Skip to content

chore(deps): update dependency rhysd/actionlint to v1.7.12#38

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/rhysd-actionlint-1.7.x
Open

chore(deps): update dependency rhysd/actionlint to v1.7.12#38
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/rhysd-actionlint-1.7.x

Conversation

@renovate

@renovate renovate Bot commented Jan 6, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
rhysd/actionlint patch v1.7.9v1.7.12

Release Notes

rhysd/actionlint (rhysd/actionlint)

v1.7.12

Compare Source

[Changes][v1.7.12]

v1.7.11

Compare Source

  • Support the case() function in ${{ }} expressions which was recently added to GitHub Actions. (#​612, #​614, thanks @​heppu)
    env:
      # ERROR: case() requires an odd number of arguments
      ENVIRONMENT: |-
        ${{ case(
          github.ref == 'refs/heads/main', 'production',
          github.ref == 'refs/heads/staging', 'staging'
        ) }}
  • Support new macos-26-large and windows-2025-vs2026 runner labels. See the GitHub's announce for more details. (#​615, thanks @​hugovk and @​muzimuzhi)
  • Enable Artifact attestations for the released binaries. From v1.7.11 gh command can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (#​608, thanks @​takaram)
    $ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11
    $ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz
    Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz
    Loaded 1 attestation from GitHub API
    
    The following policy criteria will be enforced:
    - Predicate type must match:................ https://slsa.dev/provenance/v1
    - Source Repository Owner URI must match:... https://github.com/rhysd
    - Source Repository URI must match:......... https://github.com/rhysd/actionlint
    - Subject Alternative Name must match regex: (?i)^https://github.com/rhysd/actionlint/
    - OIDC Issuer must match:................... https://token.actions.githubusercontent.com
    
    ✓ Verification succeeded!
    
    The following 1 attestation matched the policy criteria
    
    - Attestation #​1
      - Build repo:..... rhysd/actionlint
      - Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11
      - Signer repo:.... rhysd/actionlint
      - Signer workflow: .github/workflows/release.yaml@refs/tags/v1.7.11
  • Report path filters with ./ because they never match anything. (#​521)
    on:
      push:
        paths:
          # ERROR: This never matches anything. `foo/bar.txt` is correct.
          - ./foo/bar.txt
  • Fix comparing matrix items when an item is a super set of another item. (#​523, #​613, thanks @​michaelgruenewald)
  • Fix stack overflow crash by a recursive anchor in matrix items. (#​610)
  • Fix a unassigned variable false positive from shellcheck by disabling SC2153 rule. (#​573)
  • Reduce the number of memory allocations on resolving anchors.
  • Update the popular actions data set to the latest.
  • Update Go dependencies to the latest.
  • Remove legacy Homebrew formula in rhysd/actionlint repository in favor of the cask package. Note that this change does not affect Homebrew's official formula.
  • Add a link to the release page of the version in the playground.

[Changes][v1.7.11]

v1.7.10

Compare Source

  • Support YAML anchors and aliases (&anchor and *anchor) in workflow files. In addition to parsing YAML anchors correctly, actionlint checks unused and undefined anchors. See the document for more details. (#​133, thanks @​srz-zumix for the initial implementation at #​568 and @​alexaandru for trying another approach at #​557)
    jobs:
      test:
        runs-on: ubuntu-latest
        services:
          nginx:
            image: nginx:latest
            credentials: &credentials
              username: ${{ secrets.user }}
              password: ${{ secrets.password }}
        steps:
          - run: ./download.sh
            # OK: Valid alias to &credentials
            env: *credentials
          - run: ./check.sh
            # ERROR: Undefined anchor 'credential'
            env: *credential
          - run: ./upload.sh
            # ERROR: Unused anchor 'credentials'
            env: &credentials
  • Remove support for *-xl macOS runner labels because they were dropped. (#​592, thanks @​muzimuzhi)
  • Remove support for the macOS 13 runner labels because they were dropped on Dec 4, 2025. (#​593, thanks @​muzimuzhi)
    • macos-13
    • macos-13-large
    • macos-13-xlarge
  • Increase the maximum number of inputs in the workflow_dispatch event from 10 to 25 because the limitation was recently relaxed. (#​598, thanks @​Haegi)
  • Support artifact-metadata permission for workflow permissions. (#​602, thanks @​martincostello)
  • Detect more complicated constants at if: conditions as error. See the rule document for more details.
  • Refactor the workflow parser with Go iterators. This slightly improves the performance and memory usage.
  • Fix parsing extra { and } characters in format string of format() function call. For example v1.7.9 didn't parse "{{0} {1} {2}}" correctly.
  • Detect an invalid value at type in workflow call inputs as error.
  • Report YAML merge key << as error because GitHub Actions doesn't support the syntax.
  • Check available contexts in expressions at jobs.<job_id>.snapshot.if.
    snapshot:
      image-name: my-custom-image
      # ERROR: `env` context is not allowed here
      if: ${{ env.USE_SNAPSHOT == 'true' }}
  • Fix the instruction to install actionlint with mise in the installation document. (#​591, thanks @​risu729)
  • Update the popular actions data set to the latest to include new major versions of the actions.

[Changes][v1.7.10]


Configuration

📅 Schedule: (in timezone Europe/Vienna)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • Between 12:00 AM and 03:59 AM (* 0-3 * * *)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate

renovate Bot commented Jan 6, 2026

Copy link
Copy Markdown
Contributor Author

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.


  • Branch has one or more failed status checks

@renovate renovate Bot added the dependencies label Jan 6, 2026
@renovate renovate Bot requested a review from jonasgeiler January 6, 2026 01:49
@renovate renovate Bot changed the title chore(deps): update dependency rhysd/actionlint to v1.7.10 chore(deps): update dependency rhysd/actionlint to v1.7.11 Feb 14, 2026
@renovate renovate Bot force-pushed the renovate/rhysd-actionlint-1.7.x branch from 59a7761 to 70a792b Compare February 14, 2026 18:03
@renovate renovate Bot force-pushed the renovate/rhysd-actionlint-1.7.x branch 2 times, most recently from 03dd3b2 to dc8f423 Compare March 26, 2026 09:52
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate Bot changed the title chore(deps): update dependency rhysd/actionlint to v1.7.11 chore(deps): update dependency rhysd/actionlint to v1.7.12 Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/rhysd-actionlint-1.7.x branch from dc8f423 to 6378840 Compare March 30, 2026 22:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants