177 Commits

Author SHA1 Message Date
GitHub Actions 1372d6dec7 Release extension version 0.3.54 2026-04-21 19:11:32 +00:00
Salman Chishti a06de82217 Merge pull request #356 from actions/vulnerability-alerts-permission
Add vulnerability-alerts permission to workflow schema
2026-04-21 20:04:10 +01:00
eric sciple 36b909a32d Revert "Add field_added and field_removed issue event types to workflows (#351)" (#360) 2026-04-16 13:10:37 -05:00
Armağan 9a8a94bd21 Add field_added and field_removed issue event types to workflows (#351) 2026-04-16 10:55:56 -05:00
github-actions[bot] 8aa246e9d9 Release extension version 0.3.53 (#359)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-04-15 15:16:47 -05:00
Jason Ginchereau ffc3778653 Add concurrency queue support (#355) 2026-04-15 14:36:13 -05:00
Salman Muin Kayser Chishti 38f730cdce Add vulnerability-alerts permission to workflow schema
Add vulnerability-alerts as a new read-only permission key in the
permissions-mapping. This permission allows workflows to read
Dependabot alerts via GITHUB_TOKEN.

Uses permission-level-read-or-no-access type (read and none only).
Updated security-events description to reflect it covers code
scanning alerts only.
2026-04-15 02:40:02 +00:00
GitHub Actions 840d04cea8 Release extension version 0.3.52 2026-04-14 14:27:30 +00:00
github-actions[bot] d5670c383a Release extension version 0.3.51 (#346)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-04-03 10:34:58 -05:00
eric sciple f62a0e189d Remove allowServiceContainerCommand feature flag (#345)
Service container entrypoint/command support is now unconditional.
2026-04-03 10:29:34 -05:00
github-actions[bot] 9e1662f1d4 Release extension version 0.3.50 (#344)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-03-31 20:46:47 -05:00
eric sciple 5db2e80f32 Add entrypoint and command keys for service containers (#343)
Introduce service-container-mapping schema definition with entrypoint
and command properties, gated behind allowServiceContainerCommand
feature flag. Job containers remain unaffected.
2026-03-31 15:45:18 -05:00
github-actions[bot] 83de320ba9 Release extension version 0.3.49 (#342)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-03-20 09:47:56 -05:00
Angel Kou 74e6638098 Remove timezone feature flag in languageservice (#341)
* Remove timezone feature flag in languageservice

* Prettier

* Address comment

---------

Co-authored-by: Angel Kou <jiakou@microsoft.com>
2026-03-19 14:10:38 -07:00
github-actions[bot] f8b8b57248 Release extension version 0.3.48 (#340)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-03-18 11:02:31 -05:00
eric sciple aa1e7d8aec Add deployment key support for job environment (#338)
Add a boolean 'deployment' property to the job environment mapping.
When set to false, the parsed environment reference sets
skipDeployment to signal that no deployment record should be created.
2026-03-18 10:53:25 -05:00
github-actions[bot] bd6ce5923b Release extension version 0.3.47 (#336)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-03-10 11:38:05 -05:00
Tim Rogers 3de9820cd8 Add copilot-requests permission, gated by feature flag (#335)
* Add copilot-requests permission gated by feature flag

This add a new 'copilot-requests' permission to the workflow schema,
gated behind the 'allowCopilotRequestsPermission' experimental
feature flag.

When the flag is disabled (default), `copilot-requests` is filtered
out of autocomplete suggestions. When enabled, it appears
alongside other permissions like actions, contents, pull-requests,
etc.

* Update workflow-parser/src/workflow-v1.0.json

* Add additional unit test coverage

* Fix formatting
2026-03-10 09:48:54 -05:00
Angel Kou a7f581bde5 Add timezone to workflow and pass FF (#334)
* Add timezone to workflow and pass FF

* Prettier fixes

* Prettier fixes

* Prettier fixes

* Guard timezone autocomplete behind FF

* Prettier fix

* Address PR comments

* Prettier fix

* Remove comma

* Remove template assignment

* Move description

* Fix test

* Prettier again!

* Address comments

* Change error when timezone key is entered but FF is off

* Prettier

---------

Co-authored-by: Angel Kou <jiakou@microsoft.com>
2026-03-05 17:59:56 -08:00
github-actions[bot] 8c0a3a947b Release extension version 0.3.46 (#333)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-02-26 09:57:24 -06:00
eric sciple 92c5235a00 Upgrade lerna to v9 for OIDC trusted publishing (#330)
- Upgrade lerna from v8 to v9 (adds OIDC trusted publishing support)
- Remove registry-url, scope, and packages:write from release workflow
- Remove NPM_CONFIG_PROVENANCE env (automatic with OIDC)
- Update workspace typescript devDependency from ^4.8.4 to ^5.8.3
- Remove root typescript override (no longer needed)
2026-02-25 19:58:54 -06:00
eric sciple 9f770badd3 Upgrade Node.js to 24 for npm trusted publishing (#329) 2026-02-25 15:04:40 -06:00
github-actions[bot] 4a881d9ea1 Release extension version 0.3.45 (#326)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-02-24 11:19:31 -06:00
eric sciple fb5c6e4f27 Add private repository access to step-uses description (#322)
Update the step-uses description to mention that actions can also be
used from private repositories when access is enabled via repository
settings.

Fixes #319
2026-01-30 09:23:48 -06:00
GitHub Actions d69c1fa0f3 Release extension version 0.3.44 2026-01-29 18:13:09 +00:00
github-actions[bot] 448180bd7f Release extension version 0.3.43 (#318)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-01-27 08:57:45 -06:00
eric sciple d2f52a9043 Validate implicit if conditions in action.yml files (#317)
## Problem

In workflow YAML files, writing `if: foo == bar` shows an error because `foo` and `bar` are not valid contexts. However, the same invalid expression in an action.yml file showed no error.

## Solution

Add expression validation for implicit `if` conditions in action.yml files, matching the behavior of workflow YAML validation.

## What's new

1. **Pre-if/post-if validation** (node and docker actions)
   - `pre-if: foo == bar` now shows error for unknown context
   - `post-if: unknownFunc()` now shows error for unknown function

2. **Composite step `if` validation** (fix)
   - Errors from `convertToIfCondition` were being lost due to call ordering
   - Now captured correctly by calling conversion before retrieving errors

## Why the refactor?

The diff includes consolidating multiple validation loops into a single `validateAllTokens()` traversal. This matches the pattern used in workflow YAML validation (`additionalValidations`), making the code consistent between the two validation paths.
2026-01-27 08:37:42 -06:00
github-actions[bot] 46b216a6dc Release extension version 0.3.42 (#316)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-01-25 20:53:27 -06:00
eric sciple 0fe7798548 Support pre-if/post-if autocomplete and fix expression functions for action.yml (#314) 2026-01-25 20:47:30 -06:00
github-actions[bot] bdd72406c3 Release extension version 0.3.41 (#313)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-01-23 00:09:45 -06:00
eric sciple 33291f0f8d Add missing validation for action.yml (parity with workflow files) (#311)
* Add missing validation for action.yml (parity with workflow files)

- Add uses format validation for composite action steps
  - Validates owner/repo@ref format
  - Supports docker:// and ./ local references
  - Warns about shortened SHA refs (security concern)
  - Detects reusable workflow references in wrong context

- Add if literal text detection for composite action steps
  - Detects literal text outside ${{ }} that makes conditions always truthy
  - Works for both plain string and mixed expression formats
  - Uses shared hasFormatWithLiteralText() utility

- Add pre-if/post-if validation for node and docker actions
  - Errors on explicit ${{ }} syntax (runner only supports implicit expressions)
  - Literal text detection for implicit expressions
  - New runs-if schema type with proper context (runner, github, job, env, inputs, status functions)
  - Validates only in strict schema used by language services

- Add format() function validation for all expressions
  - Validates format string syntax in all expression contexts
  - Checks argument count matches placeholders

- Fix env and matrix context providers to return complete=false
  - Prevents false positive 'unknown context' errors
  - Matches behavior of other dynamic contexts (secrets, vars, etc.)

- Refactor validation utilities into utils/validate-uses.ts and utils/validate-if.ts
  - Shared between workflow and action validation
  - Consistent error messages and codes

* Add strategy and matrix contexts to runs-if definition

Based on runner source code analysis (actions/runner):
- ExecutionContext.InitializeJob() populates ExpressionValues from message.ContextData
- strategy and matrix are part of message.ContextData, available before any steps run
- StepsRunner evaluates all steps (pre, main, post) using the same code path

Did NOT add:
- steps: empty at pre-if time (no steps completed yet)
- hashFiles: workspace files don't exist at pre-step time
2026-01-23 00:02:02 -06:00
eric sciple 8511ae2e6d Allow empty string for container options (#312) 2026-01-22 15:21:11 -06:00
github-actions[bot] cd1078fb2f Release extension version 0.3.40 (#310)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-01-21 17:05:31 -06:00
github-actions[bot] f3f11d8658 Release extension version 0.3.39 (#305)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-01-19 15:19:33 -06:00
github-actions[bot] a8bfe74256 Release extension version 0.3.38 (#303)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-01-19 14:00:31 -06:00
github-actions[bot] 2a203ec742 Release extension version 0.3.37 (#301)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-01-19 09:56:35 -06:00
GitHub Actions 4a7e08774d Release extension version 0.3.36 2026-01-14 15:24:00 +00:00
github-actions[bot] 1baa74a67e Release extension version 0.3.35 (#297)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-01-13 19:27:39 -06:00
eric sciple 2816233a40 Add block scalar newline warning (#295)
In YAML, block scalars (`|` and `>`) silently add a trailing newline by default
("clip" chomping). This can cause subtle bugs when the newline is unintentional.

This PR adds a warning when clip chomping is used in fields where trailing
newlines commonly cause issues:

- Environment variables (workflow, job, step, container, service levels)
- Action inputs (`with:`)
- Reusable workflow inputs and secrets
- Job outputs
- Matrix values (including `include` and `exclude`)
- Concurrency groups

The warning suggests using `|-` (strip) or `|+` (keep) to be explicit.

Intentionally does NOT warn for:
- `run:` scripts (trailing newlines are normal)
- Fields trimmed server-side (`if:`, `name:`, `runs-on:`, etc.)

The feature is gated behind the `blockScalarChompingWarning` feature flag.
2026-01-12 09:36:43 -06:00
eric sciple 2e46c66878 Context-aware autocomplete and validation for action.yml runs section (#289)
- Set main as required in node-runs-strict schema definition
- Add validation for invalid key combinations based on using value
- Add validation for missing required keys (main for node, steps for composite, image for docker)
- Filter autocomplete suggestions based on using value
- Prioritize 'using' in completions when not set yet

Fixes context-aware autocomplete for action.yml files where different
action types (node, composite, docker) have different valid keys under runs:
2026-01-06 21:09:38 -06:00
github-actions[bot] 71ff7b49c3 Release extension version 0.3.34 (#288)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-01-05 09:02:23 -06:00
eric sciple 1a42526360 Fix false positive for literal text in if conditions (#285)
* Fix false positive for literal text in `if` conditions

Use token.value (parsed string without YAML quotes) instead of token.source
(raw YAML text) for expression parsing in single-line strings. This fixes a
false positive where `if: "${{ expr }}"` incorrectly triggered the
"literal text in condition" error because the outer quotes were treated as
literal text.

Follow-up to PR #216
Related issue: https://github.com/github/vscode-github-actions/issues/542

* Move issue reference to comment
2026-01-05 08:33:10 -06:00
github-actions[bot] 6641228870 Release extension version 0.3.33 (#284)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-01-04 14:05:43 -06:00
github-actions[bot] c67c353245 Release extension version 0.3.32 (#281)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-01-02 14:47:49 -06:00
github-actions[bot] 56ce46afa6 Release extension version 0.3.31 (#279)
Co-authored-by: GitHub Actions <github-actions@github.com>
2026-01-02 12:21:22 -06:00
eric sciple d2ffb50a92 Add language service support for action.yml files (#275)
- Add validation, completion, hover, and document links for action.yml files
- Implement document type detection to route action.yml to action-specific handlers
- Add expression context for composite actions (inputs, steps, github, runner, etc.)
- Add schema validation for required fields, branding, and composite step requirements
- Support JavaScript (node20/node24), Docker, and composite action types
- Validate action references in composite action uses steps
- Add JSDoc comments to parser and template functions
- Refactor hover to use hoverToken consistently
- Fix lint errors and add return type annotations
2026-01-02 10:38:52 -06:00
github-actions[bot] 3734de18ee Release extension version 0.3.30 (#274)
Co-authored-by: GitHub Actions <github-actions@github.com>
2025-12-30 12:01:49 -06:00
github-actions[bot] f84e42c1f1 Release extension version 0.3.29 (#272)
Co-authored-by: GitHub Actions <github-actions@github.com>
2025-12-29 22:27:06 -06:00
github-actions[bot] a06ceee92b Release extension version 0.3.28 (#267)
Co-authored-by: GitHub Actions <github-actions@github.com>
2025-12-23 14:24:06 -06:00
github-actions[bot] 86888cf4c8 Release extension version 0.3.27 (#264)
Co-authored-by: GitHub Actions <github-actions@github.com>
2025-12-22 11:28:48 -06:00