`v2` tag interferes with `v2` branch when using actionlint

[jrfnl]

When using actionlint workflow verification, actionlint reports that the github-token input doesn't exist.

That's nonsense of course, but looks to be because there is both a v2 branch (which is up to date) and a v2 tag (which is way behind at the 2.12.0 release).

Would it make sense to update the v2 tag to be equal to the latest release ? Or to even remove the v2 tag ?

The issue can be reproduced with a workflow which contains the following:

      - name: Install PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: 'latest'
          github-token: ${{ secrets.GITHUB_TOKEN }}

And then running the following job:

  actionlint:
    name: 'Actionlint'
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Add problem matcher
        shell: bash
        run: |
          curl -o actionlint-matcher.json https://raw.githubusercontent.com/rhysd/actionlint/main/.github/actionlint-matcher.json
          echo "::add-matcher::actionlint-matcher.json"

      - name: Check workflow files
        uses: docker://rhysd/actionlint:latest
        with:
          args: -color

[shivammathur]

@jrfnl

There is no v2 branch.
There is a releases/v2 branch and a v2 tag, and both should refer to the same commit.

Most likely actionlint has the metadata for v2 tag cached and that needs to be updated.

[shivammathur]

Should be fixed by rhysd/actionlint#562 and a new release.

[jrfnl]

Most likely actionlint has the metadata for v2 tag cached and that needs to be updated.

@shivammathur Oh that makes perfect sense, yes.

Thank you so much for figuring out where things needed to be fixed in actionlint! 🦸🏻

[jrfnl]

P.S.: I'll watch the actionlint PR and will run a test again once it has been merged.