Update pre-commit hook rhysd/actionlint to v1.7.7

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
rhysd/actionlint	repository	patch	v1.7.1 -> v1.7.7

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

---

Release Notes

rhysd/actionlint (rhysd/actionlint)

v1.7.7

Compare Source

• Support runner labels for Linux arm64 hosted runners. (#​503, #​504, thanks @​martincostello)
  • ubuntu-24.04-arm
  • ubuntu-22.04-arm
• Update Go dependencies to the latest.
• Update the popular actions data set to the latest.
• Add Linux arm64 job to the CI workflow. Now actionlint is tested on the platform. (#​507, thanks @​cclauss)

[Changes][v1.7.7]

v1.7.6

Compare Source

• Using contexts at specific workflow keys is incorrectly reported as not allowed. Affected workflow keys are as follows. (#​495, #​497, #​498, #​500)
  • jobs.<job_id>.steps.with.args
  • jobs.<job_id>.steps.with.entrypoint
  • jobs.<job_id>.services.<service_id>.env
• Update Go dependencies to the latest.

[Changes][v1.7.6]

v1.7.5

Compare Source

• Strictly check available contexts in ${{ }} placeholders following the 'Context availability' table in the official document.
  • For example, jobs.<job>.env allows github context but jobs.<job>.services.<service>.env doesn't allow any contexts. Now actionlint can catch the mistake.

    jobs:
      test:
        runs-on: ubuntu-latest
        env:

OK. github context is available here.

      COMMIT_SHA: ${{ github.sha }}
    services:
      redis:
        image: redis
        env:

ERROR: No context is available here.

          COMMIT_SHA: ${{ github.sha }}
    steps:
      - ...
```

• Check a string literal passed to fromJSON() call. This pattern is popular to create array or object constants because GitHub Actions does not provide the literal syntax for them. See the document for more details. (#​464)

  jobs:
    test:

ERROR: Key 'mac' does not exist in the object returned by the fromJSON()

  runs-on: ${{ fromJSON('{"win":"windows-latest","linux":"ubuntul-latest"}')['mac'] }}
  steps:
    - run: echo This is a special branch!

ERROR: Broken JSON string passed to fromJSON.

      if: contains(fromJSON('["main","release","dev"'), github.ref_name)

- Allow passing command arguments to `-shellcheck` argument. ([#​483](https://redirect.github.com/rhysd/actionlint/issues/483), thanks [@​anuraaga](https://redirect.github.com/anuraaga))
- This is useful when you want to use alternative build of shellcheck like [go-shellcheck](https://redirect.github.com/wasilibs/go-shellcheck/).
  ```sh
  actionlint -shellcheck="go run github.com/wasilibs/go-shellcheck/cmd/shellcheck@latest"
  ```
- Support undocumented `repository_visibility`, `artifact_cache_size_limit`, `step_summary`, `output`, `state` properties in `github` context. ([#​489](https://redirect.github.com/rhysd/actionlint/issues/489), thanks [@​rasa](https://redirect.github.com/rasa) for adding `repository_visibility` property)
- Remove `macos-12` runner label from known labels because it was [dropped](https://redirect.github.com/actions/runner-images/issues/10721) from GitHub-hosted runners on Dec. 3 and is no longer available.
- Add `windows-2025` runner label to the known labels. The runner is in [public preview](https://github.blog/changelog/2024-12-19-windows-server-2025-is-now-in-public-preview/). ([#​491](https://redirect.github.com/rhysd/actionlint/issues/491), thanks [@​ericcornelissen](https://redirect.github.com/ericcornelissen))
- Add `black` to the list of colors for `branding.color` action metadata. ([#​485](https://redirect.github.com/rhysd/actionlint/issues/485), thanks [@​eifinger](https://redirect.github.com/eifinger))
- Add `table` to the list of icons for `branding.icon` action metadata.
- Fix parsing escaped `{` in `format()` function call's first argument.
- Fix the incorrect `join()` function overload. `join(s1: string, s2: string)` was wrongly accepted.
- Update popular actions data set to the latest.
- Add `download-artifact/v3-node20` to the data set. ([#​468](https://redirect.github.com/rhysd/actionlint/issues/468))
- Fix missing the `reviewdog/action-hadolint@v1` action input. ([#​487](https://redirect.github.com/rhysd/actionlint/issues/487), thanks [@​mi-wada](https://redirect.github.com/mi-wada))
- Link to the documents of the stable version in actionlint `man` page and `-help` output.
- Refactor `LintStdin()` API example and some unit tests. ([#​472](https://redirect.github.com/rhysd/actionlint/issues/472), [#​475](https://redirect.github.com/rhysd/actionlint/issues/475), thanks [@​alexandear](https://redirect.github.com/alexandear))
- Improve the configuration example in `actionlint.yaml` document to explain glob patterns for `paths`. ([#​481](https://redirect.github.com/rhysd/actionlint/issues/481))

[Changes][v1.7.5]

<a id="v1.7.4"></a>

v1.7.4

Compare Source

• Disallow the usage of popular actions that run on node16 runner. The node16 runner will reach the end of life on November 12.
  • In case of the error, please update your actions to the latest version so that they run on the latest node20 runner.
  • If you're using self-hosted runner and you cannot upgrade your runner to node20 soon, please consider to ignore the error by the paths configuration described below.
• Provide the configuration for ignoring errors by regular expressions in actionlint.yml (or actionlint.yaml). Please see the document for more details. (#​217, #​342)
  • The paths is a mapping from the file path glob pattern to the corresponding configuration. The ignore configuration is a list of regular expressions to match error messages (similar to the -ignore command line option).

    paths:

This pattern matches any YAML file under the '.github/workflows/' directory.

  .github/workflows/**/*.yaml:
    ignore:

Ignore the specific error from shellcheck

      - 'shellcheck reported issue in this script: SC2086:.+'

This pattern only matches '.github/workflows/release.yaml' file.

  .github/workflows/self-hosted.yaml:
    ignore:

Ignore errors from the old runner check. This may be useful for (outdated) self-hosted runner environment.

      - 'the runner of ".+" action is too old to run on GitHub Actions'
```

• This configuration was not implemented initially because I wanted to keep the configuration as minimal as possible. However, due to several requests for it, the configuration has now been added.
• Untrusted inputs check is safely skipped inside specific function calls. (#​459, thanks @​IlyaGulya)
  • For example, the following step contains the untrusted input github.head_ref, but it is safe because it's passed to the contains() argument.

    - run: echo "is_release_branch=${{ contains(github.head_ref, 'release') }}" >> "$GITHUB_OUTPUT"

  • For more details, please read the rule document.
• Recognize gcr.io and gcr.dev as the correct container registry hosts. (#​463, thanks @​takaidohigasi)
  • Note that it is recommended explicitly specifying the scheme like docker://gcr.io/....
• Remove macos-x.0 runner labels which are no longer available. (#​452)
• Disable shellcheck SC2043 rule because it can cause false positives on checking run:. (#​355)
  • The rule document was updated as well. (#​466, thanks @​risu729)
• Fix the error message was not deterministic when detecting cycles in needs dependencies.
• Fix the check for format() function was not applied when the function name contains upper case like Format(). Note that function names in ${{ }} placeholders are case-insensitive.
• Update the popular actions data set to the latest.
  • This includes the new ref and commit outputs of actions/checkout.
• Add actions/cache/save and actions/cache/restore to the popular actions data set.
• Links in the README.md now point to the document of the latest version tag instead of HEAD of main branch.
• Add Linter.LintStdin method dedicated to linting STDIN instead of handling STDIN in Command.
• (Dev) Add new check-checks script to maintain the 'Checks' document. It automatically updates the outputs and playground links for example inputs in the document. It also checks the document is up-to-date on CI. Please read the document for more details.

Documentation

[Changes][v1.7.4]

v1.7.3

Compare Source

• Remove macos-11 runner labels because macOS 11 runner was dropped on 6/28/2024. (#​451, thanks @​muzimuzhi)
• Support macos-15, macos-15-large, and macos-15-xlarge runner labels. The macOS 15 runner is not globally available yet, but they are available in beta. (#​453, thanks @​muzimuzhi)
• Release artifact includes checksums for the released binaries. The file name is actionlint_{version}_checksums.txt. (#​449)
  • For example, the checksums for v1.7.3 can be found here.
• Fix download-path output is missing in actions/download-artifact@v3 action. (#​442)
  • Note that the latest version actions/download-artifact@v4 was not affected by this issue.
• Support Go 1.23.

Documentation

[Changes][v1.7.3]

v1.7.2

Compare Source

• Fix child processes to run in parallel.
• Update the popular actions data set to the latest. (#​442, #​445, #​446, #​447, thanks @​maikelvdh)
• Add support for checking branch filters on merge_group event. (#​448, thanks @​muzimuzhi)
• The playground now supports both light and dark modes and automatically applies the system's theme.
• Fix releasing a failure on making a new winget package. (#​438, thanks @​vedantmgoyal9)

[Changes][v1.7.2]

---

Configuration

📅 Schedule: Branch creation - "after 0:00 before 6:00 every weekend" in timezone Asia/Tokyo, Automerge - "after 0:00 before 6:00 every weekday" in timezone Asia/Tokyo.

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.