fix: log the URL of the action when it fails schema validation (#810)

```
$ go test -v -run='TestRunner_RunEvent$/local-action-fails-schema-validation' ./act/runner
...
[fails-schema-validation/test]   ❌  Failure - Main ./local-action-fails-schema-validation/action
[fails-schema-validation/test] failed to validate action.y*ml from action './local-action-fails-schema-validation/action' with path '': Line: 2 Column 3: Failed to match null: Line: 2 Column 3: Expected a scalar got mapping
Line: 2 Column 3: Failed to match inputs-mapping: Line: 3 Column 5: Failed to match null: Line: 3 Column 5: Expected a scalar got mapping
Line: 3 Column 5: Failed to match input-mapping: Line: 3 Column 14: Unknown Variable Access secrets
...
```

<!--start release-notes-assistant-->
<!--URL:https://code.forgejo.org/forgejo/runner-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/810): <!--number 810 --><!--line 0 --><!--description Zml4OiBsb2cgdGhlIFVSTCBvZiB0aGUgYWN0aW9uIHdoZW4gaXQgZmFpbHMgc2NoZW1hIHZhbGlkYXRpb24=-->fix: log the URL of the action when it fails schema validation<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/810
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>

act/runner/action.go

@@ -45,7 +45,7 @@ func readActionImpl(ctx context.Context, step *model.Step, actionDir, actionPath
 	allErrors := []error{}
 	addError := func(fileName string, err error) {
 		if err != nil {
-			allErrors = append(allErrors, fmt.Errorf("failed to read '%s' from action '%s' with path '%s' of step %w", fileName, step.String(), actionPath, err))
+			allErrors = append(allErrors, fmt.Errorf("failed to read '%s' from action '%s' with path '%s': %w", fileName, step.String(), actionPath, err))
 		} else {
 			// One successful read, clear error state
 			allErrors = nil
@@ -112,6 +112,9 @@ func readActionImpl(ctx context.Context, step *model.Step, actionDir, actionPath
 	defer closer.Close()
 
 	action, err := model.ReadAction(reader)
+	if err != nil {
+		err = fmt.Errorf("failed to validate action.y*ml from action '%s' with path '%s': %v", step.String(), actionPath, err)
+	}
 	logger.Debugf("Read action %v from '%s'", action, "Unknown")
 	return action, err
 }

act/runner/job_executor_test.go

@@ -16,13 +16,13 @@ import (
 func TestJobExecutor(t *testing.T) {
 	tables := []TestJobFileInfo{
 		{workdir, "uses-and-run-in-one-step", "push", "Invalid run/uses syntax for job:test step:Test", platforms, secrets},
-		{workdir, "uses-github-empty", "push", "Expected format {org}/{repo}[/path]@ref", platforms, secrets},
+		{workdir, "uses-github-empty", "push", "job:test step:empty", platforms, secrets},
 		{workdir, "uses-github-noref", "push", "Expected format {org}/{repo}[/path]@ref", platforms, secrets},
 		{workdir, "uses-github-root", "push", "", platforms, secrets},
 		{workdir, "uses-github-path", "push", "", platforms, secrets},
 		{workdir, "uses-docker-url", "push", "", platforms, secrets},
 		{workdir, "uses-github-full-sha", "push", "", platforms, secrets},
-		{workdir, "uses-github-short-sha", "push", "Unable to resolve action `actions/hello-world-docker-action@b136eb8`, the provided ref `b136eb8` is the shortened version of a commit SHA, which is not supported. Please use the full commit SHA `b136eb8894c5cb1dd5807da824be97ccdf9b5423` instead", platforms, secrets},
+		{workdir, "uses-github-short-sha", "push", "Please use the full commit SHA", platforms, secrets},
 		{workdir, "job-nil-step", "push", "invalid Step 0: missing run or uses key", platforms, secrets},
 	}
 	// These tests are sufficient to only check syntax.

act/runner/runner_test.go

@@ -14,6 +14,7 @@ import (
 	"github.com/joho/godotenv"
 	log "github.com/sirupsen/logrus"
 	assert "github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"gopkg.in/yaml.v3"
 
 	"code.forgejo.org/forgejo/runner/v9/act/common"
@@ -209,7 +210,8 @@ func (j *TestJobFileInfo) runTest(ctx context.Context, t *testing.T, cfg *Config
 			if j.errorMessage == "" {
 				assert.NoError(t, err, fullWorkflowPath)
 			} else {
-				assert.Error(t, err, j.errorMessage)
+				require.Error(t, err, j.errorMessage)
+				assert.ErrorContains(t, err, j.errorMessage)
 			}
 		}
 	}
@@ -240,6 +242,7 @@ func TestRunner_RunEvent(t *testing.T) {
 		{workdir, "shells/pwsh", "push", "", platforms, secrets},
 
 		// Local action
+		{workdir, "local-action-fails-schema-validation", "push", "Job 'test' failed", platforms, secrets},
 		{workdir, "local-action-docker-url", "push", "", platforms, secrets},
 		{workdir, "local-action-dockerfile", "push", "", platforms, secrets},
 		{workdir, "local-action-via-composite-dockerfile", "push", "", platforms, secrets},
@@ -265,7 +268,7 @@ func TestRunner_RunEvent(t *testing.T) {
 		{workdir, "evalmatrix-merge-array", "push", "", platforms, secrets},
 
 		{workdir, "basic", "push", "", platforms, secrets},
-		{workdir, "fail", "push", "exit with `FAILURE`: 1", platforms, secrets},
+		{workdir, "fail", "push", "Job 'build' failed", platforms, secrets},
 		{workdir, "runs-on", "push", "", platforms, secrets},
 		{workdir, "checkout", "push", "", platforms, secrets},
 		{workdir, "job-container", "push", "", platforms, secrets},
@@ -294,7 +297,7 @@ func TestRunner_RunEvent(t *testing.T) {
 		{workdir, "networking", "push", "", platforms, secrets},
 		{workdir, "steps-context/conclusion", "push", "", platforms, secrets},
 		{workdir, "steps-context/outcome", "push", "", platforms, secrets},
-		{workdir, "job-status-check", "push", "job 'fail' failed", platforms, secrets},
+		{workdir, "job-status-check", "push", "Job 'fail' failed", platforms, secrets},
 		{workdir, "if-expressions", "push", "Job 'mytest' failed", platforms, secrets},
 		{workdir, "actions-environment-and-context-tests", "push", "", platforms, secrets},
 		{workdir, "uses-action-with-pre-and-post-step", "push", "", platforms, secrets},
@@ -313,7 +316,7 @@ func TestRunner_RunEvent(t *testing.T) {
 		{workdir, "do-not-leak-step-env-in-composite", "push", "", platforms, secrets},
 		{workdir, "set-env-step-env-override", "push", "", platforms, secrets},
 		{workdir, "set-env-new-env-file-per-step", "push", "", platforms, secrets},
-		{workdir, "no-panic-on-invalid-composite-action", "push", "jobs failed due to invalid action", platforms, secrets},
+		{workdir, "no-panic-on-invalid-composite-action", "push", "missing steps in composite action", platforms, secrets},
 		{workdir, "tool-cache", "push", "", platforms, secrets},
 
 		// services

act/runner/step_action_remote.go

@@ -42,7 +42,6 @@ func (sar *stepActionRemote) prepareActionExecutor() common.Executor {
 			return nil
 		}
 
-		// For gitea:
 		// Since actions can specify the download source via a url prefix.
 		// The prefix may contain some sensitive information that needs to be stored in secrets,
 		// so we need to interpolate the expression value for uses first.
@@ -50,7 +49,7 @@ func (sar *stepActionRemote) prepareActionExecutor() common.Executor {
 
 		sar.remoteAction = newRemoteAction(sar.Step.Uses)
 		if sar.remoteAction == nil {
-			return fmt.Errorf("Expected format {org}/{repo}[/path]@ref. Actual '%s' Input string was not in a correct format", sar.Step.Uses)
+			return fmt.Errorf("Expected format {org}/{repo}[/path]@ref or https://example.com/{org}/{repo}[/path]@ref. Actual '%s' Input string was not in a correct format", sar.Step.Uses)
 		}
 
 		github := sar.getGithubContext(ctx)

act/runner/testdata/local-action-fails-schema-validation/action/action.yml

@@ -0,0 +1,7 @@
+inputs:
+  leak:
+    default: '${{ secrets.SOMESECRET }}'
+runs:
+  using: composite
+  steps:
+  - run: echo OK

act/runner/testdata/local-action-fails-schema-validation/push.yml

@@ -0,0 +1,9 @@
+name: fails-schema-validation
+on: push
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: https://data.forgejo.org/actions/checkout@v4
+    - uses: ./local-action-fails-schema-validation/action