ci(repo): add actionlint workflow check

[jacekradko]

Adds an actionlint check that lints every workflow on each PR. The linter is the rhysd/actionlint Docker image pinned by digest, and .github/actionlint.yaml declares the Blacksmith runner label and drops the SC2086/SC2129/SC2162 shellcheck noise from the intentional $TURBO_ARGS splitting.

Getting it to green surfaced two real things. ci.yml set E2E_CLERK_ENCRYPTION_KEY from a matrix key that doesn't exist, so it was always empty; the integration harness already defaults that to 'a-key', so dropping the line is a runtime no-op. And the release Slack-notification step still used the deprecated ::set-output. I moved it to $GITHUB_OUTPUT and pushed publishedPackages and github.actor through env so they're no longer interpolated into the shell. That second change is the only one with any runtime behavior, so it's the part worth scrutiny: the output stays multi-line JSON via a heredoc, verified against an actor name containing a quote.

Related: SDK-79

Summary by CodeRabbit

• Chores
  • Added actionlint configuration and GitHub Actions workflow to validate workflow files for syntax and security issues.
  • Updated integration testing environment configuration in CI pipeline.
  • Improved release notification payload generation using enhanced formatting method.

[changeset-bot]

🦋 Changeset detected

Latest commit: 49c2d68

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Jun 16, 2026 1:31pm
swingset	Ready	Preview, Comment	Jun 16, 2026 1:31pm

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds an actionlint GitHub Actions workflow and its YAML configuration to lint workflow files on PRs and pushes to main. Also removes the E2E_CLERK_ENCRYPTION_KEY env var from the ci.yml integration-tests step and migrates the release.yml notification payload step from the deprecated ::set-output to the GITHUB_OUTPUT heredoc pattern.

Changes

CI Workflow Improvements

Layer / File(s)	Summary
Actionlint workflow and configuration .github/actionlint.yaml, .github/workflows/actionlint.yml, .changeset/sdk-79-actionlint.md	New actionlint.yaml config allowlists the blacksmith-8vcpu-ubuntu-2204 self-hosted runner label. New actionlint.yml workflow triggers on PRs and pushes to main, uses sparse checkout of .github, and runs actionlint via a pinned Docker image digest with shellcheck exclusions. A placeholder changeset file is added.
Workflow fixes .github/workflows/ci.yml, .github/workflows/release.yml	Removes E2E_CLERK_ENCRYPTION_KEY from the integration-tests env block in ci.yml. Updates the "Generate notification payload" step in release.yml to write to GITHUB_OUTPUT using a heredoc delimiter instead of the deprecated ::set-output command.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

actions

🐇 A rabbit once linted with glee,
Workflows now checked — error-free!
Old set-output is gone,
The heredoc lives on,
And actionlint hops wild and free! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title 'ci(repo): add actionlint workflow check' accurately and concisely summarizes the main change—adding actionlint workflow linting to the repository.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8874

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8874

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8874

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8874

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8874

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8874

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8874

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8874

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8874

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8874

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8874

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8874

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8874

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8874

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8874

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8874

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8874

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8874

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8874

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8874

commit: 49c2d68