2323
2424 - name : Install actionlint
2525 run : |
26- # Download actionlint v1.7.9 (pinned version)
27- curl -sL https://github.com/rhysd/actionlint/releases/download/v1.7.9/actionlint_1.7.9_linux_amd64.tar.gz -o actionlint.tar.gz
26+ # Download actionlint v1.7.9 (pinned version with checksum verification)
27+ ACTIONLINT_VERSION="1.7.9"
28+ ACTIONLINT_URL="https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz"
29+ EXPECTED_SHA256="233b280d05e100837f4af1433c7b40a5dcb306e3aa68fb4f17f8a7f45a7df7b4"
30+
31+ curl -sL "$ACTIONLINT_URL" -o actionlint.tar.gz
32+ echo "$EXPECTED_SHA256 actionlint.tar.gz" | sha256sum -c -
2833 tar xzf actionlint.tar.gz
2934 sudo mv ./actionlint /usr/local/bin/
3035 rm actionlint.tar.gz
6974 echo "No actions found in workflows"
7075 fi
7176
77+ - name : Install jq for JSON parsing
78+ run : sudo apt-get update && sudo apt-get install -y jq
79+
7280 - name : Check action availability and versions
7381 env :
7482 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
@@ -89,44 +97,56 @@ jobs:
8997 continue
9098 fi
9199
100+ # Check if action has a version specified
101+ if [[ "$action" != *"@"* ]]; then
102+ echo "⚠️ Warning: Action without version: $action"
103+ continue
104+ fi
105+
92106 # Extract owner/repo and version
93107 ACTION_PATH=$(echo "$action" | cut -d'@' -f1)
94108 ACTION_VERSION=$(echo "$action" | cut -d'@' -f2)
95109
96- # Check if action exists
97- if [[ "$ACTION_PATH" == *"/"* ]]; then
98- echo "Checking $ACTION_PATH@$ACTION_VERSION..."
110+ # Skip if no valid path
111+ if [[ "$ACTION_PATH" != *"/"* ]]; then
112+ continue
113+ fi
114+
115+ echo "Checking $ACTION_PATH@$ACTION_VERSION..."
116+
117+ # Use GitHub API with authentication for better rate limits
118+ API_URL="https://api.github.com/repos/$ACTION_PATH"
119+ RESPONSE=$(curl -s -w "\n%{http_code}" \
120+ -H "Authorization: token $GITHUB_TOKEN" \
121+ -H "Accept: application/vnd.github.v3+json" \
122+ "$API_URL")
123+
124+ HTTP_CODE=$(echo "$RESPONSE" | tail -n1)
125+
126+ if [ "$HTTP_CODE" -eq 200 ]; then
127+ echo "✓ Action available: $action"
99128
100- # Use GitHub API with authentication for better rate limits
101- API_URL="https://api.github.com/repos/$ACTION_PATH"
102- HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
129+ # Try to fetch latest release for comparison
130+ RELEASE_RESPONSE=$(curl -s \
103131 -H "Authorization: token $GITHUB_TOKEN" \
104132 -H "Accept: application/vnd.github.v3+json" \
105- "$API_URL")
133+ "$API_URL/releases/latest")
134+
135+ LATEST_RELEASE=$(echo "$RELEASE_RESPONSE" | jq -r '.tag_name // empty')
106136
107- if [ "$HTTP_CODE" -eq 200 ]; then
108- echo "✓ Action available: $action"
109-
110- # Try to fetch latest release for comparison
111- LATEST_RELEASE=$(curl -s \
112- -H "Authorization: token $GITHUB_TOKEN" \
113- -H "Accept: application/vnd.github.v3+json" \
114- "$API_URL/releases/latest" | grep '"tag_name":' | sed -E 's/.*"tag_name": "([^"]+)".*/\1/' || echo "")
115-
116- if [ -n "$LATEST_RELEASE" ] && [ "$ACTION_VERSION" != "$LATEST_RELEASE" ]; then
117- echo " ℹ️ Latest version available: $LATEST_RELEASE (current: $ACTION_VERSION)"
118- fi
119- else
120- echo "✗ Action not found or inaccessible: $action (HTTP $HTTP_CODE)"
121- UNAVAILABLE_ACTIONS="${UNAVAILABLE_ACTIONS}${action}\n"
137+ if [ -n "$LATEST_RELEASE" ] && [ "$ACTION_VERSION" != "$LATEST_RELEASE" ]; then
138+ echo " ℹ️ Latest version available: $LATEST_RELEASE (current: $ACTION_VERSION)"
122139 fi
140+ else
141+ echo "✗ Action not found or inaccessible: $action (HTTP $HTTP_CODE)"
142+ UNAVAILABLE_ACTIONS="${UNAVAILABLE_ACTIONS}${action}"$'\n'
123143 fi
124144 done < /tmp/workflow-analysis/unique_actions.txt
125145
126146 if [ -n "$UNAVAILABLE_ACTIONS" ]; then
127147 echo ""
128148 echo "⚠️ Warning: Some actions are unavailable:"
129- echo -e "$UNAVAILABLE_ACTIONS"
149+ echo "$UNAVAILABLE_ACTIONS"
130150 fi
131151
132152 - name : Generate action version report
0 commit comments