Documentation ¶
Index ¶
- Constants
- Variables
- func EqualTypes(l, r ExprType) bool
- func LexExpression(src string) ([]*Token, int, *ExprError)
- func Parse(b []byte) (*Workflow, []*Error)
- func VisitExprNode(n ExprNode, f VisitExprNodeFunc)
- func WorkflowKeyAvailability(key string) ([]string, []string)
- type ActionMetadata
- type ActionMetadataInput
- type ActionMetadataInputs
- type ActionMetadataOutput
- type ActionMetadataOutputs
- type AnyType
- type ArrayDerefNode
- type ArrayType
- type Bool
- type BoolNode
- type BoolType
- type ByErrorPosition
- type ColorOptionKind
- type Command
- type CompareOpNode
- type CompareOpNodeKind
- type Concurrency
- type Config
- type Container
- type Credentials
- type Defaults
- type DefaultsRun
- type DispatchInput
- type Env
- type EnvVar
- type Environment
- type Error
- type ErrorFormatter
- type ErrorTemplateFields
- type Event
- type Exec
- type ExecAction
- type ExecKind
- type ExecRun
- type ExprError
- type ExprLexer
- type ExprNode
- type ExprParser
- type ExprSemanticsChecker
- func (sema *ExprSemanticsChecker) Check(expr ExprNode) (ExprType, []*ExprError)
- func (sema *ExprSemanticsChecker) SetContextAvailability(avail []string)
- func (sema *ExprSemanticsChecker) SetSpecialFunctionAvailability(avail []string)
- func (sema *ExprSemanticsChecker) UpdateDispatchInputs(ty *ObjectType)
- func (sema *ExprSemanticsChecker) UpdateInputs(ty *ObjectType)
- func (sema *ExprSemanticsChecker) UpdateJobs(ty *ObjectType)
- func (sema *ExprSemanticsChecker) UpdateMatrix(ty *ObjectType)
- func (sema *ExprSemanticsChecker) UpdateNeeds(ty *ObjectType)
- func (sema *ExprSemanticsChecker) UpdateSecrets(ty *ObjectType)
- func (sema *ExprSemanticsChecker) UpdateSteps(ty *ObjectType)
- type ExprType
- type Float
- type FloatNode
- type FuncCallNode
- type FuncSignature
- type IndexAccessNode
- type Input
- type Int
- type IntNode
- type InvalidGlobPattern
- type Job
- type Linter
- func (l *Linter) GenerateDefaultConfig(dir string) error
- func (l *Linter) Lint(path string, content []byte, project *Project) ([]*Error, error)
- func (l *Linter) LintDir(dir string, project *Project) ([]*Error, error)
- func (l *Linter) LintFile(path string, project *Project) ([]*Error, error)
- func (l *Linter) LintFiles(filepaths []string, project *Project) ([]*Error, error)
- func (l *Linter) LintRepository(dir string) ([]*Error, error)
- type LinterOptions
- type LocalActionsCache
- type LocalActionsCacheFactory
- type LocalReusableWorkflowCache
- type LocalReusableWorkflowCacheFactory
- type LogLevel
- type LogicalOpNode
- type LogicalOpNodeKind
- type Matrix
- type MatrixAssign
- type MatrixCombination
- type MatrixCombinations
- type MatrixRow
- type NotOpNode
- type NullNode
- type NullType
- type NumberType
- type ObjectDerefNode
- type ObjectType
- func (ty *ObjectType) Assignable(other ExprType) bool
- func (ty *ObjectType) DeepCopy() ExprType
- func (ty *ObjectType) IsLoose() bool
- func (ty *ObjectType) IsStrict() bool
- func (ty *ObjectType) Loose()
- func (ty *ObjectType) Merge(other ExprType) ExprType
- func (ty *ObjectType) Strict()
- func (ty *ObjectType) String() string
- type Output
- type Pass
- type PermissionScope
- type Permissions
- type Pos
- type Project
- type Projects
- type RawYAMLArray
- type RawYAMLObject
- type RawYAMLString
- type RawYAMLValue
- type RawYAMLValueKind
- type RepositoryDispatchEvent
- type ReusableWorkflowMetadata
- type ReusableWorkflowMetadataInput
- type ReusableWorkflowMetadataInputs
- type ReusableWorkflowMetadataOutput
- type ReusableWorkflowMetadataOutputs
- type ReusableWorkflowMetadataSecret
- type ReusableWorkflowMetadataSecrets
- type Rule
- type RuleAction
- type RuleBase
- func (r *RuleBase) EnableDebug(out io.Writer)
- func (r *RuleBase) Errs() []*Error
- func (r *RuleBase) Name() string
- func (r *RuleBase) VisitJobPost(node *Job) error
- func (r *RuleBase) VisitJobPre(node *Job) error
- func (r *RuleBase) VisitStep(node *Step) error
- func (r *RuleBase) VisitWorkflowPost(node *Workflow) error
- func (r *RuleBase) VisitWorkflowPre(node *Workflow) error
- type RuleCredentials
- type RuleEnvVar
- type RuleEvents
- type RuleExpression
- type RuleGlob
- type RuleID
- type RuleJobNeeds
- type RuleMatrix
- type RulePermissions
- type RulePyflakes
- type RuleRunnerLabel
- type RuleShellName
- type RuleShellcheck
- type RuleWorkflowCall
- type Runner
- type ScheduledEvent
- type Service
- type Step
- type Strategy
- type String
- type StringNode
- type StringType
- type Token
- type TokenKind
- type UntrustedInputChecker
- type UntrustedInputMap
- type UntrustedInputSearchRoots
- type VariableNode
- type VisitExprNodeFunc
- type Visitor
- type WebhookEvent
- type WebhookEventFilter
- type Workflow
- type WorkflowCall
- type WorkflowCallEvent
- type WorkflowCallEventInput
- type WorkflowCallEventInputType
- type WorkflowCallEventOutput
- type WorkflowCallEventSecret
- type WorkflowCallInput
- type WorkflowCallSecret
- type WorkflowDispatchEvent
- type WorkflowDispatchEventInputType
Examples ¶
Constants ¶
const ( // RawYAMLValueKindObject is kind for an object value of raw YAML value. RawYAMLValueKindObject = RawYAMLValueKind(yaml.MappingNode) // RawYAMLValueKindArray is kind for an array value of raw YAML value. RawYAMLValueKindArray = RawYAMLValueKind(yaml.SequenceNode) // RawYAMLValueKindString is kind for a string value of raw YAML value. RawYAMLValueKindString = RawYAMLValueKind(yaml.ScalarNode) )
const ( // ExitStatusSuccessNoProblem is the exit status when the command ran successfully with no problem found. ExitStatusSuccessNoProblem = 0 // ExitStatusSuccessProblemFound is the exit status when the command ran successfully with some problem found. ExitStatusSuccessProblemFound = 1 // ExitStatusInvalidCommandOption is the exit status when parsing command line options failed. ExitStatusInvalidCommandOption = 2 // ExitStatusFailure is the exit status when the command stopped due to some fatal error while checking workflows. ExitStatusFailure = 3 )
const ( // LogLevelNone does not output any log output. LogLevelNone LogLevel = 0 // LogLevelVerbose shows verbose log output. This is equivalent to specifying -verbose option // to actionlint command. LogLevelVerbose = 1 // LogLevelDebug shows all log output including debug information. LogLevelDebug = 2 )
Variables ¶
var AllWebhookTypes = map[string][]string{
"branch_protection_rule": {"created", "edited", "deleted"},
"check_run": {"created", "rerequested", "completed", "requested_action"},
"check_suite": {"completed"},
"create": {},
"delete": {},
"deployment": {},
"deployment_status": {},
"discussion": {"created", "edited", "deleted", "transferred", "pinned", "unpinned", "labeled", "unlabeled", "locked", "unlocked", "category_changed", "answered", "unanswered"},
"discussion_comment": {"created", "edited", "deleted"},
"fork": {},
"gollum": {},
"issue_comment": {"created", "edited", "deleted"},
"issues": {"opened", "edited", "deleted", "transferred", "pinned", "unpinned", "closed", "reopened", "assigned", "unassigned", "labeled", "unlabeled", "locked", "unlocked", "milestoned", "demilestoned"},
"label": {"created", "edited", "deleted"},
"merge_group": {"checks_requested"},
"milestone": {"created", "closed", "opened", "edited", "deleted"},
"page_build": {},
"project": {"created", "closed", "reopened", "edited", "deleted"},
"project_card": {"created", "moved", "converted", "edited", "deleted"},
"project_column": {"created", "updated", "moved", "deleted"},
"public": {},
"pull_request": {"assigned", "unassigned", "labeled", "unlabeled", "opened", "edited", "closed", "reopened", "synchronize", "converted_to_draft", "ready_for_review", "locked", "unlocked", "review_requested", "review_request_removed", "auto_merge_enabled", "auto_merge_disabled"},
"pull_request_review": {"submitted", "edited", "dismissed"},
"pull_request_review_comment": {"created", "edited", "deleted"},
"pull_request_target": {"assigned", "unassigned", "labeled", "unlabeled", "opened", "edited", "closed", "reopened", "synchronize", "converted_to_draft", "ready_for_review", "locked", "unlocked", "review_requested", "review_request_removed", "auto_merge_enabled", "auto_merge_disabled"},
"push": {},
"registry_package": {"published", "updated"},
"release": {"published", "unpublished", "created", "edited", "deleted", "prereleased", "released"},
"repository_dispatch": {},
"status": {},
"watch": {"started"},
"workflow_dispatch": {},
"workflow_run": {"completed", "requested", "in_progress"},
}
AllWebhookTypes is a table of all webhooks with their types. This variable was generated by script at ./scripts/generate-webhook-events based on https://github.com/github/docs/blob/main/content/actions/using-workflows/events-that-trigger-workflows.md
var BuiltinFuncSignatures = map[string][]*FuncSignature{ "contains": { { Name: "contains", Ret: BoolType{}, Params: []ExprType{ StringType{}, StringType{}, }, }, { Name: "contains", Ret: BoolType{}, Params: []ExprType{ &ArrayType{Elem: AnyType{}}, AnyType{}, }, }, }, "startswith": { { Name: "startsWith", Ret: BoolType{}, Params: []ExprType{ StringType{}, StringType{}, }, }, }, "endswith": { { Name: "endsWith", Ret: BoolType{}, Params: []ExprType{ StringType{}, StringType{}, }, }, }, "format": { { Name: "format", Ret: StringType{}, Params: []ExprType{ StringType{}, AnyType{}, }, VariableLengthParams: true, }, }, "join": { { Name: "join", Ret: StringType{}, Params: []ExprType{ &ArrayType{Elem: StringType{}}, StringType{}, }, }, { Name: "join", Ret: StringType{}, Params: []ExprType{ StringType{}, StringType{}, }, }, { Name: "join", Ret: StringType{}, Params: []ExprType{ &ArrayType{Elem: StringType{}}, }, }, { Name: "join", Ret: StringType{}, Params: []ExprType{ StringType{}, }, }, }, "tojson": {{ Name: "toJSON", Ret: StringType{}, Params: []ExprType{ AnyType{}, }, }}, "fromjson": {{ Name: "fromJSON", Ret: AnyType{}, Params: []ExprType{ StringType{}, }, }}, "hashfiles": {{ Name: "hashFiles", Ret: StringType{}, Params: []ExprType{ StringType{}, }, VariableLengthParams: true, }}, "success": {{ Name: "success", Ret: BoolType{}, Params: []ExprType{}, }}, "always": {{ Name: "always", Ret: BoolType{}, Params: []ExprType{}, }}, "cancelled": {{ Name: "cancelled", Ret: BoolType{}, Params: []ExprType{}, }}, "failure": {{ Name: "failure", Ret: BoolType{}, Params: []ExprType{}, }}, }
BuiltinFuncSignatures is a set of all builtin function signatures. All function names are in lower case because function names are compared in case insensitive. https://docs.github.com/en/actions/learn-github-actions/expressions#functions
var BuiltinGlobalVariableTypes = map[string]ExprType{ "github": NewStrictObjectType(map[string]ExprType{ "action": StringType{}, "action_path": StringType{}, "action_ref": StringType{}, "action_repository": StringType{}, "action_status": StringType{}, "actor": StringType{}, "api_url": StringType{}, "base_ref": StringType{}, "env": StringType{}, "event": NewEmptyObjectType(), "event_name": StringType{}, "event_path": StringType{}, "graphql_url": StringType{}, "head_ref": StringType{}, "job": StringType{}, "ref": StringType{}, "ref_name": StringType{}, "ref_protected": StringType{}, "ref_type": StringType{}, "path": StringType{}, "repository": StringType{}, "repository_owner": StringType{}, "repositoryurl": StringType{}, "retention_days": NumberType{}, "run_id": StringType{}, "run_number": StringType{}, "run_attempt": StringType{}, "server_url": StringType{}, "sha": StringType{}, "token": StringType{}, "triggering_actor": StringType{}, "workflow": StringType{}, "workspace": StringType{}, }), "env": NewMapObjectType(StringType{}), "job": NewStrictObjectType(map[string]ExprType{ "container": NewStrictObjectType(map[string]ExprType{ "id": StringType{}, "network": StringType{}, }), "services": NewMapObjectType( NewStrictObjectType(map[string]ExprType{ "id": StringType{}, "network": StringType{}, "ports": NewMapObjectType(StringType{}), }), ), "status": StringType{}, }), "steps": NewEmptyStrictObjectType(), "runner": NewStrictObjectType(map[string]ExprType{ "name": StringType{}, "os": StringType{}, "arch": StringType{}, "temp": StringType{}, "tool_cache": StringType{}, "debug": StringType{}, "workspace": StringType{}, }), "secrets": NewMapObjectType(StringType{}), "strategy": NewObjectType(map[string]ExprType{ "fail-fast": BoolType{}, "job-index": NumberType{}, "job-total": NumberType{}, "max-parallel": NumberType{}, }), "matrix": NewEmptyStrictObjectType(), "needs": NewEmptyStrictObjectType(), "inputs": NewEmptyStrictObjectType(), }
BuiltinGlobalVariableTypes defines types of all global variables. All context variables are documented at https://docs.github.com/en/actions/learn-github-actions/contexts
var BuiltinUntrustedInputs = UntrustedInputSearchRoots{ "github": NewUntrustedInputMap("github", NewUntrustedInputMap("event", NewUntrustedInputMap("issue", NewUntrustedInputMap("title"), NewUntrustedInputMap("body"), ), NewUntrustedInputMap("pull_request", NewUntrustedInputMap("title"), NewUntrustedInputMap("body"), NewUntrustedInputMap("head", NewUntrustedInputMap("ref"), NewUntrustedInputMap("label"), NewUntrustedInputMap("repo", NewUntrustedInputMap("default_branch"), ), ), ), NewUntrustedInputMap("comment", NewUntrustedInputMap("body"), ), NewUntrustedInputMap("review", NewUntrustedInputMap("body"), ), NewUntrustedInputMap("review_comment", NewUntrustedInputMap("body"), ), NewUntrustedInputMap("pages", NewUntrustedInputMap("*", NewUntrustedInputMap("page_name"), ), ), NewUntrustedInputMap("commits", NewUntrustedInputMap("*", NewUntrustedInputMap("message"), NewUntrustedInputMap("author", NewUntrustedInputMap("email"), NewUntrustedInputMap("name"), ), ), ), NewUntrustedInputMap("head_commit", NewUntrustedInputMap("message"), NewUntrustedInputMap("author", NewUntrustedInputMap("email"), NewUntrustedInputMap("name"), ), ), NewUntrustedInputMap("discussion", NewUntrustedInputMap("title"), NewUntrustedInputMap("body"), ), ), NewUntrustedInputMap("head_ref"), ), }
BuiltinUntrustedInputs is list of untrusted inputs. These inputs are detected as untrusted in `run:` scripts. See the URL for more details. - https://securitylab.github.com/research/github-actions-untrusted-input/ - https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions - https://github.com/github/codeql/blob/main/javascript/ql/src/experimental/Security/CWE-094/ExpressionInjection.ql
var PopularActions = map[string]*ActionMetadata{}/* 173 elements not displayed */
PopularActions is data set of known popular actions. Keys are specs (owner/repo@ref) of actions and values are their metadata.
var SpecialFunctionNames = map[string][]string{"always": []string{"jobs.<job_id>.if", "jobs.<job_id>.steps.if"}, "cancelled": []string{"jobs.<job_id>.if", "jobs.<job_id>.steps.if"}, "failure": []string{"jobs.<job_id>.if", "jobs.<job_id>.steps.if"}, "hashfiles": []string{"jobs.<job_id>.steps.continue-on-error", "jobs.<job_id>.steps.env", "jobs.<job_id>.steps.if", "jobs.<job_id>.steps.name", "jobs.<job_id>.steps.run", "jobs.<job_id>.steps.timeout-minutes", "jobs.<job_id>.steps.with", "jobs.<job_id>.steps.working-directory"}, "success": []string{"jobs.<job_id>.if", "jobs.<job_id>.steps.if"}}
SpecialFunctionNames is a map from special function name to available workflow keys. Some functions are only available at specific positions. This variable is useful when you want to know which functions are special and what workflow keys support them.
This function was generated from https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability. See the script for more details: https://github.com/rhysd/actionlint/blob/main/scripts/generate-availability/
Functions ¶
func EqualTypes ¶ added in v1.6.4
EqualTypes returns if the two types are equal.
func LexExpression ¶ added in v1.6.1
LexExpression lexes the given string as expression syntax. The parameter must contain '}}' which represents end of expression. Otherwise this function will report an error that it encountered unexpected EOF.
func Parse ¶
Parse parses given source as byte sequence into workflow syntax tree. It returns all errors detected while parsing the input. It means that detecting one error does not stop parsing. Even if one or more errors are detected, parser will try to continue parsing and finding more errors.
func VisitExprNode ¶ added in v1.6.1
func VisitExprNode(n ExprNode, f VisitExprNodeFunc)
VisitExprNode visits the given expression syntax tree with given function f.
func WorkflowKeyAvailability ¶ added in v1.6.21
WorkflowKeyAvailability returns contexts and special functions availability of the given workflow key. 1st return value indicates what contexts are available. Empty slice means any contexts are available. 2nd return value indicates what special functions are available. Empty slice means no special functions are available. The 'key' parameter should represents a workflow key like "jobs.<job_id>.concurrency".
This function was generated from https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability. See the script for more details: https://github.com/rhysd/actionlint/blob/main/scripts/generate-availability/
Types ¶
type ActionMetadata ¶ added in v1.5.0
type ActionMetadata struct { // Name is "name" field of action.yaml Name string `yaml:"name" json:"name"` // Inputs is "inputs" field of action.yaml Inputs ActionMetadataInputs `yaml:"inputs" json:"inputs"` // Outputs is "outputs" field of action.yaml. Key is name of output. Description is omitted // since actionlint does not use it. Outputs ActionMetadataOutputs `yaml:"outputs" json:"outputs"` // SkipInputs is flag to specify behavior of inputs check. When it is true, inputs for this // action will not be checked. SkipInputs bool `json:"skip_inputs"` // SkipOutputs is flag to specify a bit loose typing to outputs object. If it is set to // true, the outputs object accepts any properties along with strictly typed props. SkipOutputs bool `json:"skip_outputs"` }
ActionMetadata represents structure of action.yaml. https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions
type ActionMetadataInput ¶ added in v1.5.0
type ActionMetadataInput struct { // Name is a name of this input. Name string `json:"name"` // Required is true when this input is mandatory to run the action. Required bool `json:"required"` }
ActionMetadataInput is input metadata in "inputs" section in action.yml metadata file. https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#inputs
type ActionMetadataInputs ¶ added in v1.6.20
type ActionMetadataInputs map[string]*ActionMetadataInput
ActionMetadataInputs is a map from input ID to its metadata. Keys are in lower case since input names are case-insensitive. https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#inputs
func (*ActionMetadataInputs) UnmarshalYAML ¶ added in v1.6.20
func (inputs *ActionMetadataInputs) UnmarshalYAML(n *yaml.Node) error
UnmarshalYAML implements yaml.Unmarshaler.
type ActionMetadataOutput ¶ added in v1.6.20
type ActionMetadataOutput struct {
Name string `json:"name"`
}
ActionMetadataOutput is output metadata in "outputs" section in action.yml metadata file. https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#outputs-for-composite-actions
type ActionMetadataOutputs ¶ added in v1.6.20
type ActionMetadataOutputs map[string]*ActionMetadataOutput
ActionMetadataOutputs is a map from output ID to its metadata. Keys are in lower case since output names are case-insensitive. https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#outputs-for-composite-actions
func (*ActionMetadataOutputs) UnmarshalYAML ¶ added in v1.6.20
func (inputs *ActionMetadataOutputs) UnmarshalYAML(n *yaml.Node) error
UnmarshalYAML implements yaml.Unmarshaler.
type AnyType ¶
type AnyType struct{}
AnyType represents type which can be any type. It also indicates that a value of the type cannot be type-checked since it's type cannot be known statically.
func (AnyType) Assignable ¶
Assignable returns if other type can be assignable to the type.
func (AnyType) DeepCopy ¶ added in v1.6.8
DeepCopy duplicates itself. All its child types are copied recursively.
type ArrayDerefNode ¶
type ArrayDerefNode struct { // Receiver is an expression at receiver of array element dereference. Receiver ExprNode }
ArrayDerefNode represents elements dereference of arrays like '*' in 'foo.bar.*.piyo'.
func (ArrayDerefNode) Token ¶
func (n ArrayDerefNode) Token() *Token
Token returns the first token of the node. This method is useful to get position of this node.
type ArrayType ¶
type ArrayType struct { // Elem is type of element of the array. Elem ExprType // Deref is true when this type was derived from object filtering syntax (foo.*). Deref bool }
ArrayType is type for arrays.
func (*ArrayType) Assignable ¶
Assignable returns if other type can be assignable to the type.
func (*ArrayType) DeepCopy ¶ added in v1.6.8
DeepCopy duplicates itself. All its child types are copied recursively.
type Bool ¶
type Bool struct { // Value is a raw value of the bool string. Value bool // Expression is a string when expression syntax ${{ }} is used for this section. Expression *String // Pos is a position in source. Pos *Pos }
Bool represents generic boolean value in YAML file with position.
type BoolNode ¶
type BoolNode struct { // Value is value of the boolean literal. Value bool // contains filtered or unexported fields }
BoolNode is node for boolean literal, true or false.
type BoolType ¶
type BoolType struct{}
BoolType is type for boolean values.
func (BoolType) Assignable ¶
Assignable returns if other type can be assignable to the type.
func (BoolType) DeepCopy ¶ added in v1.6.8
DeepCopy duplicates itself. All its child types are copied recursively.
type ByErrorPosition ¶ added in v1.1.2
type ByErrorPosition []*Error
ByErrorPosition is predicate for sort.Interface. It sorts errors slice by file path, line, and column.
func (ByErrorPosition) Len ¶ added in v1.1.2
func (by ByErrorPosition) Len() int
func (ByErrorPosition) Less ¶ added in v1.1.2
func (by ByErrorPosition) Less(i, j int) bool
func (ByErrorPosition) Swap ¶ added in v1.1.2
func (by ByErrorPosition) Swap(i, j int)
type ColorOptionKind ¶ added in v1.3.0
type ColorOptionKind int
ColorOptionKind is kind of colorful output behavior.
const ( // ColorOptionKindAuto is kind to determine to colorize errors output automatically. It is // determined based on pty and $NO_COLOR environment variable. See document of fatih/color // for more details. ColorOptionKindAuto ColorOptionKind = iota // ColorOptionKindAlways is kind to always colorize errors output. ColorOptionKindAlways // ColorOptionKindNever is kind never to colorize errors output. ColorOptionKindNever )
type Command ¶ added in v1.3.1
type Command struct { // Stdin is a reader to read input from stdin Stdin io.Reader // Stdout is a writer to write output to stdout Stdout io.Writer // Stderr is a writer to write output to stderr Stderr io.Writer }
Command represents entire actionlint command. Given stdin/stdout/stderr are used for input/output.
Example ¶
var output bytes.Buffer // Create command instance populating stdin/stdout/stderr cmd := Command{ Stdin: os.Stdin, Stdout: &output, Stderr: &output, } // Run the command end-to-end. Note that given args should contain program name workflow := filepath.Join(".github", "workflows", "release.yaml") status := cmd.Main([]string{"actionlint", "-shellcheck=", "-pyflakes=", workflow}) fmt.Println("Exited with status", status)
Output: Exited with status 0
type CompareOpNode ¶
type CompareOpNode struct { // Kind is a kind of this expression to show which operator is used. Kind CompareOpNodeKind // Left is an expression for left hand side of the binary operator. Left ExprNode // Right is an expression for right hand side of the binary operator. Right ExprNode }
CompareOpNode is node for binary expression to compare values; ==, !=, <, <=, > or >=.
func (*CompareOpNode) Token ¶
func (n *CompareOpNode) Token() *Token
Token returns the first token of the node. This method is useful to get position of this node.
type CompareOpNodeKind ¶
type CompareOpNodeKind int
CompareOpNodeKind is a kind of compare operators; ==, !=, <, <=, >, >=.
const ( // CompareOpNodeKindInvalid is invalid and initial value of CompareOpNodeKind values. CompareOpNodeKindInvalid CompareOpNodeKind = iota // CompareOpNodeKindLess is kind for < operator. CompareOpNodeKindLess // CompareOpNodeKindLessEq is kind for <= operator. CompareOpNodeKindLessEq // CompareOpNodeKindGreater is kind for > operator. CompareOpNodeKindGreater // CompareOpNodeKindGreaterEq is kind for >= operator. CompareOpNodeKindGreaterEq // CompareOpNodeKindEq is kind for == operator. CompareOpNodeKindEq // CompareOpNodeKindNotEq is kind for != operator. CompareOpNodeKindNotEq )
type Concurrency ¶
type Concurrency struct { // Group is name of the concurrency group. Group *String // CancelInProgress is a flag that shows if canceling this workflow cancels other jobs in progress. CancelInProgress *Bool // Pos is a position in source. Pos *Pos }
Concurrency is a configuration of concurrency of the workflow. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#concurrency
type Config ¶
type Config struct { // SelfHostedRunner is configuration for self-hosted runner. SelfHostedRunner struct { // Labels is label names for self-hosted runner. Labels []string `yaml:"labels"` } `yaml:"self-hosted-runner"` }
Config is configuration of actionlint. This struct instance is parsed from "actionlint.yaml" file usually put in ".github" directory.
type Container ¶
type Container struct { // Image is specification of Docker image. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idcontainerimage Image *String // Credentials is credentials configuration of the Docker container. Credentials *Credentials // Env is environment variables setup in the container. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idcontainerenv Env *Env // Ports is list of port number mappings of the container. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idcontainerports Ports []*String // Volumes are list of volumes to be mounted to the container. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idcontainervolumes Volumes []*String // Options is options string to run the container. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idcontaineroptions Options *String // Pos is a position in source. Pos *Pos }
Container is configuration of how to run the container. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idcontainer
type Credentials ¶
type Credentials struct { // Username is username for authentication. Username *String // Password is password for authentication. Password *String // Pos is a position in source. Pos *Pos }
Credentials is credentials configuration. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idcontainercredentials
type Defaults ¶
type Defaults struct { // Run is configuration of how to run shell. Run *DefaultsRun // Pos is a position in source. Pos *Pos }
Defaults is set of default configurations to run shell. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#defaults
type DefaultsRun ¶
type DefaultsRun struct { // Shell is shell name to be run. Shell *String // WorkingDirectory is a default working directory path. WorkingDirectory *String // Pos is a position in source. Pos *Pos }
DefaultsRun is configuration that shell is how to be run. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#defaultsrun
type DispatchInput ¶
type DispatchInput struct { // Name is a name of input value specified on dispatching workflow manually. Name *String // Description is a description of input value specified on dispatching workflow manually. Description *String // Required is a flag to show if this input is mandatory or not on dispatching workflow manually. Required *Bool // Default is a default value of input value on dispatching workflow manually. Default *String // Type is a type of the input // https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#workflow_dispatch Type WorkflowDispatchEventInputType // Options is list of options of choice type Options []*String }
DispatchInput is input specified on dispatching workflow manually. https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#workflow_dispatch
type Env ¶
type Env struct { // Vars is mapping from env var name to env var value. Vars map[string]*EnvVar // Expression is an expression string which contains ${{ ... }}. When this value is not empty, // Vars should be nil. Expression *String }
Env represents set of environment variables.
type EnvVar ¶
type EnvVar struct { // Name is name of the environment variable. Name *String // Value is string value of the environment variable. Value *String }
EnvVar represents key-value of environment variable setup.
type Environment ¶
type Environment struct { // Name is a name of environment which the workflow uses. Name *String // URL is the URL mapped to 'environment_url' in the deployments API. Empty value means no value was specified. URL *String // Pos is a position in source. Pos *Pos }
Environment is a configuration of environment. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idenvironment
type Error ¶
type Error struct { // Message is an error message. Message string // Filepath is a file path where the error occurred. Filepath string // Line is a line number where the error occurred. This value is 1-based. Line int // Column is a column number where the error occurred. This value is 1-based. Column int // Kind is a string to represent kind of the error. Usually rule name which found the error. Kind string }
Error represents an error detected by actionlint rules
func (*Error) GetTemplateFields ¶ added in v1.6.1
func (e *Error) GetTemplateFields(source []byte) *ErrorTemplateFields
GetTemplateFields fields for formatting this error with Go template.
func (*Error) PrettyPrint ¶
PrettyPrint prints the error with user-friendly way. It prints file name, source position, error message with colorful output and source snippet with indicator. When nil is set to source, no source snippet is not printed. To disable colorful output, set true to fatih/color.NoColor.
type ErrorFormatter ¶ added in v1.6.1
type ErrorFormatter struct {
// contains filtered or unexported fields
}
ErrorFormatter is a formatter to format a slice of ErrorTemplateFields. It is used for formatting error messages with -format option.
func NewErrorFormatter ¶ added in v1.6.1
func NewErrorFormatter(format string) (*ErrorFormatter, error)
NewErrorFormatter creates new ErrorFormatter instance. Given format must contain at least one {{ }} placeholder. Escaped characters like \n in the format string are unescaped.
func (*ErrorFormatter) Print ¶ added in v1.6.1
func (f *ErrorFormatter) Print(out io.Writer, t []*ErrorTemplateFields) error
Print formats the slice of template fields and prints it with given writer.
func (*ErrorFormatter) PrintErrors ¶ added in v1.6.1
PrintErrors prints the errors after formatting them with template.
type ErrorTemplateFields ¶ added in v1.6.1
type ErrorTemplateFields struct { // Message is error message body. Message string `json:"message"` // Filepath is a canonical relative file path. This is empty when input was read from stdin. // When encoding into JSON, this field may be omitted when the file path is empty. Filepath string `json:"filepath,omitempty"` // Line is a line number of error position. Line int `json:"line"` // Column is a column number of error position. Column int `json:"column"` // Kind is a rule name the error belongs to. Kind string `json:"kind"` // Snippet is a code snippet and indicator to indicate where the error occurred. // When encoding into JSON, this field may be omitted when the snippet is empty. Snippet string `json:"snippet,omitempty"` // EndColumn is a column number where the error indicator (^~~~~~~) ends. When no indicator // can be shown, EndColumn is equal to Column. EndColumn int `json:"end_column"` }
ErrorTemplateFields holds all fields to format one error message.
type Event ¶
type Event interface { // EventName returns name of the event to trigger this workflow. EventName() string }
Event interface represents workflow events in 'on' section
type Exec ¶
type Exec interface { // Kind returns kind of the step execution. Kind() ExecKind }
Exec is an interface how the step is executed. Step in workflow runs either an action or a script
type ExecAction ¶
type ExecAction struct { // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsuses Uses *String // Inputs represents inputs to the action to execute in 'with' section. Keys are in lower case since they are case-insensitive. Inputs map[string]*Input // Entrypoint represents optional 'entrypoint' field in 'with' section. Nil field means nothing specified // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepswithentrypoint Entrypoint *String // Args represents optional 'args' field in 'with' section. Nil field means nothing specified // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepswithargs Args *String }
ExecAction is configuration how to run action at the step. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsuses
func (*ExecAction) Kind ¶
func (e *ExecAction) Kind() ExecKind
Kind returns kind of the step execution.
type ExecKind ¶
type ExecKind uint8
ExecKind is kind of how the step is executed. A step runs some action or runs some shell script.
type ExecRun ¶
type ExecRun struct { // Run is script to run. Run *String // Shell represents optional 'shell' field. Nil means nothing specified. Shell *String // WorkingDirectory represents optional 'working-directory' field. Nil means nothing specified. WorkingDirectory *String // RunPos is position of 'run' section RunPos *Pos }
ExecRun is configuration how to run shell script at the step. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsrun
type ExprError ¶
type ExprError struct { // Message is an error message Message string // Offset is byte offset position which caused the error Offset int // Offset is line number position which caused the error. Note that this value is 1-based. Line int // Column is column number position which caused the error. Note that this value is 1-based. Column int }
ExprError is an error type caused by lexing/parsing expression syntax. For more details, see https://docs.github.com/en/actions/learn-github-actions/expressions
type ExprLexer ¶
type ExprLexer struct {
// contains filtered or unexported fields
}
ExprLexer is a struct to lex expression syntax. To know the syntax, see https://docs.github.com/en/actions/learn-github-actions/expressions
func NewExprLexer ¶
NewExprLexer makes new ExprLexer instance.
func (*ExprLexer) Err ¶ added in v1.6.1
Err returns an error while lexing. When multiple errors occur, the first one is returned.
type ExprNode ¶
type ExprNode interface { // Token returns the first token of the node. This method is useful to get position of this node. Token() *Token }
ExprNode is a node of expression syntax tree. To know the syntax, see https://docs.github.com/en/actions/learn-github-actions/expressions
type ExprParser ¶
type ExprParser struct {
// contains filtered or unexported fields
}
ExprParser is a parser for expression syntax. To know the details, see https://docs.github.com/en/actions/learn-github-actions/expressions
func NewExprParser ¶
func NewExprParser() *ExprParser
NewExprParser creates new ExprParser instance.
func (*ExprParser) Err ¶ added in v1.6.1
func (p *ExprParser) Err() *ExprError
Err returns an error which was caused while previous parsing.
type ExprSemanticsChecker ¶
type ExprSemanticsChecker struct {
// contains filtered or unexported fields
}
ExprSemanticsChecker is a semantics checker for expression syntax. It checks types of values in given expression syntax tree. It additionally checks other semantics like arguments of format() built-in function. To know the details of the syntax, see
- https://docs.github.com/en/actions/learn-github-actions/contexts - https://docs.github.com/en/actions/learn-github-actions/expressions
func NewExprSemanticsChecker ¶
func NewExprSemanticsChecker(checkUntrustedInput bool) *ExprSemanticsChecker
NewExprSemanticsChecker creates new ExprSemanticsChecker instance. When checkUntrustedInput is set to true, the checker will make use of possibly untrusted inputs error.
func (*ExprSemanticsChecker) Check ¶
func (sema *ExprSemanticsChecker) Check(expr ExprNode) (ExprType, []*ExprError)
Check checks sematics of given expression syntax tree. It returns the type of the expression as the first return value when the check was successfully done. And it returns all errors found while checking the expression as the second return value.
func (*ExprSemanticsChecker) SetContextAvailability ¶ added in v1.6.21
func (sema *ExprSemanticsChecker) SetContextAvailability(avail []string)
SetContextAvailability sets available context names while semantics checks. Some contexts limit where they can be used. https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability
Elements of 'avail' parameter must be in lower case to check context names in case-insensitive.
If this method is not called before checks, ExprSemanticsChecker considers any contexts are available by default. Available contexts for workflow keys can be obtained from actionlint.ContextAvailability.
func (*ExprSemanticsChecker) SetSpecialFunctionAvailability ¶ added in v1.6.21
func (sema *ExprSemanticsChecker) SetSpecialFunctionAvailability(avail []string)
SetSpecialFunctionAvailability sets names of available special functions while semantics checks. Some functions limit where they can be used. https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability
Elements of 'avail' parameter must be in lower case to check function names in case-insensitive.
If this method is not called before checks, ExprSemanticsChecker considers no special function is allowed by default. Allowed functions can be obtained from actionlint.SpecialFunctionNames global constant.
Available function names for workflow keys can be obtained from actionlint.ContextAvailability.
func (*ExprSemanticsChecker) UpdateDispatchInputs ¶ added in v1.6.8
func (sema *ExprSemanticsChecker) UpdateDispatchInputs(ty *ObjectType)
UpdateDispatchInputs updates 'github.event.inputs' and 'inputs' objects to given object type. https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
func (*ExprSemanticsChecker) UpdateInputs ¶ added in v1.6.6
func (sema *ExprSemanticsChecker) UpdateInputs(ty *ObjectType)
UpdateInputs updates 'inputs' context object to given object type.
func (*ExprSemanticsChecker) UpdateJobs ¶ added in v1.6.10
func (sema *ExprSemanticsChecker) UpdateJobs(ty *ObjectType)
UpdateJobs updates 'jobs' context object to given object type.
func (*ExprSemanticsChecker) UpdateMatrix ¶
func (sema *ExprSemanticsChecker) UpdateMatrix(ty *ObjectType)
UpdateMatrix updates matrix object to given object type. Since matrix values change according to 'matrix' section of job configuration, the type needs to be updated.
func (*ExprSemanticsChecker) UpdateNeeds ¶
func (sema *ExprSemanticsChecker) UpdateNeeds(ty *ObjectType)
UpdateNeeds updates 'needs' context object to given object type.
func (*ExprSemanticsChecker) UpdateSecrets ¶ added in v1.6.6
func (sema *ExprSemanticsChecker) UpdateSecrets(ty *ObjectType)
UpdateSecrets updates 'secrets' context object to given object type.
func (*ExprSemanticsChecker) UpdateSteps ¶
func (sema *ExprSemanticsChecker) UpdateSteps(ty *ObjectType)
UpdateSteps updates 'steps' context object to given object type.
type ExprType ¶
type ExprType interface { // String returns string representation of the type. String() string // Assignable returns if other type can be assignable to the type. Assignable(other ExprType) bool // Merge merges other type into this type. When other type conflicts with this type, the merged // result is any type as fallback. Merge(other ExprType) ExprType // DeepCopy duplicates itself. All its child types are copied recursively. DeepCopy() ExprType }
ExprType is interface for types of values in expression.
type Float ¶
type Float struct { // Value is a raw value of the float string. Value float64 // Expression is a string when expression syntax ${{ }} is used for this section. Expression *String // Pos is a position in source. Pos *Pos }
Float represents generic float value in YAML file with position.
type FloatNode ¶
type FloatNode struct { // Value is value of the float literal. Value float64 // contains filtered or unexported fields }
FloatNode is node for float literal.
type FuncCallNode ¶
type FuncCallNode struct { // Callee is a name of called function. This is string value because currently only built-in // functions can be called. Callee string // Args is arguments of the function call. Args []ExprNode // contains filtered or unexported fields }
FuncCallNode represents function call in expression. Note that currently only calling builtin functions is supported.
func (*FuncCallNode) Token ¶
func (n *FuncCallNode) Token() *Token
Token returns the first token of the node. This method is useful to get position of this node.
type FuncSignature ¶
type FuncSignature struct { // Name is a name of the function. Name string // Ret is a return type of the function. Ret ExprType // Params is a list of parameter types of the function. The final element of this list might // be repeated as variable length arguments. Params []ExprType // VariableLengthParams is a flag to handle variable length parameters. When this flag is set to // true, it means that the last type of params might be specified multiple times (including zero // times). Setting true implies length of Params is more than 0. VariableLengthParams bool }
FuncSignature is a signature of function, which holds return and arguments types.
func (*FuncSignature) String ¶
func (sig *FuncSignature) String() string
type IndexAccessNode ¶
type IndexAccessNode struct { // Operand is an expression at operand of index access, which should be array or object. Operand ExprNode // Index is an expression at index, which should be integer or string. Index ExprNode }
IndexAccessNode is node for index access, which represents dynamic object property access or array index access.
func (*IndexAccessNode) Token ¶
func (n *IndexAccessNode) Token() *Token
Token returns the first token of the node. This method is useful to get position of this node.
type Input ¶
type Input struct { // Name is a name of the input. Name *String // Value is a value of the input. Value *String }
Input is an input field for running an action. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepswith
type Int ¶
type Int struct { // Value is a raw value of the integer string. Value int // Expression is a string when expression syntax ${{ }} is used for this section. Expression *String // Pos is a position in source. Pos *Pos }
Int represents generic integer value in YAML file with position.
type IntNode ¶
type IntNode struct { // Value is value of the integer literal. Value int // contains filtered or unexported fields }
IntNode is node for integer literal.
type InvalidGlobPattern ¶ added in v1.4.0
type InvalidGlobPattern struct { // Message is a human readable error message. Message string // Column is a column number of the error in the glob pattern. This value is 1-based, but zero // is valid value. Zero means the error occurred before reading first character. This happens // when a given pattern is empty. When the given pattern include a newline and line number // increases (invalid pattern), the column number falls back into always 0. Column int }
InvalidGlobPattern is an error on invalid glob pattern.
func ValidatePathGlob ¶ added in v1.4.0
func ValidatePathGlob(pat string) []InvalidGlobPattern
ValidatePathGlob checks a given input as glob pattern for file paths. It returns list of errors found by the validation. See the following URL for more details of the syntax: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
func ValidateRefGlob ¶ added in v1.4.0
func ValidateRefGlob(pat string) []InvalidGlobPattern
ValidateRefGlob checks a given input as glob pattern for Git ref names. It returns list of errors found by the validation. See the following URL for more details of the syntax: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
func (*InvalidGlobPattern) Error ¶ added in v1.4.0
func (err *InvalidGlobPattern) Error() string
func (*InvalidGlobPattern) String ¶ added in v1.6.18
func (err *InvalidGlobPattern) String() string
type Job ¶
type Job struct { // ID is an ID of the job, which is key of job configuration objects. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_id ID *String // Name is a name of job that user can specify freely. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idname Name *String // Needs is list of job IDs which should be run before running this job. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idneeds Needs []*String // RunsOn is runner configuration which run the job. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idruns-on RunsOn *Runner // Permissions is permission configuration for running the job. Permissions *Permissions // Environment is environment specification where the job runs. Environment *Environment // Concurrency is concurrency configuration on running the job. Concurrency *Concurrency // Outputs is map from output name to output specifications. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idoutputs Outputs map[string]*Output // Env is environment variables setup while running the job. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idenv Env *Env // Defaults is default configurations of how to run scripts. Defaults *Defaults // If is a condition whether this job should be run. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idif If *String // Steps is list of steps to be run in the job. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idsteps Steps []*Step // TimeoutMinutes is timeout value of running the job in minutes. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes TimeoutMinutes *Float // Strategy is strategy configuration of running the job. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategy Strategy *Strategy // ContinueOnError is a flag to show if execution should continue on error. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idcontinue-on-error ContinueOnError *Bool // Container is container configuration to run the job. Container *Container // Services is map from service names to service configurations. Keys are in lower case since they are case-insensitive. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idservices Services map[string]*Service // WorkflowCall is a workflow call by 'uses:'. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_iduses WorkflowCall *WorkflowCall // Pos is a position in source. Pos *Pos }
Job is configuration of how to run a job. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobs
type Linter ¶
type Linter struct {
// contains filtered or unexported fields
}
Linter is struct to lint workflow files.
func NewLinter ¶
func NewLinter(out io.Writer, opts *LinterOptions) (*Linter, error)
NewLinter creates a new Linter instance. The out parameter is used to output errors from Linter instance. Set io.Discard if you don't want the outputs. The opts parameter is LinterOptions instance which configures behavior of linting.
func (*Linter) GenerateDefaultConfig ¶
GenerateDefaultConfig generates default config file at ".github/actionlint.yaml" in project which the given directory path belongs to.
func (*Linter) Lint ¶
Lint lints YAML workflow file content given as byte sequence. The path parameter is used as file path the content came from. Setting "<stdin>" to path parameter indicates the output came from STDIN. Note that only given Project instance is used for configuration. No config is automatically loaded based on path parameter.
func (*Linter) LintDir ¶ added in v1.6.17
LintDir lints all YAML workflow files in the given directory recursively.
func (*Linter) LintFile ¶
LintFile lints one YAML workflow file and outputs the errors to given writer. The project parameter can be nil. In the case, the project is detected from the given path.
func (*Linter) LintFiles ¶
LintFiles lints YAML workflow files and outputs the errors to given writer. It applies lint rules to all given files. The project parameter can be nil. In the case, a project is detected from the file path.
func (*Linter) LintRepository ¶
LintRepository lints YAML workflow files and outputs the errors to given writer. It finds the nearest `.github/workflows` directory based on `dir` and applies lint rules to all YAML workflow files under the directory.
type LinterOptions ¶
type LinterOptions struct { // Verbose is flag if verbose log output is enabled. Verbose bool // Debug is flag if debug log output is enabled. Debug bool // LogWriter is io.Writer object to use to print log outputs. Note that error outputs detected // by the linter are not included in the log outputs. LogWriter io.Writer // Color is option for colorizing error outputs. See ColorOptionKind document for each enum values. Color ColorOptionKind // Oneline is flag if one line output is enabled. When enabling it, one error is output per one // line. It is useful when reading outputs from programs. Oneline bool // Shellcheck is executable for running shellcheck external command. It can be command name like // "shellcheck" or file path like "/path/to/shellcheck", "path/to/shellcheck". When this value // is empty, shellcheck won't run to check scripts in workflow file. Shellcheck string // Pyflakes is executable for running pyflakes external command. It can be command name like "pyflakes" // or file path like "/path/to/pyflakes", "path/to/pyflakes". When this value is empty, pyflakes // won't run to check scripts in workflow file. Pyflakes string // IgnorePatterns is list of regular expression to filter errors. The pattern is applied to error // messages. When an error is matched, the error is ignored. IgnorePatterns []string // ConfigFile is a path to config file. Empty string means no config file path is given. In // the case, actionlint will try to read config from .github/actionlint.yaml. ConfigFile string // Format is a custom template to format error messages. It must follow Go Template format and // contain at least one {{ }} placeholder. https://pkg.go.dev/text/template Format string // StdinFileName is a file name when reading input from stdin. When this value is empty, "<stdin>" // is used as the default value. StdinFileName string // WorkingDir is a file path to the current working directory. When this value is empty, os.Getwd // will be used to get a working directory. WorkingDir string }
LinterOptions is set of options for Linter instance. This struct should be created by user and given to NewLinter factory function.
type LocalActionsCache ¶ added in v1.5.0
type LocalActionsCache struct {
// contains filtered or unexported fields
}
LocalActionsCache is cache for local actions' metadata. It avoids repeating to find/read/parse local action's metadata file (action.yml). This cache is not available across multiple repositories. One LocalActionsCache instance needs to be created per one repository.
func NewLocalActionsCache ¶ added in v1.5.0
func NewLocalActionsCache(proj *Project, dbg io.Writer) *LocalActionsCache
NewLocalActionsCache creates new LocalActionsCache instance for the given project.
func (*LocalActionsCache) FindMetadata ¶ added in v1.5.0
func (c *LocalActionsCache) FindMetadata(spec string) (*ActionMetadata, error)
FindMetadata finds metadata for given spec. The spec should indicate for local action hence it should start with "./". The first return value can be nil even if error did not occur. LocalActionCache caches that the action was not found. At first search, it returns an error that the action was not found. But at the second search, it does not return an error even if the result is nil. This behavior prevents repeating to report the same error from multiple places. Calling this method is thread-safe.
type LocalActionsCacheFactory ¶ added in v1.6.16
type LocalActionsCacheFactory struct {
// contains filtered or unexported fields
}
LocalActionsCacheFactory is a factory to create LocalActionsCache instances. LocalActionsCache should be created for each repositories. LocalActionsCacheFactory creates new LocalActionsCache instance per repository (project).
func NewLocalActionsCacheFactory ¶ added in v1.6.16
func NewLocalActionsCacheFactory(dbg io.Writer) *LocalActionsCacheFactory
NewLocalActionsCacheFactory creates a new LocalActionsCacheFactory instance.
func (*LocalActionsCacheFactory) GetCache ¶ added in v1.6.16
func (f *LocalActionsCacheFactory) GetCache(p *Project) *LocalActionsCache
GetCache returns LocalActionsCache instance for the given project. One LocalActionsCache is created per one repository. Created instances are cached and will be used when caches are requested for the same projects. This method is not thread safe.
type LocalReusableWorkflowCache ¶ added in v1.6.18
type LocalReusableWorkflowCache struct {
// contains filtered or unexported fields
}
LocalReusableWorkflowCache is a cache for local reusable workflow metadata files. It avoids find/read/parse local reusable workflow YAML files. This cache is dedicated for a single project (repository) indicated by 'proj' field. One LocalReusableWorkflowCache instance needs to be created per one project.
func NewLocalReusableWorkflowCache ¶ added in v1.6.18
func NewLocalReusableWorkflowCache(proj *Project, cwd string, dbg io.Writer) *LocalReusableWorkflowCache
NewLocalReusableWorkflowCache creates a new LocalReusableWorkflowCache instance for the given project. 'cwd' is a current working directory as an absolute file path. The 'Local' means that the cache instance is project-local. It is not available accross multiple projects.
func (*LocalReusableWorkflowCache) FindMetadata ¶ added in v1.6.18
func (c *LocalReusableWorkflowCache) FindMetadata(spec string) (*ReusableWorkflowMetadata, error)
FindMetadata finds/parses a reusable workflow metadata located by the 'spec' argument. When project is not set to 'proj' field or the spec does not start with "./", this method immediately returns with nil.
Note that an error is not cached. At first search, let's say this method returned an error since the reusable workflow is invalid. In this case, calling this method with the same spec later will not return the error again. It just will return nil. This behavior prevents repeating to report the same error from multiple places.
Calling this method is thread-safe.
func (*LocalReusableWorkflowCache) WriteWorkflowCallEvent ¶ added in v1.6.18
func (c *LocalReusableWorkflowCache) WriteWorkflowCallEvent(wpath string, event *WorkflowCallEvent)
WriteWorkflowCallEvent writes reusable workflow metadata by converting from WorkflowCallEvent AST node. The 'wpath' parameter is a path to the workflow file of the AST, which is a relative to the project root directory or an absolute path. This method does nothing when (1) no project is set, (2) it could not convert the workflow path to workflow call spec, (3) some cache for the workflow is already existing. This method is thread safe.
type LocalReusableWorkflowCacheFactory ¶ added in v1.6.18
type LocalReusableWorkflowCacheFactory struct {
// contains filtered or unexported fields
}
LocalReusableWorkflowCacheFactory is a factory object to create a LocalReusableWorkflowCache instance per project.
func NewLocalReusableWorkflowCacheFactory ¶ added in v1.6.18
func NewLocalReusableWorkflowCacheFactory(cwd string, dbg io.Writer) *LocalReusableWorkflowCacheFactory
NewLocalReusableWorkflowCacheFactory creates a new LocalReusableWorkflowCacheFactory instance.
func (*LocalReusableWorkflowCacheFactory) GetCache ¶ added in v1.6.18
func (f *LocalReusableWorkflowCacheFactory) GetCache(p *Project) *LocalReusableWorkflowCache
GetCache returns a new or existing LocalReusableWorkflowCache instance per project. When a instance was already created for the project, this method returns the existing instance. Otherwise it creates a new instance and returns it.
type LogicalOpNode ¶
type LogicalOpNode struct { // Kind is a kind to show which operator is used. Kind LogicalOpNodeKind // Left is an expression for left hand side of the binary operator. Left ExprNode // Right is an expression for right hand side of the binary operator. Right ExprNode }
LogicalOpNode is node for logical binary operators; && or ||.
func (*LogicalOpNode) Token ¶
func (n *LogicalOpNode) Token() *Token
Token returns the first token of the node. This method is useful to get position of this node.
type LogicalOpNodeKind ¶
type LogicalOpNodeKind int
LogicalOpNodeKind is a kind of logical operators; && and ||.
const ( // LogicalOpNodeKindInvalid is an invalid and initial value of LogicalOpNodeKind. LogicalOpNodeKindInvalid LogicalOpNodeKind = iota // LogicalOpNodeKindAnd is a kind for && operator. LogicalOpNodeKindAnd // LogicalOpNodeKindOr is a kind for || operator. LogicalOpNodeKindOr )
func (LogicalOpNodeKind) String ¶
func (k LogicalOpNodeKind) String() string
type Matrix ¶
type Matrix struct { // Values stores mappings from name to values. Keys are in lower case since they are case-insensitive. Rows map[string]*MatrixRow // Include is list of combinations of matrix values and additional values on running matrix combinations. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-including-additional-values-into-combinations Include *MatrixCombinations // Exclude is list of combinations of matrix values which should not be run. Combinations in // this list will be removed from combinations of matrix to run. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-excluding-configurations-from-a-matrix Exclude *MatrixCombinations // Expression is a string when expression syntax ${{ }} is used for this section. Expression *String // Pos is a position in source. Pos *Pos }
Matrix is matrix variations configuration of a job. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix
type MatrixAssign ¶
type MatrixAssign struct { // Key is a name of the matrix value. Key *String // Value is the value selected from values in row. Value RawYAMLValue }
MatrixAssign represents which value should be taken in the row of the matrix. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix
type MatrixCombination ¶
type MatrixCombination struct { Assigns map[string]*MatrixAssign // Expression is a string when expression syntax ${{ }} is used for this section. Expression *String }
MatrixCombination is combination of matrix value assignments to define one of matrix variations. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix
type MatrixCombinations ¶
type MatrixCombinations struct { Combinations []*MatrixCombination // Expression is a string when expression syntax ${{ }} is used for this section. Expression *String }
MatrixCombinations is list of combinations of matrix assignments used for 'include' and 'exclude' sections. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix
func (*MatrixCombinations) ContainsExpression ¶
func (cs *MatrixCombinations) ContainsExpression() bool
ContainsExpression returns if the combinations section includes at least one expression node.
type MatrixRow ¶
type MatrixRow struct { // Name is a name of matrix value. Name *String // Values is variations of values which the matrix value can take. Values []RawYAMLValue // Expression is a string when expression syntax ${{ }} is used for this section. Expression *String }
MatrixRow is one row of matrix. One matrix row can take multiple values. Those variations are stored as row of values in this struct. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix
type NotOpNode ¶
type NotOpNode struct { // Operand is an expression at operand of ! operator. Operand ExprNode // contains filtered or unexported fields }
NotOpNode is node for unary ! operator.
type NullNode ¶
type NullNode struct {
// contains filtered or unexported fields
}
NullNode is node for null literal.
type NullType ¶
type NullType struct{}
NullType is type for null value.
func (NullType) Assignable ¶
Assignable returns if other type can be assignable to the type.
func (NullType) DeepCopy ¶ added in v1.6.8
DeepCopy duplicates itself. All its child types are copied recursively.
type NumberType ¶
type NumberType struct{}
NumberType is type for number values such as integer or float.
func (NumberType) Assignable ¶
func (ty NumberType) Assignable(other ExprType) bool
Assignable returns if other type can be assignable to the type.
func (NumberType) DeepCopy ¶ added in v1.6.8
func (ty NumberType) DeepCopy() ExprType
DeepCopy duplicates itself. All its child types are copied recursively.
func (NumberType) Merge ¶ added in v1.6.4
func (ty NumberType) Merge(other ExprType) ExprType
Merge merges other type into this type. When other type conflicts with this type, the merged result is any type as fallback.
func (NumberType) String ¶
func (ty NumberType) String() string
type ObjectDerefNode ¶
type ObjectDerefNode struct { // Receiver is an expression at receiver of property dereference. Receiver ExprNode // Property is a name of property to access. Property string }
ObjectDerefNode represents property dereference of object like 'foo.bar'.
func (ObjectDerefNode) Token ¶
func (n ObjectDerefNode) Token() *Token
Token returns the first token of the node. This method is useful to get position of this node.
type ObjectType ¶
type ObjectType struct { // Props is map from properties name to their type. Props map[string]ExprType // Mapped is an element type of this object. This means all props have the type. For example, // The element type of env context is string. // AnyType means its property types can be any type so it shapes a loose object. Setting nil // means propreties are mapped to no type so it shapes a strict object. // // Invariant: All types in Props field must be assignable to this type. Mapped ExprType }
ObjectType is type for objects, which can hold key-values.
func NewEmptyObjectType ¶ added in v1.6.4
func NewEmptyObjectType() *ObjectType
NewEmptyObjectType creates new loose ObjectType instance which allows unknown props. When accessing to unknown props, their values will fall back to any.
func NewEmptyStrictObjectType ¶ added in v1.6.4
func NewEmptyStrictObjectType() *ObjectType
NewEmptyStrictObjectType creates new ObjectType instance which does not allow unknown props.
func NewMapObjectType ¶ added in v1.6.4
func NewMapObjectType(t ExprType) *ObjectType
NewMapObjectType creates new ObjectType which maps keys to a specific type value.
func NewObjectType ¶
func NewObjectType(props map[string]ExprType) *ObjectType
NewObjectType creates new loose ObjectType instance which allows unknown props with given props.
func NewStrictObjectType ¶
func NewStrictObjectType(props map[string]ExprType) *ObjectType
NewStrictObjectType creates new ObjectType instance which does not allow unknown props with given prop types.
func (*ObjectType) Assignable ¶
func (ty *ObjectType) Assignable(other ExprType) bool
Assignable returns if other type can be assignable to the type. In other words, rhs type is more strict than lhs (receiver) type.
func (*ObjectType) DeepCopy ¶ added in v1.6.8
func (ty *ObjectType) DeepCopy() ExprType
DeepCopy duplicates itself. All its child types are copied recursively.
func (*ObjectType) IsLoose ¶ added in v1.6.4
func (ty *ObjectType) IsLoose() bool
IsLoose returns if the type is a loose object, which allows any unknown props.
func (*ObjectType) IsStrict ¶ added in v1.6.4
func (ty *ObjectType) IsStrict() bool
IsStrict returns if the type is a strict object, which means no unknown prop is allowed.
func (*ObjectType) Loose ¶ added in v1.6.4
func (ty *ObjectType) Loose()
Loose sets the object is loose, which means any properties can be set.
func (*ObjectType) Merge ¶ added in v1.6.4
func (ty *ObjectType) Merge(other ExprType) ExprType
Merge merges two object types into one. When other object has unknown props, they are merged into current object. When both have same property, when they are assignable, it remains as-is. Otherwise, the property falls back to any type.
func (*ObjectType) Strict ¶ added in v1.6.4
func (ty *ObjectType) Strict()
Strict sets the object is strict, which means only known properties are allowed.
func (*ObjectType) String ¶
func (ty *ObjectType) String() string
type Output ¶
type Output struct { // Name is name of output. Name *String // Value is value of output. Value *String }
Output is output entry of the job. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idoutputs
type Pass ¶
type Pass interface { // VisitStep is callback when visiting Step node. It returns internal error when it cannot continue the process VisitStep(node *Step) error // VisitJobPre is callback when visiting Job node before visiting its children. It returns internal error when it cannot continue the process VisitJobPre(node *Job) error // VisitJobPost is callback when visiting Job node after visiting its children. It returns internal error when it cannot continue the process VisitJobPost(node *Job) error // VisitWorkflowPre is callback when visiting Workflow node before visiting its children. It returns internal error when it cannot continue the process VisitWorkflowPre(node *Workflow) error // VisitWorkflowPost is callback when visiting Workflow node after visiting its children. It returns internal error when it cannot continue the process VisitWorkflowPost(node *Workflow) error }
Pass is an interface to traverse a workflow syntax tree
type PermissionScope ¶ added in v1.5.0
type PermissionScope struct { // Name is name of the scope. Name *String // Value is permission value of the scope. Value *String }
PermissionScope is struct for respective permission scope like "issues", "checks", ... https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
type Permissions ¶
type Permissions struct { // All represents a permission value for all the scopes at once. All *String // Scopes is mappings from scope name to its permission configuration Scopes map[string]*PermissionScope // Pos is a position in source. Pos *Pos }
Permissions is set of permission configurations in workflow file. All permissions can be set at once. Or each permission can be configured respectively. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions
type Pos ¶
type Pos struct { // Line is a line number of the position. This value is 1-based. Line int // Col is a column number of the position. This value is 1-based. Col int }
Pos represents position in the file.
type Project ¶
type Project struct {
// contains filtered or unexported fields
}
Project represents one GitHub project. One Git repository corresponds to one project.
func (*Project) Config ¶
Config returns config object of the GitHub project repository. The config file is read from ".github/actionlint.yaml" or ".github/actionlint.yml".
func (*Project) Knows ¶
Knows returns true when the project knows the given file. When a file is included in the project's directory, the project knows the file.
func (*Project) WorkflowsDir ¶
WorkflowsDir returns a ".github/workflows" directory path of the GitHub project repository. This method does not check if the directory exists.
type Projects ¶
type Projects struct {
// contains filtered or unexported fields
}
Projects represents set of projects. It caches Project instances which was created previously and reuses them.
type RawYAMLArray ¶
type RawYAMLArray struct { // Elems is list of elements of the array value. Elems []RawYAMLValue // contains filtered or unexported fields }
RawYAMLArray is raw YAML sequence value.
func (*RawYAMLArray) Equals ¶
func (a *RawYAMLArray) Equals(other RawYAMLValue) bool
Equals returns if the other value is equal to the value.
func (*RawYAMLArray) Kind ¶
func (a *RawYAMLArray) Kind() RawYAMLValueKind
Kind returns kind of raw YAML value.
func (*RawYAMLArray) Pos ¶
func (a *RawYAMLArray) Pos() *Pos
Pos returns the start position of the value in the source file
func (*RawYAMLArray) String ¶
func (a *RawYAMLArray) String() string
type RawYAMLObject ¶
type RawYAMLObject struct { // Props is map from property names to their values. Keys are in lower case since they are case-insensitive. Props map[string]RawYAMLValue // contains filtered or unexported fields }
RawYAMLObject is raw YAML mapping value.
func (*RawYAMLObject) Equals ¶
func (o *RawYAMLObject) Equals(other RawYAMLValue) bool
Equals returns if the other value is equal to the value.
func (*RawYAMLObject) Kind ¶
func (o *RawYAMLObject) Kind() RawYAMLValueKind
Kind returns kind of raw YAML value.
func (*RawYAMLObject) Pos ¶
func (o *RawYAMLObject) Pos() *Pos
Pos returns the start position of the value in the source file
func (*RawYAMLObject) String ¶
func (o *RawYAMLObject) String() string
type RawYAMLString ¶
type RawYAMLString struct { // Value is string representation of the scalar node. Value string // contains filtered or unexported fields }
RawYAMLString is raw YAML scalar value.
func (*RawYAMLString) Equals ¶
func (s *RawYAMLString) Equals(other RawYAMLValue) bool
Equals returns if the other value is equal to the value.
func (*RawYAMLString) Kind ¶
func (s *RawYAMLString) Kind() RawYAMLValueKind
Kind returns kind of raw YAML value.
func (*RawYAMLString) Pos ¶
func (s *RawYAMLString) Pos() *Pos
Pos returns the start position of the value in the source file
func (*RawYAMLString) String ¶
func (s *RawYAMLString) String() string
type RawYAMLValue ¶
type RawYAMLValue interface { // Kind returns kind of raw YAML value. Kind() RawYAMLValueKind // Equals returns if the other value is equal to the value. Equals(other RawYAMLValue) bool // Pos returns the start position of the value in the source file Pos() *Pos // String returns string representation of the value String() string }
RawYAMLValue is a value at matrix variation. Any value can be put at matrix variations including mappings and arrays.
type RepositoryDispatchEvent ¶
type RepositoryDispatchEvent struct { // Types is list of types which can trigger workflow. Types []*String // Pos is a position in source. Pos *Pos }
RepositoryDispatchEvent is repository_dispatch event configuration. https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#repository_dispatch
func (*RepositoryDispatchEvent) EventName ¶
func (e *RepositoryDispatchEvent) EventName() string
EventName returns name of the event to trigger this workflow.
type ReusableWorkflowMetadata ¶ added in v1.6.18
type ReusableWorkflowMetadata struct { Inputs ReusableWorkflowMetadataInputs `yaml:"inputs"` Outputs ReusableWorkflowMetadataOutputs `yaml:"outputs"` Secrets ReusableWorkflowMetadataSecrets `yaml:"secrets"` }
ReusableWorkflowMetadata is metadata to validate local reusable workflows. This struct does not contain all metadata from YAML file. It only contains metadata which is necessary to validate reusable workflow files by actionlint.
type ReusableWorkflowMetadataInput ¶ added in v1.6.18
type ReusableWorkflowMetadataInput struct { // Name is a name of the input defined in the reusable workflow. Name string // Required is true when 'required' field of the input is set to true and no default value is set. Required bool // Type is a type of the input. When the input type is unknown, 'any' type is set. Type ExprType }
ReusableWorkflowMetadataInput is an input metadata for validating local reusable workflow file.
func (*ReusableWorkflowMetadataInput) UnmarshalYAML ¶ added in v1.6.18
func (input *ReusableWorkflowMetadataInput) UnmarshalYAML(n *yaml.Node) error
UnmarshalYAML implements yaml.Unmarshaler.
type ReusableWorkflowMetadataInputs ¶ added in v1.6.19
type ReusableWorkflowMetadataInputs map[string]*ReusableWorkflowMetadataInput
ReusableWorkflowMetadataInputs is a map from input name to reusable wokflow input metadata. The keys are in lower case since input names of workflow calls are case insensitive.
func (*ReusableWorkflowMetadataInputs) UnmarshalYAML ¶ added in v1.6.19
func (inputs *ReusableWorkflowMetadataInputs) UnmarshalYAML(n *yaml.Node) error
UnmarshalYAML implements yaml.Unmarshaler.
type ReusableWorkflowMetadataOutput ¶ added in v1.6.19
type ReusableWorkflowMetadataOutput struct { // Name is a name of the output in the reusable workflow. Name string }
ReusableWorkflowMetadataOutput is an output metadata for validating local reusable workflow file.
type ReusableWorkflowMetadataOutputs ¶ added in v1.6.19
type ReusableWorkflowMetadataOutputs map[string]*ReusableWorkflowMetadataOutput
ReusableWorkflowMetadataOutputs is a map from output name to reusable wokflow output metadata. The keys are in lower case since output names of workflow calls are case insensitive.
func (*ReusableWorkflowMetadataOutputs) UnmarshalYAML ¶ added in v1.6.19
func (outputs *ReusableWorkflowMetadataOutputs) UnmarshalYAML(n *yaml.Node) error
UnmarshalYAML implements yaml.Unmarshaler.
type ReusableWorkflowMetadataSecret ¶ added in v1.6.19
type ReusableWorkflowMetadataSecret struct { // Name is a name of the secret in the reusable workflow. Name string // Required indicates wether the secret is required by its reusable workflow. When this value is // true, workflow calls must set this secret unless secrets are not inherited. Required bool `yaml:"required"` }
ReusableWorkflowMetadataSecret is a secret metadata for validating local reusable workflow file.
type ReusableWorkflowMetadataSecrets ¶ added in v1.6.19
type ReusableWorkflowMetadataSecrets map[string]*ReusableWorkflowMetadataSecret
ReusableWorkflowMetadataSecrets is a map from secret name to reusable wokflow secret metadata. The keys are in lower case since secret names of workflow calls are case insensitive.
func (*ReusableWorkflowMetadataSecrets) UnmarshalYAML ¶ added in v1.6.19
func (secrets *ReusableWorkflowMetadataSecrets) UnmarshalYAML(n *yaml.Node) error
UnmarshalYAML implements yaml.Unmarshaler.
type RuleAction ¶
type RuleAction struct { RuleBase // contains filtered or unexported fields }
RuleAction is a rule to check running action in steps of jobs. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsuses
func NewRuleAction ¶
func NewRuleAction(cache *LocalActionsCache) *RuleAction
NewRuleAction creates new RuleAction instance.
func (*RuleAction) VisitStep ¶
func (rule *RuleAction) VisitStep(n *Step) error
VisitStep is callback when visiting Step node.
type RuleBase ¶
type RuleBase struct {
// contains filtered or unexported fields
}
RuleBase is a struct to be a base of rule structs. Embed this struct to define default methods automatically
func (*RuleBase) EnableDebug ¶ added in v1.2.0
EnableDebug enables debug output from the rule. Given io.Writer instance is used to print debug information to console
func (*RuleBase) VisitJobPost ¶
VisitJobPost is callback when visiting Job node after visiting its children.
func (*RuleBase) VisitJobPre ¶
VisitJobPre is callback when visiting Job node before visiting its children.
func (*RuleBase) VisitWorkflowPost ¶
VisitWorkflowPost is callback when visiting Workflow node after visiting its children.
func (*RuleBase) VisitWorkflowPre ¶
VisitWorkflowPre is callback when visiting Workflow node before visiting its children.
type RuleCredentials ¶
type RuleCredentials struct {
RuleBase
}
RuleCredentials is a rule to check credentials in workflows
func NewRuleCredentials ¶
func NewRuleCredentials() *RuleCredentials
NewRuleCredentials creates new RuleCredentials instance
func (*RuleCredentials) VisitJobPre ¶
func (rule *RuleCredentials) VisitJobPre(n *Job) error
VisitJobPre is callback when visiting Job node before visiting its children.
type RuleEnvVar ¶
type RuleEnvVar struct {
RuleBase
}
RuleEnvVar is a rule checker to check environment variables setup.
func NewRuleEnvVar ¶
func NewRuleEnvVar() *RuleEnvVar
NewRuleEnvVar creates new RuleEnvVar instance.
func (*RuleEnvVar) VisitJobPre ¶
func (rule *RuleEnvVar) VisitJobPre(n *Job) error
VisitJobPre is callback when visiting Job node before visiting its children.
func (*RuleEnvVar) VisitStep ¶
func (rule *RuleEnvVar) VisitStep(n *Step) error
VisitStep is callback when visiting Step node.
func (*RuleEnvVar) VisitWorkflowPre ¶
func (rule *RuleEnvVar) VisitWorkflowPre(n *Workflow) error
VisitWorkflowPre is callback when visiting Workflow node before visiting its children.
type RuleEvents ¶
type RuleEvents struct {
RuleBase
}
RuleEvents is a rule to check 'on' field in workflow. https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows
func NewRuleEvents ¶
func NewRuleEvents() *RuleEvents
NewRuleEvents creates new RuleEvents instance.
func (*RuleEvents) VisitWorkflowPre ¶
func (rule *RuleEvents) VisitWorkflowPre(n *Workflow) error
VisitWorkflowPre is callback when visiting Workflow node before visiting its children.
type RuleExpression ¶
type RuleExpression struct { RuleBase // contains filtered or unexported fields }
RuleExpression is a rule checker to check expression syntax in string values of workflow syntax. It checks syntax and semantics of the expressions including type checks and functions/contexts definitions. For more details see - https://docs.github.com/en/actions/learn-github-actions/contexts - https://docs.github.com/en/actions/learn-github-actions/expressions
func NewRuleExpression ¶
func NewRuleExpression(actionsCache *LocalActionsCache, workflowCache *LocalReusableWorkflowCache) *RuleExpression
NewRuleExpression creates new RuleExpression instance.
func (*RuleExpression) VisitJobPost ¶
func (rule *RuleExpression) VisitJobPost(n *Job) error
VisitJobPost is callback when visiting Job node after visiting its children
func (*RuleExpression) VisitJobPre ¶
func (rule *RuleExpression) VisitJobPre(n *Job) error
VisitJobPre is callback when visiting Job node before visiting its children.
func (*RuleExpression) VisitStep ¶
func (rule *RuleExpression) VisitStep(n *Step) error
VisitStep is callback when visiting Step node.
func (*RuleExpression) VisitWorkflowPost ¶
func (rule *RuleExpression) VisitWorkflowPost(n *Workflow) error
VisitWorkflowPost is callback when visiting Workflow node after visiting its children
func (*RuleExpression) VisitWorkflowPre ¶
func (rule *RuleExpression) VisitWorkflowPre(n *Workflow) error
VisitWorkflowPre is callback when visiting Workflow node before visiting its children.
type RuleGlob ¶ added in v1.4.0
type RuleGlob struct {
RuleBase
}
RuleGlob is a rule to check glob syntax. https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
func NewRuleGlob ¶ added in v1.4.0
func NewRuleGlob() *RuleGlob
NewRuleGlob creates new RuleGlob instance.
func (*RuleGlob) VisitWorkflowPre ¶ added in v1.4.0
VisitWorkflowPre is callback when visiting Workflow node before visiting its children.
type RuleID ¶ added in v1.6.16
type RuleID struct { RuleBase // contains filtered or unexported fields }
RuleID is a rule to check step IDs in workflow.
func (*RuleID) VisitJobPost ¶ added in v1.6.16
VisitJobPost is callback when visiting Job node after visiting its children.
func (*RuleID) VisitJobPre ¶ added in v1.6.16
VisitJobPre is callback when visiting Job node before visiting its children.
type RuleJobNeeds ¶
type RuleJobNeeds struct { RuleBase // contains filtered or unexported fields }
RuleJobNeeds is a rule to check 'needs' field in each job configuration. For more details, see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idneeds
func NewRuleJobNeeds ¶
func NewRuleJobNeeds() *RuleJobNeeds
NewRuleJobNeeds creates new RuleJobNeeds instance.
func (*RuleJobNeeds) VisitJobPre ¶
func (rule *RuleJobNeeds) VisitJobPre(n *Job) error
VisitJobPre is callback when visiting Job node before visiting its children.
func (*RuleJobNeeds) VisitWorkflowPost ¶
func (rule *RuleJobNeeds) VisitWorkflowPost(n *Workflow) error
VisitWorkflowPost is callback when visiting Workflow node after visiting its children.
type RuleMatrix ¶
type RuleMatrix struct {
RuleBase
}
RuleMatrix is a rule checker to check 'matrix' field of job.
func NewRuleMatrix ¶
func NewRuleMatrix() *RuleMatrix
NewRuleMatrix creates new RuleMatrix instance.
func (*RuleMatrix) VisitJobPre ¶
func (rule *RuleMatrix) VisitJobPre(n *Job) error
VisitJobPre is callback when visiting Job node before visiting its children.
type RulePermissions ¶ added in v1.5.0
type RulePermissions struct {
RuleBase
}
RulePermissions is a rule checker to check permission configurations in a workflow. https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
func NewRulePermissions ¶ added in v1.5.0
func NewRulePermissions() *RulePermissions
NewRulePermissions creates new RulePermissions instance.
func (*RulePermissions) VisitJobPre ¶ added in v1.5.0
func (rule *RulePermissions) VisitJobPre(n *Job) error
VisitJobPre is callback when visiting Job node before visiting its children.
func (*RulePermissions) VisitWorkflowPre ¶ added in v1.5.0
func (rule *RulePermissions) VisitWorkflowPre(n *Workflow) error
VisitWorkflowPre is callback when visiting Workflow node before visiting its children.
type RulePyflakes ¶ added in v1.2.0
type RulePyflakes struct { RuleBase // contains filtered or unexported fields }
RulePyflakes is a rule to check Python scripts at 'run:' using pyflakes. https://github.com/PyCQA/pyflakes
func NewRulePyflakes ¶ added in v1.2.0
func NewRulePyflakes(executable string, proc *concurrentProcess) (*RulePyflakes, error)
NewRulePyflakes creates new RulePyflakes instance. Parameter executable can be command name or relative/absolute file path. When the given executable is not found in system, it returns an error.
func (*RulePyflakes) VisitJobPost ¶ added in v1.2.0
func (rule *RulePyflakes) VisitJobPost(n *Job) error
VisitJobPost is callback when visiting Job node after visiting its children.
func (*RulePyflakes) VisitJobPre ¶ added in v1.2.0
func (rule *RulePyflakes) VisitJobPre(n *Job) error
VisitJobPre is callback when visiting Job node before visiting its children.
func (*RulePyflakes) VisitStep ¶ added in v1.2.0
func (rule *RulePyflakes) VisitStep(n *Step) error
VisitStep is callback when visiting Step node.
func (*RulePyflakes) VisitWorkflowPost ¶ added in v1.2.0
func (rule *RulePyflakes) VisitWorkflowPost(n *Workflow) error
VisitWorkflowPost is callback when visiting Workflow node after visiting its children.
func (*RulePyflakes) VisitWorkflowPre ¶ added in v1.2.0
func (rule *RulePyflakes) VisitWorkflowPre(n *Workflow) error
VisitWorkflowPre is callback when visiting Workflow node before visiting its children.
type RuleRunnerLabel ¶
type RuleRunnerLabel struct { RuleBase // contains filtered or unexported fields }
RuleRunnerLabel is a rule to check runner label like "ubuntu-latest". There are two types of runners, GitHub-hosted runner and Self-hosted runner. GitHub-hosted runner is described at https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners . And Self-hosted runner is described at https://docs.github.com/en/actions/hosting-your-own-runners/using-self-hosted-runners-in-a-workflow .
func NewRuleRunnerLabel ¶
func NewRuleRunnerLabel(labels []string) *RuleRunnerLabel
NewRuleRunnerLabel creates new RuleRunnerLabel instance.
func (*RuleRunnerLabel) VisitJobPre ¶
func (rule *RuleRunnerLabel) VisitJobPre(n *Job) error
VisitJobPre is callback when visiting Job node before visiting its children.
type RuleShellName ¶
type RuleShellName struct { RuleBase // contains filtered or unexported fields }
RuleShellName is a rule to check 'shell' field. For more details, see https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#using-a-specific-shell
func NewRuleShellName ¶
func NewRuleShellName() *RuleShellName
NewRuleShellName creates new RuleShellName instance.
func (*RuleShellName) VisitJobPost ¶
func (rule *RuleShellName) VisitJobPost(n *Job) error
VisitJobPost is callback when visiting Job node after visiting its children.
func (*RuleShellName) VisitJobPre ¶
func (rule *RuleShellName) VisitJobPre(n *Job) error
VisitJobPre is callback when visiting Job node before visiting its children.
func (*RuleShellName) VisitStep ¶
func (rule *RuleShellName) VisitStep(n *Step) error
VisitStep is callback when visiting Step node.
func (*RuleShellName) VisitWorkflowPre ¶
func (rule *RuleShellName) VisitWorkflowPre(n *Workflow) error
VisitWorkflowPre is callback when visiting Workflow node before visiting its children.
type RuleShellcheck ¶
type RuleShellcheck struct { RuleBase // contains filtered or unexported fields }
RuleShellcheck is a rule to check shell scripts at 'run:' using shellcheck. https://github.com/koalaman/shellcheck
func NewRuleShellcheck ¶
func NewRuleShellcheck(executable string, proc *concurrentProcess) (*RuleShellcheck, error)
NewRuleShellcheck craetes new RuleShellcheck instance. Parameter executable can be command name or relative/absolute file path. When the given executable is not found in system, it returns an error as 2nd return value.
func (*RuleShellcheck) VisitJobPost ¶
func (rule *RuleShellcheck) VisitJobPost(n *Job) error
VisitJobPost is callback when visiting Job node after visiting its children.
func (*RuleShellcheck) VisitJobPre ¶
func (rule *RuleShellcheck) VisitJobPre(n *Job) error
VisitJobPre is callback when visiting Job node before visiting its children.
func (*RuleShellcheck) VisitStep ¶
func (rule *RuleShellcheck) VisitStep(n *Step) error
VisitStep is callback when visiting Step node.
func (*RuleShellcheck) VisitWorkflowPost ¶
func (rule *RuleShellcheck) VisitWorkflowPost(n *Workflow) error
VisitWorkflowPost is callback when visiting Workflow node after visiting its children.
func (*RuleShellcheck) VisitWorkflowPre ¶
func (rule *RuleShellcheck) VisitWorkflowPre(n *Workflow) error
VisitWorkflowPre is callback when visiting Workflow node before visiting its children.
type RuleWorkflowCall ¶ added in v1.6.5
type RuleWorkflowCall struct { RuleBase // contains filtered or unexported fields }
RuleWorkflowCall is a rule checker to check workflow call at jobs.<job_id>.
func NewRuleWorkflowCall ¶ added in v1.6.5
func NewRuleWorkflowCall(workflowPath string, cache *LocalReusableWorkflowCache) *RuleWorkflowCall
NewRuleWorkflowCall creates a new RuleWorkflowCall instance. 'workflowPath' is a file path to the workflow which is relative to a project root directory or an absolute path.
func (*RuleWorkflowCall) VisitJobPre ¶ added in v1.6.5
func (rule *RuleWorkflowCall) VisitJobPre(n *Job) error
VisitJobPre is callback when visiting Job node before visiting its children.
func (*RuleWorkflowCall) VisitWorkflowPre ¶ added in v1.6.6
func (rule *RuleWorkflowCall) VisitWorkflowPre(n *Workflow) error
VisitWorkflowPre is callback when visiting Workflow node before visiting its children.
type Runner ¶
type Runner struct { // Labels is list label names to select a runner to run a job. There are preset labels and user // defined labels. Runner matching to the labels is selected. Labels []*String // Expression is a string when expression syntax ${{ }} is used for this section. Related issue is #164. Expression *String }
Runner is struct for runner configuration. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idruns-on
type ScheduledEvent ¶
type ScheduledEvent struct { // Cron is list of cron strings which schedules workflow. Cron []*String // Pos is a position in source. Pos *Pos }
ScheduledEvent is event scheduled by workflow. https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#scheduled-events
func (*ScheduledEvent) EventName ¶
func (e *ScheduledEvent) EventName() string
EventName returns name of the event to trigger this workflow.
type Service ¶
type Service struct { // Name is name of the service. Name *String // Container is configuration of container which runs the service. Container *Container }
Service is configuration to run a service like database. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idservices
type Step ¶
type Step struct { // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsid ID *String // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsif If *String // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsname Name *String Exec Exec // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepsenv Env *Env // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepscontinue-on-error ContinueOnError *Bool // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstepstimeout-minutes TimeoutMinutes *Float // Pos is a position in source. Pos *Pos }
Step is step configuration. Step runs one action or one shell script. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idsteps
type Strategy ¶
type Strategy struct { // Matrix is matrix of combinations of values. Each combination will run the job once. Matrix *Matrix // FailFast is flag to show if other jobs should stop when one job fails. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategyfail-fast FailFast *Bool // MaxParallel is how many jobs should be run at once. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategymax-parallel MaxParallel *Int // Pos is a position in source. Pos *Pos }
Strategy is strategy configuration of how the job is run. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idstrategy
type String ¶
type String struct { // Value is a raw value of the string. Value string // Quoted represents the string is quoted with ' or " in the YAML source. Quoted bool // Pos is a position of the string in source. Pos *Pos }
String represents generic string value in YAML file with position.
type StringNode ¶
type StringNode struct { // Value is value of the string literal. Escapes are resolved and quotes at both edges are // removed. Value string // contains filtered or unexported fields }
StringNode is node for string literal.
func (*StringNode) Token ¶
func (n *StringNode) Token() *Token
Token returns the first token of the node. This method is useful to get position of this node.
type StringType ¶
type StringType struct{}
StringType is type for string values.
func (StringType) Assignable ¶
func (ty StringType) Assignable(other ExprType) bool
Assignable returns if other type can be assignable to the type.
func (StringType) DeepCopy ¶ added in v1.6.8
func (ty StringType) DeepCopy() ExprType
DeepCopy duplicates itself. All its child types are copied recursively.
func (StringType) Merge ¶ added in v1.6.4
func (ty StringType) Merge(other ExprType) ExprType
Merge merges other type into this type. When other type conflicts with this type, the merged result is any type as fallback.
func (StringType) String ¶
func (ty StringType) String() string
type Token ¶
type Token struct { // Kind is kind of the token. Kind TokenKind // Value is string representation of the token. Value string // Offset is byte offset of token string starting. Offset int // Line is line number of start position of the token. Note that this value is 1-based. Line int // Column is column number of start position of the token. Note that this value is 1-based. Column int }
Token is a token lexed from expression syntax. For more details, see https://docs.github.com/en/actions/learn-github-actions/expressions
type TokenKind ¶
type TokenKind int
TokenKind is kind of token.
const ( // TokenKindUnknown is a default value of token as unknown token value. TokenKindUnknown TokenKind = iota // TokenKindEnd is a token for end of token sequence. Sequence without this // token means invalid. TokenKindEnd // TokenKindIdent is a token for identifier. TokenKindIdent // TokenKindString is a token for string literals. TokenKindString // TokenKindInt is a token for integers including hex integers. TokenKindInt // TokenKindFloat is a token for float numbers. TokenKindFloat // TokenKindLeftParen is a token for '('. TokenKindLeftParen // TokenKindRightParen is a token for ')'. TokenKindRightParen // TokenKindLeftBracket is a token for '['. TokenKindLeftBracket // TokenKindRightBracket is a token for ']'. TokenKindRightBracket // TokenKindDot is a token for '.'. TokenKindDot // TokenKindNot is a token for '!'. TokenKindNot // TokenKindLess is a token for '<'. TokenKindLess // TokenKindLessEq is a token for '<='. TokenKindLessEq // TokenKindGreater is a token for '>'. TokenKindGreater // TokenKindGreaterEq is a token for '>='. TokenKindGreaterEq // TokenKindEq is a token for '=='. TokenKindEq // TokenKindNotEq is a token for '!='. TokenKindNotEq // TokenKindAnd is a token for '&&'. TokenKindAnd // TokenKindOr is a token for '||'. TokenKindOr // TokenKindStar is a token for '*'. TokenKindStar // TokenKindComma is a token for ','. TokenKindComma )
type UntrustedInputChecker ¶ added in v1.6.1
type UntrustedInputChecker struct {
// contains filtered or unexported fields
}
UntrustedInputChecker is a checker to detect untrusted inputs in an expression syntax tree. This checker checks object property accesses, array index accesses, and object filters. And detects paths to untrusted inputs. Found errors are stored in this instance and can be get via Errs method.
Note: To avoid breaking the state of checking property accesses on nested property accesses like foo[aaa.bbb].bar, IndexAccessNode.Index must be visited before IndexAccessNode.Operand.
func NewUntrustedInputChecker ¶ added in v1.6.1
func NewUntrustedInputChecker(roots UntrustedInputSearchRoots) *UntrustedInputChecker
NewUntrustedInputChecker creates a new UntrustedInputChecker instance. The roots argument is a search tree which defines untrusted input paths as trees.
func (*UntrustedInputChecker) Errs ¶ added in v1.6.1
func (u *UntrustedInputChecker) Errs() []*ExprError
Errs returns errors detected by this checker. This method should be called after visiting all nodes in a syntax tree.
func (*UntrustedInputChecker) Init ¶ added in v1.6.1
func (u *UntrustedInputChecker) Init()
Init initializes a state of checker.
func (*UntrustedInputChecker) OnVisitEnd ¶ added in v1.6.8
func (u *UntrustedInputChecker) OnVisitEnd()
OnVisitEnd is a callback which should be called after visiting whole syntax tree. This callback is necessary to handle the case where an untrusted input access is at root of expression.
func (*UntrustedInputChecker) OnVisitNodeLeave ¶ added in v1.6.8
func (u *UntrustedInputChecker) OnVisitNodeLeave(n ExprNode)
OnVisitNodeLeave is a callback which should be called on visiting node after visiting its children.
type UntrustedInputMap ¶ added in v1.6.1
type UntrustedInputMap struct { Name string Parent *UntrustedInputMap Children map[string]*UntrustedInputMap }
UntrustedInputMap is a recursive map to match context object property dereferences. Root of this map represents each context names and their ancestors represent recursive properties.
func NewUntrustedInputMap ¶ added in v1.6.8
func NewUntrustedInputMap(name string, children ...*UntrustedInputMap) *UntrustedInputMap
NewUntrustedInputMap creates new instance of UntrustedInputMap. It is used for node of search tree of untrusted input checker.
func (*UntrustedInputMap) String ¶ added in v1.6.8
func (m *UntrustedInputMap) String() string
type UntrustedInputSearchRoots ¶ added in v1.6.8
type UntrustedInputSearchRoots map[string]*UntrustedInputMap
UntrustedInputSearchRoots is a list of untrusted inputs. It forms tree structure to detect untrusted inputs in nested object property access, array index access, and object filters efficiently. Each value of this map represents a root of the search so their names are context names.
func (UntrustedInputSearchRoots) AddRoot ¶ added in v1.6.8
func (ms UntrustedInputSearchRoots) AddRoot(m *UntrustedInputMap)
AddRoot adds a new root to search for detecting untrusted input.
type VariableNode ¶
type VariableNode struct { // Name is name of the variable Name string // contains filtered or unexported fields }
VariableNode is node for variable access.
func (*VariableNode) Token ¶
func (n *VariableNode) Token() *Token
Token returns the first token of the node. This method is useful to get position of this node.
type VisitExprNodeFunc ¶ added in v1.6.1
VisitExprNodeFunc is a visitor function for VisitExprNode(). The entering argument is set to true when it is called before visiting children. It is set to false when it is called after visiting children. It means that this function is called twice for the same node. The parent argument is the parent of the node. When the node is root, its parent is nil.
type Visitor ¶
type Visitor struct {
// contains filtered or unexported fields
}
Visitor visits syntax tree from root in depth-first order
func (*Visitor) EnableDebug ¶
EnableDebug enables debug output when non-nil io.Writer value is given. All debug outputs from visitor will be written to the writer.
type WebhookEvent ¶
type WebhookEvent struct { // Hook is a name of the webhook event. Hook *String // Types is list of types of the webhook event. Only the types enumerated here will trigger // the workflow. Types []*String // Branches is 'branches' filter. This value is nil when it is omitted. Branches *WebhookEventFilter // BranchesIgnore is 'branches-ignore' filter. This value is nil when it is omitted. BranchesIgnore *WebhookEventFilter // Tags is 'tags' filter. This value is nil when it is omitted. Tags *WebhookEventFilter // TagsIgnore is 'tags-ignore' filter. This value is nil when it is omitted. TagsIgnore *WebhookEventFilter // Paths is 'paths' filter. This value is nil when it is omitted. Paths *WebhookEventFilter // PathsIgnore is 'paths-ignore' filter. This value is nil when it is omitted. PathsIgnore *WebhookEventFilter // Workflows is list of workflow names which are triggered by 'workflow_run' event. Workflows []*String // Pos is a position in source. Pos *Pos }
WebhookEvent represents event type based on webhook events. Some events can't have 'types' field. Only 'push' and 'pull' events can have 'tags', 'tags-ignore', 'paths' and 'paths-ignore' fields. Only 'workflow_run' event can have 'workflows' field. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onevent_nametypes
func (*WebhookEvent) EventName ¶
func (e *WebhookEvent) EventName() string
EventName returns name of the event to trigger this workflow.
type WebhookEventFilter ¶ added in v1.6.14
type WebhookEventFilter struct { // Name is a name of filter such like 'branches', 'tags' Name *String // Values is a list of filter values. Values []*String }
WebhookEventFilter is a filter for Webhook events such as 'branches', 'paths-ignore', ... Webhook events are filtered by those filters. Some filters are exclusive. https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#using-filters
func (*WebhookEventFilter) IsEmpty ¶ added in v1.6.14
func (f *WebhookEventFilter) IsEmpty() bool
IsEmpty returns true when it has no value. This may mean the WebhookEventFilter instance itself is nil.
type Workflow ¶
type Workflow struct { // Name is name of the workflow. This field can be nil when user didn't specify the name explicitly. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#name Name *String // RunName is the name of workflow runs. This field can be set dynamically using ${{ }}. // https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#run-name RunName *String // On is list of events which can trigger this workflow. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onpushpull_requestbranchestags On []Event // Permissions is configuration of permissions of this workflow. Permissions *Permissions // Env is a default set of environment variables while running this workflow. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#env Env *Env // Defaults is default configuration of how to run scripts. Defaults *Defaults // Concurrency is concurrency configuration of entire workflow. Each jobs also can their own // concurrency configurations. Concurrency *Concurrency // Jobs is mappings from job ID to the job object. Keys are in lower case since they are case-insensitive. Jobs map[string]*Job }
Workflow is root of workflow syntax tree, which represents one workflow configuration file. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
func (*Workflow) FindWorkflowCallEvent ¶ added in v1.6.10
func (w *Workflow) FindWorkflowCallEvent() (*WorkflowCallEvent, bool)
FindWorkflowCallEvent returns workflow_call event node if exists
type WorkflowCall ¶ added in v1.6.5
type WorkflowCall struct { // Uses is a workflow specification to be called. This field is mandatory. Uses *String // Inputs is a map from input name to input value at 'with:'. Keys are in lower case since input names // are case-insensitive. Inputs map[string]*WorkflowCallInput // Secrets is a map from secret name to secret value at 'secrets:'. Keys are in lower case since input // names are case-insensitive. Secrets map[string]*WorkflowCallSecret // InheritSecrets is true when 'secrets: inherit' is specified. In this case, Secrets must be empty. // https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callsecretsinherit InheritSecrets bool }
WorkflowCall is a struct to represent workflow call at jobs.<job_id>. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_iduses
type WorkflowCallEvent ¶ added in v1.6.5
type WorkflowCallEvent struct { // Inputs is a map from input name to input configuration. Keys are in lower case since they are case-insensitive. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callinputs Inputs map[string]*WorkflowCallEventInput // Secrets is a map from name of secret to secret configuration. When 'secrets' is omitted, nil is set to this // field. Keys are in lower case since they are case-insensitive. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callsecrets Secrets map[string]*WorkflowCallEventSecret // Outputs is a map from name of output to output configuration. Keys are in lower case since they are case-insensitive. // https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-outputs-from-a-reusable-workflow Outputs map[string]*WorkflowCallEventOutput // Pos is a position in source. Pos *Pos }
WorkflowCallEvent is workflow_call event configuration. https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#workflow-reuse-events
func (*WorkflowCallEvent) EventName ¶ added in v1.6.5
func (e *WorkflowCallEvent) EventName() string
EventName returns name of the event to trigger this workflow.
type WorkflowCallEventInput ¶ added in v1.6.5
type WorkflowCallEventInput struct { // Name is a name of the input. Name *String // Description is a description of the input. Description *String // Default is a default value of the input. Nil means no default value. Default *String // Required represents if the input is required or optional. When this value is nil, it was not explicitly specified. // In the case the default value is 'not required'. Required *Bool // Type of the input, which must be one of 'boolean', 'number' or 'string'. This property is required. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callinput_idtype Type WorkflowCallEventInputType }
WorkflowCallEventInput is an input configuration of workflow_call event. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callinputs
func (*WorkflowCallEventInput) IsRequired ¶ added in v1.6.14
func (i *WorkflowCallEventInput) IsRequired() bool
IsRequired returns if the input is marked as required or not. require
type WorkflowCallEventInputType ¶ added in v1.6.5
type WorkflowCallEventInputType uint8
WorkflowCallEventInputType is a type of inputs at workflow_call event. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callinput_idtype
const ( // WorkflowCallEventInputTypeInvalid represents invalid type input as default value of the type. WorkflowCallEventInputTypeInvalid WorkflowCallEventInputType = iota // WorkflowCallEventInputTypeBoolean represents boolean type input. WorkflowCallEventInputTypeBoolean // WorkflowCallEventInputTypeNumber represents number type input. WorkflowCallEventInputTypeNumber // WorkflowCallEventInputTypeString represents string type input. WorkflowCallEventInputTypeString )
type WorkflowCallEventOutput ¶ added in v1.6.10
type WorkflowCallEventOutput struct { // Name is a name of the output. Name *String // Description is a description of the output. Description *String // Value is an expression for the value of the output. Value *String }
WorkflowCallEventOutput is an output configuration of workflow_call event. https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-outputs-from-a-reusable-workflow
type WorkflowCallEventSecret ¶ added in v1.6.5
type WorkflowCallEventSecret struct { // Name is a name of the secret. Name *String // Description is a description of the secret. Description *String // Required represents if the secret is required or optional. When this value is nil, it means optional. // https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callsecretssecret_idrequired Required *Bool }
WorkflowCallEventSecret is a secret configuration of workflow_call event. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callsecrets
type WorkflowCallInput ¶ added in v1.6.5
type WorkflowCallInput struct { // Name is a name of the input. Name *String // Value is a value of the input. Value *String }
WorkflowCallInput is a normal input for workflow call.
type WorkflowCallSecret ¶ added in v1.6.5
type WorkflowCallSecret struct { // Name is a name of the secret Name *String // Value is a value of the secret Value *String }
WorkflowCallSecret is a secret input for workflow call. https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idwith
type WorkflowDispatchEvent ¶
type WorkflowDispatchEvent struct { // Inputs is map from input names to input attributes. Keys are in lower case since they are case insensitive. Inputs map[string]*DispatchInput // Pos is a position in source. Pos *Pos }
WorkflowDispatchEvent is event on dispatching workflow manually. https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#workflow_dispatch
func (*WorkflowDispatchEvent) EventName ¶
func (e *WorkflowDispatchEvent) EventName() string
EventName returns name of the event to trigger this workflow.
type WorkflowDispatchEventInputType ¶ added in v1.6.8
type WorkflowDispatchEventInputType uint8
WorkflowDispatchEventInputType is a type for input types of workflow_dispatch events. https://github.blog/changelog/2021-11-10-github-actions-input-types-for-manual-workflows/
const ( // WorkflowDispatchEventInputTypeNone represents no type is specified to the input of workflow_dispatch event. WorkflowDispatchEventInputTypeNone WorkflowDispatchEventInputType = iota // WorkflowDispatchEventInputTypeString is string type of input of workflow_dispatch event. WorkflowDispatchEventInputTypeString // WorkflowDispatchEventInputTypeBoolean is boolean type of input of workflow_dispatch event. WorkflowDispatchEventInputTypeBoolean // WorkflowDispatchEventInputTypeChoice is choice type of input of workflow_dispatch event. WorkflowDispatchEventInputTypeChoice // WorkflowDispatchEventInputTypeEnvironment is environment type of input of workflow_dispatch event. WorkflowDispatchEventInputTypeEnvironment )
Source Files ¶
- action_metadata.go
- all_webhooks.go
- ast.go
- availability.go
- command.go
- config.go
- error.go
- expr.go
- expr_ast.go
- expr_insecure.go
- expr_lexer.go
- expr_parser.go
- expr_sema.go
- expr_type.go
- glob.go
- linter.go
- parse.go
- pass.go
- popular_actions.go
- process.go
- project.go
- quotes.go
- reusable_workflow.go
- rule.go
- rule_action.go
- rule_credentials.go
- rule_env_var.go
- rule_events.go
- rule_expression.go
- rule_glob.go
- rule_id.go
- rule_job_needs.go
- rule_matrix.go
- rule_permissions.go
- rule_pyflakes.go
- rule_runner_label.go
- rule_shell_name.go
- rule_shellcheck.go
- rule_workflow_call.go