From 67d165cbaed1e8da45fb5c8df003d43bc9eef192 Mon Sep 17 00:00:00 2001
From: Chris Banks <chris.banks@digital.cabinet-office.gov.uk>
Date: Fri, 28 Jun 2024 17:02:05 +0100
Subject: [PATCH 1/3] Update actionlint from 1.7.0 to 1.7.1.

https://github.com/rhysd/actionlint/releases/tag/v1.7.1
---
 .github/workflows/actionlint.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
index 8343da79f..ca4a9a518 100644
--- a/.github/workflows/actionlint.yml
+++ b/.github/workflows/actionlint.yml
@@ -11,8 +11,8 @@ jobs:
         show-progress: false
     - id: install
       env:
-        VERSION: '1.7.0'
-      run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/b6b7a2901eb4fa4bae2e6d8f9b6edd1a37b3cca7/scripts/download-actionlint.bash) "$VERSION" .
+        VERSION: '1.7.1'
+      run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/4f6274a8e0f4f4d2057aa9ae07660f61aa29c5f3/scripts/download-actionlint.bash) "$VERSION" .
     - name: Run actionlint
       env:
         ACTIONLINT: '${{ steps.install.outputs.executable }}'

From d1c317fe11df7db4644c075dfedfc7cf17246995 Mon Sep 17 00:00:00 2001
From: Chris Banks <chris.banks@digital.cabinet-office.gov.uk>
Date: Fri, 28 Jun 2024 17:19:41 +0100
Subject: [PATCH 2/3] Factor out actionlint config into a reusable action.

This lets us keep the version pinning and config in a single place while
using actionlint in other repos.
---
 .github/actions/actionlint/action.yml | 27 +++++++++++++++++++++++++++
 .github/workflows/actionlint.yml      | 24 ++++--------------------
 2 files changed, 31 insertions(+), 20 deletions(-)
 create mode 100644 .github/actions/actionlint/action.yml

diff --git a/.github/actions/actionlint/action.yml b/.github/actions/actionlint/action.yml
new file mode 100644
index 000000000..ef079f3d7
--- /dev/null
+++ b/.github/actions/actionlint/action.yml
@@ -0,0 +1,27 @@
+# This reusable action exists only to reduce toil by representing GOV.UK's
+# global config for rhysd/actionlint in a single place so we don't have to
+# change it in N repos every time we update.
+name: Run actionlint
+description: Lint GitHub Actions YAML files with rhysd/actionlint.
+runs:
+  using: composite
+  steps:
+    - id: install
+      shell: bash
+      env:
+        VERSION: '1.7.1'
+      run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/4f6274a8e0f4f4d2057aa9ae07660f61aa29c5f3/scripts/download-actionlint.bash) "$VERSION" .
+    - name: Run actionlint
+      shell: bash
+      env:
+        ACTIONLINT: '${{ steps.install.outputs.executable }}'
+      run: |
+        echo "::add-matcher::.github/actionlint-matcher.json"
+        # TODO: move non-global ignores inline or to in-tree actionlint.yml once
+        #       https://www.github.com/rhysd/actionlint/issues/237 and/or
+        #       https://www.github.com/rhysd/actionlint/issues/217 is fixed.
+        # TODO: remove -ignore "property .runner. is not defined" once
+        #       https://www.github.com/rhysd/actionlint/issues/77 is fixed.
+        "$ACTIONLINT" -color \
+          -ignore "property .runner. is not defined" \
+          -ignore "property .repository_visibility. is not defined"
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
index ca4a9a518..a6ab5dba3 100644
--- a/.github/workflows/actionlint.yml
+++ b/.github/workflows/actionlint.yml
@@ -6,23 +6,7 @@ jobs:
   actionlint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-      with:
-        show-progress: false
-    - id: install
-      env:
-        VERSION: '1.7.1'
-      run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/4f6274a8e0f4f4d2057aa9ae07660f61aa29c5f3/scripts/download-actionlint.bash) "$VERSION" .
-    - name: Run actionlint
-      env:
-        ACTIONLINT: '${{ steps.install.outputs.executable }}'
-      run: |
-        echo "::add-matcher::.github/actionlint-matcher.json"
-        # TODO: move -ignores inline or to actionlint.yml once
-        #       https://www.github.com/rhysd/actionlint/issues/237 and/or
-        #       https://www.github.com/rhysd/actionlint/issues/217 is fixed.
-        # TODO: remove -ignore "property .runner. is not defined" once
-        #       https://www.github.com/rhysd/actionlint/issues/77 is fixed.
-        "$ACTIONLINT" -color \
-          -ignore "property .runner. is not defined" \
-          -ignore "property .repository_visibility. is not defined"
+      - uses: actions/checkout@v4
+        with:
+          show-progress: false
+      - uses: alphagov/govuk-infrastructure/.github/actions/actionlint@main

From e334fe0afcdfc198a07bdc4b6558081f42fc5e2d Mon Sep 17 00:00:00 2001
From: Chris Banks <chris.banks@digital.cabinet-office.gov.uk>
Date: Fri, 28 Jun 2024 17:54:12 +0100
Subject: [PATCH 3/3] Eliminate the unnecessary version number.

The install script defaults to the current version and we're already
pinning the commit sha of the install script.
---
 .github/actions/actionlint/action.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/actions/actionlint/action.yml b/.github/actions/actionlint/action.yml
index ef079f3d7..821e7b26d 100644
--- a/.github/actions/actionlint/action.yml
+++ b/.github/actions/actionlint/action.yml
@@ -9,8 +9,8 @@ runs:
     - id: install
       shell: bash
       env:
-        VERSION: '1.7.1'
-      run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/4f6274a8e0f4f4d2057aa9ae07660f61aa29c5f3/scripts/download-actionlint.bash) "$VERSION" .
+        ACTIONLINT_SHA: 4f6274a8e0f4f4d2057aa9ae07660f61aa29c5f3  # v1.7.1
+      run: bash <(curl "https://raw.githubusercontent.com/rhysd/actionlint/$ACTIONLINT_SHA/scripts/download-actionlint.bash")
     - name: Run actionlint
       shell: bash
       env: