Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci(lint): add shell linter - Differential ShellCheck #51

Open
wants to merge 2 commits into
base: trunk
Choose a base branch
from
Open

ci(lint): add shell linter - Differential ShellCheck #51

wants to merge 2 commits into from
+29 −1

Conversation

jamacku
Copy link

@jamacku jamacku commented Feb 21, 2024

Differential ShellCheck is a GitHub action that performs differential ShellCheck scans on shell scripts changed via PR and reports results directly in PR.

I see that your script is in great shape, but I think that you might find the differential-shellcheck action useful. It is able to produce reports in SARIF format. GitHub understands this format and is able to display it nicely as a PR comment, and on the Files Changed tab, please see below.

image

image

Documentation is available at @redhat-plumbers-in-action/differential-shellcheck. Let me know If you are missing some feature or option. I'm always happy to extend functionality.

@jamacku
ci(lint): add shell linter - Differential ShellCheck
53732ba 
It performs differential ShellCheck scans and reports results directly on GitHub.

documentation: https://github.com/redhat-plumbers-in-action/differential-shellcheck

Signed-off-by: Jan Macku <jamacku@redhat.com>
@jamacku
fix(SC2153): mitigate ShellCheck defect for $DRAFT_RELEASE
7bd9df0 
This is false positive, but since it is only ShellCheck defect in this
script, let's clean it.

Signed-off-by: Jan Macku <jamacku@redhat.com>
@jamacku jamacku requested a review from a team as a code owner February 21, 2024 17:47
@andyfeller
Copy link
Contributor

andyfeller commented Mar 16, 2024
edited

@jamacku : thank you for offering an idea to improve our workflow CI process! ❤️

In the past, I have used ludeeus/action-shellcheck for personal shell-based GitHub CLI extensions I built and maintain. That said, I can see why a project might adopt Differential ShellCheck:

"needed some way to verify incoming Pull Requests without getting warnings and errors about already merged and for years working code."

Putting aside whether all errors should be identified and fixed, we don't have a linting process for the repository, which is largely powered by a shell script, I think this is something that would benefit the workflows here given several key features below:

@williammartin : Any concerns or thoughts about how we might adopt this?

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@williammartin williammartin Awaiting requested review from williammartin williammartin is a code owner automatically assigned from cli/code-reviewers

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jamacku @andyfeller