Add Actionlint check for actions

.github/dependabot.yml

@@ -1,11 +1,11 @@
+---
 # To get started with Dependabot version updates, you'll need to specify which
 # package ecosystems to update and where the package manifests are located.
 # Please see the documentation for all configuration options:
 # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
 version: 2
 updates:
-  - package-ecosystem: "github-actions" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: github-actions
+    directory: /  # Location of package manifests
     schedule:
-      interval: "daily"
+      interval: daily

.github/workflows/basic.yml

@@ -15,8 +15,9 @@ on:
         required: false
         type: number
       working-directory:
-        description: The working directory where all jobs should be executed. Used for modules in subdirectories like a monorepo or a control repository.
-        default: '.'
+        description: The working directory where all jobs should be executed. Used
+          for modules in subdirectories like a monorepo or a control repository.
+        default: .
         required: false
         type: string
       cache-version:
@@ -48,7 +49,7 @@ jobs:
       github_action_test_matrix: ${{ steps.get-outputs.outputs.github_action_test_matrix }}
     env:
       BUNDLE_WITHOUT: development:system_tests:release
-      PUPPET_GEM_VERSION: ">= 7.0"
+      PUPPET_GEM_VERSION: '>= 7.0'
     steps:
       - uses: actions/checkout@v4
       - name: install additional packages
@@ -69,7 +70,6 @@ jobs:
       - name: Setup Test Matrix
         id: get-outputs
         run: bundle exec metadata2gha
-
   unit:
     defaults:
       run:
@@ -83,7 +83,7 @@ jobs:
         include: ${{fromJson(needs.setup_matrix.outputs.puppet_unit_test_matrix)}}
     env:
       BUNDLE_WITHOUT: development:system_tests:release
-      PUPPET_GEM_VERSION: "~> ${{ matrix.puppet }}.0"
+      PUPPET_GEM_VERSION: '~> ${{ matrix.puppet }}.0'
     name: ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }})
     steps:
       - uses: actions/checkout@v4
@@ -99,7 +99,6 @@ jobs:
           working-directory: ${{ inputs.working-directory }}
       - name: Run tests
         run: bundle exec rake parallel_spec
-
   tests:
     if: always()
     needs: unit

.github/workflows/beaker.yml

@@ -5,7 +5,8 @@ on:
   workflow_call:
     inputs:
       pidfile_workaround:
-        description: How to apply the systemd PIDFile workaround for acceptance tests, if at all
+        description: How to apply the systemd PIDFile workaround for acceptance tests,
+          if at all
         default: 'false'
         required: false
         type: string
@@ -20,8 +21,9 @@ on:
         required: false
         type: number
       working-directory:
-        description: The working directory where all jobs should be executed. Used for modules in subdirectories like a monorepo or a control repository.
-        default: '.'
+        description: The working directory where all jobs should be executed. Used
+          for modules in subdirectories like a monorepo or a control repository.
+        default: .
         required: false
         type: string
       cache-version:
@@ -40,7 +42,8 @@ on:
         required: false
         type: string
       install_vagrant_dependencies:
-        description: When true and beaker_hypervisor==vagrant_libvirt, we will install vagrant + libvirt
+        description: When true and beaker_hypervisor==vagrant_libvirt, we will install
+          vagrant + libvirt
         default: true
         required: false
         type: boolean
@@ -56,7 +59,7 @@ on:
         type: string
       domain:
         description: The domain that will be used for the beaker instances
-        default: "example.com"
+        default: example.com
         required: false
         type: string
       unit_runs_on:
@@ -90,7 +93,7 @@ jobs:
       puppet_beaker_test_matrix: ${{ steps.get-outputs.outputs.puppet_beaker_test_matrix }}
     env:
       BUNDLE_WITHOUT: development:system_tests:release
-      PUPPET_GEM_VERSION: ">= 7.0"
+      PUPPET_GEM_VERSION: '>= 7.0'
     steps:
       - uses: actions/checkout@v4
       - name: install additional packages
@@ -112,8 +115,9 @@ jobs:
         if: ${{ inputs.rubocop }}
       - name: Setup Test Matrix
         id: get-outputs
-        run: bundle exec metadata2gha --domain ${{ inputs.domain }} --pidfile-workaround ${{ inputs.pidfile_workaround }} --beaker-facter "${{ inputs.beaker_facter }}" --beaker-hosts "${{ inputs.beaker_hosts }}"
-
+        run: bundle exec metadata2gha --domain ${{ inputs.domain }} --pidfile-workaround
+          ${{ inputs.pidfile_workaround }} --beaker-facter "${{ inputs.beaker_facter }}"
+          --beaker-hosts "${{ inputs.beaker_hosts }}"
   unit:
     defaults:
       run:
@@ -127,7 +131,7 @@ jobs:
         include: ${{fromJson(needs.setup_matrix.outputs.puppet_unit_test_matrix)}}
     env:
       BUNDLE_WITHOUT: development:system_tests:release
-      PUPPET_GEM_VERSION: "~> ${{ matrix.puppet }}.0"
+      PUPPET_GEM_VERSION: '~> ${{ matrix.puppet }}.0'
     name: ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }})
     steps:
       - uses: actions/checkout@v4
@@ -145,7 +149,6 @@ jobs:
           working-directory: ${{ inputs.working-directory }}
       - name: Run tests
         run: bundle exec rake parallel_spec
-
   acceptance:
     defaults:
       run:
@@ -154,12 +157,12 @@ jobs:
     runs-on: ${{ inputs.acceptance_runs_on }}
     env:
       BUNDLE_WITHOUT: development:test:release
-      BEAKER_HCLOUD_TOKEN: '${{ secrets.beaker_hcloud_token }}'
+      BEAKER_HCLOUD_TOKEN: ${{ secrets.beaker_hcloud_token }}
     strategy:
       fail-fast: false
       matrix:
         include: ${{fromJson(needs.setup_matrix.outputs.puppet_beaker_test_matrix)}}
-    name: "${{ matrix.name }}"
+    name: ${{ matrix.name }}
     steps:
       - uses: actions/checkout@v4
       - name: install additional packages

.github/workflows/prepare_release.yml

@@ -1,46 +1,46 @@
 ---
-
 name: Prepare Release
 
 on:
   workflow_call:
     inputs:
       allowed_owner:
-        description: 'Only allow this owner'
+        description: Only allow this owner
         required: true
         type: string
       version:
-        description: 'Module version to be released.'
+        description: Module version to be released.
         required: false
         default: ''
         type: string
       working-directory:
-        description: The working directory where all jobs should be executed. Used for modules in subdirectories like a monorepo or a control repository.
-        default: '.'
+        description: The working directory where all jobs should be executed. Used
+          for modules in subdirectories like a monorepo or a control repository.
+        default: .
         required: false
         type: string
       base-branch:
-        description: 'The branch that will be used as the origin for the release branch.'
+        description: The branch that will be used as the origin for the release branch.
         required: false
         default: ''
         type: string
     secrets:
       github_pat:
-        description: 'The pccibot PAT that will create the PR'
+        description: The pccibot PAT that will create the PR
         required: true
 env:
   BUNDLE_WITHOUT: development:test:system_tests
   BUNDLE_WITH: release
   GIT_AUTHOR_NAME: Release Automation
-  GIT_AUTHOR_EMAIL: "${{ github.repository_owner }}@users.noreply.github.com"
-  BLACKSMITH_FULL_VERSION: "${{ inputs.version }}"
+  GIT_AUTHOR_EMAIL: ${{ github.repository_owner }}@users.noreply.github.com
+  BLACKSMITH_FULL_VERSION: ${{ inputs.version }}
 
 jobs:
   prepare_release:
     defaults:
       run:
         working-directory: ${{ inputs.working-directory }}
-    name: 'Prepare Release'
+    name: Prepare Release
     runs-on: ubuntu-24.04
     if: github.repository_owner == inputs.allowed_owner
     steps:
@@ -68,18 +68,18 @@ jobs:
       - name: Prepare the release
         env:
           # https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication
-          CHANGELOG_GITHUB_TOKEN: '${{ secrets.github_pat }}'
+          CHANGELOG_GITHUB_TOKEN: ${{ secrets.github_pat }}
         run: bundle exec rake release:prepare
       - name: Create pull Request
         uses: peter-evans/create-pull-request@v7
         with:
-          commit-message: "Release ${{ inputs.version }}"
+          commit-message: Release ${{ inputs.version }}
           branch: release-prep
           delete-branch: true
-          title: "Release ${{ inputs.version }}"
+          title: Release ${{ inputs.version }}
           labels: skip-changelog
-          token: '${{ secrets.github_pat }}'
-          assignees: '${{ github.triggering_actor }}'
-          body: |
+          token: ${{ secrets.github_pat }}
+          assignees: ${{ github.triggering_actor }}
+          body: |-
             Automated release-prep through https://github.com/voxpupuli/gha-puppet/ from commit ${{ github.sha }}.
-            Checkout the [module release instructions](https://voxpupuli.org/docs/releasing_version/).
+            Check out the [module release instructions](https://voxpupuli.org/docs/releasing_version/).

.github/workflows/release.yml

@@ -1,25 +1,25 @@
 ---
-
 name: Release
 
 on:
   workflow_call:
     inputs:
       allowed_owner:
-        description: 'Only allow this owner'
+        description: Only allow this owner
         required: true
         type: string
       working-directory:
-        description: The working directory where all jobs should be executed. Used for modules in subdirectories like a monorepo or a control repository.
-        default: '.'
+        description: The working directory where all jobs should be executed. Used
+          for modules in subdirectories like a monorepo or a control repository.
+        default: .
         required: false
         type: string
     secrets:
       username:
-        description: 'The forge username to use'
+        description: The forge username to use
         required: true
       api_key:
-        description: 'The forge API key'
+        description: The forge API key
         required: true
 
 env:
@@ -30,7 +30,7 @@ jobs:
     defaults:
       run:
         working-directory: ${{ inputs.working-directory }}
-    name: 'Puppet Forge'
+    name: Puppet Forge
     runs-on: ubuntu-24.04
     if: github.repository_owner == inputs.allowed_owner
     steps:
@@ -48,8 +48,8 @@ jobs:
         env:
           # Configure secrets here:
           #  https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets
-          BLACKSMITH_FORGE_USERNAME: '${{ secrets.username }}'
-          BLACKSMITH_FORGE_API_KEY: '${{ secrets.api_key }}'
+          BLACKSMITH_FORGE_USERNAME: ${{ secrets.username }}
+          BLACKSMITH_FORGE_API_KEY: ${{ secrets.api_key }}
         run: bundle exec rake module:push
       - name: Create Release Page
         shell: bash

.github/workflows/self_check.yml

@@ -0,0 +1,22 @@
+---
+name: Self Checks
+
+on: pull_request
+jobs:
+  actionlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: actionlint
+        uses: raven-actions/actionlint@v2
+  yamllint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+      - name: Install yamllint
+        run: pip3 install yamllint
+      - name: Run yamllint
+        run: yamllint -f github .

.yamllint

@@ -0,0 +1,4 @@
+---
+rules:
+  indentation:
+    spaces: 2