digitalservicebund / github-actions-linter

Linting workflow files of GitHub Actions

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Github Actions Linter

CI version

Linting for GitHub Actions workflows:

  • Detects referencing 3rd-party actions by mutable tags/references. The only actions allowed to be referenced in this way are actions created by GitHub itself.
# ❌ Bad
- name: Send status to Slack
  uses: lazy-actions/slatify@v3.0.0

- name: Send status to Slack
  uses: lazy-actions/slatify@main

# ✅ Good
- name: Send status to Slack
  uses: lazy-actions/slatify@c4847b8c84e3e8076fd3c42cc00517a10426ed65 # == v3.0.0

Usage

Lint workflow files in .github/workflows:

npx --yes gh-actions-linter@v0.1.8

Also available as a Github Action

name: CI

on:
  push:
    branches: [main]

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: validate github workflow files to have pinned versions
        uses: digitalservicebund/github-actions-linter@LATEST_HASH

Releasing

👉 release-it

Start a dry run to see what would happen:

npm run release minor -- --dry-run

Do a real release (publishes to npm):

npm run release minor

About

Linting workflow files of GitHub Actions

License:MIT License


Languages

Language:JavaScript 100.0%