Documentation bug: expression numbers are mis-documented

[woodruffw]

Code of Conduct

• I have read and agree to the GitHub Docs project's Code of Conduct

What article on docs.github.com is affected?

The "Literals" section of the GitHub Actions expression syntax page:

https://docs.github.com/en/actions/reference/workflows-and-actions/expressions#literals

That link is for the "Free, Pro, and Teams" page, but the GHES and GHEC pages are also affected.

What part(s) of the article would you like to see updated?

The number literal is documented as "Any number format supported by JSON." However, in reality, the GitHub Actions expression parser takes a much larger set of literals, which it coerces to numbers.

For example, neither hex nor octal literals are valid in JSON, but GitHub Actions accepts them. For example:

${{ 0xff }}
${{ 0o777 }}

More generally, GitHub Actions appears to support any number literal that the JavaScript Number(...) constructor can coerce a string from. Those coercion rules are documented here:

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number#number_coercion

This can be seen in the official GitHub Actions expression parser, which appears to use the Number(...) constructor when turning a StringData lexeme into a number:

https://github.com/actions/languageservices/blob/fb5c6e4f27bb1ddf512609a6a341aadd17ce86f3/expressions/src/data/string.ts#L14-L16

Additional information

Yes, this is trivially reproducible in any GitHub Actions workflow or action definition.

See zizmorcore/zizmor#1628 for a related downstream report.