Check workflows for issues during CI

This PR adds an Actionlint workflow to validate GH actions as per open-quantum-safe#1866

This is an updated version of PR open-quantum-safe#1880, taking into account the discussion on that contribution.

Signed-off-by: JP Lomas <[email protected]>

.github/actionlint.yaml

@@ -0,0 +1,14 @@
+# Labels of self-hosted runner in array of strings.
+
+# NB. oqs-arm64 is not self-hosted but this configuration
+#     is required for liboqs to lint correctly with actionlint v1.7.1
+
+self-hosted-runner:
+  # Labels of self-hosted runner in array of string
+  labels:
+    - oqs-arm64
+# Configuration variables in array of strings defined in your repository or organization
+config-variables:
+  # - DEFAULT_RUNNER
+  # - JOB_NAME
+  # - ENVIRONMENT_STAGE

.github/workflows/basic.yml

@@ -7,8 +7,19 @@ on: [workflow_call, workflow_dispatch]
 
 jobs:
 
+  workflowcheck:
+    name: Check validity of GitHub workflows
+    runs-on: ubuntu-latest
+    container: openquantumsafe/ci-ubuntu-latest:latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
+      - name: Ensure GitHub actions are valid
+        run: actionlint -shellcheck "" # run *without* shellcheck
+
   stylecheck:
     name: Check code formatting
+    needs: [ workflowcheck ]
     runs-on: ubuntu-latest
     container: openquantumsafe/ci-ubuntu-latest:latest
     steps:
@@ -23,6 +34,7 @@ jobs:
 
   upstreamcheck:
     name: Check upstream code is properly integrated
+    needs: [ workflowcheck ]
     runs-on: ubuntu-latest
     container: openquantumsafe/ci-ubuntu-latest:latest
     steps:
@@ -47,7 +59,7 @@ jobs:
 
   buildcheck:
     name: Check that code passes a basic build
-    needs: [ stylecheck, upstreamcheck ]
+    needs: [ workflowcheck, stylecheck, upstreamcheck ]
     runs-on: ubuntu-latest
     container: openquantumsafe/ci-ubuntu-latest:latest
     env: