Skip to content

Commit f2eef1f

Browse files
tridgeclaude
andcommitted
ci: add actionlint workflow to lint GitHub Actions YAML
Adds .github/workflows/actionlint.yml which runs rhysd/actionlint over .github/workflows/*.yml on push and PR to master. Triggers only when something in .github/workflows/ (or the actionlint config) changes, so the rest of the platform matrix isn't billed when nothing here moves. The job downloads a pinned actionlint binary (1.7.12) via the upstream download script (which verifies a SHA256) -- no third-party Action dependency, matching the inline-install style of the existing ubuntu/macos/cygwin workflows. Bump the pinned version deliberately. actionlint catches a) GitHub Actions expression / type errors, b) unsupported runner images, c) missing secrets / inputs, and d) the embedded shellcheck class of issues in 'run:' scripts that the previous commit cleaned up. Keeping it in CI prevents regressions. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent d395d8d commit f2eef1f

1 file changed

Lines changed: 43 additions & 0 deletions

File tree

.github/workflows/actionlint.yml

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
name: Lint GitHub Actions workflows
2+
3+
# Static-check the workflow YAML with rhysd/actionlint. Catches missing
4+
# secrets, bad expressions, expression-type errors, unsupported runner
5+
# images, and (via embedded shellcheck) common pitfalls in `run:` scripts.
6+
# Trigger only on changes under .github/workflows/ so the rest of the
7+
# matrix isn't billed when nothing here moves.
8+
9+
on:
10+
push:
11+
branches: [ master ]
12+
paths:
13+
- '.github/workflows/*.yml'
14+
- '.github/actionlint.yaml'
15+
- '.github/actionlint.yml'
16+
pull_request:
17+
branches: [ master ]
18+
paths:
19+
- '.github/workflows/*.yml'
20+
- '.github/actionlint.yaml'
21+
- '.github/actionlint.yml'
22+
23+
permissions:
24+
contents: read
25+
26+
jobs:
27+
actionlint:
28+
runs-on: ubuntu-latest
29+
name: actionlint
30+
steps:
31+
- uses: actions/checkout@v4
32+
- name: install actionlint
33+
# Pin a version so this job is reproducible; bump deliberately.
34+
# The download script verifies a SHA256 of the release tarball.
35+
run: |
36+
bash <(curl --proto '=https' --tlsv1.2 -fsSL \
37+
https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) \
38+
1.7.12
39+
echo "$PWD" >>"$GITHUB_PATH"
40+
- name: actionlint --version
41+
run: actionlint -version
42+
- name: actionlint .github/workflows/*.yml
43+
run: actionlint -color

0 commit comments

Comments
 (0)