- actionlint focuses on detecting mistakes. Feature requests and patches for checks that enforces code style or some conventions are generally not accepted.
- actionlint tries to keep the configuration as minimal as possible. Feature requests and patches for checks that require user configurations are generally not accepted.
These are important to keep actionlint useful and convenient for everyone. I believe that no one wants to create and maintain a heavy configuration file just for linting CI workflows.
It's helpful to check if a similar patch has been rejected in the past before submitting it.
To report a bug, please submit a new ticket on GitHub. It's helpful to search similar tickets before making it.
https://github.com/rhysd/actionlint/issues/new
Providing a reproducible workflow content is much appreciated. If only a small snippet of workflow is provided or no input is provided at all, such issue tickets may get lower priority because they are occasionally time consuming to investigate.
Thank you for taking your time to improve this project. To send a patch, please submit a new pull request on GitHub.
https://github.com/rhysd/actionlint/pulls
Before submitting your PR, please ensure the following points:
- Confirm build/tests/lints passed. How to run them is described in the following sections.
- If you added a new feature, consider to add tests and explain it in the usage document.
- If you added a new public API, consider to add tests and a doc comment for the API.
- If you updated the checks document, ensure to run the maintenance script.
Special thanks to the native English speakers for proofreading the documentation and error messages, as the author is not proficient in English.
make (3.81 or later) is useful to run each tasks and reduce redundant builds/tests.
go build ./cmd/actionlint
./actionlint -hor
make buildmake build generates some sources with go generate. When you want to avoid it, add SKIP_GO_GENERATE=1 to make arguments.
Since actionlint doesn't use any cgo features, setting CGO_ENABLED=0 environment variable is recommended to avoid troubles
around linking libc. make build does this by default.
go testor
make teststaticcheck is used to lint Go sources.
staticcheck ./...or
make lintFuzz tests use go-fuzz. Install go-fuzz and go-fuzz-build in your system.
Since there are multiple fuzzing targets, -func argument is necessary. Specify a target which you want to run.
# Create first corpus
go-fuzz-build ./fuzz
# Run fuzzer
go-fuzz -bin ./actionlint_fuzz-fuzz.zip -func FuzzParseor
make fuzz FUZZ_FUNC=FuzzParseWhen releasing v1.2.3 as example:
- Ensure all changes were already pushed to remote by checking
git push origin masteroutputsEverything up-to-date - Run
bash ./scripts/bump-version.bash 1.2.3 - Wait until the CI release job completes successfully:
- GoReleaser builds release binaries and make pre-release at GitHub and updates Homebrew formula
- The CI job also updates version string in
./scripts/download-actionlint.bash
- Open the pre-release at release page with browser
- Write up release notes, uncheck pre-release checkbox and publish the new release
- Run
make CHANGELOG.mdto update CHANGELOG.md and make a commit for the change. This step requires changelog-from-release. - Run
git pullto merge upstream changes to localmainbranch and rungit push origin main - Update the playground by
./playground/deploy.bashif it is not updated yet for the release
actionlint.1 manual is generated from actionlint.1.ronn by ronn.
ronn ./man/actionlint.1.ronnor
make manVisit playground/README.md.
Run deploy.bash at root of repository. It does:
- Ensure to install dependencies and to build
main.wasm - Copy all assets to
./playground-distdirectory - Optimize
main.wasmwithwasm-optwhich is a part of Binaryen toolchain - Switch branch to
gh-pages - Move all files in
./playground-distto root of repository and add to repository - Make commit for deployment
# Prepare deployment
bash ./playground/deploy.bash
# Check it works fine by visiting localhost:1234
npm run serve
# If it looks good, deploy it
git pushNote: SKIP_BUILD_WASM environment variable can skip building main.wasm binary. Please set it when the Wasm binary
doesn't need to be updated. It is important to avoid bloating a repository size by including a big Wasm binary in a
commit.
SKIP_BUILD_WASM=true bash ./playground/deploy.bashSome files are generated by scripts in scripts/ directory. These files are kept up-to-date by CI workflows.
popular_actions.go is a data set of metadata of popular actions hosted on GitHub. It is generated
automatically with go generate. The command runs generate-popular-actions script.
The script also can detect new major releases of popular actions on GitHub by giving -d flag.
The generate CI workflow weekly runs to detect new major releases and update
popular_actions.go. Runs can be found here.
all_webhooks.go is a table all webhooks supported by GitHub Actions to trigger workflows. Note that
not all webhooks are supported by GitHub Actions.
It is generated automatically with go generate running generate-webhook-events script.
It fetches events-that-trigger-workflows.md,
parses the markdown document, and extracts webhook names and their types. For more details, see
README.md at the script directory.
Updating all_webhooks.go is run weekly on CI by generate workflow.
actionlint-matcher.json is a matcher configuration to extract error annotations from outputs
of actionlint command. See the document for its usage.
The regular expression is complicated because it can matches to outputs which contain ANSI color escape sequences. So the JSON file is not modified manually.
It is generated by generate-actionlint-matcher script. See the README.md file for the
usage of the script and how to run the tests for it.
availability.go is a table for conversion from workflow key (like jobs.<job_id>.if) to availability of
contexts and special functions. GitHub Actions limits contexts and functions in certain places. For example:
- limited workflow keys can access
secretscontext jobs.<job_id>.ifandjobs.<job_id>.steps.ifcan usealways()function.
availability.go is generated from the contexts document
using generate-availability script. It is run through go generate in rule_expression.go.
See the readme of the script for the usage of the script.
Update for availability.go is run weekly on CI by generate workflow.
All tests are automated.
- Unit tests are implemented in
*_test.gofiles for testing the corresponding APIs. Test data for unit tests are put intestdata/directory. - UI tests based on matching to error messages are implemented in
linter_test.goand all test data are stored intestdata/directory.testdata/examples/contains tests for all examples in 'Checks' document.*.yamlfiles are an input workflow and*.outfiles are expected error messages.testdata/ok/contains 'OK' tests. All workflow files in this directory should cause no errors.testdata/err/contains 'Error' tests. Each*.yamlfiles are workflow inputs and corresponding*.outfiles are expected error messages (one error per line).testdata/projects/contains 'Project' tests. Each directories represent a single project (meaning a repository on GitHub). Corresponding*.outfiles are expected error messages. Empty*.outfile means the test case should cause no errors. 'Project' test is used for use cases where multiple files are related (reusable workflows, local actions, config files, ...).
The 'Checks' document is a large document to explain all checks by actionlint.
This document is maintained with check-checks script. This script automatically updates
the code blocks after Output: and the Playground links. This script should be run after modifying the document.
Please see the readme of the script for the usage and knowing the details of the document format that this script assumes.