Skip to content

v1.7.4

Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 04 Nov 11:05
· 35 commits to main since this release
  • Disallow the usage of popular actions that run on node16 runner. The node16 runner will reach the end of life on November 12.
    • In case of the error, please update your actions to the latest version so that they run on the latest node20 runner.
    • If you're using self-hosted runner and you cannot upgrade your runner to node20 soon, please consider to ignore the error by the paths configuration described below.
    • If you're using actions/upload-artifact@v3 and actions/download-artifact@v3 on GHES, please replace them with actions/upload-artifact@v3-node20 and actions/download-artifact@v3-node20. (#468)
  • Provide the configuration for ignoring errors by regular expressions in actionlint.yml (or actionlint.yaml). Please see the document for more details. (#217, #342)
    • The paths is a mapping from the file path glob pattern to the corresponding configuration. The ignore configuration is a list of regular expressions to match error messages (similar to the -ignore command line option).
      paths:
        # This pattern matches any YAML file under the '.github/workflows/' directory.
        .github/workflows/**/*.yaml:
          ignore:
            # Ignore the specific error from shellcheck
            - 'shellcheck reported issue in this script: SC2086:.+'
        # This pattern only matches '.github/workflows/release.yaml' file.
        .github/workflows/release.yaml:
          ignore:
            # Ignore errors from the old runner check. This may be useful for (outdated) self-hosted runner environment.
            - 'the runner of ".+" action is too old to run on GitHub Actions'
    • This configuration was not implemented initially because I wanted to keep the configuration as minimal as possible. However, due to several requests for it, the configuration has now been added.
  • Untrusted inputs check is safely skipped inside specific function calls. (#459, thanks @IlyaGulya)
    • For example, the following step contains the untrusted input github.head_ref, but it is safe because it's passed to the contains() argument.
      - run: echo "is_release_branch=${{ contains(github.head_ref, 'release') }}" >> "$GITHUB_OUTPUT"
    • For more details, please read the rule document.
  • Recognize gcr.io and gcr.dev as the correct container registry hosts. (#463, thanks @takaidohigasi)
    • Note that it is recommended explicitly specifying the scheme like docker://gcr.io/....
  • Remove macos-x.0 runner labels which are no longer available. (#452)
  • Disable shellcheck SC2043 rule because it can cause false positives on checking run:. (#355)
  • Fix the error message was not deterministic when detecting cycles in needs dependencies.
  • Fix the check for format() function was not applied when the function name contains upper case like Format(). Note that function names in ${{ }} placeholders are case-insensitive.
  • Update the popular actions data set to the latest.
  • Add actions/cache/save and actions/cache/restore to the popular actions data set.
  • Links in the README.md now point to the document of the latest version tag instead of HEAD of main branch.
  • Add Linter.LintStdin method dedicated to linting STDIN instead of handling STDIN in Command.
  • (Dev) Add new check-checks script to maintain the 'Checks' document. It automatically updates the outputs and playground links for example inputs in the document. It also checks the document is up-to-date on CI. Please read the document for more details.

Documentation