Skip to content

Update action-gh-release; make find/xargs safe for unusual filenames#2

Open
mattgodbolt wants to merge 1 commit into
mainfrom
add-actionlint
Open

Update action-gh-release; make find/xargs safe for unusual filenames#2
mattgodbolt wants to merge 1 commit into
mainfrom
add-actionlint

Conversation

@mattgodbolt

@mattgodbolt mattgodbolt commented Jul 10, 2026

Copy link
Copy Markdown
Member

Found by an org-wide actionlint sweep. Per review feedback the lint tooling itself is staying in the core repos (compiler-explorer, infra, compiler-workflows) — this PR keeps just the fixes, which stand on their own:

  • softprops/action-gh-release v1 -> v2
  • code-quality.yml: find ... -print0

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings July 10, 2026 21:16

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds automated linting for GitHub Actions workflows using actionlint, aligning this repository with the org-wide rollout, and updates existing workflows to satisfy actionlint checks.

Changes:

  • Added a new workflow to run actionlint on pushes/PRs that modify workflow files or the actionlint config.
  • Added .github/actionlint.yaml to configure runner labels and gate shellcheck info/style findings.
  • Updated existing workflows (bump softprops/action-gh-release to v2 and fixed find | xargs usage to avoid SC2038).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
.github/workflows/test-windows.yml Bumps softprops/action-gh-release to v2 for releases built from tags.
.github/workflows/lint-actions.yml Adds a workflow that runs actionlint when workflow/config files change.
.github/workflows/code-quality.yml Updates `find …
.github/actionlint.yaml Adds repo-local actionlint configuration (runner labels + shellcheck gating).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/lint-actions.yml Outdated
Comment on lines +3 to +10
on:
push:
branches: [main]
paths: ['.github/workflows/**', '.github/actionlint.yaml']
pull_request:
paths: ['.github/workflows/**', '.github/actionlint.yaml']

jobs:
Comment on lines 223 to 226
- name: Upload release assets
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@v2
with:

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair hardening idea, but out of scope for this version bump: the release workflow already succeeds under this repo's current default token permissions, and v1→v2 of action-gh-release doesn't change what it needs. Declaring explicit permissions: contents: write is a reasonable follow-up if org defaults ever tighten.

- softprops/action-gh-release v1 -> v2
- code-quality.yml: find ... -print0

Found by an org-wide actionlint sweep; the lint tooling itself is staying in the core repos only, but these fixes stand on their own.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@mattgodbolt mattgodbolt changed the title Lint GitHub Actions workflows with actionlint Update action-gh-release; make find/xargs safe for unusual filenames Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants