ci: lint GitHub actions with actionlint

[sandr01d]

Check list

• I have performed a self-review of my code
• I have commented my code in hard-to-understand areas
• I have added unit tests for my code
• I have made corresponding changes to the documentation

Description

Add a CI job and pre-commit hook to lint our GitHub actions using actionlint. Also adds shfmt as developer dependency in CONTRIBUTING.md, which I forgot to do in #514. This should be the final part of my quest to improve our CI.

Type of change

• Bug fix
• New feature
• Refactor
• Breaking change
• Test
• Documentation change
• CI

Summary by CodeRabbit

• Chores
  • Added automated workflow validation in CI and a matching pre-commit check to catch workflow issues early.
  • Improved release packaging and build script handling for more reliable artifact creation and artifact metadata emission.
• Documentation
  • Updated developer setup and local validation steps to include new tooling (actionlint, shfmt) for consistent local checks.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a80cdc34-b78a-4521-8462-a2810b25d3ae

📥 Commits

Reviewing files that changed from the base of the PR and between 6468ac6 and a318ffe.

📒 Files selected for processing (1)

• CONTRIBUTING.md

✅ Files skipped from review due to trivial changes (1)

• CONTRIBUTING.md

---

📝 Walkthrough

Walkthrough

Added actionlint linting to CI and local tooling (new actionlint job, pre-commit hook, docs update) and made minor robustness tweaks to release workflow shell/packaging commands. (≤50 words)

Changes

Cohort / File(s)	Summary
CI Workflows \.github/workflows/ci.yaml, \.github/workflows/release.yaml	Added a new actionlint job in ci.yaml that checks workflow files by checking out the repo, downloading pinned actionlint (v1.7.12) via the download script, and running it with -color. In release.yaml changed >> $GITHUB_OUTPUT to >> "$GITHUB_OUTPUT" and tar * to tar ./*.
Pre-commit Hooks .pre-commit-config.yaml	Added https://github.com/rhysd/actionlint entry pinned to rev: v1.7.12 with hook id: actionlint.
Docs / Contributor Guide CONTRIBUTING.md	Documented shfmt and actionlint as development dependencies and appended actionlint to the local validation command sequence.

Sequence Diagram(s)

sequenceDiagram
    participant Runner as GitHub Actions Runner
    participant Repo as Repository (checkout)
    participant Fetch as download-actionlint.bash
    participant ReleaseHost as Releases (github.com)
    participant Actionlint as actionlint binary

    Runner->>Repo: actions/checkout
    Runner->>Fetch: run download-actionlint.bash (v1.7.12)
    Fetch->>ReleaseHost: request actionlint v1.7.12
    ReleaseHost-->>Fetch: deliver binary
    Fetch-->>Runner: set outputs.executable
    Runner->>Actionlint: execute `${{ steps.get_actionlint.outputs.executable }} -color` on repo workflows
    Actionlint-->>Runner: exit status / diagnostics

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• ci: enforce consistent shell formatting with shfmt #514 — similar CI/tooling changes adding workflow linting and developer tooling updates.

Suggested reviewers

• wfxr
• cjappl
• carlfriedrich

Poem

🐰 I hopped through YAML, neat and spry,

actionlint peered with a careful eye.
Hooks and docs now hum in tune,
CI sings under the linting moon. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: adding actionlint to CI for linting GitHub Actions workflows.
Description check	✅ Passed	The description provides context, mentions the related issue #514, includes filled checklist items, and indicates the type of change (Documentation change and CI).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/ci.yaml:
- Around line 104-107: The workflow step "Download actionlint" (id
get_actionlint) currently fetches the installer from the mutable main branch;
update the curl invocation to pin the installer to the same release used by
.pre-commit-config.yaml (v1.7.12) by changing the URL to
raw.githubusercontent.com/rhysd/actionlint/v1.7.12/scripts/download-actionlint.bash
and harden the download with fail-fast curl flags (e.g. -fsSL or --fail --silent
--show-error) so the workflow is reproducible and fails fast on network errors.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a0174d2b-4ce5-423a-95ce-31aeaf7fe3c6

📥 Commits

Reviewing files that changed from the base of the PR and between 9280ebb and 95de7b5.

📒 Files selected for processing (4)

• .github/workflows/ci.yaml
• .github/workflows/release.yaml
• .pre-commit-config.yaml
• CONTRIBUTING.md