Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump github.com/rhysd/actionlint from 1.7.3 to 1.7.4 #120

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Nov 5, 2024

Bumps github.com/rhysd/actionlint from 1.7.3 to 1.7.4.

Release notes

Sourced from github.com/rhysd/actionlint's releases.

v1.7.4

  • Disallow the usage of popular actions that run on node16 runner. The node16 runner will reach the end of life on November 12.
    • In case of the error, please update your actions to the latest version so that they run on the latest node20 runner.
    • If you're using self-hosted runner and you cannot upgrade your runner to node20 soon, please consider to ignore the error by the paths configuration described below.
  • Provide the configuration for ignoring errors by regular expressions in actionlint.yml (or actionlint.yaml). Please see the document for more details. (#217, #342)
    • The paths is a mapping from the file path glob pattern to the corresponding configuration. The ignore configuration is a list of regular expressions to match error messages (similar to the -ignore command line option).
      paths:
        # This pattern matches any YAML file under the '.github/workflows/' directory.
        .github/workflows/**/*.yaml:
          ignore:
            # Ignore the specific error from shellcheck
            - 'shellcheck reported issue in this script: SC2086:.+'
        # This pattern only matches '.github/workflows/release.yaml' file.
        .github/workflows/self-hosted.yaml:
          ignore:
            # Ignore errors from the old runner check. This may be useful for (outdated) self-hosted runner environment.
            - 'the runner of ".+" action is too old to run on GitHub Actions'
    • This configuration was not implemented initially because I wanted to keep the configuration as minimal as possible. However, due to several requests for it, the configuration has now been added.
  • Untrusted inputs check is safely skipped inside specific function calls. (#459, thanks @​IlyaGulya)
    • For example, the following step contains the untrusted input github.head_ref, but it is safe because it's passed to the contains() argument.
      - run: echo "is_release_branch=${{ contains(github.head_ref, 'release') }}" >> "$GITHUB_OUTPUT"
    • For more details, please read the rule document.
  • Recognize gcr.io and gcr.dev as the correct container registry hosts. (#463, thanks @​takaidohigasi)
    • Note that it is recommended explicitly specifying the scheme like docker://gcr.io/....
  • Remove macos-x.0 runner labels which are no longer available. (#452)
  • Disable shellcheck SC2043 rule because it can cause false positives on checking run:. (#355)
  • Fix the error message was not deterministic when detecting cycles in needs dependencies.
  • Fix the check for format() function was not applied when the function name contains upper case like Format(). Note that function names in ${{ }} placeholders are case-insensitive.
  • Update the popular actions data set to the latest.
  • Add actions/cache/save and actions/cache/restore to the popular actions data set.
  • Links in the README.md now point to the document of the latest version tag instead of HEAD of main branch.
  • Add Linter.LintStdin method dedicated to linting STDIN instead of handling STDIN in Command.
  • (Dev) Add new check-checks script to maintain the 'Checks' document. It automatically updates the outputs and playground links for example inputs in the document. It also checks the document is up-to-date on CI. Please read the document for more details.

Documentation

Changelog

Sourced from github.com/rhysd/actionlint's changelog.

v1.7.4 - 2024-11-04

  • Disallow the usage of popular actions that run on node16 runner. The node16 runner will reach the end of life on November 12.
    • In case of the error, please update your actions to the latest version so that they run on the latest node20 runner.
    • If you're using self-hosted runner and you cannot upgrade your runner to node20 soon, please consider to ignore the error by the paths configuration described below.
  • Provide the configuration for ignoring errors by regular expressions in actionlint.yml (or actionlint.yaml). Please see the document for more details. (#217, #342)
    • The paths is a mapping from the file path glob pattern to the corresponding configuration. The ignore configuration is a list of regular expressions to match error messages (similar to the -ignore command line option).
      paths:
        # This pattern matches any YAML file under the '.github/workflows/' directory.
        .github/workflows/**/*.yaml:
          ignore:
            # Ignore the specific error from shellcheck
            - 'shellcheck reported issue in this script: SC2086:.+'
        # This pattern only matches '.github/workflows/release.yaml' file.
        .github/workflows/self-hosted.yaml:
          ignore:
            # Ignore errors from the old runner check. This may be useful for (outdated) self-hosted runner environment.
            - 'the runner of ".+" action is too old to run on GitHub Actions'
    • This configuration was not implemented initially because I wanted to keep the configuration as minimal as possible. However, due to several requests for it, the configuration has now been added.
  • Untrusted inputs check is safely skipped inside specific function calls. (#459, thanks @​IlyaGulya)
    • For example, the following step contains the untrusted input github.head_ref, but it is safe because it's passed to the contains() argument.
      - run: echo "is_release_branch=${{ contains(github.head_ref, 'release') }}" >> "$GITHUB_OUTPUT"
    • For more details, please read the rule document.
  • Recognize gcr.io and gcr.dev as the correct container registry hosts. (#463, thanks @​takaidohigasi)
    • Note that it is recommended explicitly specifying the scheme like docker://gcr.io/....
  • Remove macos-x.0 runner labels which are no longer available. (#452)
  • Disable shellcheck SC2043 rule because it can cause false positives on checking run:. (#355)
  • Fix the error message was not deterministic when detecting cycles in needs dependencies.
  • Fix the check for format() function was not applied when the function name contains upper case like Format(). Note that function names in ${{ }} placeholders are case-insensitive.
  • Update the popular actions data set to the latest.
  • Add actions/cache/save and actions/cache/restore to the popular actions data set.
  • Links in the README.md now point to the document of the latest version tag instead of HEAD of main branch.
  • Add Linter.LintStdin method dedicated to linting STDIN instead of handling STDIN in Command.
  • (Dev) Add new check-checks script to maintain the 'Checks' document. It automatically updates the outputs and playground links for example inputs in the document. It also checks the document is up-to-date on CI. Please read the document for more details.

Documentation

[Changes][v1.7.4]

Commits
  • 5db9d9c bump up version to v1.7.4
  • 416f0b3 check all before git push
  • b85cb82 do not run go generate on checks in pre-push hook
  • e09485d fix generate-popular-actions to read/write outdated actions in JSONL
  • 679440f add actions/cache/save and actions/cache/restore to popular actions
  • 799bea3 fall back to . when os.Getwd returns an error
  • 0c0a521 Merge branch 'paths-config' (fix #342, fix #217)
  • c7a09e0 update readme document to link to the latest stable version of docs
  • c270d66 test detecting config file already existing before generating new one
  • a93bb53 use cwd when given path is empty on LintRepository and GenerateDefaultConfig
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) from 1.7.3 to 1.7.4.
- [Release notes](https://github.com/rhysd/actionlint/releases)
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md)
- [Commits](rhysd/actionlint@v1.7.3...v1.7.4)

---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Nov 5, 2024
@contentful-automation contentful-automation bot merged commit c84908f into main Nov 5, 2024
3 checks passed
@contentful-automation contentful-automation bot deleted the dependabot/go_modules/github.com/rhysd/actionlint-1.7.4 branch November 5, 2024 08:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants