Fix workflow validation issues - use GitHub API, pin actionlint version, remove invalid package

Co-authored-by: diberry <[email protected]>

Author: Copilot

.github/workflows/README.md

@@ -21,9 +21,8 @@ This workflow automatically validates all GitHub Actions workflows in the reposi
 
 **Jobs:**
 1. **validate-workflows**: Runs actionlint to check syntax and best practices
-2. **check-action-versions**: Uses action-validator to check for outdated versions
-3. **detect-outdated-actions**: Extracts and analyzes all actions used in workflows
-4. **summary**: Provides a consolidated summary of all validation jobs
+2. **detect-outdated-actions**: Extracts and analyzes all actions used in workflows, checks availability, and compares with latest versions
+3. **summary**: Provides a consolidated summary of all validation jobs
 
 **Outputs:**
 - A downloadable report artifact containing all actions and versions in use
@@ -56,19 +55,6 @@ bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/down
 actionlint .github/workflows/*.yml
 ```
 
-### action-validator
-Checks for outdated GitHub Actions versions.
-
-**Installation:**
-```bash
-npm install -g action-validator
-```
-
-**Usage:**
-```bash
-action-validator .github/workflows/your-workflow.yml
-```
-
 ## Best Practices
 
 1. **Pin Actions to Specific Versions**: Always use specific commit SHAs or version tags (e.g., `actions/checkout@v4`) instead of branches

.github/workflows/ci.yml

@@ -20,10 +20,9 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: '20'
-          cache: 'npm'
 
       - name: Install dependencies
-        run: npm ci
+        run: npm install
 
       - name: Build project
         run: npm run build

.github/workflows/validate-workflows.yml

@@ -23,8 +23,11 @@ jobs:
 
       - name: Install actionlint
         run: |
-          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
+          # Download actionlint v1.7.9 (pinned version)
+          curl -sL https://github.com/rhysd/actionlint/releases/download/v1.7.9/actionlint_1.7.9_linux_amd64.tar.gz -o actionlint.tar.gz
+          tar xzf actionlint.tar.gz
           sudo mv ./actionlint /usr/local/bin/
+          rm actionlint.tar.gz
           actionlint --version
       
       - name: Run actionlint
@@ -33,34 +36,6 @@ jobs:
           actionlint -color
         continue-on-error: false
 
-  check-action-versions:
-    name: Check Action Versions
-    runs-on: ubuntu-latest
-    
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-      
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-      
-      - name: Install action-validator
-        run: npm install -g action-validator
-      
-      - name: Validate action versions
-        run: |
-          echo "Checking for outdated GitHub Actions..."
-          # Find all workflow files and check each one
-          for workflow in .github/workflows/*.yml .github/workflows/*.yaml; do
-            if [ -f "$workflow" ]; then
-              echo "Checking $workflow..."
-              action-validator "$workflow" || true
-            fi
-          done
-        continue-on-error: true
-  
   detect-outdated-actions:
     name: Detect Outdated Actions
     runs-on: ubuntu-latest
@@ -94,7 +69,9 @@ jobs:
             echo "No actions found in workflows"
           fi
       
-      - name: Check action availability
+      - name: Check action availability and versions
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           echo "Checking if actions are available on GitHub..."
           
@@ -103,6 +80,8 @@ jobs:
             exit 0
           fi
           
+          UNAVAILABLE_ACTIONS=""
+          
           while IFS= read -r action; do
             # Skip local actions (starting with ./)
             if [[ "$action" == ./* ]]; then
@@ -116,19 +95,39 @@ jobs:
             
             # Check if action exists
             if [[ "$ACTION_PATH" == *"/"* ]]; then
-              REPO_URL="https://github.com/$ACTION_PATH"
               echo "Checking $ACTION_PATH@$ACTION_VERSION..."
               
-              # Use GitHub API to check if repo exists (no auth needed for public repos)
-              HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" "$REPO_URL")
+              # Use GitHub API with authentication for better rate limits
+              API_URL="https://api.github.com/repos/$ACTION_PATH"
+              HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
+                -H "Authorization: token $GITHUB_TOKEN" \
+                -H "Accept: application/vnd.github.v3+json" \
+                "$API_URL")
               
               if [ "$HTTP_CODE" -eq 200 ]; then
                 echo "✓ Action available: $action"
+                
+                # Try to fetch latest release for comparison
+                LATEST_RELEASE=$(curl -s \
+                  -H "Authorization: token $GITHUB_TOKEN" \
+                  -H "Accept: application/vnd.github.v3+json" \
+                  "$API_URL/releases/latest" | grep '"tag_name":' | sed -E 's/.*"tag_name": "([^"]+)".*/\1/' || echo "")
+                
+                if [ -n "$LATEST_RELEASE" ] && [ "$ACTION_VERSION" != "$LATEST_RELEASE" ]; then
+                  echo "  ℹ️  Latest version available: $LATEST_RELEASE (current: $ACTION_VERSION)"
+                fi
               else
                 echo "✗ Action not found or inaccessible: $action (HTTP $HTTP_CODE)"
+                UNAVAILABLE_ACTIONS="${UNAVAILABLE_ACTIONS}${action}\n"
               fi
             fi
           done < /tmp/workflow-analysis/unique_actions.txt
+          
+          if [ -n "$UNAVAILABLE_ACTIONS" ]; then
+            echo ""
+            echo "⚠️  Warning: Some actions are unavailable:"
+            echo -e "$UNAVAILABLE_ACTIONS"
+          fi
       
       - name: Generate action version report
         run: |
@@ -173,7 +172,7 @@ jobs:
   summary:
     name: Validation Summary
     runs-on: ubuntu-latest
-    needs: [validate-workflows, check-action-versions, detect-outdated-actions]
+    needs: [validate-workflows, detect-outdated-actions]
     if: always()
 
     steps:
@@ -186,6 +185,5 @@ jobs:
             echo ""
             echo "## Jobs Status:"
             echo "- Validate Workflows: ${{ needs.validate-workflows.result }}"
-            echo "- Check Action Versions: ${{ needs.check-action-versions.result }}"
             echo "- Detect Outdated Actions: ${{ needs.detect-outdated-actions.result }}"
           } >> "$GITHUB_STEP_SUMMARY"