Use YAML anchors for common patterns in workflows

.github/workflows/build.yml

@@ -13,7 +13,8 @@
     name: Bazel, Linux, Swift 6.2 # pre-installed
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - &checkout-step
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
       - uses: ./.github/actions/bazel-linux-build
@@ -40,9 +41,7 @@
             version: '6.2'
     container: ${{ matrix.image }}
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+      - *checkout-step
       - name: Build plugins
         uses: ./.github/actions/run-make
         with:

.github/workflows/docker.yml

@@ -25,29 +25,29 @@
       docker-tag: ${{ steps.vars.outputs.docker-tag }}
       repository-lc: ${{ steps.vars.outputs.repository-lc }}
     steps:
-    - name: Define variables
-      id: vars
-      run: |
-        if [[ "${{ github.event_name }}" == "push" ]]; then
-          {
-            echo "checkout-ref=main"
-            echo "docker-tag=latest"
-          } >> "$GITHUB_OUTPUT"
-        elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
-          {
-            echo "checkout-ref=pr"
-            echo "docker-tag=pr-${{ github.event.pull_request.number }}"
-          } >> "$GITHUB_OUTPUT"
-        else
-          {
-            echo "checkout-ref=${INPUTS_TAG}"
-            echo "docker-tag=${INPUTS_TAG}"
-          } >> "$GITHUB_OUTPUT"
-        fi
-        echo "repository-lc=${REPOSITORY,,}" >> "$GITHUB_OUTPUT"
-      env:
-        REPOSITORY: ${{ github.repository }}
-        INPUTS_TAG: ${{ inputs.tag }}
+      - name: Define variables
+        id: vars
+        run: |
+          if [[ "${{ github.event_name }}" == "push" ]]; then
+            {
+              echo "checkout-ref=main"
+              echo "docker-tag=latest"
+            } >> "$GITHUB_OUTPUT"
+          elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
+            {
+              echo "checkout-ref=pr"
+              echo "docker-tag=pr-${{ github.event.pull_request.number }}"
+            } >> "$GITHUB_OUTPUT"
+          else
+            {
+              echo "checkout-ref=${INPUTS_TAG}"
+              echo "docker-tag=${INPUTS_TAG}"
+            } >> "$GITHUB_OUTPUT"
+          fi
+          echo "repository-lc=${REPOSITORY,,}" >> "$GITHUB_OUTPUT"
+        env:
+          REPOSITORY: ${{ github.repository }}
+          INPUTS_TAG: ${{ inputs.tag }}
 
   build-amd64:
     name: Build AMD64 Image
@@ -57,19 +57,21 @@
       packages: write
     needs: set-context
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      if: needs.set-context.outputs.checkout-ref == 'pr'
-      with:
-        persist-credentials: false
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      if: needs.set-context.outputs.checkout-ref != 'pr'
-      with:
-        ref: ${{ needs.set-context.outputs.checkout-ref }}
-        persist-credentials: false
-    - uses: ./.github/actions/docker-build
-      with:
-        platform: amd64
-        token: ${{ secrets.GITHUB_TOKEN }}
+      - &checkout-step-pr
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        if: needs.set-context.outputs.checkout-ref == 'pr'
+        with:
+          persist-credentials: false
+      - &checkout-step-ref
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        if: needs.set-context.outputs.checkout-ref != 'pr'
+        with:
+          ref: ${{ needs.set-context.outputs.checkout-ref }}
+          persist-credentials: false
+      - uses: ./.github/actions/docker-build
+        with:
+          platform: amd64
+          token: ${{ secrets.GITHUB_TOKEN }}
 
   build-arm64:
     name: Build ARM64 Image
@@ -79,19 +81,12 @@
       packages: write
     needs: set-context
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      if: needs.set-context.outputs.checkout-ref == 'pr'
-      with:
-        persist-credentials: false
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      if: needs.set-context.outputs.checkout-ref != 'pr'
-      with:
-        ref: ${{ needs.set-context.outputs.checkout-ref }}
-        persist-credentials: false
-    - uses: ./.github/actions/docker-build
-      with:
-        platform: arm64
-        token: ${{ secrets.GITHUB_TOKEN }}
+      - *checkout-step-pr
+      - *checkout-step-ref
+      - uses: ./.github/actions/docker-build
+        with:
+          platform: arm64
+          token: ${{ secrets.GITHUB_TOKEN }}
 
   merge:
     name: Create Multi-Platform Image
@@ -103,23 +98,23 @@
       - build-amd64
       - build-arm64
     steps:
-    - name: Download digests
-      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
-      with:
-        path: /tmp/digests
-        pattern: digests-*
-        merge-multiple: true
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-    - name: Login to GitHub registry
-      uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-      with:
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-        registry: ghcr.io
-    - name: Create manifest list and push
-      working-directory: /tmp/digests
-      run: >-
-        docker buildx imagetools create
-        -t "ghcr.io/${{ needs.set-context.outputs.repository-lc }}:${{ needs.set-context.outputs.docker-tag }}"
-        $(printf 'ghcr.io/${{ needs.set-context.outputs.repository-lc }}@sha256:%s ' *)
+      - name: Download digests
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        with:
+          path: /tmp/digests
+          pattern: digests-*
+          merge-multiple: true
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - name: Login to GitHub registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          registry: ghcr.io
+      - name: Create manifest list and push
+        working-directory: /tmp/digests
+        run: >-
+          docker buildx imagetools create
+          -t "ghcr.io/${{ needs.set-context.outputs.repository-lc }}:${{ needs.set-context.outputs.docker-tag }}"
+          $(printf 'ghcr.io/${{ needs.set-context.outputs.repository-lc }}@sha256:%s ' *)

.github/workflows/lint.yml

@@ -12,7 +12,8 @@
     name: Swift
     runs-on: ubuntu-24.04 # "Noble Numbat"
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - &checkout-step
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
       - uses: ./.github/actions/bazel-linux-build
@@ -25,9 +26,7 @@
     name: Markdown
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+      - *checkout-step
       - name: Lint
         uses: DavidAnson/markdownlint-cli2-action@992badcdf24e3b8eb7e87ff9287fe931bcb00c6e # v20.0.0
         with:
@@ -39,9 +38,7 @@
     name: Actions
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+      - *checkout-step
       - name: Register problem matcher
         run: |
           curl -sSL https://raw.githubusercontent.com/rhysd/actionlint/main/.github/actionlint-matcher.json > actionlint-matcher.json

.github/workflows/plugins-sync.yml

@@ -16,8 +16,7 @@ jobs:
     name: Sync Plugins Folder
     runs-on: ubuntu-24.04
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
       - name: Run file sync

.github/workflows/post-release.yml

@@ -48,7 +48,8 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - &checkout-step
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           ref: ${{ github.event.release.tag_name }}
           persist-credentials: false
@@ -65,11 +66,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          ref: ${{ github.event.release.tag_name }}
-          persist-credentials: false
+      - *checkout-step
       - name: Parse checksum
         id: parse_checksum
         run: echo "checksum=$(grep -o '[a-fA-F0-9]\{64\}' Package.swift)" >> "$GITHUB_OUTPUT"

.github/workflows/release.yml

@@ -33,8 +33,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: true
       - name: Checkout or create release branch
@@ -68,8 +67,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
       - name: Set up Ruby and Bundler
@@ -102,20 +100,24 @@ jobs:
             artifact_name: swiftlint-linux-arm64
     permissions:
       contents: read
+    env:
+      BINARY_PATH: .build/release/swiftlint
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - &checkout-release-branch
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           ref: ${{ env.RELEASE_BRANCH }}
           persist-credentials: false
       - name: Install dependencies
         run: sudo apt-get install -y libcurl4-openssl-dev libxml2-dev
       - name: Build binary
         run: make --debug spm_linux_build
-      - name: Upload binary
+      - &upload-artifact
+        name: Upload binary
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: ${{ matrix.artifact_name }}
-          path: .build/release/swiftlint
+          path: ${{ env.BINARY_PATH }}
 
   build-static-linux:
     name: Build Static Linux ${{ matrix.arch }} Binary
@@ -138,10 +140,7 @@ jobs:
     env:
       BINARY_PATH: .build/${{ matrix.swift_sdk }}/release/swiftlint
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          ref: ${{ env.RELEASE_BRANCH }}
-          persist-credentials: false
+      - *checkout-release-branch
       - name: Install SDK
         run: swift sdk install https://download.swift.org/swift-6.2-release/static-sdk/swift-6.2-RELEASE/swift-6.2-RELEASE_static-linux-0.0.1.artifactbundle.tar.gz --checksum d2225840e592389ca517bbf71652f7003dbf45ac35d1e57d98b9250368769378
       - name: Build static binary
@@ -154,11 +153,7 @@ jobs:
             -Xlinker -z -Xlinker stack-size=0x80000 # 512KiB
       - name: Strip binary
         run: strip -s "$BINARY_PATH"
-      - name: Upload artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: ${{ matrix.artifact_name }}
-          path: ${{ env.BINARY_PATH }}
+      - *upload-artifact
 
   build-macos:
     name: Build macOS Binaries
@@ -167,10 +162,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          ref: ${{ env.RELEASE_BRANCH }}
-          persist-credentials: false
+      - *checkout-release-branch
       - name: Build SwiftLint for macOS
         run: make --debug bazel_release
       - name: Upload build artifacts

.github/workflows/stale-issues.yml

@@ -10,10 +10,9 @@ permissions:
 
 jobs:
   close-stale-issues:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
       - name: Mark or close stale issues

.github/workflows/test.yml

@@ -17,7 +17,8 @@ jobs:
     runs-on: ubuntu-24.04
     container: swift:6.2-noble
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - &checkout-step
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
       - name: Get Swift version
@@ -48,9 +49,7 @@ jobs:
     env:
       DEVELOPER_DIR: /Applications/Xcode_${{ matrix.xcode }}.app
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+      - *checkout-step
       - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           key: ${{ runner.os }}-xcode-spm-${{ matrix.xcode }}-${{ hashFiles('Package.resolved', 'Package.swift') }}