Comments (6)
I agree that explicitly configuring timeout-minutes
is useful to avoid common mistake around hanging jobs.
However I feel causing an error due to lack of timeout-minutes
configuration is opinionated. There are some reasons:
- actionlint does not have functionality to disable each rules (yet). Only
-ignore
option can ignore errors. It is important that all rules don't cause false-positives. - Missing
timeout-minutes
is not always bad choice since there is no quota limit to run GitHub Actions workflows if the repository is public. For those who think it's just ok to leave it for 6 hours, reporting it as error by actionlint is pure overhead. - It is not trivial that what value is suitable for value of
timeout-minutes
. People need to experiment/guess on how long the workflow usually runs. It would be an overhead on writing/maintaining workflows.
from actionlint.
In the meanwhile this could be used https://github.com/marketplace/actions/check-actions
from actionlint.
It is not trivial that what value is suitable
I'm not saying that we should force some specific value from the actionlint's side. The actual value should completely be left to users. It's enough for users to warn just like “timeout-minutes
option is missing; the default value is 360 (6 hours), which is probably not what you want”.
On the other hand, setting any value greater than 360 might also be a mistake; GitHub normally limits the maximum to 360. That said, this limit may vary for self-hosted runners, so we wouldn't be able to notice this as a mistake unless we have a reliable way to ensure the workflow is to run on self-hosted runners (I just don't know about self-hosted setup).
For those who think it's just ok to leave it for 6 hours, reporting it as error by actionlint is pure overhead.
Well, some people just “don't care” about running time, but I believe 6 hours must definitely not be what users “want”, especially when they just ignorantly omit the config. If one really expects the job to run for such a long time (or doesn't know how much time it may take), they should set it explicitly to the maximum value 360.
I understand it would introduce some sort of cognitive load for maintainers when writing workflows, but I'd say, that only applies for the very first time of setting up workflows.
from actionlint.
When writing a lot of workflows missing options such as timeout happens regularly and results in wasting resources and paying a lot when jobs get stuck. GitHub provides neither repo nor workflow level options to limit job or step running time. Having it covered by a linter would be very helpful.
from actionlint.
I would also love to see this (as an opt-in flag), so it's up for the user to decide if they want to force themselves to use timeout-minutes (and for actionlint to protect against forgetting).
We've recently had an incident in my team where a 3rd party action hanged forever and we ended up spending dozens of hours of our quota on nothing.
from actionlint.
FTR I use https://check-jsonschema.rtfd.io/en/stable/precommit_usage.html#check-a-builtin-schema to lint for this.
from actionlint.
Related Issues (20)
- Action lint fails occasionally - fatal error: concurrent map writes HOT 6
- No labels for Larger Hosted Runners HOT 2
- Actionlint does not alert on a mis-terminated expression for `if`
- Warning if explicit shell is not set HOT 2
- Support glob/regex patterns for self hosted runner labels configuration HOT 1
- Support validation of the inputs passed in the with block
- [BUG] `timeout-minutes` should allow expressions (but it demands `floats`) HOT 2
- Feature Request: checking workflow inputs for Untrusted input HOT 1
- Support tsc to check actions/github-script steps HOT 1
- Feature request: Require job name
- feature request: detect invalid reference to a workflow file HOT 1
- support macOS-14 runs on HOT 3
- Feature request: Allow usage of .shellcheckrc HOT 6
- Disallow usage of `>-`, which is not supported by GitHub actions HOT 5
- Release recent changes HOT 1
- Composite actions support? HOT 3
- False Positive On fromJson in services Mapping Nodes
- Failed on "google-github-actions/get-secretmanager-secrets" HOT 7
- v1.6.27 Actionlint do not recognising outputs from google-github-actions/get-secretmanager-secrets@v2 HOT 1
- Seems like actionlint lack support to detect when we call reusable workflow in the main workflow. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from actionlint.