karinto

curl-able GitHub Actions linter. POST a workflow or action.yml, get JSON diagnostics back.

GitHub API reference Rule catalogue

Try it

Recommended: use the Paste YAML tab — it POSTs your content straight to the linter (no GitHub round-trip) and opens the JSON in a new tab. The Repo + path and GitHub URL tabs fetch the file from GitHub in your browser (on your own IP and rate limit) and then POST its content the same way, so they work on any deployment — but they use GitHub's unauthenticated API (~60 requests/hour per IP), so prefer Paste YAML for anything routine. (The lint result opens via a form-POST navigation rather than fetch, which avoids cross-origin issues some privacy browsers have with *.workers.dev.)

What gets called

The Repo + path / GitHub URL tabs make two unauthenticated GETs to GitHub from your browser:

  1. https://api.github.com/repos/{owner}/{repo}/commits?per_page=1&sha={ref} — resolves a ref (default branch, branch name, tag, or short SHA from a pasted URL) to a full commit SHA.
  2. https://api.github.com/repos/{owner}/{repo}/contents/{file_path}?ref={sha} (raw media type) — fetches the file's content.

That content is then POSTed to https://karinto.toiroakr.workers.dev — the same always-available path the Paste YAML tab uses, so these tabs don't depend on the Worker's (opt-in) repo mode.

GitHub's unauthenticated API allows ~60 requests/hour per IP. The karinto Worker rate-limits at 60/minute per IP.

You can reproduce it locally — fetch the file and pipe it to the linter:

curl -sL "https://raw.githubusercontent.com/actions/checkout/<sha>/action.yml" \
  | curl -X POST --data-binary @- "https://karinto.toiroakr.workers.dev"

The Paste YAML tab skips GitHub entirely and POSTs your content to the Worker (a single request, no SHA resolution):

curl -X POST --data-binary @workflow.yml "https://karinto.toiroakr.workers.dev?type=workflow"