- Remove duplicate test file (errors-job-environment-deployment-disabled-feature.yml)
- Move deployment feature flag check before expression skip so
deployment: ${{ ... }} is still gated by allowDeploymentKeyword
Add support for the 'deployment' boolean property under 'environment:' in
workflow YAML. When set to false, the job accesses environment protection
rules and secrets without creating a deployment record.
Changes:
- Add 'deployment' to job-environment-mapping schema (workflow-v1.0.json)
- Add 'deployment' to ActionsEnvironmentReference type
- Add feature-gated parsing in environment converter
- Add 'allowDeploymentKeyword' experimental feature flag
- Add xlang test data for enabled/disabled feature flag scenarios
* Add copilot-requests permission gated by feature flag
This add a new 'copilot-requests' permission to the workflow schema,
gated behind the 'allowCopilotRequestsPermission' experimental
feature flag.
When the flag is disabled (default), `copilot-requests` is filtered
out of autocomplete suggestions. When enabled, it appears
alongside other permissions like actions, contents, pull-requests,
etc.
* Update workflow-parser/src/workflow-v1.0.json
* Add additional unit test coverage
* Fix formatting
Replace NPM_TOKEN-based authentication with OIDC trusted publishing.
This eliminates the need for long-lived npm access tokens.
Changes:
- Add id-token: write permission to the release job
- Add registry-url to setup-node
- Remove the setup authentication step (.npmrc token write)
- Remove NPM_TOKEN env var from the Publish packages step
Requires trusted publisher configuration on npmjs.com for each package.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* update default runner image labels
* chore: format in style of file
* remove old labels
* tests: update expected length of runner labels in tests
* tests: fix another test, missed
Update the step-uses description to mention that actions can also be
used from private repositories when access is enabled via repository
settings.
Fixes#319
## Problem
In workflow YAML files, writing `if: foo == bar` shows an error because `foo` and `bar` are not valid contexts. However, the same invalid expression in an action.yml file showed no error.
## Solution
Add expression validation for implicit `if` conditions in action.yml files, matching the behavior of workflow YAML validation.
## What's new
1. **Pre-if/post-if validation** (node and docker actions)
- `pre-if: foo == bar` now shows error for unknown context
- `post-if: unknownFunc()` now shows error for unknown function
2. **Composite step `if` validation** (fix)
- Errors from `convertToIfCondition` were being lost due to call ordering
- Now captured correctly by calling conversion before retrieving errors
## Why the refactor?
The diff includes consolidating multiple validation loops into a single `validateAllTokens()` traversal. This matches the pattern used in workflow YAML validation (`additionalValidations`), making the code consistent between the two validation paths.
* Add missing validation for action.yml (parity with workflow files)
- Add uses format validation for composite action steps
- Validates owner/repo@ref format
- Supports docker:// and ./ local references
- Warns about shortened SHA refs (security concern)
- Detects reusable workflow references in wrong context
- Add if literal text detection for composite action steps
- Detects literal text outside ${{ }} that makes conditions always truthy
- Works for both plain string and mixed expression formats
- Uses shared hasFormatWithLiteralText() utility
- Add pre-if/post-if validation for node and docker actions
- Errors on explicit ${{ }} syntax (runner only supports implicit expressions)
- Literal text detection for implicit expressions
- New runs-if schema type with proper context (runner, github, job, env, inputs, status functions)
- Validates only in strict schema used by language services
- Add format() function validation for all expressions
- Validates format string syntax in all expression contexts
- Checks argument count matches placeholders
- Fix env and matrix context providers to return complete=false
- Prevents false positive 'unknown context' errors
- Matches behavior of other dynamic contexts (secrets, vars, etc.)
- Refactor validation utilities into utils/validate-uses.ts and utils/validate-if.ts
- Shared between workflow and action validation
- Consistent error messages and codes
* Add strategy and matrix contexts to runs-if definition
Based on runner source code analysis (actions/runner):
- ExecutionContext.InitializeJob() populates ExpressionValues from message.ContextData
- strategy and matrix are part of message.ContextData, available before any steps run
- StepsRunner evaluates all steps (pre, main, post) using the same code path
Did NOT add:
- steps: empty at pre-if time (no steps completed yet)
- hashFiles: workspace files don't exist at pre-step time
* Setup CodeActions and add quickfix for missing inputs
* PR feedback
* Update languageservice/src/code-actions/quickfix/add-missing-inputs.ts
Co-authored-by: Salman Chishti <salmanmkc@GitHub.com>
* Fix indentSize detection for code actions after rebase
- Add indentSize to MissingInputsDiagnosticData interface
- Pass indentSize parameter from validate.ts to validateActionReference
- Detect indentSize from workflow structure (jobs key to first child)
- Fall back to detecting from with: block children when available
* update typescript
* formatting
* linting
* Gate missing inputs quickfix behind feature flag
* Address PR review: rename files, move position calculation to quickfix
- Rename index.ts files to follow repo patterns:
- code-actions/index.ts → code-actions/code-actions.ts
- code-actions/quickfix/index.ts → quickfix/quickfix-providers.ts
- Move position calculation from validation to quickfix:
- MissingInputsDiagnosticData now passes raw token ranges
- Quickfix computes insertion position and indentation at code action time
- detectIndentSize moved from validate.ts to validate-action-reference.ts
* wip
* Remove pointless comment
---------
Co-authored-by: Salman Chishti <salmanmkc@GitHub.com>