Skip to content

add actionlint to check github actions #6337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
witoszekdev wants to merge 5 commits into
base: main
Choose a base branch
from
Open

add actionlint to check github actions #6337

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
88698db
add actionlint to check github actions
witoszekdev Feb 12, 2026
66ebf59
fix workflow failing
witoszekdev Feb 13, 2026
cbad358
fix actionlint failing lint command, remove separate actionlint step
witoszekdev Feb 13, 2026
f7d5c33
add changeset
witoszekdev Feb 13, 2026
4f49571
Merge branch 'main' into add-actionlint
witoszekdev Feb 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/rare-colts-hang.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"saleor-dashboard": patch
---

Added `actionlint` for linting project's Github Actions
2 changes: 2 additions & 0 deletions lint-staged.config.cjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
const config = {
"*.{js,jsx,ts,tsx,mjs,cjs}": ["eslint --cache --fix", "prettier --write"],
"*.{json,css,md,yml,yaml}": ["prettier --write"],
".github/workflows/*.{yml,yaml}": ["actionlint"],
".github/actions/**/action.yml": ["actionlint"],
"package.json": "sort-package-json",
};

Expand Down
3 changes: 2 additions & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,10 @@
"knip": "knip --reporter markdown",
"knip:fix": "knip --fix --allow-remove-files",
"lint": "pnpm run /^lint:.*$/",
"lint:actionlint": "actionlint .github/workflows/*.yml .github/workflows/*.yaml .github/actions/*/action.yml .github/actions/*/*/action.yml || true",
"lint:eslint": "cross-env NODE_OPTIONS=--max-old-space-size=8192 eslint \"{src,playwright}/**/*.@(tsx|ts|jsx|js)\" --fix",
"lint:prettier": "prettier --ignore-unknown --write .",
"prepare": "is-ci || husky install",
"prepare": "is-ci || husky install && bash scripts/install-actionlint.bash",
"preview": "vite preview",
"release": "node scripts/release.cjs",
"release:cleanup": "./scripts/release-cleanup.sh",
Expand Down
48 changes: 48 additions & 0 deletions scripts/install-actionlint.bash
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
#!/bin/bash
# Downloads actionlint binary into node_modules/.bin/ so it's available
# for pnpm scripts and lint-staged without requiring Go or brew.
# Based on https://github.com/rhysd/actionlint/blob/main/scripts/download-actionlint.bash

set -euo pipefail

VERSION="1.7.10"
TARGET_DIR="$(cd "$(dirname "$0")/../node_modules/.bin" && pwd)"
BINARY="$TARGET_DIR/actionlint"

if [ -x "$BINARY" ] && "$BINARY" -version 2>/dev/null | grep -q "$VERSION"; then
echo "actionlint v${VERSION} already installed"
exit 0
fi

case "$OSTYPE" in
linux*) os=linux; ext=tar.gz ;;
darwin*) os=darwin; ext=tar.gz ;;
msys|cygwin|win32) os=windows; ext=zip ;;
*) echo "Unsupported OS: $OSTYPE" >&2; exit 1 ;;
esac

machine="$(uname -m)"
case "$machine" in
x86_64) arch=amd64 ;;
i?86) arch=386 ;;
aarch64|arm64) arch=arm64 ;;
arm*) arch=armv6 ;;
*) echo "Unsupported arch: $machine" >&2; exit 1 ;;
esac

file="actionlint_${VERSION}_${os}_${arch}.${ext}"
url="https://github.com/rhysd/actionlint/releases/download/v${VERSION}/${file}"
Comment on lines +33 to +34
Copy link
Member

@NyanKiyoshi NyanKiyoshi Feb 13, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we at least use the checksums to ensure the release doesn't mutate as they don't use immutable releases?

The checksums (they need to be stored raw in our repo in this file or file next to it):

16782c41f2af264db80f855ee5d09164ca98fc78edf3bcd0f46eecff279682ba  actionlint_1.7.10_darwin_amd64.tar.gz
004ca87b367b37f4d75c55ab6cf80f9b8c043adbfbd440f31c604d417939c442  actionlint_1.7.10_darwin_arm64.tar.gz
31ec5ee4deef04edf3b9eb3bac5243d785b5dccf70688e02a022b0723bfae80a  actionlint_1.7.10_freebsd_386.tar.gz
418461873e1f8eb7acc7524d70d4c33e99f9aab53da8625f4a3c50273612c930  actionlint_1.7.10_freebsd_amd64.tar.gz
b728a3c31f7bd37d3026a7cd87148da9ddf845b5d56213fcc410bb222523c7d0  actionlint_1.7.10_linux_386.tar.gz
f4c76b71db5755a713e6055cbb0857ed07e103e028bda117817660ebadb4386f  actionlint_1.7.10_linux_amd64.tar.gz
cd3dfe5f66887ec6b987752d8d9614e59fd22f39415c5ad9f28374623f41773a  actionlint_1.7.10_linux_arm64.tar.gz
7624bae3f6e41985f498de7b246a2334cd734b9f1a8f04a9748429cbcf99b750  actionlint_1.7.10_linux_armv6.tar.gz
1783f8a1dd59a67dae373e753a88592351e00128195bc9ddd2b836a0c31df71b  actionlint_1.7.10_windows_386.zip
283467f9d6202a8cb8c00ad8dd0ee4e685b71fb86a6a56c68fcbb9ae8ed91237  actionlint_1.7.10_windows_amd64.zip
0c7242bca2f0ee4672a00ce7fa3c7185311fb94cb9e1e0f6bb57d5456e421d80  actionlint_1.7.10_windows_arm64.zip

You can grep the correct line based on the file name that you generate (e.g., actionlint_1.7.10_windows_amd64.zip), then do sha256sum -c -

For example, let's say we have checksums.txt stored them, then we can do this:

( # (sub-shell as we do 'cd')
    cd "$tmpdir"
    if ! (grep -E "${file}\$" checksums.txt | sha256sum -c -); then
       echo "Downloaded file doesn't matched expected checksum. Aborting..." >&2
       exit 1
    fi
)

(assumes that the filename isn't changed, you could alter curl command with -o "$file" to make it consistent, it makes it a bit simpler as otherwise we would need intermediary variables)


echo "Downloading actionlint v${VERSION} (${os}/${arch})..."
mkdir -p "$TARGET_DIR"

if [ "$os" = "windows" ]; then
tmpdir="$(mktemp -d)"
curl -sSL -o "$tmpdir/tmp.zip" "$url"
Copy link
Member

@NyanKiyoshi NyanKiyoshi Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing the --fail flag (to fail on HTTP ≥ 400)

Suggested change
curl -sSL -o "$tmpdir/tmp.zip" "$url"
curl -fsSL -o "$tmpdir/tmp.zip" "$url"

unzip -o "$tmpdir/tmp.zip" actionlint.exe -d "$TARGET_DIR"
rm -rf "$tmpdir"
else
curl -sSL "$url" | tar xz -C "$TARGET_DIR" actionlint
Copy link
Member

@NyanKiyoshi NyanKiyoshi Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
curl -sSL "$url" | tar xz -C "$TARGET_DIR" actionlint
curl -fsSL "$url" | tar xz -C "$TARGET_DIR" actionlint

fi

echo "Installed: $("$BINARY" -version)"
Loading