Actionlint | Awesome Repository

Features

Workflow Linters - Provides comprehensive static analysis of workflow files for syntax, expressions, and security issues.

Shell Script Linters - Integrates external checking tools to identify execution errors and syntax bugs within inline shell scripts.

Graph Analysis Tools - Analyzes the job dependency graph to detect invalid references or circular dependencies.

CI CD Pipelines - Automates the verification of CI/CD workflow files to prevent broken deployments.

Shell Script - Identifies security vulnerabilities where untrusted inputs are passed into inline shell commands.

GitHub Configuration Audits - Audits GitHub workflows for hardcoded credentials and potential script injection vulnerabilities.

Abstract Syntax Tree Parsing - Converts workflow configuration files into a structured syntax tree to identify and report structural or formatting errors.

Linters - Provides a specialized linter to verify schema adherence and anchor resolution for YAML automation files.

Workflow Configuration Validators - Checks GitHub Actions YAML configuration files for syntax errors and structural issues.

Workflow Linters - A static analysis tool that validates the syntax and logic of GitHub Actions workflow files.

Expression Type Resolution - Performs strict type checking on expression placeholders to ensure variables and functions use compatible data types.

CI Configuration Validators - Validates job dependencies and trigger events within continuous integration configurations.

Taint Analysis Engines - Uses taint analysis to track untrusted inputs into shell commands and detect script injection vulnerabilities.

Reference Anchors - Evaluates YAML anchors and aliases to ensure the resulting expanded configuration is valid and error-free.

Automated Linting Integrations - Enables automated linting checks within continuous integration pipelines and pre-commit hooks.

Environment Variable Validation - Ensures environment variable names do not contain invalid characters like equals signs or spaces.

Syntax Validators - Checks the syntax of schedule triggers to ensure they follow the valid CRON format.

Syntax Validators - Scans path and reference glob filters for syntax errors to ensure correct file matching.

IDE Real-time Feedback - Reports analysis results and remediation guidance in real time within supported text editors.

Shell Scripting Linters - Integrates with external shell scripting linters to detect bugs and syntax errors in inline commands.

Environment Requirement Validators - Specifies expected runner labels and configuration variables to ensure files align with the target environment.

Reusable Workflow Validators - Checks the syntax, input types, and secret requirements for both calling and called workflows.

Workflow Event Triggers - Verifies webhook event names, activity types, and the correct use of complementary filters.

Script Security Auditors - Checks inline scripts within workflow commands for syntax errors and script injection vulnerabilities.

Abstract Syntax Tree Parsers - Implements a parser that transforms YAML workflow text into a structured syntax tree for deep logic analysis.

Hardcoded Credential Detection - Scans configuration files for plain-text secrets and passwords to prevent accidental security leaks.

Usage Validators - Checks that action references are correctly formatted and that all required inputs are provided.

Deprecation Management - Identifies the use of deprecated commands and action inputs to ensure compatibility with current standards.

Identifier Uniqueness Verifiers - Verifies that job and step identifiers are unique within the configuration to prevent execution conflicts.

Matrix Configuration Validators - Ensures exclude values exist in the matrix and identifies duplicate variations of matrix values.

Metadata Schema Validations - Validates action inputs and outputs by comparing workflow usage against defined metadata specification files.

Graph Validation - Verifies job dependency graphs to detect circular references and undefined job identifiers.

Static Logic Analyzers - Detects constant conditions in logic statements that cause workflow steps to always run or never run.

Static Type Checking - Ensures that inputs, outputs, and context variables in workflows use compatible data types.

Action Metadata Validators - Verifies that action inputs and outputs match metadata file definitions to ensure strict typing.

actionlint is a static analysis tool and linter specifically designed for GitHub Actions workflow files. It functions as a CI workflow validator and YAML configuration linter to ensure the syntax and logic of automation files are correct before deployment.

The project distinguishes itself by performing deep security auditing and script analysis. It includes a shell script auditor to detect syntax bugs and script injection vulnerabilities in inline commands, and it scans for hardcoded credentials to prevent security leaks.

The tool covers a broad range of validation capabilities, including expression type checking, job dependency verification, and the validation of reusable workflows and matrix configurations. It also verifies trigger events, cron schedules, and action metadata to ensure compatible data types and required parameters are present.

The linter can be used via the command line or integrated into IDEs for real-time feedback.

Features