Skip to content

v0.8.4

Choose a tag to compare

View all tags
@github-actions github-actions released this 16 Jun 02:46
· 27 commits to main since this release
v0.8.4
adfc634
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Patch Changes

  • #51 733a800 Thanks @toiroakr! - Honour author-written opt-outs from the upstream tools karinto consolidates:

    • Inline ignore comments# karinto: ignore[rule-id] and
      # zizmor: ignore[rule-id] suppress findings on the same line (line-scoped),
      supporting comma-separated rule lists and a trailing free-form note. Mirrors
      zizmor's inline-ignore syntax. actionlint and ghalint have no inline form, so
      only the karinto and zizmor prefixes are recognised.
    • ghalint config — a ghalint.yaml excludes: list is honoured. Each
      entry's policy_name maps onto the karinto rule(s) that absorbed it (via the
      catalogue origins), with the workflow_file_path / job_name /
      action_name / step_id scope fields applied. Available through the CLI's
      --ghalint-config flag and the Worker's ghalint HTTP parameter (with
      path / per-file paths resolving the workflow_file_path scope).

    actionlint config support is intentionally deferred (tracked in #50): it ignores
    by regex against actionlint's own error messages, which do not map onto
    karinto's findings.

  • #55 82ad616 Thanks @toiroakr! - Fix unknown-context-or-function false positive on single-quoted string
    literals containing dots. The scanner walked expression bodies char by char
    without skipping string literals, so a dotted literal like
    hashFiles('replay-summary.md') or a bare 'a.b' was misread as
    <head>.<member> context access and reported the head as an unknown context.
    Single-quoted literals are now skipped during the scan, matching the GitHub
    Actions expression language.

Assets 2
Loading