Currently, there are two ways of running actionlint in a GitHub Action workflow:

1. Running the download script to install actionlint and execute it from a run: step:

   - name: Check workflow files
     shell: bash
     run: |
       bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
       ./actionlint -color

2. Running actionlint from a docker container

   - name: Check workflow files
     uses: docker://rhysd/actionlint:latest
     with:
       args: -color

Both of these two options have some drawbacks. Option 1 requires either always running the download script from the main branch (which may be unstable), or specifying a stable tag (which needs to be manually updated when new versions are released as Dependabot won't suggest updates). Option 2 has the benefit of being tied to a stable version, e.g. docker://rhysd/actionlint:v<TAG>, however, it can only be configured by passing in the args: property as a monolithic string, instead of separate inputs with clear defaults and descriptions.

One solution would be to add a action.yml file to the root that defines inputs: and executes actionlint internally. This could be done as a composite action (as was proposed in #257) or as a dockerized wrapper (which would forgo the need to run the download script). Essentially both of these would be wrapping up one or the other of the existing methods to run actionlint from a workflow. The key benefits here are clearly defined inputs and enabling Dependabot updates.

The possible downsides to adding an action.yml file, as pointed out by @rhysd in #257, is that this adds maintenance costs and is identical to just running one of the two existing methods.

Honestly I'm not seeing much difference between running the download script then executing the downloaded binary with run: and running the dedicated action with uses: though making a new action increases maintenance cost.

However, I believe that having a first party action would still add value. In addition to the aforementioned maintenance improvements to end users by enabling Dependabot and distinct inputs:, this would also add actionlint to the GitHub actions marketplace.