build(deps): bump github.com/rhysd/actionlint from 1.6.12 to 1.6.20

[dependabot]

Bumps github.com/rhysd/actionlint from 1.6.12 to 1.6.20.

Release notes

Sourced from github.com/rhysd/actionlint's releases.

v1.6.20

• Support run-name which GitHub introduced recently. It is a name of workflow run dynamically configured. See the official document for more details. (#220)

  on: push
  run-name: Deploy by @${{ github.actor }}
  jobs:
  ...

• Add end_column property to JSON representation of error. The property indicates a column of the end position of ^~~~~~~ indicator in snippet. Note that end_column is equal to column when the indicator cannot be shown. (#219)

  $ actionlint -format '{{json .}}' test.yaml | jq
  [
    {
      "message": "property \"unknown_prop\" is not defined in object type {arch: string; debug: string; name: string; os: string; temp: string; tool_cache: string; workspace: string}",
      "filepath": "test.yaml",
      "line": 7,
      "column": 23,
      "kind": "expression",
      "snippet": "      - run: echo ${{ runner.unknown_prop }}\n                      ^~~~~~~~~~~~~~~~~~~",
      "end_column": 41
    }
  ]

• Overhaul the workflow parser to parse workflow keys in case-insensitive. This is a work derived from the fix of #216. Now the parser parses all workflow keys in case-insensitive way correctly. Note that permission names at permissions: are exceptionally case-sensitive.
  • This fixes properties of inputs for workflow_dispatch were not case-insensitive.
  • This fixes inputs and outputs of local actions were not handled in case-insensitive way.
• Update popular actions data set. actions/stale@v6 was newly added.

v1.6.19

• Fix inputs, outputs, and secrets of reusable workflow should be case-insensitive. (#216)

  # .github/workflows/reusable.yaml
  on:
    workflow_call:
      inputs:
        INPUT_UPPER:
          type: string
        input_lower:
          type: string
      secrets:
        SECRET_UPPER:
        secret_lower:
  ...
  .github/workflows/test.yaml
  ...
  jobs:
  caller:

... (truncated)

Changelog

Sourced from github.com/rhysd/actionlint's changelog.

v1.6.20 - 30 Sep 2022

• Support run-name which GitHub introduced recently. It is a name of workflow run dynamically configured. See the official document for more details. (#220)

  on: push
  run-name: Deploy by @${{ github.actor }}
  jobs:
  ...

• Add end_column property to JSON representation of error. The property indicates a column of the end position of ^~~~~~~ indicator in snippet. Note that end_column is equal to column when the indicator cannot be shown. (#219)

  $ actionlint -format '{{json .}}' test.yaml | jq
  [
    {
      "message": "property \"unknown_prop\" is not defined in object type {arch: string; debug: string; name: string; os: string; temp: string; tool_cache: string; workspace: string}",
      "filepath": "test.yaml",
      "line": 7,
      "column": 23,
      "kind": "expression",
      "snippet": "      - run: echo ${{ runner.unknown_prop }}\n                      ^~~~~~~~~~~~~~~~~~~",
      "end_column": 41
    }
  ]

• Overhaul the workflow parser to parse workflow keys in case-insensitive. This is a work derived from the fix of #216. Now the parser parses all workflow keys in case-insensitive way correctly. Note that permission names at permissions: are exceptionally case-sensitive.
  • This fixes properties of inputs for workflow_dispatch are not case-insensitive.
  • This fixes inputs and outputs of local actions are not handled in case-insensitive way.
• Update popular actions data set. actions/stale@v6 was newly added.

[Changes][v1.6.20]

v1.6.19 - 22 Sep 2022

• Fix inputs, outputs, and secrets of reusable workflow should be case-insensitive. (#216)

  # .github/workflows/reusable.yaml
  on:
    workflow_call:
      inputs:
        INPUT_UPPER:
          type: string
        input_lower:
          type: string
      secrets:
        SECRET_UPPER:
        secret_lower:
  ...

... (truncated)

Commits

• 2df6872 bump up version to v1.6.20
• 685561e fix test data for checking problem matcher
• 72b7caa add test for checking permission names are case-sensitive
• 4e4d0a2 update popular actions data set to the latest
• 57c7c7d add end_column property to JSON representation of error (fix #219)
• f0c915d support run-name at top level
• c17521c Merge branch 'local-action-refactor'
• a90861a validate action metadata inputs and outputs
• 3efa175 fix and add tests for generating popular actions data set
• cb0b86a distinguish IDs from input/output names in action.yml
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #45.