Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci(lint): add shell linter - Differential ShellCheck #51

Open
wants to merge 2 commits into
base: trunk
Choose a base branch
from

Conversation

jamacku
Copy link

@jamacku jamacku commented Feb 21, 2024

Differential ShellCheck is a GitHub action that performs differential ShellCheck scans on shell scripts changed via PR and reports results directly in PR.

I see that your script is in great shape, but I think that you might find the differential-shellcheck action useful. It is able to produce reports in SARIF format. GitHub understands this format and is able to display it nicely as a PR comment, and on the Files Changed tab, please see below.

image

image

Documentation is available at @redhat-plumbers-in-action/differential-shellcheck. Let me know If you are missing some feature or option. I'm always happy to extend functionality.

It performs differential ShellCheck scans and reports results directly on GitHub.

documentation: https://github.com/redhat-plumbers-in-action/differential-shellcheck

Signed-off-by: Jan Macku <[email protected]>
This is false positive, but since it is only ShellCheck defect in this
script, let's clean it.

Signed-off-by: Jan Macku <[email protected]>
@jamacku jamacku requested a review from a team as a code owner February 21, 2024 17:47
@andyfeller
Copy link
Contributor

andyfeller commented Mar 16, 2024

@jamacku : thank you for offering an idea to improve our workflow CI process! ❤️

In the past, I have used ludeeus/action-shellcheck for personal shell-based GitHub CLI extensions I built and maintain. That said, I can see why a project might adopt Differential ShellCheck:

"needed some way to verify incoming Pull Requests without getting warnings and errors about already merged and for years working code."

Putting aside whether all errors should be identified and fixed, we don't have a linting process for the repository, which is largely powered by a shell script, I think this is something that would benefit the workflows here given several key features below:

@williammartin : Any concerns or thoughts about how we might adopt this?

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants