actionlintの追加

[tarappo]

TODO

• actionlintの追加
• secretsに値を設定

[Copilot]

Pull Request Overview

This pull request adds a new GitHub Actions workflow for linting GitHub Actions files and sets up secrets to enable the workflow.

• Added a workflow file to run actionlint as well as an additional action (pinact-actions).
• Configured the workflow to trigger on pull requests that change workflow files.

[github-actions]

Remaining comments which cannot be posted as a review comment to avoid GitHub Rate Limit

actionlint

---

📝 [actionlint] _{reported by reviewdog 🐶}
shellcheck reported issue in this script: SC2086:info:1:6: Double quote to prevent globbing and word splitting [shellcheck]

ci-sample-ios/.github/workflows/pull_request.yml

Line 31 in ca74f1f

run: |

---

📝 [actionlint] _{reported by reviewdog 🐶}
shellcheck reported issue in this script: SC2086:info:1:39: Double quote to prevent globbing and word splitting [shellcheck]

ci-sample-ios/.github/workflows/pull_request.yml

Line 31 in ca74f1f

run: |

---

📝 [actionlint] _{reported by reviewdog 🐶}
shellcheck reported issue in this script: SC2086:info:2:199: Double quote to prevent globbing and word splitting [shellcheck]

ci-sample-ios/.github/workflows/pull_request.yml

Line 31 in ca74f1f

run: |

---

📝 [actionlint] _{reported by reviewdog 🐶}
shellcheck reported issue in this script: SC2086:info:2:231: Double quote to prevent globbing and word splitting [shellcheck]

ci-sample-ios/.github/workflows/pull_request.yml

Line 31 in ca74f1f

run: |

---

📝 [actionlint] _{reported by reviewdog 🐶}
shellcheck reported issue in this script: SC2086:info:2:262: Double quote to prevent globbing and word splitting [shellcheck]

ci-sample-ios/.github/workflows/pull_request.yml

Line 31 in ca74f1f

run: |

---

📝 [actionlint] _{reported by reviewdog 🐶}
shellcheck reported issue in this script: SC2086:info:1:6: Double quote to prevent globbing and word splitting [shellcheck]

ci-sample-ios/.github/workflows/release.yml

Line 22 in ca74f1f

run: |

---

📝 [actionlint] _{reported by reviewdog 🐶}
shellcheck reported issue in this script: SC2086:info:1:39: Double quote to prevent globbing and word splitting [shellcheck]

ci-sample-ios/.github/workflows/release.yml

Line 22 in ca74f1f

run: |

---

📝 [actionlint] _{reported by reviewdog 🐶}
shellcheck reported issue in this script: SC2086:info:2:188: Double quote to prevent globbing and word splitting [shellcheck]

ci-sample-ios/.github/workflows/release.yml

Line 22 in ca74f1f

run: |

---

📝 [actionlint] _{reported by reviewdog 🐶}
shellcheck reported issue in this script: SC2086:info:2:220: Double quote to prevent globbing and word splitting [shellcheck]

ci-sample-ios/.github/workflows/release.yml

Line 22 in ca74f1f

run: |

---

📝 [actionlint] _{reported by reviewdog 🐶}
shellcheck reported issue in this script: SC2086:info:2:251: Double quote to prevent globbing and word splitting [shellcheck]

ci-sample-ios/.github/workflows/release.yml

Line 22 in ca74f1f

run: |

[Copilot]

Pull Request Overview

This PR adds a new GitHub Actions workflow to run actionlint for linting GitHub Actions workflows and updates several workflows to pin actions to specific commit hashes and add consistent quoting in shell commands.

• Added .github/workflows/actionlint.yml for linting workflows
• Updated various workflows (merge, pull_request, labeler, cron, release, and auto_assign) to use explicit commit hashes and improve shell command safety
• Standardized quoting for environment variables in xcodebuild commands

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
.github/workflows/actionlint.yml	New workflow for linting GitHub Actions workflows using actionlint
.github/workflows/merge.yml	Updated checkout and cache actions; improved quoting in xcodebuild commands
.github/workflows/auto_assign.yml	Updated auto-assign action version
.github/workflows/pull_request.yml	Updated checkout, upload-artifact, and xcodebuild quoting
.github/workflows/labeler.yml	Updated checkout and labeler actions
.github/workflows/cron.yml	Updated checkout action and improved quoting in the archive step
.github/workflows/release.yml	Updated checkout, quoting in export steps, and upload-artifact action

Comments suppressed due to low confidence (1)

.github/workflows/merge.yml:20

• [nitpick] The reference to the checkout action uses a commit hash with a comment indicating 'v4.2.2'. Consider using a semantic version tag instead of a commit hash to improve clarity and future maintainability.

- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

[Copilot]

The workflow is configured with 'permissions: write-all', which might be more permissive than necessary. Consider limiting permissions to only those required for the workflow to enhance security.

Suggested change

	permissions: write-all
	permissions:
	contents: read
	pull-requests: write
	actions: read
	checks: write