AgentSkillsCN

github-actions-validation

涵盖语法、安全与最佳实践的GitHub Actions工作流验证。务必使用validate.sh脚本。如需故障排除,请参阅参考文档。

SKILL.md
--- frontmatter
name: github-actions-validation
description: GitHub Actions workflow validation covering syntax, security, and best practices. Always use validate.sh script. For troubleshooting, see reference/.
license: MIT

GitHub Actions Validation

This skill provides guidance for validating GitHub Actions workflows to ensure correctness, security, and best practices.

When to Use This Skill

This skill is applicable for:

  • Validating GitHub Actions workflow syntax
  • Checking workflow security settings
  • Verifying timeout configurations
  • Ensuring best practices compliance
  • Debugging workflow validation failures

Validation Script Usage

Always use the validation script. Do not run individual commands.

Usage

bash
# Run all validations (recommended before commit)
bash github-actions-validation/scripts/validate.sh

# Validate specific directory
bash github-actions-validation/scripts/validate.sh ./.github/workflows/

What the Script Does

The validation script performs all checks in the correct order:

  1. actionlint - Workflow syntax and best practices validation
  2. ghalint - Security and configuration validation
  3. zizmor - GitHub Actions security scanner

Validation Requirements

Before committing workflow changes:

  • Validation script passes
  • All syntax errors resolved
  • Security warnings addressed
  • Timeout settings configured
  • Permissions minimized

Validation Workflow

  1. Make changes - Edit workflow files
  2. Run validation: bash github-actions-validation/scripts/validate.sh
  3. Fix issues - Address any failures
  4. Re-run validation - Ensure all checks pass
  5. Commit - Only when validation succeeds

Reference Documentation

For detailed information: