This repository contains an action to validate the Github Actions workflows.
Under the hood, it uses https://github.com/rhysd/actionlint
The action steps are:
- Download
actionlint
using ASDF - Lint the workflows, and generate an output with the linted (and errored) files
- Post this output on a PR comment
permissions:
contents: read # checkout
pull-requests: write # post comment
jobs:
actions-validator:
name: Run Github Actions validator
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Validate Github Actions workflows
uses: philips-software/github-actions-linter@v2
This action uses actionlint, which in turn uses ShellCheck to validate script steps.
Although we don't recommend it, you can disable specific ShellCheck rules for all workflows checked, with the shellcheck-disable-codes
input:
- name: Validate Github Actions workflows
uses: philips-software/github-actions-linter@v2
with:
shellcheck-disable-codes: SC2052,SC2034
You can disable a specific rule directly within your script, using the ShellCheck syntax:
# The workflow that gets validated
- name: Do stuff
run: |
foo=12
# shellcheck disable=SC2090
echo $foo
Github recommends having multiple kind of tags for the actions, a full SemVer tag (e.g. vX.Y.Z
), as well as a major-only tag (e.g. vX
).
When modifying this action if the changes:
- don't modify the functionalities, bump the patch version (e.g.
Z
invX.Y.Z
) - add new functionalities, without breaking backward compatibility, bump the minor version and reset the patch version (e.g.
Y
inX.Y.0
) - break backward compatibility, bump the major version and reset the other versions (e.g.
X
invX.0.0
)
Note that after a version bump, the major-only tag must be updated as well.
The major-only tag has to be force-pushed as Github doesn't allow to modify tags by default.
Full example:
git tag
# v1, v1.0.0
open action.yml
git commit -am "Chore: some patch modifications"
# we create the patch version tag
git tag v1.0.1
# and the major-only tag
git tag -f v1
git push origin v1.0.1
git push -f origin v1