Skip to content

Add a hook to run shellcheck on all "runs" steps in melange pipelines#1

Closed
dannf wants to merge 1 commit intochainguard-dev:mainfrom
dannf:shellcheck
Closed

Add a hook to run shellcheck on all "runs" steps in melange pipelines#1
dannf wants to merge 1 commit intochainguard-dev:mainfrom
dannf:shellcheck

Conversation

@dannf
Copy link
Copy Markdown
Contributor

@dannf dannf commented May 8, 2025

No description provided.

@dannf
Add a hook to run shellcheck on all "runs" steps in melange pipelines
f77be7f 
Signed-off-by: dann frazier <dann.frazier@chainguard.dev>
@AmberArcadia
Copy link
Copy Markdown
Member

AmberArcadia commented May 8, 2025

Love the idea, and thanks for the implementation! I'm curious about setup.py and setup.cfg, such as if they should be in a subfolder or shared between multiple hooks. Perhaps we could build some documentation here too.

smoser
smoser reviewed May 8, 2025
View reviewed changes
Comment thread pre_commit_hooks/shellcheck_run_steps.py
smoser
smoser reviewed May 8, 2025
View reviewed changes
Copy link
Copy Markdown

@smoser smoser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks really well done.
my only thoughts are

  1. python dependencies - how do you assert a sane environment ? you also have to somehow deliver / assert shellcheck. (maybe you've solved that and I just don't understand. seems like a company that builds containers here could help.)
  2. would having melange do this be sane? that gets you out having to deliver the python stuff at least. a 'melange check' command could be good and easily callable.

@AmberArcadia
Copy link
Copy Markdown
Member

AmberArcadia commented May 8, 2025
edited
Loading

Re # 1: Pre-commit does handle setting up a Python environment and managing dependencies. Some more info here: https://pre-commit.com/#python

This also leads into my question a bit, seems we will want our Python hook stuff to be at the top level.

The hook repository must be installable via pip install . (usually by either setup.py or pyproject.toml)

@dannf
Copy link
Copy Markdown
Contributor Author

dannf commented May 8, 2025

This looks really well done. my only thoughts are

  1. python dependencies - how do you assert a sane environment ? you also have to somehow deliver / assert shellcheck. (maybe you've solved that and I just don't understand. seems like a company that builds containers here could help.)

pre-commit provides a hook for making shellcheck available in the venv it instantiates. We'll want to add this to each repos .pre-commit-config.yaml ahead of this hook:

  - repo: https://github.com/shellcheck-py/shellcheck-py
    rev: v0.10.0.1 # v0.10.0.1
    hooks:
      - id: shellcheck
  1. would having melange do this be sane? that gets you out having to deliver the python stuff at least. a 'melange check' command could be good and easily callable.

Perhaps. I went with pre-commit because we already use it, and it has all of this infra to do this stuff already.

@dannf
Copy link
Copy Markdown
Contributor Author

dannf commented May 8, 2025

Love the idea, and thanks for the implementation! I'm curious about setup.py and setup.cfg, such as if they should be in a subfolder or shared between multiple hooks. Perhaps we could build some documentation here too.

Yeah, I think this is required for python hooks, which I see you've also discovered below. fwiw, I used the upstream pre-commit-hooks repo as my template, and just trimmed out what I didn't need.

@dannf
Copy link
Copy Markdown
Contributor Author

dannf commented May 9, 2025

This looks really well done. my only thoughts are

  1. python dependencies - how do you assert a sane environment ? you also have to somehow deliver / assert shellcheck. (maybe you've solved that and I just don't understand. seems like a company that builds containers here could help.)

pre-commit provides a hook for making shellcheck available in the venv it instantiates. We'll want to add this to each repos .pre-commit-config.yaml ahead of this hook:

  - repo: https://github.com/shellcheck-py/shellcheck-py
    rev: v0.10.0.1 # v0.10.0.1
    hooks:
      - id: shellcheck

Even though this is an easy option, I do like the hint of using a guarded container instead. I'll experiment with that.

@dannf
Copy link
Copy Markdown
Contributor Author

dannf commented May 20, 2025

This looks really well done. my only thoughts are

  1. python dependencies - how do you assert a sane environment ? you also have to somehow deliver / assert shellcheck. (maybe you've solved that and I just don't understand. seems like a company that builds containers here could help.)

pre-commit provides a hook for making shellcheck available in the venv it instantiates. We'll want to add this to each repos .pre-commit-config.yaml ahead of this hook:

  - repo: https://github.com/shellcheck-py/shellcheck-py
    rev: v0.10.0.1 # v0.10.0.1
    hooks:
      - id: shellcheck

Even though this is an easy option, I do like the hint of using a guarded container instead. I'll experiment with that.

I've now added a --shellcheck command that default to a docker run of the upstream container. If this seems reasonable, we can transition to a guarded container.

@dannf dannf marked this pull request as draft May 20, 2025 04:25
@dannf dannf marked this pull request as ready for review May 20, 2025 04:26
@dannf
Copy link
Copy Markdown
Contributor Author

dannf commented May 20, 2025

for some reason this PR is wedged.
I pushed another copy here - #2

@dannf dannf closed this May 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smoser smoser smoser left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dannf @AmberArcadia @smoser