Diagnostics Configuration](#diagnostics-configuration) below.                                                                                                         | `Object` | undefined |
+
+</details>
+
+### Diagnostics Configuration
+When using `@github-actions-workflow-ts/actions`, the CLI emits warnings for version mismatches (e.g., using `actions/checkout@v3` with `ActionsCheckoutV4`). You can configure these diagnostics in `wac.config.json`:
+
+<details><summary>See diagnostics options</summary>
+
+```json
+{
+  "diagnostics": {
+    "rules": {
+      "action-version-unverifiable": "off",
+      "action-version-semver-violation": {
+        "severity": "warn",
+        "exclude": ["actions/checkout@*"]
+      }
+    }
+  }
+}
+```
+
+**Diagnostic Codes:**
+- `action-version-unverifiable`: When the action version cannot be verified (non-semver ref or different repo)
+- `action-version-semver-violation`: When the action version doesn't satisfy the expected semver constraint
+
+**Severity Levels:**
+- `"off"`: Suppress the diagnostic entirely
+- `"warn"`: Emit as a warning (default)
+- `"error"`: Upgrade to an error
+
+**Exclude Patterns:**
+Use `exclude` to suppress warnings for specific actions. Supports wildcards:
+- `"actions/checkout@v3"` - exact match
+- `"actions/checkout@*"` - matches any version of actions/checkout
+- `"actions/*"` - matches all actions from the `actions` org
+
+**In-Code Suppression:**
+You can also suppress warnings directly in code using `suppressWarnings` prop or `Diagnostics.suppress()`:
+
+```typescript
+// Using suppressWarnings prop
+new ActionsCheckoutV4({
+  uses: 'actions/checkout@v3',
+  suppressWarnings: ['action-version-semver-violation'],
+})
+
+// Using Diagnostics.suppress()
+new ActionsCheckoutV4({
+  uses: Diagnostics.suppress('actions/checkout@v3', 'action-version-semver-violation'),
+})
+```
+
+See the [Typed Actions documentation](./packages/actions/README.md) for more details.
 
 </details>
 

package.json

@@ -1,4 +1,4 @@
- {
+{
   "name": "github-actions-workflow-ts-monorepo",
   "private": true,
   "description": "Generate GitHub Actions workflow files using TypeScript",

packages/actions/README.md

@@ -18,7 +18,7 @@ import { ActionsCheckoutV4, ActionsSetupNodeV4 } from '@github-actions-workflow-
 
 const checkout = new ActionsCheckoutV4({
   name: 'Checkout code',
-  // fields are validated and typed with descriptions 
+  // fields are validated and typed with descriptions
   with: {
     'fetch-depth': 0,
   },
@@ -51,31 +51,147 @@ const job = new NormalJob('build', { 'runs-on': 'ubuntu-latest' })
   .addStep(setupNode)
 ```
 
+## Version Validation & Diagnostics
+
+When using typed actions, the CLI validates that the action version you specify matches the expected version. For example, if you use `ActionsCheckoutV4` but override the `uses` field to `actions/checkout@v3`, a warning will be emitted during build.
+
+### Diagnostic Codes
+
+| Code | Description |
+|------|-------------|
+| `action-version-unverifiable` | The action version cannot be verified because the git ref is not a valid semver (e.g., `@main`, `@feature-branch`) or the repository doesn't match |
+| `action-version-semver-violation` | The action version doesn't satisfy the expected semver constraint (e.g., using `@v3` with a `V4` typed action) |
+
+### Configuring Diagnostics
+
+You can configure how these diagnostics are handled in your `wac.config.json`:
+
+```json
+{
+  "diagnostics": {
+    "rules": {
+      "action-version-unverifiable": "off",
+      "action-version-semver-violation": "error"
+    }
+  }
+}
+```
+
+#### Severity Levels
+
+- `"off"` - Suppress the diagnostic entirely
+- `"warn"` - Emit as a warning (default behavior)
+- `"error"` - Upgrade to an error
+
+#### Advanced: Per-Action Rules
+
+You can suppress diagnostics for specific actions while keeping them enabled for others:
+
+```json
+{
+  "diagnostics": {
+    "rules": {
+      "action-version-semver-violation": {
+        "severity": "error",
+        "exclude": [
+          "actions/checkout@*",
+          "actions/setup-node@v3"
+        ]
+      }
+    }
+  }
+}
+```
+
+The `exclude` array supports patterns:
+- Exact match: `"actions/checkout@v3"`
+- Wildcard version: `"actions/checkout@*"` (matches any version)
+- Wildcard repo: `"actions/*"` (matches all actions from an org)
+
+### Example: Intentionally Using an Older Version
+
+If you need to use an older action version for compatibility reasons, you can suppress the warning in two ways:
+
+#### Option 1: In-Code Suppression with `suppressWarnings` prop
+
+```typescript
+import { ActionsCheckoutV4 } from '@github-actions-workflow-ts/actions'
+
+const checkout = new ActionsCheckoutV4({
+  name: 'Checkout',
+  uses: 'actions/checkout@v3',
+  suppressWarnings: ['action-version-semver-violation'],
+})
+```
+
+#### Option 2: In-Code Suppression with `Diagnostics.suppress()`
+
+```typescript
+import { ActionsCheckoutV4 } from '@github-actions-workflow-ts/actions'
+import { Diagnostics } from '@github-actions-workflow-ts/lib'
+
+const checkout = new ActionsCheckoutV4({
+  name: 'Checkout',
+  uses: Diagnostics.suppress(
+    'actions/checkout@v3',
+    'action-version-semver-violation',
+    'Using v3 for legacy compatibility' // optional reason
+  ),
+})
+```
+
+You can also suppress multiple codes:
+
+```typescript
+const checkout = new ActionsCheckoutV4({
+  uses: Diagnostics.suppress(
+    'actions/checkout@v3',
+    ['action-version-semver-violation', 'action-version-unverifiable'],
+  ),
+})
+```
+
+#### Option 3: Configuration-based Suppression
+
+Add to `wac.config.json`:
+
+```json
+{
+  "diagnostics": {
+    "rules": {
+      "action-version-semver-violation": {
+        "exclude": ["actions/checkout@v3"]
+      }
+    }
+  }
+}
+```
+
 ## Available Actions
 
 <!-- GENERATED-ACTIONS-TABLE:START -->
-| Action | Versions | Links |
-|--------|----------|-------|
-| actions/cache | `ActionsCacheV3`, `ActionsCacheV4` | [GitHub](https://github.com/actions/cache) · [Marketplace](https://github.com/marketplace/actions/cache) |
-| actions/checkout | `ActionsCheckoutV3`, `ActionsCheckoutV4`, `ActionsCheckoutV5`, `ActionsCheckoutV6` | [GitHub](https://github.com/actions/checkout) · [Marketplace](https://github.com/marketplace/actions/checkout) |
-| actions/download-artifact | `ActionsDownloadArtifactV3`, `ActionsDownloadArtifactV4` | [GitHub](https://github.com/actions/download-artifact) · [Marketplace](https://github.com/marketplace/actions/download-artifact) |
-| actions/github-script | `ActionsGithubScriptV6`, `ActionsGithubScriptV7`, `ActionsGithubScriptV8` | [GitHub](https://github.com/actions/github-script) · [Marketplace](https://github.com/marketplace/actions/github-script) |
-| actions/setup-node | `ActionsSetupNodeV3`, `ActionsSetupNodeV4` | [GitHub](https://github.com/actions/setup-node) · [Marketplace](https://github.com/marketplace/actions/setup-node) |
-| actions/setup-python | `ActionsSetupPythonV4`, `ActionsSetupPythonV5` | [GitHub](https://github.com/actions/setup-python) · [Marketplace](https://github.com/marketplace/actions/setup-python) |
-| actions/upload-artifact | `ActionsUploadArtifactV3`, `ActionsUploadArtifactV4` | [GitHub](https://github.com/actions/upload-artifact) · [Marketplace](https://github.com/marketplace/actions/upload-artifact) |
-| aws-actions/amazon-ecr-login | `AwsActionsAmazonEcrLoginV2` | [GitHub](https://github.com/aws-actions/amazon-ecr-login) · [Marketplace](https://github.com/marketplace/actions/amazon-ecr-login) |
-| aws-actions/amazon-ecs-deploy-task-definition | `AwsActionsAmazonEcsDeployTaskDefinitionV2` | [GitHub](https://github.com/aws-actions/amazon-ecs-deploy-task-definition) · [Marketplace](https://github.com/marketplace/actions/amazon-ecs-deploy-task-definition) |
-| aws-actions/amazon-ecs-render-task-definition | `AwsActionsAmazonEcsRenderTaskDefinitionV1` | [GitHub](https://github.com/aws-actions/amazon-ecs-render-task-definition) · [Marketplace](https://github.com/marketplace/actions/amazon-ecs-render-task-definition) |
-| aws-actions/aws-cloudformation-github-deploy | `AwsActionsAwsCloudformationGithubDeployV1` | [GitHub](https://github.com/aws-actions/aws-cloudformation-github-deploy) · [Marketplace](https://github.com/marketplace/actions/aws-cloudformation-github-deploy) |
-| aws-actions/aws-codebuild-run-build | `AwsActionsAwsCodebuildRunBuildV1` | [GitHub](https://github.com/aws-actions/aws-codebuild-run-build) · [Marketplace](https://github.com/marketplace/actions/aws-codebuild-run-build) |
-| aws-actions/configure-aws-credentials | `AwsActionsConfigureAwsCredentialsV3`, `AwsActionsConfigureAwsCredentialsV4`, `AwsActionsConfigureAwsCredentialsV5` | [GitHub](https://github.com/aws-actions/configure-aws-credentials) · [Marketplace](https://github.com/marketplace/actions/configure-aws-credentials) |
-| docker/build-push-action | `DockerBuildPushActionV5`, `DockerBuildPushActionV6` | [GitHub](https://github.com/docker/build-push-action) · [Marketplace](https://github.com/marketplace/actions/build-push-action) |
-| docker/login-action | `DockerLoginActionV2`, `DockerLoginActionV3` | [GitHub](https://github.com/docker/login-action) · [Marketplace](https://github.com/marketplace/actions/login-action) |
-| docker/setup-buildx-action | `DockerSetupBuildxActionV2`, `DockerSetupBuildxActionV3` | [GitHub](https://github.com/docker/setup-buildx-action) · [Marketplace](https://github.com/marketplace/actions/setup-buildx-action) |
-| github/codeql-action | `GithubCodeqlActionV2`, `GithubCodeqlActionV3` | [GitHub](https://github.com/github/codeql-action) · [Marketplace](https://github.com/marketplace/actions/codeql-action) |
-| peaceiris/actions-gh-pages | `PeaceirisActionsGhPagesV3`, `PeaceirisActionsGhPagesV4` | [GitHub](https://github.com/peaceiris/actions-gh-pages) · [Marketplace](https://github.com/marketplace/actions/actions-gh-pages) |
-| release-drafter/release-drafter | `ReleaseDrafterReleaseDrafterV6` | [GitHub](https://github.com/release-drafter/release-drafter) · [Marketplace](https://github.com/marketplace/actions/release-drafter) |
-| softprops/action-gh-release | `SoftpropsActionGhReleaseV1`, `SoftpropsActionGhReleaseV2` | [GitHub](https://github.com/softprops/action-gh-release) · [Marketplace](https://github.com/marketplace/actions/action-gh-release) |
+| Action | Versions | GitHub |
+|--------|----------|--------|
+| actions/cache | `ActionsCacheV3`, `ActionsCacheV4` | [GitHub](https://github.com/actions/cache) |
+| actions/checkout | `ActionsCheckoutV3`, `ActionsCheckoutV4`, `ActionsCheckoutV5`, `ActionsCheckoutV6` | [GitHub](https://github.com/actions/checkout) |
+| actions/download-artifact | `ActionsDownloadArtifactV3`, `ActionsDownloadArtifactV4` | [GitHub](https://github.com/actions/download-artifact) |
+| actions/github-script | `ActionsGithubScriptV6`, `ActionsGithubScriptV7`, `ActionsGithubScriptV8` | [GitHub](https://github.com/actions/github-script) |
+| actions/setup-node | `ActionsSetupNodeV3`, `ActionsSetupNodeV4` | [GitHub](https://github.com/actions/setup-node) |
+| actions/setup-python | `ActionsSetupPythonV4`, `ActionsSetupPythonV5` | [GitHub](https://github.com/actions/setup-python) |
+| actions/upload-artifact | `ActionsUploadArtifactV3`, `ActionsUploadArtifactV4` | [GitHub](https://github.com/actions/upload-artifact) |
+| aws-actions/amazon-ecr-login | `AwsActionsAmazonEcrLoginV2` | [GitHub](https://github.com/aws-actions/amazon-ecr-login) |
+| aws-actions/amazon-ecs-deploy-task-definition | `AwsActionsAmazonEcsDeployTaskDefinitionV2` | [GitHub](https://github.com/aws-actions/amazon-ecs-deploy-task-definition) |
+| aws-actions/amazon-ecs-render-task-definition | `AwsActionsAmazonEcsRenderTaskDefinitionV1` | [GitHub](https://github.com/aws-actions/amazon-ecs-render-task-definition) |
+| aws-actions/aws-cloudformation-github-deploy | `AwsActionsAwsCloudformationGithubDeployV1` | [GitHub](https://github.com/aws-actions/aws-cloudformation-github-deploy) |
+| aws-actions/aws-codebuild-run-build | `AwsActionsAwsCodebuildRunBuildV1` | [GitHub](https://github.com/aws-actions/aws-codebuild-run-build) |
+| aws-actions/configure-aws-credentials | `AwsActionsConfigureAwsCredentialsV3`, `AwsActionsConfigureAwsCredentialsV4`, `AwsActionsConfigureAwsCredentialsV5` | [GitHub](https://github.com/aws-actions/configure-aws-credentials) |
+| docker/build-push-action | `DockerBuildPushActionV5`, `DockerBuildPushActionV6` | [GitHub](https://github.com/docker/build-push-action) |
+| docker/login-action | `DockerLoginActionV2`, `DockerLoginActionV3` | [GitHub](https://github.com/docker/login-action) |
+| docker/setup-buildx-action | `DockerSetupBuildxActionV2`, `DockerSetupBuildxActionV3` | [GitHub](https://github.com/docker/setup-buildx-action) |
+| github/codeql-action | `GithubCodeqlActionV2`, `GithubCodeqlActionV3` | [GitHub](https://github.com/github/codeql-action) |
+| peaceiris/actions-gh-pages | `PeaceirisActionsGhPagesV3`, `PeaceirisActionsGhPagesV4` | [GitHub](https://github.com/peaceiris/actions-gh-pages) |
+| release-drafter/release-drafter | `ReleaseDrafterReleaseDrafterV6` | [GitHub](https://github.com/release-drafter/release-drafter) |
+| softprops/action-gh-release | `SoftpropsActionGhReleaseV1`, `SoftpropsActionGhReleaseV2` | [GitHub](https://github.com/softprops/action-gh-release) |
 <!-- GENERATED-ACTIONS-TABLE:END -->
 
 # Development