GitHub Action

Basic workflow

name: DollarLint

on:
  pull_request:
  push:
    branches: [main]

permissions:
  contents: read

jobs:
  dollarlint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: dollarlint/dollarlint@vX.Y.Z
        with:
          path: .

Pin dollarlint/dollarlint to a specific release tag. When the action ref is a vX.Y.Z tag, the action downloads that version, verifies it against checksums.txt, and runs dollarlint validate.

Upload SARIF

name: DollarLint

on:
  pull_request:
  push:
    branches: [main]

permissions:
  contents: read
  security-events: write

jobs:
  dollarlint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: dollarlint/dollarlint@vX.Y.Z
        with:
          upload-sarif: true

Set upload-sarif: true to generate SARIF output and upload it to GitHub code scanning. Results are uploaded before the job fails, so any findings still appear in the security tab.

Pass validate flags

- uses: dollarlint/dollarlint@vX.Y.Z
  with:
    path: .
    args: |
      --catalogs
      --catalog-failure=error
      --exclude
      generated/**

Additional dollarlint validate flags go in args, one per line. This avoids shell parsing issues with globs and schema associations.

Common inputs

Version behavior

The most reliable way to pin a version is to use a release tag directly: dollarlint/dollarlint@vX.Y.Z installs exactly vX.Y.Z. If you use a branch or moving tag instead, set version explicitly to fix the CLI version. Without either, the action installs the latest published DollarLint release.