org secrets detected as invalid

[jplimack]

i have a slew of org secrets defined in my .github/actionlint.yaml, but trunk.io is showing me that they are invalid. im probably doing something wrong, but the docs on how to do this properly are seemingly absent

	"resource": "$repo/.github/workflows/workflow.yaml",
	"owner": "_generated_diagnostic_collection_name_#3",
	"severity": 4,
	"message": "Context access might be invalid: MY_ORG_SECRET",
	"startLineNumber": 40,
	"startColumn": 43,
	"endLineNumber": 40,
	"endColumn": 76,
	"origin": "extHost1"
}]

[muzimuzhi]

Is the config file .actionlint.yaml supported?

According to both the actionlint doc and trunk.io doc, only .github/actionlint.y(a)ml is supported.

[jplimack]

Is the config file .actionlint.yaml supported?

According to both the actionlint doc and trunk.io doc, only .github/actionlint.y(a)ml is supported.

that is what I have, .github/actionlint.yaml, sorry for the typo with the extra .. ive corrected the mistake above.
fwiw, its honoring my custom internal runners, but not secrets.

[muzimuzhi]

Does it reproduce with calling actionlint directly? An example is welcome.

[holtkampjs]

What are the contents of your .github/actionlint.yaml file? Fuzz out anything you wouldn't want to post openly.

[jplimack]

this seems fine calling actionlint directly and only an issue when using the trunk.io plugin

# Configuration related to self-hosted runner.
self-hosted-runner:
  # Labels of self-hosted runner in array of strings.
  labels:
    - int-runner-a

secrets:
  - ORG_GORELEASER_KEY

rules:
  - id: context-access
    allow-undefined-secrets: true

[holtkampjs]

That syntax looks different than I expected. The top level keys I know are valid are:

• self-hosted-runner
• config-variables
• paths

Of these keys, I used:

config-variables:
  - MY_SECRET
  - MY_SECRET_2
  - SOME_ENVIRONMENT_VARIABLE

I'm looking at the latest version of the docs, is it possible you're on a previous version?

EDIT: config-values: -> config-variables: