Skip to content

Comments

chore(deps): actionlint v1.7.10#194

Merged
jbergstroem merged 1 commit intomainfrom
renovate/all-minor-patch
Jan 26, 2026
Merged

chore(deps): actionlint v1.7.10#194
jbergstroem merged 1 commit intomainfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 26, 2026

This PR contains the following updates:

Package Update Change
rhysd/actionlint patch 1.7.81.7.10

Release Notes

rhysd/actionlint (rhysd/actionlint)

v1.7.10

Compare Source

  • Support YAML anchors and aliases (&anchor and *anchor) in workflow files. In addition to parsing YAML anchors correctly, actionlint checks unused and undefined anchors. See the document for more details. (#​133, thanks @​srz-zumix for the initial implementation at #​568 and @​alexaandru for trying another approach at #​557)
    jobs:
      test:
        runs-on: ubuntu-latest
        services:
          nginx:
            image: nginx:latest
            credentials: &credentials
              username: ${{ secrets.user }}
              password: ${{ secrets.password }}
        steps:
          - run: ./download.sh
            # OK: Valid alias to &credentials
            env: *credentials
          - run: ./check.sh
            # ERROR: Undefined anchor 'credential'
            env: *credential
          - run: ./upload.sh
            # ERROR: Unused anchor 'credentials'
            env: &credentials
  • Remove support for *-xl macOS runner labels because they were dropped. (#​592, thanks @​muzimuzhi)
  • Remove support for the macOS 13 runner labels because they were dropped on Dec 4, 2025. (#​593, thanks @​muzimuzhi)
    • macos-13
    • macos-13-large
    • macos-13-xlarge
  • Increase the maximum number of inputs in the workflow_dispatch event from 10 to 25 because the limitation was recently relaxed. (#​598, thanks @​Haegi)
  • Support artifact-metadata permission for workflow permissions. (#​602, thanks @​martincostello)
  • Detect more complicated constants at if: conditions as error. See the rule document for more details.
  • Refactor the workflow parser with Go iterators. This slightly improves the performance and memory usage.
  • Fix parsing extra { and } characters in format string of format() function call. For example v1.7.9 didn't parse "{{0} {1} {2}}" correctly.
  • Detect an invalid value at type in workflow call inputs as error.
  • Report YAML merge key << as error because GitHub Actions doesn't support the syntax.
  • Check available contexts in expressions at jobs.<job_id>.snapshot.if.
    snapshot:
      image-name: my-custom-image
      # ERROR: `env` context is not allowed here
      if: ${{ env.USE_SNAPSHOT == 'true' }}
  • Fix the instruction to install actionlint with mise in the installation document. (#​591, thanks @​risu729)
  • Update the popular actions data set to the latest to include new major versions of the actions.

[Changes][v1.7.10]

v1.7.9

Compare Source

  • Add support for ubuntu-slim runner label. (#​585, thanks @​cestorer)
  • Check input deprecation in action by checking deprecationMessage property. Using a deprecated input is reported as error if it is not marked as required. See the document for more details. (#​580)
    - uses: reviewdog/action-actionlint@v1
      with:
        # ERROR: Using a deprecated input
        fail_on_error: true
  • Add support for the Custom images feature.
  • Report constant conditions at if: like if: true as error. Only very simple expressions like true or false are detected for now. See the document for more details.
  • Fix some invalid permissions are not reported as error in id-token and models scopes. (#​582, thanks @​holtkampjs)
  • Fix args and entrypoint inputs are not recognized at uses: when it's not a Docker action. (#​550)
  • Set correct column in source position of YAML parse error.
  • Fix credentials cannot be configured with ${{ }}. (#​590)
  • Improve messages in syntax errors on parsing steps (run: and uses:). Available keys suggestion is now more accurate and unexpected keys are detected more accurately.
  • Fix the order of errors can be non-deterministic when multiple errors are caused at the same source positions.
  • Improve error messages showing suggestions on detecting invalid permissions.
  • Add instruction for installing actionlint with mise package manager. (#​589, thanks @​jylenhof)
  • Fix outdated URLs in the document.
  • Add new actionlint.AllContexts map constant in Go API that contains the information about all context availability.
  • Update popular actions data set to the latest with several major versions of actions and the following new actions.
    • anthropics/claude-code-action
    • openai/codex-action
    • google-github-actions/run-gemini-cli
  • Add make cov task to easily generate a code coverage report.
  • Make installing the formula version of actionlint pacakge from tap of this repository with Homebrew a hard error. Install the cask version instead following the instruction in the error message.

[Changes][v1.7.9]


  • If you want to rebase/retry this PR, check this box

@jbergstroem jbergstroem merged commit e86a922 into main Jan 26, 2026
4 checks passed
@jbergstroem jbergstroem deleted the renovate/all-minor-patch branch January 26, 2026 12:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant