chore(deps): bump github.com/rhysd/actionlint from 1.7.8 to 1.7.9

[dependabot]

Bumps github.com/rhysd/actionlint from 1.7.8 to 1.7.9.

Release notes

Sourced from github.com/rhysd/actionlint's releases.

v1.7.9

• Add support for ubuntu-slim runner label. (#585, thanks @​cestorer)
• Check input deprecation in action by checking deprecationMessage property. Using a deprecated input is reported as error if it is not marked as required. See the document for more details. (#580)

  - uses: reviewdog/action-actionlint@v1
    with:
      # ERROR: Using a deprecated input
      fail_on_error: true

• Add support for the Custom images feature.
  • Support image_version workflow trigger.

    on:
      image_version:
        names:
          - "MyNewImage"
          - "MyOtherImage"
        versions:
          - 1.*
          - 2.*

  • Support jobs.<job_id>.snapshot syntax. To make actionlint recognize your own image generation runner, use self-hosted-runner.labels config.

    jobs:
      build:
        runs-on: my-image-generation-runner
        snapshot:
            image-name: my-custom-image
            version: 2.*

• Report constant conditions at if: like if: true as error. Only very simple expressions like true or false are detected for now. See the document for more details.
• Fix some invalid permissions are not reported as error in id-token and models scopes. (#582, thanks @​holtkampjs)
• Fix args and entrypoint inputs are not recognized at uses: when it's not a Docker action. (#550)
• Set correct column in source position of YAML parse error.
• Fix credentials cannot be configured with ${{ }}. (#590)
• Improve messages in syntax errors on parsing steps (run: and uses:). Available keys suggestion is now more accurate and unexpected keys are detected more accurately.
• Fix the order of errors can be non-deterministic when multiple errors are caused at the same source positions.
• Improve error messages showing suggestions on detecting invalid permissions.
• Add instruction for installing actionlint with mise package manager. (#589, thanks @​jylenhof)
• Fix outdated URLs in the document.
• Add new actionlint.AllContexts map constant in Go API that contains the information about all context availability.
• Update popular actions data set to the latest with several major versions of actions and the following new actions.
  • anthropics/claude-code-action
  • openai/codex-action
  • google-github-actions/run-gemini-cli
• Add make cov task to easily generate a code coverage report.
• Make installing the formula version of actionlint pacakge from tap of this repository with Homebrew a hard error. Install the cask version instead following the instruction in the error message.

Changelog

Sourced from github.com/rhysd/actionlint's changelog.

v1.7.9 - 2025-11-21

• Add support for ubuntu-slim runner label. (#585, thanks @​cestorer)
• Check input deprecation in action by checking deprecationMessage property. Using a deprecated input is reported as error if it is not marked as required. See the document for more details. (#580)

  - uses: reviewdog/action-actionlint@v1
    with:
      # ERROR: Using a deprecated input
      fail_on_error: true

• Add support for the Custom images feature.
  • Support image_version workflow trigger.

    on:
      image_version:
        names:
          - "MyNewImage"
          - "MyOtherImage"
        versions:
          - 1.*
          - 2.*

  • Support jobs.<job_id>.snapshot syntax. To make actionlint recognize your own image generation runner, use self-hosted-runner.labels config.

    jobs:
      build:
        runs-on: my-image-generation-runner
        snapshot:
            image-name: my-custom-image
            version: 2.*

• Report constant conditions at if: like if: true as error. Only very simple expressions like true or false are detected for now. See the document for more details.
• Fix some invalid permissions are not reported as error in id-token and models scopes. (#582, thanks @​holtkampjs)
• Fix args and entrypoint inputs are not recognized at uses: when it's not a Docker action. (#550)
• Set correct column in source position of YAML parse error.
• Fix credentials cannot be configured with ${{ }}. (#590)
• Improve messages in syntax errors on parsing steps (run: and uses:). Available keys suggestion is now more accurate and unexpected keys are detected more accurately.
• Fix the order of errors can be non-deterministic when multiple errors are caused at the same source positions.
• Improve error messages showing suggestions on detecting invalid permissions.
• Add instruction for installing actionlint with mise package manager. (#589, thanks @​jylenhof)
• Fix outdated URLs in the document.
• Add new actionlint.AllContexts map constant in Go API that contains the information about all context availability.
• Update popular actions data set to the latest with several major versions of actions and the following new actions.
  • anthropics/claude-code-action
  • openai/codex-action
  • google-github-actions/run-gemini-cli
• Add make cov task to easily generate a code coverage report.
• Make installing the formula version of actionlint pacakge from tap of this repository with Homebrew a hard error. Install the cask version instead following the instruction in the error message.

[Changes][v1.7.9]

... (truncated)

Commits

• a443f34 bump up version to v1.7.9
• c48cd05 fix deprecated GoReleaser config
• a03892f update the popular actions data set for actions/checkout@v6
• c85ea65 make installing formula version of actionlint error
• eb4d397 update playground npm dependencies
• baee0a7 fix webhook generation script
• 56ecc8c add anthropics/claude-code-action, openai/codex-action, `google-github-ac...
• 5ed2da8 add more tests for parsing and checking container and services
• dbcf56f report image is missing in container
• e4ba27e fix credentials cannot be initialized with ${{ }} (fix #590)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #58.