Skip to content

chore(deps): update dependency rhysd/actionlint to v1.7.11#1064

Open
renovate[bot] wants to merge 1 commit intostagingfrom
renovate/rhysd-actionlint-1.x
Open

chore(deps): update dependency rhysd/actionlint to v1.7.11#1064
renovate[bot] wants to merge 1 commit intostagingfrom
renovate/rhysd-actionlint-1.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 30, 2025

This PR contains the following updates:

Package Update Change
rhysd/actionlint patch 1.7.91.7.11

Release Notes

rhysd/actionlint (rhysd/actionlint)

v1.7.11

Compare Source

  • Support the case() function in ${{ }} expressions which was recently added to GitHub Actions. (#​612, #​614, thanks @​heppu)
    env:
      # ERROR: case() requires an odd number of arguments
      ENVIRONMENT: |-
        ${{ case(
          github.ref == 'refs/heads/main', 'production',
          github.ref == 'refs/heads/staging', 'staging'
        ) }}
  • Support new macos-26-large and windows-2025-vs2026 runner labels. See the GitHub's announce for more details. (#​615, thanks @​hugovk and @​muzimuzhi)
  • Enable Artifact attestations for the released binaries. From v1.7.11 gh command can verify the integrity of the downloaded binaries as follows. The verification is highly recommended in terms of supply chain security. (#​608, thanks @​takaram)
    $ gh release download --repo rhysd/actionlint --pattern '*_darwin_amd64.tar.gz' v1.7.11
    $ gh attestation verify --repo rhysd/actionlint actionlint_1.7.11_darwin_amd64.tar.gz
    Loaded digest sha256:17ffc17fed8f0258ef6ad4aed932d3272464c7ef7d64e1cb0d65aa97c9752107 for file://actionlint_1.7.11_darwin_amd64.tar.gz
    Loaded 1 attestation from GitHub API
    
    The following policy criteria will be enforced:
    - Predicate type must match:................ https://slsa.dev/provenance/v1
    - Source Repository Owner URI must match:... https://github.com/rhysd
    - Source Repository URI must match:......... https://github.com/rhysd/actionlint
    - Subject Alternative Name must match regex: (?i)^https://github.com/rhysd/actionlint/
    - OIDC Issuer must match:................... https://token.actions.githubusercontent.com
    
    ✓ Verification succeeded!
    
    The following 1 attestation matched the policy criteria
    
    - Attestation #​1
      - Build repo:..... rhysd/actionlint
      - Build workflow:. .github/workflows/release.yaml@refs/tags/v1.7.11
      - Signer repo:.... rhysd/actionlint
      - Signer workflow: .github/workflows/release.yaml@refs/tags/v1.7.11
  • Report path filters with ./ because they never match anything. (#​521)
    on:
      push:
        paths:
          # ERROR: This never matches anything. `foo/bar.txt` is correct.
          - ./foo/bar.txt
  • Fix comparing matrix items when an item is a super set of another item. (#​523, #​613, thanks @​michaelgruenewald)
  • Fix stack overflow crash by a recursive anchor in matrix items. (#​610)
  • Fix a unassigned variable false positive from shellcheck by disabling SC2153 rule. (#​573)
  • Reduce the number of memory allocations on resolving anchors.
  • Update the popular actions data set to the latest.
  • Update Go dependencies to the latest.
  • Remove legacy Homebrew formula in rhysd/actionlint repository in favor of the cask package. Note that this change does not affect Homebrew's official formula.
  • Add a link to the release page of the version in the playground.

[Changes][v1.7.11]

v1.7.10

Compare Source

  • Support YAML anchors and aliases (&anchor and *anchor) in workflow files. In addition to parsing YAML anchors correctly, actionlint checks unused and undefined anchors. See the document for more details. (#​133, thanks @​srz-zumix for the initial implementation at #​568 and @​alexaandru for trying another approach at #​557)
    jobs:
      test:
        runs-on: ubuntu-latest
        services:
          nginx:
            image: nginx:latest
            credentials: &credentials
              username: ${{ secrets.user }}
              password: ${{ secrets.password }}
        steps:
          - run: ./download.sh
            # OK: Valid alias to &credentials
            env: *credentials
          - run: ./check.sh
            # ERROR: Undefined anchor 'credential'
            env: *credential
          - run: ./upload.sh
            # ERROR: Unused anchor 'credentials'
            env: &credentials
  • Remove support for *-xl macOS runner labels because they were dropped. (#​592, thanks @​muzimuzhi)
  • Remove support for the macOS 13 runner labels because they were dropped on Dec 4, 2025. (#​593, thanks @​muzimuzhi)
    • macos-13
    • macos-13-large
    • macos-13-xlarge
  • Increase the maximum number of inputs in the workflow_dispatch event from 10 to 25 because the limitation was recently relaxed. (#​598, thanks @​Haegi)
  • Support artifact-metadata permission for workflow permissions. (#​602, thanks @​martincostello)
  • Detect more complicated constants at if: conditions as error. See the rule document for more details.
  • Refactor the workflow parser with Go iterators. This slightly improves the performance and memory usage.
  • Fix parsing extra { and } characters in format string of format() function call. For example v1.7.9 didn't parse "{{0} {1} {2}}" correctly.
  • Detect an invalid value at type in workflow call inputs as error.
  • Report YAML merge key << as error because GitHub Actions doesn't support the syntax.
  • Check available contexts in expressions at jobs.<job_id>.snapshot.if.
    snapshot:
      image-name: my-custom-image
      # ERROR: `env` context is not allowed here
      if: ${{ env.USE_SNAPSHOT == 'true' }}
  • Fix the instruction to install actionlint with mise in the installation document. (#​591, thanks @​risu729)
  • Update the popular actions data set to the latest to include new major versions of the actions.

[Changes][v1.7.10]


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Dec 30, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 30, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

  • 🔍 Trigger a full review

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link

codecov bot commented Dec 30, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 13.01%. Comparing base (bd515d5) to head (77e3422).

Additional details and impacted files
@@           Coverage Diff            @@
##           staging    #1064   +/-   ##
========================================
  Coverage    13.01%   13.01%           
========================================
  Files          450      450           
  Lines         3127     3127           
========================================
  Hits           407      407           
  Misses        2720     2720           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch from eb1e0e0 to bf6211b Compare February 2, 2026 16:55
@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch from bf6211b to b891276 Compare February 12, 2026 13:38
@renovate renovate bot force-pushed the renovate/rhysd-actionlint-1.x branch from b891276 to 77e3422 Compare February 14, 2026 13:38
@renovate renovate bot changed the title chore(deps): update dependency rhysd/actionlint to v1.7.10 chore(deps): update dependency rhysd/actionlint to v1.7.11 Feb 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants