chore(deps): update rhysd/actionlint docker tag to v1.7.8

[renovate]

This PR contains the following updates:

Package	Update	Change
rhysd/actionlint	patch	1.7.7 -> 1.7.8

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Pull Request Review

Summary

This PR updates the rhysd/actionlint Docker image from version 1.7.7 to 1.7.8, including updating the corresponding SHA256 hash. This is an automated dependency update managed by Renovate.

Code Quality and Best Practices ✅

Strengths:

• The change follows the repository's established pattern for dependency management
• Uses pinned versions with SHA256 hashes for security and reproducibility (Makefile:72)
• Includes the renovate comment directive to enable automated updates
• The version string format VERSION@sha256:HASH provides both version tracking and integrity verification

Observations:

• The change is minimal and focused, affecting only the necessary lines
• Consistent with previous dependency updates visible in CHANGELOG.md
• The Makefile target check-github-actions-workflows-linting (Makefile:74-76) properly uses this version variable

Potential Bugs or Issues ✅

No issues identified:

• The change is straightforward - only updating version and hash strings
• No logic changes that could introduce bugs
• The SHA256 hash provides integrity verification when the Docker image is pulled

Verification needed:

• The SHA256 hash 96d4a8c87dbbfb3bdd324f8fdc285fc3df5261e2decc619a4dd7e8ee52bbfd46 should match the official Docker image for rhysd/actionlint:1.7.8
• CI checks should verify the image pulls correctly and actionlint functions as expected

Performance Considerations ✅

Neutral impact:

• Docker image version updates typically have minimal performance impact
• Any performance changes would come from upstream actionlint improvements
• The image pull time might vary slightly based on image size differences

Security Concerns ✅

Security best practices maintained:

• SHA256 pinning prevents supply chain attacks (man-in-the-middle image substitution)
• Patch version updates often include security fixes
• Using official Docker images from rhysd/actionlint repository

Recommendation:

• Consider verifying the SHA256 hash against the official source to ensure it matches the legitimate image
• Review actionlint v1.7.8 release notes for any security-related changes

Test Coverage ✅

Existing coverage:

• The repository has a dedicated workflow .github/workflows/github-actions-workflows.yml that tests actionlint functionality
• The workflow runs make check-github-actions-workflows-linting on pull requests
• This PR should trigger that workflow, validating the new version works correctly

No additional tests needed:

• This is a tool version update, not a code change
• Existing workflows provide adequate coverage for validation

Recommendations

1. Approve and merge - This is a routine dependency update with no identified issues
2. Monitor CI - Ensure all checks pass with the new version
3. Consider enabling Renovate automerge - For patch-level tool updates like this, automerge could streamline the process (appears to be enabled based on PR description)

Conclusion

✅ LGTM - This is a clean, well-managed dependency update following repository conventions. No concerns identified with code quality, security, or functionality. The change maintains the repository's security posture with SHA256 pinning while keeping tooling up to date.

---

Review generated by Claude Code