CI Badge
API Document

actionlint is a static checker for GitHub Actions workflow files. Try it online!


  • Syntax check for workflow files to check unexpected or missing keys following workflow syntax
  • Strong type check for ${{ }} expressions to catch several semantic errors like access to not existing property,
    type mismatches, …
  • Actions usage check to check that inputs at with: and outputs in steps.{id}.outputs are correct
  • shellcheck and pyflakes integrations for scripts at run:
  • Security checks; script injection by untrusted inputs, hard-coded credentials
  • Other several useful checks; glob syntax validation, dependencies check for needs:,
    runner label validation, cron syntax validation, …

See the document for full list of checks done by actionlint.

actionlint reports 7 errors

Example of broken workflow:

    branch: main
      - 'v\d+'
        os: [macos-latest, linux-latest]
    runs-on: ${{ matrix.os }}
      - run: echo "Checking commit '${{ github.event.head_commit.message }}'"
      - uses: actions/[email protected]
      - uses: actions/[email protected]
          node_version: 16.x
      - uses: actions/[email protected]
          path: ~/.npm
          key: ${{ matrix.platform }}-node-${{ hashFiles('**/package-lock.json') }}
        if: ${{ github.repository.permissions.admin == true }}
      - run: npm install && npm test

actionlint reports 7 errors:

test.yaml:3:5: unexpected key "branch" for "push" section. expected one of "branches", "branches-ignore", "paths", "paths-ignore", "tags", "tags-ignore", "types", "workflows" [syntax-check]
3 |     branch: main
  |     ^~~~~~~
test.yaml:5:11: character '\' is invalid for branch and tag names. only special characters [, ?, +, *, \ ! can be escaped with \. see `man git-check-ref-format` for more details. note that regular expression is unavailable. note: filter pattern syntax is explained at [glob]
5 |       - 'v\d+'
  |           ^~~~
test.yaml:10:28: label "linux-latest" is unknown. available labels are "windows-latest", "windows-2022", "windows-2019", "windows-2016", "ubuntu-latest", "ubuntu-20.04", "ubuntu-18.04", "macos-latest", "macos-11", "macos-11.0", "macos-10.15", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file [runner-label]
10 |         os: [macos-latest, linux-latest]
   |                            ^~~~~~~~~~~~~
test.yaml:13:41: "github.event.head_commit.message" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see for more details [expression]
13 |       - run: echo "Checking commit '${{ github.event.head_commit.message }}'"
   |                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test.yaml:17:11: input "node_version" is not defined in action "actions/[email protected]". available inputs are "always-auth", "architecture", "cache", "cache-dependency-path", "check-latest", "node-version", "registry-url", "scope", "token", "version" [action]
17 |           node_version: 16.x
   |           ^~~~~~~~~~~~~
test.yaml:21:20: property "platform" is not defined in object type {os: string} [expression]
21 |           key: ${{ matrix.platform }}-node-${{ hashFiles('**/package-lock.json') }}
   |                    ^~~~~~~~~~~~~~~
test.yaml:22:17: receiver of object dereference "permissions" must be type of object but got "string" [expression]
22 |         if: ${{ github.repository.permissions.admin == true }}
   |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • Running a workflow is time consuming. You need to push the changes and wait until the workflow runs on GitHub even if
    it contains some trivial mistakes. act is useful to debug the workflow locally. But it is not suitable for CI and still
    time consuming when your workflow gets larger.
  • Checks of workflow files by GitHub are very loose. It reports no error even if unexpected keys are in mappings
    (meant that some typos in keys). And also it reports no error when accessing to property which is actually not existing.
    For example when no foo is defined in matrix: section, it is evaluated to null and causes no error.
  • Some mistakes silently break a workflow. Most common case I saw is specifying missing property to cache key. In the
    case cache silently does not work properly but a workflow itself runs without error. So you might not notice the mistake

Quick start

Install actionlint command by downloading the released binary or by Homebrew or by go install. See
the installation document for more details like how to manage the command with Homebrew or run via Docker

go install[email protected]

Basically all you need to do is run the actionlint command in your repository. actionlint automatically detects workflows and
checks errors. actionlint focuses on finding out mistakes. It tries to catch errors as much as possible and make false positives
as minimal as possible.


Another option to try actionlint is the online playground. Your browser can run actionlint through WebAssembly.

See the usage document for more details.


  • Checks: Full list of all checks done by actionlint with example inputs, outputs, and playground links.
  • Installation: Installation instructions. Prebuilt binaries, Homebrew package, a Docker image, building from
    source, a download script (for CI) are available.
  • Usage: How to use actionlint command locally or on GitHub Actions, the online playground, an official Docker
    image, and integrations with reviewdog, Problem Matchers, super-linter, pre-commit.
  • Configuration: How to configure actionlint behavior. Currently only labels of self-hosted runners can be
  • Go API: How to use actionlint as Go library.
  • References: Links to resources.

Bug reporting

When you see some bugs or false positives, it is helpful to file a new issue with a minimal example
of input. Giving me some feedbacks like feature requests or ideas of additional checks is also welcome.


actionlint is distributed under the MIT license.


View Github