65 Commits

Author SHA1 Message Date
Salman Chishti a06de82217 Merge pull request #356 from actions/vulnerability-alerts-permission
Add vulnerability-alerts permission to workflow schema
2026-04-21 20:04:10 +01:00
eric sciple 36b909a32d Revert "Add field_added and field_removed issue event types to workflows (#351)" (#360) 2026-04-16 13:10:37 -05:00
Armağan 9a8a94bd21 Add field_added and field_removed issue event types to workflows (#351) 2026-04-16 10:55:56 -05:00
Jason Ginchereau ffc3778653 Add concurrency queue support (#355) 2026-04-15 14:36:13 -05:00
Salman Muin Kayser Chishti 38f730cdce Add vulnerability-alerts permission to workflow schema
Add vulnerability-alerts as a new read-only permission key in the
permissions-mapping. This permission allows workflows to read
Dependabot alerts via GITHUB_TOKEN.

Uses permission-level-read-or-no-access type (read and none only).
Updated security-events description to reflect it covers code
scanning alerts only.
2026-04-15 02:40:02 +00:00
eric sciple f62a0e189d Remove allowServiceContainerCommand feature flag (#345)
Service container entrypoint/command support is now unconditional.
2026-04-03 10:29:34 -05:00
eric sciple 5db2e80f32 Add entrypoint and command keys for service containers (#343)
Introduce service-container-mapping schema definition with entrypoint
and command properties, gated behind allowServiceContainerCommand
feature flag. Job containers remain unaffected.
2026-03-31 15:45:18 -05:00
Angel Kou 74e6638098 Remove timezone feature flag in languageservice (#341)
* Remove timezone feature flag in languageservice

* Prettier

* Address comment

---------

Co-authored-by: Angel Kou <jiakou@microsoft.com>
2026-03-19 14:10:38 -07:00
eric sciple aa1e7d8aec Add deployment key support for job environment (#338)
Add a boolean 'deployment' property to the job environment mapping.
When set to false, the parsed environment reference sets
skipDeployment to signal that no deployment record should be created.
2026-03-18 10:53:25 -05:00
Tim Rogers 3de9820cd8 Add copilot-requests permission, gated by feature flag (#335)
* Add copilot-requests permission gated by feature flag

This add a new 'copilot-requests' permission to the workflow schema,
gated behind the 'allowCopilotRequestsPermission' experimental
feature flag.

When the flag is disabled (default), `copilot-requests` is filtered
out of autocomplete suggestions. When enabled, it appears
alongside other permissions like actions, contents, pull-requests,
etc.

* Update workflow-parser/src/workflow-v1.0.json

* Add additional unit test coverage

* Fix formatting
2026-03-10 09:48:54 -05:00
Angel Kou a7f581bde5 Add timezone to workflow and pass FF (#334)
* Add timezone to workflow and pass FF

* Prettier fixes

* Prettier fixes

* Prettier fixes

* Guard timezone autocomplete behind FF

* Prettier fix

* Address PR comments

* Prettier fix

* Remove comma

* Remove template assignment

* Move description

* Fix test

* Prettier again!

* Address comments

* Change error when timezone key is entered but FF is off

* Prettier

---------

Co-authored-by: Angel Kou <jiakou@microsoft.com>
2026-03-05 17:59:56 -08:00
eric sciple fb5c6e4f27 Add private repository access to step-uses description (#322)
Update the step-uses description to mention that actions can also be
used from private repositories when access is enabled via repository
settings.

Fixes #319
2026-01-30 09:23:48 -06:00
eric sciple d2f52a9043 Validate implicit if conditions in action.yml files (#317)
## Problem

In workflow YAML files, writing `if: foo == bar` shows an error because `foo` and `bar` are not valid contexts. However, the same invalid expression in an action.yml file showed no error.

## Solution

Add expression validation for implicit `if` conditions in action.yml files, matching the behavior of workflow YAML validation.

## What's new

1. **Pre-if/post-if validation** (node and docker actions)
   - `pre-if: foo == bar` now shows error for unknown context
   - `post-if: unknownFunc()` now shows error for unknown function

2. **Composite step `if` validation** (fix)
   - Errors from `convertToIfCondition` were being lost due to call ordering
   - Now captured correctly by calling conversion before retrieving errors

## Why the refactor?

The diff includes consolidating multiple validation loops into a single `validateAllTokens()` traversal. This matches the pattern used in workflow YAML validation (`additionalValidations`), making the code consistent between the two validation paths.
2026-01-27 08:37:42 -06:00
eric sciple 0fe7798548 Support pre-if/post-if autocomplete and fix expression functions for action.yml (#314) 2026-01-25 20:47:30 -06:00
eric sciple 33291f0f8d Add missing validation for action.yml (parity with workflow files) (#311)
* Add missing validation for action.yml (parity with workflow files)

- Add uses format validation for composite action steps
  - Validates owner/repo@ref format
  - Supports docker:// and ./ local references
  - Warns about shortened SHA refs (security concern)
  - Detects reusable workflow references in wrong context

- Add if literal text detection for composite action steps
  - Detects literal text outside ${{ }} that makes conditions always truthy
  - Works for both plain string and mixed expression formats
  - Uses shared hasFormatWithLiteralText() utility

- Add pre-if/post-if validation for node and docker actions
  - Errors on explicit ${{ }} syntax (runner only supports implicit expressions)
  - Literal text detection for implicit expressions
  - New runs-if schema type with proper context (runner, github, job, env, inputs, status functions)
  - Validates only in strict schema used by language services

- Add format() function validation for all expressions
  - Validates format string syntax in all expression contexts
  - Checks argument count matches placeholders

- Fix env and matrix context providers to return complete=false
  - Prevents false positive 'unknown context' errors
  - Matches behavior of other dynamic contexts (secrets, vars, etc.)

- Refactor validation utilities into utils/validate-uses.ts and utils/validate-if.ts
  - Shared between workflow and action validation
  - Consistent error messages and codes

* Add strategy and matrix contexts to runs-if definition

Based on runner source code analysis (actions/runner):
- ExecutionContext.InitializeJob() populates ExpressionValues from message.ContextData
- strategy and matrix are part of message.ContextData, available before any steps run
- StepsRunner evaluates all steps (pre, main, post) using the same code path

Did NOT add:
- steps: empty at pre-if time (no steps completed yet)
- hashFiles: workspace files don't exist at pre-step time
2026-01-23 00:02:02 -06:00
eric sciple 8511ae2e6d Allow empty string for container options (#312) 2026-01-22 15:21:11 -06:00
eric sciple 2816233a40 Add block scalar newline warning (#295)
In YAML, block scalars (`|` and `>`) silently add a trailing newline by default
("clip" chomping). This can cause subtle bugs when the newline is unintentional.

This PR adds a warning when clip chomping is used in fields where trailing
newlines commonly cause issues:

- Environment variables (workflow, job, step, container, service levels)
- Action inputs (`with:`)
- Reusable workflow inputs and secrets
- Job outputs
- Matrix values (including `include` and `exclude`)
- Concurrency groups

The warning suggests using `|-` (strip) or `|+` (keep) to be explicit.

Intentionally does NOT warn for:
- `run:` scripts (trailing newlines are normal)
- Fields trimmed server-side (`if:`, `name:`, `runs-on:`, etc.)

The feature is gated behind the `blockScalarChompingWarning` feature flag.
2026-01-12 09:36:43 -06:00
eric sciple 2e46c66878 Context-aware autocomplete and validation for action.yml runs section (#289)
- Set main as required in node-runs-strict schema definition
- Add validation for invalid key combinations based on using value
- Add validation for missing required keys (main for node, steps for composite, image for docker)
- Filter autocomplete suggestions based on using value
- Prioritize 'using' in completions when not set yet

Fixes context-aware autocomplete for action.yml files where different
action types (node, composite, docker) have different valid keys under runs:
2026-01-06 21:09:38 -06:00
eric sciple 1a42526360 Fix false positive for literal text in if conditions (#285)
* Fix false positive for literal text in `if` conditions

Use token.value (parsed string without YAML quotes) instead of token.source
(raw YAML text) for expression parsing in single-line strings. This fixes a
false positive where `if: "${{ expr }}"` incorrectly triggered the
"literal text in condition" error because the outer quotes were treated as
literal text.

Follow-up to PR #216
Related issue: https://github.com/github/vscode-github-actions/issues/542

* Move issue reference to comment
2026-01-05 08:33:10 -06:00
eric sciple d2ffb50a92 Add language service support for action.yml files (#275)
- Add validation, completion, hover, and document links for action.yml files
- Implement document type detection to route action.yml to action-specific handlers
- Add expression context for composite actions (inputs, steps, github, runner, etc.)
- Add schema validation for required fields, branding, and composite step requirements
- Support JavaScript (node20/node24), Docker, and composite action types
- Validate action references in composite action uses steps
- Add JSDoc comments to parser and template functions
- Refactor hover to use hoverToken consistently
- Fix lint errors and add return type annotations
2026-01-02 10:38:52 -06:00
eric sciple 656a821a94 ESM migration: Add .js extensions for node16 moduleResolution (#257)
Migrate expressions, workflow-parser, and languageservice packages to use
proper ESM imports with .js extensions that work with node16 moduleResolution.

Changes:
- Update tsconfig.build.json in each package to use module: node16 and
  moduleResolution: node16
- Add .js extensions to all relative import paths (Option B approach)
- Fix yaml internal type imports in workflow-parser by defining local types
- Add skipLibCheck to handle @types/node compatibility issues
- Add TypeScript 5.8.3 override in root package.json
- Add ESM migration plan documentation

The languageserver package is deferred due to test hang issues that need
further investigation.

Related #154 - Upgrade moduleResolution from node to node16 or nodenext
Related #110 - Published ESM code has imports without file extensions
Related #64 - expressions: ERR_MODULE_NOT_FOUND attempting to run example
Related #146 - Can not import @actions/workflow-parser

Test results:
- expressions: 1068 tests passed
- workflow-parser: 292 tests passed
- languageservice: 452 tests passed

* docs: update ESM migration plan with findings

- Update languageserver blocker: vscode-languageserver v8.0.2 lacks ESM
  exports (not a test hang issue)
- Document that Option B (manual .js extensions) was chosen over Option A
  due to ts-jest compatibility issues
- Add workaround for yaml package internal types (LinePos, NodeBase)
- Update migration status table with accurate reason for deferral
- Add skipLibCheck note for @types/node compatibility
2025-12-18 13:35:48 -06:00
eric sciple 8507419ebf Add missing activity types for pull_request and pull_request_target (#242)
Fixes #51

Added the following activity types to pull_request and pull_request_target:
- milestoned
- demilestoned
- enqueued
- dequeued

These types were missing from workflow-v1.0.json but are valid workflow
triggers per GitHub docs.

Also added schema-sync.test.ts to ensure activity types in workflow-v1.0.json
stay in sync with webhooks.json. The test:
- Checks both directions (webhooks→schema and schema→webhooks)
- Has WEBHOOK_ONLY for types not valid as workflow triggers:
  - check_suite: requested, rerequested
  - registry_package: default
- Has SCHEMA_ONLY for types valid in workflows but not in webhooks:
  - registry_package: updated
- Has NAME_MAPPINGS for naming differences:
  - project_column: edited (webhook) ↔ updated (schema)
- Provides actionable error messages when mismatches are found
2025-12-08 13:44:56 -06:00
eric sciple 2934e36944 Allow empty strings in workflow_dispatch choice options (#245)
Fixes vscode#395 - Empty value for choice option shows 'Unexpected value' error

Empty strings are valid options for workflow_dispatch inputs with type: choice.
They allow users to make a choice 'optional' or force explicit selection.

Changes:
- Add sequence-of-string type that allows empty strings (unlike sequence-of-non-empty-string)
- Use sequence-of-string for workflow_dispatch options field
- Add test to verify empty string in choice options doesn't produce validation errors
2025-12-08 09:25:51 -06:00
eric sciple 108b8c2766 Support YAML anchors and aliases (#234)
Fixes https://github.com/github/vscode-github-actions/issues/405

YAML anchors (&name) and aliases (*name) are now properly supported.
When an alias is encountered during parsing, it is resolved to its
anchored value, making aliases transparent to the rest of the system.

Changes:
- workflow-parser: Handle isAlias nodes in YamlObjectReader.getNodes()
- languageservice: Add tests for various anchor/alias patterns

Test cases:
- Anchors in env mappings
- Multiple aliases to same anchor
- Anchors in matrix strategy
- Anchors in steps
- Scalar anchors (e.g., runs-on)
2025-12-08 09:18:59 -06:00
eric sciple 576402fc01 Optimize JSON data files to reduce bundle size by 90% (#229) 2025-12-05 10:27:19 -06:00
eric sciple dec597b0db Improve cron schedule validation and diagnostics (#224) 2025-12-04 11:25:15 -06:00
eric sciple 03d68e89c6 Refactor if-condition to use schema-driven validation and AST-based status function detection (#218)
- Read allowed context from schema definition instead of hardcoded constants
- Parse expressions into AST to accurately detect status functions (avoids false positives from string literals)
- Export ensureStatusFunction helper that combines checking and wrapping logic
- Remove step-if.yml from skipped tests (now passes with accurate detection)
- Add tests for if-condition wrapping in hover/completion position mapping
2025-11-25 08:56:34 -06:00
eric sciple bad1fb96af Remove isExpression flag and implement convertToIfCondition to align with Go parser architecture (#217) 2025-11-24 09:12:26 -06:00
Indigo e4f8f24be3 Closing bracket
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-11-13 14:40:37 -08:00
Indigo 168cf44245 Add new artifact-metadata permission to schema 2025-11-13 13:54:34 -08:00
Lawrence Gripper 6bd54f1b94 Merge branch 'lg/image-event' of github.com:lawrencegripper/languageservices into lg/image-event 2025-09-25 08:48:59 +00:00
Lawrence Gripper fcc72a8d97 Implement handling of new filters in typescript converter 2025-09-25 08:46:57 +00:00
Lawrence Gripper ce3b746742 Merge branch 'main' into lg/image-event 2025-09-24 11:42:22 +01:00
Lawrence Gripper 300c0dc569 Add support to language parser 2025-09-24 10:36:32 +00:00
Lawrence Gripper 7cf82aa761 review: only add snapshot for factory job. remove context which isn't applicable 2025-09-09 10:31:20 +00:00
Lawrence Gripper dd8308d7f9 Update workflow-parser/src/workflow-v1.0.json
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-09-04 16:37:04 +01:00
lawrencegripper 17f511bb6e chore(lint): Run prettier 2025-09-04 15:34:52 +00:00
lawrencegripper 4faa096820 Add support for new snapshot keyword and object into workflow parser 2025-09-04 15:25:36 +00:00
Sean Goedecke ea15cac4e0 Update workflow-v1.0.json to include models permission 2025-04-11 16:02:48 +10:00
Josh Gross 48247b8730 Merge pull request #145 from gillisandrew/bug/import-assertions
Remove import assertions
2025-03-05 12:58:01 -05:00
eric sciple 50b08a3a22 Add root-level description keyword 2025-01-28 19:24:42 +00:00
Andrew Gillis f02e9593c2 Remove import assertions 2024-11-29 09:31:04 -05:00
Brian DeHamer e42b020521 update schema with attestations permission
Signed-off-by: Brian DeHamer <bdehamer@github.com>
2024-05-01 14:32:10 -07:00
Yukai Chou cf2d9cd0b9 Fix typos in workflow schema 2023-07-07 16:25:08 +08:00
Liela Rotschy bf97052855 Add branches-ignore to merge group schema 2023-04-19 12:29:38 -06:00
Felipe Suero 6e8cbc3e8c prettify 2023-04-12 11:32:38 -04:00
Felipe Suero d0916938ce Remove TokenType 2023-04-12 11:26:59 -04:00
Felipe Suero 488879804f prettify 2023-04-11 13:56:02 -04:00
Felipe Suero 736dd1a66c add scalar handling 2023-04-11 13:54:53 -04:00
Felipe Suero d58deaf097 Remove branch 2023-04-11 10:12:38 -04:00