🌱 Bump github.com/rhysd/actionlint from 1.6.16 to 1.6.17

[dependabot]

Bumps github.com/rhysd/actionlint from 1.6.16 to 1.6.17.

Release notes

Sourced from github.com/rhysd/actionlint's releases.

v1.6.17

• Allow workflow calls are available in matrix jobs. See the official announcement for more details. (#197)

  jobs:
    ReuseableMatrixJobForDeployment:
      strategy:
        matrix:
          target: [dev, stage, prod]
      uses: octocat/octo-repo/.github/workflows/deployment.yml@main
      with:
        target: ${{ matrix.target }}

• Allow nested workflow calls. See the official announcement for more details. (#201)

  on: workflow_call
  jobs:
  call-another-reusable:
  uses: path/to/another-reusable.yml@v1

• Fix job outputs should be passed to needs.*.outputs of only direct children. Until v1.6.16, they are passed to any downstream jobs. (#151)

  jobs:
    first:
      runs-on: ubuntu-latest
      outputs:
        first: 'output from first job'
      steps:
        - run: echo 'first'
  second:
  needs: [first]
  runs-on: ubuntu-latest
  outputs:
  second: 'output from second job'
  steps:
  - run: echo 'second'
  third:
  needs: [second]
  runs-on: ubuntu-latest
  steps:
  - run: echo '${{ toJSON(needs.second.outputs) }}'
  # ERROR: needs.first does not exist, but v1.6.16 reported no error
  - run: echo '${{ toJSON(needs.first.outputs) }}'

  When you need both needs.first and needs.second, add the both to needs:.

    third:
      needs: [first, second]

... (truncated)

Changelog

Sourced from github.com/rhysd/actionlint's changelog.

v1.6.17 - 28 Aug 2022

• Workflow calls are available in matrix jobs. See the official announcement for more details. (#197)

  jobs:
    ReuseableMatrixJobForDeployment:
      strategy:
        matrix:
          target: [dev, stage, prod]
      uses: octocat/octo-repo/.github/workflows/deployment.yml@main
      with:
        target: ${{ matrix.target }}

• Workflow calls can be nested. See the official announcement for more details. (#201)

  on: workflow_call
  jobs:
  call-another-reusable:
  uses: octo-org/example-repo/.github/workflows/another-reusable.yml@v1

• Fix job outputs should be passed to needs.*.outputs of only direct children. Until v1.6.16, they are passed to any downstream jobs. (#151)

  jobs:
    first:
      runs-on: ubuntu-latest
      outputs:
        first: 'output from first job'
      steps:
        - run: echo 'first'
  second:
  needs: [first]
  runs-on: ubuntu-latest
  outputs:
  second: 'output from second job'
  steps:
  - run: echo 'second'
  third:
  needs: [second]
  runs-on: ubuntu-latest
  steps:
  - run: echo '${{ toJSON(needs.second.outputs) }}'
  # ERROR: needs.first does not exist, but v1.6.16 reported no error
  - run: echo '${{ toJSON(needs.first.outputs) }}'

  When you need both needs.first and needs.second, add the both to needs:.

    third:

... (truncated)

Commits

• c9980ce bump up version to v1.6.17
• 85862d7 use Go 1.19 by default on CI
• a1c9bd5 fix working-directory is not available with uses: (fix #207)
• b766843 do not count }} since it may appear in string literals (fix #205)
• cfdbe9e improve error message on parsing single ${{ }}
• d1ffd58 fix job outputs are only passed to children (fix #151)
• 9703a84 Merge pull request #206 from rhysd/ci/2937615010
• 7210c6c update generated files by go generate on CI
• 0e1fc57 update playground dependencies
• 8db3e64 now workflow calls can be nested (fix #201)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[netlify]

✅ Deploy Preview for ossf-scorecard canceled.

Name	Link
🔨 Latest commit	4e7e759
🔍 Latest deploy log	https://app.netlify.com/sites/ossf-scorecard/deploys/6322464266e4d600089cb722