Update module github.com/rhysd/actionlint to v1.7.7 (#791)

This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) | `v1.6.27` -> `v1.7.7` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2frhysd%2factionlint/v1.7.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2frhysd%2factionlint/v1.6.27/v1.7.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>rhysd/actionlint (github.com/rhysd/actionlint)</summary>

### [`v1.7.7`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v177---2025-01-19)

[Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.6...v1.7.7)

- Support runner labels for [Linux arm64 hosted runners](https://github.blog/changelog/2025-01-16-linux-arm64-hosted-runners-now-available-for-free-in-public-repositories-public-preview/). ([#&#8203;503](https://github.com/rhysd/actionlint/issues/503), [#&#8203;504](https://github.com/rhysd/actionlint/issues/504), thanks [@&#8203;martincostello](https://github.com/martincostello))
  - `ubuntu-24.04-arm`
  - `ubuntu-22.04-arm`
- Update Go dependencies to the latest.
- Update the popular actions data set to the latest.
- Add Linux arm64 job to the CI workflow. Now actionlint is tested on the platform. ([#&#8203;507](https://github.com/rhysd/actionlint/issues/507), thanks [@&#8203;cclauss](https://github.com/cclauss))

\[Changes]\[v1.7.7]

<a id="v1.7.6"></a>

### [`v1.7.6`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v176---2025-01-04)

[Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.5...v1.7.6)

- Using contexts at specific workflow keys is incorrectly reported as not allowed. Affected workflow keys are as follows. ([#&#8203;495](https://github.com/rhysd/actionlint/issues/495), [#&#8203;497](https://github.com/rhysd/actionlint/issues/497), [#&#8203;498](https://github.com/rhysd/actionlint/issues/498), [#&#8203;500](https://github.com/rhysd/actionlint/issues/500))
  - `jobs.<job_id>.steps.with.args`
  - `jobs.<job_id>.steps.with.entrypoint`
  - `jobs.<job_id>.services.<service_id>.env`
- Update Go dependencies to the latest.

\[Changes]\[v1.7.6]

<a id="v1.7.5"></a>

### [`v1.7.5`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v175---2024-12-28)

[Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.4...v1.7.5)

- Strictly check available contexts in `${{ }}` placeholders following the ['Context availability' table](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs#context-availability) in the official document.
  - For example, `jobs.<job_id>.defaults.run.shell` allows `env` context but `shell` workflow keys in other places allow no context.
    ```yaml
    defaults:
      run:
    ```

### ERROR: No context is available here

```
    shell: ${{ env.SHELL }}

jobs:
  test:
    runs-on: ubuntu-latest
    defaults:
      run:
```

### OK: 'env' context is available here

```
        shell: ${{ env.SHELL }}
    steps:
      - run: echo hello
```

### ERROR: No context is available here

````
        shell: ${{ env.SHELL}}
```
````

- Check a string literal passed to `fromJSON()` call. This pattern is [popular](https://github.com/search?q=fromJSON%28%27+lang%3Ayaml\&type=code) to create array or object constants because GitHub Actions does not provide the literal syntax for them. See the [document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md#contexts-and-built-in-functions) for more details. ([#&#8203;464](https://github.com/rhysd/actionlint/issues/464))
  ```yaml
  jobs:
    test:
  ```

### ERROR: Key 'mac' does not exist in the object returned by the fromJSON()

```
  runs-on: ${{ fromJSON('{"win":"windows-latest","linux":"ubuntul-latest"}')['mac'] }}
  steps:
    - run: echo This is a special branch!
```

### ERROR: Broken JSON string passed to fromJSON.

```
      if: contains(fromJSON('["main","release","dev"'), github.ref_name)
```

````
- Allow passing command arguments to `-shellcheck` argument. ([#&#8203;483](https://github.com/rhysd/actionlint/issues/483), thanks [@&#8203;anuraaga](https://github.com/anuraaga))
- This is useful when you want to use alternative build of shellcheck like [go-shellcheck](https://github.com/wasilibs/go-shellcheck/).
  ```sh
  actionlint -shellcheck="go run github.com/wasilibs/go-shellcheck/cmd/shellcheck@latest"
  ```
- Support undocumented `repository_visibility`, `artifact_cache_size_limit`, `step_summary`, `output`, `state` properties in `github` context. ([#&#8203;489](https://github.com/rhysd/actionlint/issues/489), thanks [@&#8203;rasa](https://github.com/rasa) for adding `repository_visibility` property)
- Remove `macos-12` runner label from known labels because it was [dropped](https://github.com/actions/runner-images/issues/10721) from GitHub-hosted runners on Dec. 3 and is no longer available.
- Add `windows-2025` runner label to the known labels. The runner is in [public preview](https://github.blog/changelog/2024-12-19-windows-server-2025-is-now-in-public-preview/). ([#&#8203;491](https://github.com/rhysd/actionlint/issues/491), thanks [@&#8203;ericcornelissen](https://github.com/ericcornelissen))
- Add `black` to the list of colors for `branding.color` action metadata. ([#&#8203;485](https://github.com/rhysd/actionlint/issues/485), thanks [@&#8203;eifinger](https://github.com/eifinger))
- Add `table` to the list of icons for `branding.icon` action metadata.
- Fix parsing escaped `{` in `format()` function call's first argument.
- Fix the incorrect `join()` function overload. `join(s1: string, s2: string)` was wrongly accepted.
- Update popular actions data set to the latest.
- Add `download-artifact/v3-node20` to the data set. ([#&#8203;468](https://github.com/rhysd/actionlint/issues/468))
- Fix missing the `reviewdog/action-hadolint@v1` action input. ([#&#8203;487](https://github.com/rhysd/actionlint/issues/487), thanks [@&#8203;mi-wada](https://github.com/mi-wada))
- Link to the documents of the stable version in actionlint `man` page and `-help` output.
- Refactor `LintStdin()` API example and some unit tests. ([#&#8203;472](https://github.com/rhysd/actionlint/issues/472), [#&#8203;475](https://github.com/rhysd/actionlint/issues/475), thanks [@&#8203;alexandear](https://github.com/alexandear))
- Improve the configuration example in `actionlint.yaml` document to explain glob patterns for `paths`. ([#&#8203;481](https://github.com/rhysd/actionlint/issues/481))

[Changes][v1.7.5]

<a id="v1.7.4"></a>
````

### [`v1.7.4`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v174---2024-11-04)

[Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.3...v1.7.4)

- Disallow the usage of popular actions that run on `node16` runner. The `node16` runner [will reach the end of life on November 12](https://github.blog/changelog/2024-09-25-end-of-life-for-actions-node16/).
  - In case of the error, please update your actions to the latest version so that they run on the latest `node20` runner.
  - If you're using self-hosted runner and you cannot upgrade your runner to `node20` soon, please consider to ignore the error by the `paths` configuration described below.
  - If you're using `actions/upload-artifact@v3` and `actions/download-artifact@v3` on GHES, please replace them with `actions/upload-artifact@v3-node20` and `actions/download-artifact@v3-node20`. ([#&#8203;468](https://github.com/rhysd/actionlint/issues/468))
- Provide the configuration for ignoring errors by regular expressions in `actionlint.yml` (or `actionlint.yaml`). Please see the [document](https://github.com/rhysd/actionlint/blob/v1.7.4/docs/config.md) for more details. ([#&#8203;217](https://github.com/rhysd/actionlint/issues/217), [#&#8203;342](https://github.com/rhysd/actionlint/issues/342))
  - The `paths` is a mapping from the file path glob pattern to the corresponding configuration. The `ignore` configuration is a list of regular expressions to match error messages (similar to the `-ignore` command line option).
    ```yaml
    paths:
    ```

### This pattern matches any YAML file under the '.github/workflows/' directory.

```
  .github/workflows/**/*.yaml:
    ignore:
```

### Ignore the specific error from shellcheck

```
      - 'shellcheck reported issue in this script: SC2086:.+'
```

### This pattern only matches '.github/workflows/release.yaml' file.

```
  .github/workflows/release.yaml:
    ignore:
```

### Ignore errors from the old runner check. This may be useful for (outdated) self-hosted runner environment.

````
      - 'the runner of ".+" action is too old to run on GitHub Actions'
```
````

- This configuration was not implemented initially because I wanted to keep the configuration as minimal as possible. However, due to several requests for it, the configuration has now been added.
- Untrusted inputs check is safely skipped inside specific function calls. ([#&#8203;459](https://github.com/rhysd/actionlint/issues/459), thanks [@&#8203;IlyaGulya](https://github.com/IlyaGulya))
  - For example, the following step contains the untrusted input `github.head_ref`, but it is safe because it's passed to the `contains()` argument.
    ```yaml
    - run: echo "is_release_branch=${{ contains(github.head_ref, 'release') }}" >> "$GITHUB_OUTPUT"
    ```
  - For more details, please read the [rule document](https://github.com/rhysd/actionlint/blob/v1.7.4/docs/checks.md#untrusted-inputs).
- Recognize `gcr.io` and `gcr.dev` as the correct container registry hosts. ([#&#8203;463](https://github.com/rhysd/actionlint/issues/463), thanks [@&#8203;takaidohigasi](https://github.com/takaidohigasi))
  - Note that it is recommended explicitly specifying the scheme like `docker://gcr.io/...`.
- Remove `macos-x.0` runner labels which are no longer available. ([#&#8203;452](https://github.com/rhysd/actionlint/issues/452))
- Disable shellcheck [`SC2043`](https://www.shellcheck.net/wiki/SC2043) rule because it can cause false positives on checking `run:`. ([#&#8203;355](https://github.com/rhysd/actionlint/issues/355))
  - The [rule document](https://github.com/rhysd/actionlint/blob/v1.7.4/docs/checks.md#check-shellcheck-integ) was updated as well. ([#&#8203;466](https://github.com/rhysd/actionlint/issues/466), thanks [@&#8203;risu729](https://github.com/risu729))
- Fix the error message was not deterministic when detecting cycles in `needs` dependencies.
- Fix the check for `format()` function was not applied when the function name contains upper case like `Format()`. Note that function names in `${{ }}` placeholders are case-insensitive.
- Update the popular actions data set to the latest.
  - This includes the [new `ref` and `commit` outputs](https://github.com/actions/checkout/pull/1180) of `actions/checkout`.
- Add [`actions/cache/save`](https://github.com/actions/cache/tree/main/save) and [`actions/cache/restore`](https://github.com/actions/cache/tree/main/restore) to the popular actions data set.
- Links in the [README.md](https://github.com/rhysd/actionlint/blob/main/README.md) now point to the document of the latest version tag instead of HEAD of `main` branch.
- Add [`Linter.LintStdin`](https://pkg.go.dev/github.com/rhysd/actionlint#Linter.LintStdin) method dedicated to linting STDIN instead of handling STDIN in `Command`.
- (Dev) Add new [`check-checks` script](https://github.com/rhysd/actionlint/tree/main/scripts/check-checks) to maintain the ['Checks' document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md). It automatically updates the outputs and playground links for example inputs in the document. It also checks the document is up-to-date on CI. Please read the [document](https://github.com/rhysd/actionlint/blob/main/scripts/check-checks/README.md) for more details.

[Documentation](https://github.com/rhysd/actionlint/tree/v1.7.4/docs)

\[Changes]\[v1.7.4]

<a id="v1.7.3"></a>

### [`v1.7.3`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v173---2024-09-29)

[Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.2...v1.7.3)

- Remove `macos-11` runner labels because [macOS 11 runner was dropped on 6/28/2024](https://github.blog/changelog/2024-05-20-actions-upcoming-changes-to-github-hosted-macos-runners/#macos-11-deprecation-and-removal). ([#&#8203;451](https://github.com/rhysd/actionlint/issues/451), thanks [@&#8203;muzimuzhi](https://github.com/muzimuzhi))
- Support `macos-15`, `macos-15-large`, and `macos-15-xlarge` runner labels. The macOS 15 runner is not globally available yet, but [they are available in beta](https://github.com/actions/runner-images?tab=readme-ov-file#available-images). ([#&#8203;453](https://github.com/rhysd/actionlint/issues/453), thanks [@&#8203;muzimuzhi](https://github.com/muzimuzhi))
- Release artifact includes checksums for the released binaries. The file name is `actionlint_{version}_checksums.txt`. ([#&#8203;449](https://github.com/rhysd/actionlint/issues/449))
  - For example, the checksums for v1.7.3 can be found [here](https://github.com/rhysd/actionlint/releases/download/v1.7.3/actionlint_1.7.3_checksums.txt).
- Fix `download-path` output is missing in `actions/download-artifact@v3` action. ([#&#8203;442](https://github.com/rhysd/actionlint/issues/442))
  - Note that the latest version `actions/download-artifact@v4` was not affected by this issue.
- Support Go 1.23.

[Documentation](https://github.com/rhysd/actionlint/blob/v1.7.3/docs/checks.md)

\[Changes]\[v1.7.3]

<a id="v1.7.2"></a>

### [`v1.7.2`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v172---2024-09-23)

[Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.1...v1.7.2)

- Fix child processes to run in parallel.
- Update the popular actions data set to the latest. ([#&#8203;442](https://github.com/rhysd/actionlint/issues/442), [#&#8203;445](https://github.com/rhysd/actionlint/issues/445), [#&#8203;446](https://github.com/rhysd/actionlint/issues/446), [#&#8203;447](https://github.com/rhysd/actionlint/issues/447), thanks [@&#8203;maikelvdh](https://github.com/maikelvdh))
- Add support for checking branch filters on [`merge_group` event](https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#merge_group). ([#&#8203;448](https://github.com/rhysd/actionlint/issues/448), thanks [@&#8203;muzimuzhi](https://github.com/muzimuzhi))
- [The playground](https://rhysd.github.io/actionlint/) now supports both light and dark modes and automatically applies the system's theme.
- Fix releasing a failure on making a new winget package. ([#&#8203;438](https://github.com/rhysd/actionlint/issues/438), thanks [@&#8203;vedantmgoyal9](https://github.com/vedantmgoyal9))

\[Changes]\[v1.7.2]

<a id="v1.7.1"></a>

### [`v1.7.1`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v171---2024-05-28)

[Compare Source](https://github.com/rhysd/actionlint/compare/v1.7.0...v1.7.1)

- Support `ubuntu-24.04` runner label, which was [recently introduced as beta](https://github.blog/changelog/2024-05-14-github-hosted-runners-public-beta-of-ubuntu-24-04-is-now-available/). ([#&#8203;425](https://github.com/rhysd/actionlint/issues/425), thanks [@&#8203;bitcoin-tools](https://github.com/bitcoin-tools))
- Remove the support for `macos-10` runner label which was [officially dropped about 2 years ago](https://github.blog/changelog/2022-07-20-github-actions-the-macos-10-15-actions-runner-image-is-being-deprecated-and-will-be-removed-by-8-30-22/).
- Remove the support for `windows-2016` runner label which was [officially dropped about 2 years ago](https://github.blog/changelog/2021-10-19-github-actions-the-windows-2016-runner-image-will-be-removed-from-github-hosted-runners-on-march-15-2022/).
- Document URLs used in help output and links in the playground prefer specific version tag rather than `main` branch. For example,
  - Before: https://github.com/rhysd/actionlint/tree/main/docs
  - After: https://github.com/rhysd/actionlint/tree/v1.7.1/docs
- Fix actionlint wrongly reports an error when using `ghcr.io` or `docker.io` at `image` field of action metadata file of Docker action without `docker://` scheme. ([#&#8203;428](https://github.com/rhysd/actionlint/issues/428))
  ```yaml
  runs:
    using: 'docker'
  ```

### This should be OK

```
image: 'ghcr.io/user/repo:latest'
```

```
- Fix checking `preactjs/compressed-size-action@v2` usage caused a false positive. ([#&#8203;422](https://github.com/rhysd/actionlint/issues/422))
- Fix an error message when invalid escaping is found in globs.
- The design of the [playground page](https://rhysd.github.io/actionlint/) is overhauled following the upgrade of bulma package to v1.
- Current actionlint version is shown in the heading.
- The color theme is changed to the official dark theme.
- The list of useful links is added to the bottom of the page as 'Resources' section.

[Changes][v1.7.1]

<a id="v1.7.0"></a>
```

### [`v1.7.0`](https://github.com/rhysd/actionlint/blob/HEAD/CHANGELOG.md#v170---2024-05-08)

[Compare Source](https://github.com/rhysd/actionlint/compare/v1.6.27...v1.7.0)

- From this version, actionlint starts to check action metadata file `action.yml` (or `action.yaml`). At this point, only very basic checks are implemented and contents of `steps:` are not checked yet.
  - It checks properties under `runs:` section (e.g. `main:` can be specified when it is a JavaScript action), `branding:` properties, and so on.
    ```yaml
    name: 'My action'
    author: '...'
    ```

### ERROR: 'description' section is missing

```
branding:
```

### ERROR: Invalid icon name

```
  icon: dog

runs:
```

### ERROR: Node.js runtime version is too old

```
  using: 'node12'
```

### ERROR: The source file being run by this action does not exist

```
  main: 'this-file-does-not-exist.js'
```

### ERROR: 'env' configuration is only allowed for Docker actions

````
  env:
    SOME_VAR: SOME_VALUE
```
````

- actionlint still focuses on checking workflow files. So there is no way to directly specify `action.yml` as an argument of `actionlint` command. actionlint checks all local actions which are used by given workflows. If you want to use actionlint for your action development, prepare a test/example workflow which uses your action, and check it with actionlint instead.
- Checks for `steps:` contents are planned to be implemented. Since several differences are expected between `steps:` in workflow file and `steps:` in action metadata file (e.g. available contexts), the implementation is delayed to later version. And the current implementation of action metadata parser is ad hoc. I'm planning a large refactorying and breaking changes Go API around it are expected.
- Add `runner.environment` property. ([#&#8203;412](https://github.com/rhysd/actionlint/issues/412))
  ```yaml
  - run: echo 'Run by GitHub-hosted runner'
    if: runner.environment == 'github-hosted'
  ```
- Using outdated popular actions is now detected at error. See [the document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md#detect-outdated-popular-actions) for more details.
  - Here 'outdated' means actions which use runtimes no longer supported by GitHub-hosted runners such as `node12`.
    ```yaml
    ```

### ERROR: actions/checkout@v2 is using the outdated runner 'node12'

````
- uses: actions/checkout@v2
```
````

- Support `attestations` permission which was [recently added to GitHub Actions as beta](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds). ([#&#8203;418](https://github.com/rhysd/actionlint/issues/418), thanks [@&#8203;bdehamer](https://github.com/bdehamer))
  ```yaml
  permissions:
    id-token: write
    contents: read
    attestations: write
  ```
- Check comparison expressions more strictly. Arbitrary types of operands can be compared as [the official document](https://docs.github.com/en/actions/learn-github-actions/expressions#operators) explains. However, comparisons between some types are actually meaningless because the values are converted to numbers implicitly. actionlint catches such meaningless comparisons as errors. Please see [the check document](https://github.com/rhysd/actionlint/blob/main/docs/checks.md#check-comparison-types) for more details.
  ```yaml
  on:
    workflow_call:
      inputs:
        timeout:
          type: boolean

  jobs:
    test:
      runs-on: ubuntu-latest
      steps:
        - run: echo 'called!'
  ```

### ERROR: Comparing string to object is always evaluated to false

```
      if: ${{ github.event == 'workflow_call' }}
    - run: echo 'timeout is too long'
```

### ERROR: Comparing boolean value with `>` doesn't make sense

```
      if: ${{ inputs.timeout > 60 }}
```

````
- Follow the update that `macos-latest` is now an alias to `macos-14` runner.
- Support a custom python shell by `pyflakes` rule.
- Add workaround actionlint reports that `dorny/paths-filter`'s `predicate-quantifier` input is not defined. ([#&#8203;416](https://github.com/rhysd/actionlint/issues/416))
- Fix the type of a conditional expression by comparison operators is wider than expected by implementing type narrowing. ([#&#8203;384](https://github.com/rhysd/actionlint/issues/384))
- For example, the type of following expression should be `number` but it was actually `string | number` and actionlint complained that `timeout-minutes` must take a number value.
  ```yaml
  timeout-minutes: ${{ env.FOO && 10 || 60 }}
  ```
- Fix `${{ }}` placeholder is not available at `jobs.<job_id>.services`. ([#&#8203;402](https://github.com/rhysd/actionlint/issues/402))
```yaml
jobs:
  test:
    services: ${{ fromJSON('...') }}
    runs-on: ubuntu-latest
    steps:
      - run: ...
````

- Do not check outputs of `google-github-actions/get-secretmanager-secrets` because this action sets outputs dynamically. ([#&#8203;404](https://github.com/rhysd/actionlint/issues/404))
- Fix `defaults.run` is ignored on detecting the shell used in `run:`. ([#&#8203;409](https://github.com/rhysd/actionlint/issues/409))
  ```yaml
  defaults:
    run:
      shell: pwsh
  jobs:
    test:
      runs-on: ubuntu-latest
      steps:
  ```

### This was wrongly detected as bash script

```
    - run: $Env:FOO = "FOO"
```

````
- Fix parsing a syntax error reported from pyflakes when checking a Python script in `run:`. ([#&#8203;411](https://github.com/rhysd/actionlint/issues/411))
```yaml
- run: print(
  shell: python
````

- Skip checking `exclude:` items in `matrix:` when they are constructed from `${{ }}` dynamically. ([#&#8203;414](https://github.com/rhysd/actionlint/issues/414))
  ```yaml
  matrix:
    foo: ['a', 'b']
    exclude:
  ```

### actionlint complained this value didn't exist in matrix combinations

```
  - foo: ${{ env.EXCLUDE_FOO }}
```

````
- Fix checking `exclude:` items when `${{ }}` is used in nested arrays at matrix items.
```yaml
matrix:
  foo:
    - ["${{ fromJSON('...') }}"]
  exclude:

### actionlint complained this value didn't match to any matrix combinations
    - foo: ['foo']
````

- Update popular actions data set. New major versions are added and the following actions are newly added.
  - `peaceiris/actions-hugo`
  - `actions/attest-build-provenance`
  - `actions/add-to-project`
  - `octokit/graphql-action`
- Update Go dependencies to the latest.
- Reduce the size of `actionlint` executable by removing redundant data from popular actions data set.
  - x86\_64 executable binary size was reduced from 6.9MB to 6.7MB (2.9% smaller).
  - Wasm binary size was reduced from 9.4MB to 8.9MB (5.3% smaller).
- Describe how to [integrate actionlint to Pulsar Edit](https://web.pulsar-edit.dev/packages/linter-github-actions) in [the document](https://github.com/rhysd/actionlint/blob/main/docs/usage.md#pulsar-edit). ([#&#8203;408](https://github.com/rhysd/actionlint/issues/408), thanks [@&#8203;mschuchard](https://github.com/mschuchard))
- Update outdated action versions in the usage document. ([#&#8203;413](https://github.com/rhysd/actionlint/issues/413), thanks [@&#8203;naglis](https://github.com/naglis))

\[Changes]\[v1.7.0]

<a id="v1.6.27"></a>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40My41IiwidXBkYXRlZEluVmVyIjoiNDEuNDMuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/791
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>

go.mod

@@ -29,7 +29,7 @@ require (
 	github.com/opencontainers/image-spec v1.1.0
 	github.com/opencontainers/selinux v1.11.0
 	github.com/pkg/errors v0.9.1
-	github.com/rhysd/actionlint v1.6.27
+	github.com/rhysd/actionlint v1.7.7
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
@@ -48,6 +48,7 @@ require (
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/ProtonMail/go-crypto v1.1.3 // indirect
+	github.com/bmatcuk/doublestar/v4 v4.8.0 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
@@ -56,7 +57,7 @@ require (
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/fatih/color v1.16.0 // indirect
+	github.com/fatih/color v1.18.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
@@ -70,8 +71,9 @@ require (
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
-	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mattn/go-shellwords v1.0.12 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/sys/sequential v0.6.0 // indirect

go.sum

@@ -21,6 +21,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/avast/retry-go/v4 v4.6.1 h1:VkOLRubHdisGrHnTu89g08aQEWEgRU7LVEop3GbIcMk=
 github.com/avast/retry-go/v4 v4.6.1/go.mod h1:V6oF8njAwxJ5gRo1Q7Cxab24xs5NCWZBeaHHBklR8mA=
+github.com/bmatcuk/doublestar/v4 v4.8.0 h1:DSXtrypQddoug1459viM9X9D3dp1Z7993fw36I2kNcQ=
+github.com/bmatcuk/doublestar/v4 v4.8.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
@@ -55,8 +57,8 @@ github.com/elazarl/goproxy v1.2.3 h1:xwIyKHbaP5yfT6O9KIeYJR5549MXRQkoQMRXGztz8YQ
 github.com/elazarl/goproxy v1.2.3/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
-github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
-github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
@@ -115,13 +117,14 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
-github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
+github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/go-archive v0.1.0 h1:Kk/5rdW/g+H8NHdJW2gsXyZ7UnzvJNOy6VKJqueWdcQ=
@@ -154,8 +157,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rhysd/actionlint v1.6.27 h1:xxwe8YmveBcC8lydW6GoHMGmB6H/MTqUU60F2p10wjw=
+github.com/rhysd/actionlint v1.7.7 h1:0KgkoNTrYY7vmOCs9BW2AHxLvvpoY9nEUzgBHiPUr0k=
-github.com/rhysd/actionlint v1.6.27/go.mod h1:m2nFUjAnOrxCMXuOMz9evYBRCLUsMnKY2IJl/N5umbk=
+github.com/rhysd/actionlint v1.7.7/go.mod h1:AE6I6vJEkNaIfWqC2GNE5spIJNhxf8NCtLEKU4NnUXg=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -256,7 +259,6 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=