ci(repo): add actionlint workflow check

[jacekradko]

Adds an actionlint check that lints every workflow on each PR. The linter is the rhysd/actionlint Docker image pinned by digest, and .github/actionlint.yaml declares the Blacksmith runner label and drops the SC2086/SC2129/SC2162 shellcheck noise from the intentional $TURBO_ARGS splitting.

Getting it to green surfaced two real things. ci.yml set E2E_CLERK_ENCRYPTION_KEY from a matrix key that doesn't exist, so it was always empty; the integration harness already defaults that to 'a-key', so dropping the line is a runtime no-op. And the release Slack-notification step still used the deprecated ::set-output. I moved it to $GITHUB_OUTPUT and pushed publishedPackages and github.actor through env so they're no longer interpolated into the shell. That second change is the only one with any runtime behavior, so it's the part worth scrutiny: the output stays multi-line JSON via a heredoc, verified against an actor name containing a quote.

Related: SDK-79

Summary by CodeRabbit

Summary by CodeRabbit

• Chores
  • Added an actionlint configuration and a dedicated workflow to lint GitHub Actions workflows for syntax and safety.
  • Updated CI integration tests to stop passing the e2e encryption key environment variable.
  • Improved the Release workflow’s notification payload generation to use GITHUB_OUTPUT, ensuring correctly formatted multiline output.

[changeset-bot]

🦋 Changeset detected

Latest commit: 9fffd50

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Jun 25, 2026 11:58am
swingset	Ready	Preview, Comment	Jun 25, 2026 11:58am

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Repository UI (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: d038d373-77bf-417b-93f4-f7b0aa92aa8c

📥 Commits

Reviewing files that changed from the base of the PR and between 0d6eaf4 and 9fffd50.

📒 Files selected for processing (1)

• .github/actionlint.yaml

---

📝 Walkthrough

Walkthrough

Adds an actionlint workflow and configuration for GitHub Actions linting, removes one integration-test environment variable, and rewrites the release notification payload step to use GITHUB_OUTPUT with a heredoc.

Changes

CI Workflow Improvements

Layer / File(s)	Summary
Actionlint workflow and configuration .github/actionlint.yaml, .github/workflows/actionlint.yml, .changeset/sdk-79-actionlint.md	Adds the actionlint workflow, the runner-label allowlist config, and a placeholder changeset file.
Workflow fixes: remove deprecated env var and set-output .github/workflows/ci.yml, .github/workflows/release.yml	Removes E2E_CLERK_ENCRYPTION_KEY from the integration-tests env block in ci.yml and updates the release notification payload step to write to GITHUB_OUTPUT with a heredoc.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• wobsoriano

🐇 I hopped through workflows, bright and neat,
With actionlint checking each GitHub beat.
The old output spell
Has bid farewell,
And releases now land with a heredoc treat!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: adding an actionlint workflow check to CI.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands.}

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8874

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8874

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8874

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8874

@clerk/electron

npm i https://pkg.pr.new/@clerk/electron@8874

@clerk/electron-passkeys

npm i https://pkg.pr.new/@clerk/electron-passkeys@8874

@clerk/eslint-plugin

npm i https://pkg.pr.new/@clerk/eslint-plugin@8874

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8874

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8874

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8874

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8874

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8874

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8874

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8874

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8874

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8874

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8874

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8874

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8874

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8874

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8874

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8874

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8874

commit: 9fffd50