|
2 | 2 | name: Shellcheck |
3 | 3 | on: |
4 | 4 | pull_request: |
5 | | -env: |
6 | | - SHELLCHECK_REPO: 'koalaman/shellcheck' |
7 | | - SHELLCHECK_VERSION: 'v0.9.0' # renovate: datasource=github-releases depName=koalaman/shellcheck versioning=loose |
8 | | - SHELLCHECK_SHA: '038fd81de6b7e20cc651571362683853670cdc71' # Renovate config is not currently adjusted to update hash - it needs to be done manually for now |
| 5 | + |
9 | 6 | jobs: |
10 | 7 | shellcheck: |
11 | 8 | runs-on: ubuntu-latest |
12 | 9 | steps: |
13 | 10 | - name: Checkout |
14 | 11 | uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 |
15 | 12 |
|
16 | | - - name: Grab shellcheck |
17 | | - run: | |
18 | | - set -e |
19 | | -
|
20 | | - SHELLCHECK_TARBALL_URL="https://github.com/${SHELLCHECK_REPO}/releases/download/${SHELLCHECK_VERSION}/shellcheck-${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" |
21 | | - SHELLCHECK_TARBALL_LOC="shellcheck.tar.xz" |
22 | | - curl -L "${SHELLCHECK_TARBALL_URL}" -o "${SHELLCHECK_TARBALL_LOC}" |
23 | | - tarball_sha=$(shasum ${SHELLCHECK_TARBALL_LOC} | awk '{print $1}') |
24 | | - if [ "${tarball_sha}" != "${SHELLCHECK_SHA}" ]; then |
25 | | - echo "Got invalid SHA for shellcheck: ${tarball_sha}" |
26 | | - exit 1 |
27 | | - fi |
28 | | - tar -xvf "${SHELLCHECK_TARBALL_LOC}" |
29 | | - cd "shellcheck-${SHELLCHECK_VERSION}" || exit 1 |
30 | | - mv shellcheck "${GITHUB_WORKSPACE}/shellcheck" |
31 | | -
|
32 | | - - name: Run shellcheck |
33 | | - shell: bash |
34 | | - run: | |
35 | | - set -o pipefail |
36 | | -
|
37 | | - # Make sure we already put the proper shellcheck binary in place |
38 | | - if [ ! -f "./shellcheck" ]; then |
39 | | - echo "shellcheck not found" |
40 | | - exit 1 |
41 | | - fi |
42 | | -
|
43 | | - # Make sure we know what to compare the PR's changes against |
44 | | - if [ -z "${GITHUB_BASE_REF}" ]; then |
45 | | - echo "No base reference supplied" |
46 | | - exit 1 |
47 | | - fi |
48 | | -
|
49 | | - num_findings=0 |
50 | | -
|
51 | | - # Execute shellcheck and add errors based on the output |
52 | | - run_shellcheck() { |
53 | | - local modified_shell_script="${1}" |
54 | | - local findings_file="findings.txt" |
55 | | -
|
56 | | - # Remove leftover findings file from previous iterations |
57 | | - if [ -f "${findings_file}" ]; then |
58 | | - rm "${findings_file}" |
59 | | - fi |
60 | | -
|
61 | | - echo "Running shellcheck against ${modified_shell_script}..." |
62 | | -
|
63 | | - # If shellcheck reported no errors (exited with 0 status code), return |
64 | | - if ./shellcheck -f json -S warning "${modified_shell_script}" | jq -c '.[]' > "${findings_file}"; then |
65 | | - return 0 |
66 | | - fi |
67 | | -
|
68 | | - # Walk each of the individual findings |
69 | | - while IFS= read -r finding; do |
70 | | - num_findings=$((num_findings+1)) |
71 | | -
|
72 | | - line=$(echo "${finding}" | jq '.line') |
73 | | - end_line=$(echo "${finding}" | jq '.endLine') |
74 | | - column=$(echo "${finding}" | jq '.column') |
75 | | - end_column=$(echo "${finding}" | jq '.endColumn') |
76 | | - code=$(echo "${finding}" | jq '.code') |
77 | | - title="SC${code}" |
78 | | - message="$(echo "${finding}" | jq -r '.message') See https://github.com/koalaman/shellcheck/wiki/${title}" |
79 | | -
|
80 | | - echo "Line: ${line}" |
81 | | - echo "End line: ${end_line}" |
82 | | - echo "Column: ${column}" |
83 | | - echo "End column: ${end_column}" |
84 | | - echo "Title: ${title}" |
85 | | - echo "Message: ${message}" |
86 | | -
|
87 | | - # Raise an error with the file/line/etc |
88 | | - echo "::error file=${modified_shell_script},line=${line},endLine=${end_line},column=${column},endColumn=${end_column},title=${title}::${message}" |
89 | | - done < ${findings_file} |
90 | | - } |
91 | | -
|
92 | | - # Find the shell scripts that were created or modified by this PR |
93 | | - find_modified_shell_scripts() { |
94 | | - shell_scripts="shell_scripts.txt" |
95 | | - modified_files="modified_files.txt" |
96 | | - modified_shell_scripts="modified_shell_scripts.txt" |
97 | | -
|
98 | | - find . -name "*.sh" -or -name "*.bash" | sed 's#^\./##' > "${shell_scripts}" |
99 | | - git diff --name-only "origin/${GITHUB_BASE_REF}" HEAD > "${modified_files}" |
100 | | -
|
101 | | - if [ ! -s "${shell_scripts}" ] || [ ! -s "${modified_files}" ]; then |
102 | | - echo "No modified shell scripts detected" |
103 | | - exit 0 |
104 | | - fi |
105 | | -
|
106 | | - if ! grep -Fxf "${shell_scripts}" "${modified_files}" > "${modified_shell_scripts}"; then |
107 | | - echo "No modified shell scripts detected" |
108 | | - exit 0 |
109 | | - fi |
110 | | - } |
111 | | -
|
112 | | - git fetch origin "${GITHUB_BASE_REF}" || exit 1 |
113 | | -
|
114 | | - find_modified_shell_scripts |
115 | | -
|
116 | | - # Loop through the modified shell scripts |
117 | | - while IFS= read -r modified_shell_script; do |
118 | | - run_shellcheck "${modified_shell_script}" |
119 | | - done < ${modified_shell_scripts} |
120 | | -
|
121 | | - # If shellcheck reported any findings, fail the workflow |
122 | | - if [ ${num_findings} -gt 0 ]; then |
123 | | - echo "shellcheck reported ${num_findings} findings." |
124 | | - exit 1 |
125 | | - fi |
| 13 | + - name: Run ShellCheck |
| 14 | + uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 |
| 15 | + with: |
| 16 | + version: 'v0.11.0' # renovate: datasource=github-releases depName=koalaman/shellcheck versioning=loose |
| 17 | + env: |
| 18 | + SHELLCHECK_OPTS: -e SC1091 -e SC2086 # TODO: fix following findings |
0 commit comments