Add actionlint pre-commit hook for .forgejo/workflows/ #88
Labels
No labels
area:auth
area:ci
area:db
area:infra
area:native
area:pwa
area:service
epic
feature
foundation
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
james/carol#88
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Local-side half of the dual-layer workflow linting plan. Sister to #89 (CI side).
The ad-hoc
python3 -c 'import yaml; yaml.safe_load(...)'checks scattered through recent PRs only catch parse errors.actionlintvalidates against the GitHub-Actions schema (which Forgejo'sact_runnermirrors closely) and catches the issues that actually bite us:id:vsname:typos)${{ github.* }}/${{ steps.*.outputs.* }}referencesif:conditions, deprecatedset-output, missing required fieldsrun:block (sinceactionlintshells out to shellcheck)Scope
pre-commitentry tolefthook.ymlthat runsactionlinton staged.forgejo/workflows/*.ymlfiles. Mirror the gitleaks hook's shape: small wrapper, clear failure message, supports the existingLEFTHOOK_EXCLUDE=<name>skip pattern.actionlintis a single Go binary;brew install actionlintworks on macOS/Linux. Don't add it as an npm dep.lavamoat.allowScriptsonly ifactionlintinstallation somehow pulls in a new dev npm dep (it shouldn't — it's a standalone binary).Acceptance criteria
git committouching a.forgejo/workflows/*.ymltriggers the hook.${{ github.foo }}(invalid context) fails the hook with aactionlintfinding cited.LEFTHOOK_EXCLUDE=actionlint git commit ...skips the check for one commit;--no-verifystays the last resort.Coordination
Should land alongside, or shortly after, #89 (CI side) so local skipped/missing checks don't silently pass through CI. ADR-0011 captured the dual-layer rationale for gitleaks — same pattern applies.
Part of epic #2.
actionlintcheck to PR CI #89