From 53732bac520e28dcff1752aba6fe614a7c9e824a Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 21 Feb 2024 18:32:03 +0100 Subject: [PATCH 1/2] ci(lint): add shell linter - Differential ShellCheck It performs differential ShellCheck scans and reports results directly on GitHub. documentation: https://github.com/redhat-plumbers-in-action/differential-shellcheck Signed-off-by: Jan Macku --- .github/workflows/differential-shellcheck.yml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .github/workflows/differential-shellcheck.yml diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml new file mode 100644 index 0000000..20913cc --- /dev/null +++ b/.github/workflows/differential-shellcheck.yml @@ -0,0 +1,28 @@ +name: Differential ShellCheck +on: + push: + branches: [ trunk ] + pull_request: + branches: [ trunk ] + +permissions: + contents: read + +jobs: + lint: + runs-on: ubuntu-latest + + permissions: + security-events: write + + steps: + - name: Repository checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - id: ShellCheck + name: Differential ShellCheck + uses: redhat-plumbers-in-action/differential-shellcheck@v5 + with: + token: ${{ secrets.GITHUB_TOKEN }} From 7bd9df0617e419e7bdba6e5d4fa96f91d7032f1b Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Wed, 21 Feb 2024 18:37:15 +0100 Subject: [PATCH 2/2] fix(SC2153): mitigate ShellCheck defect for `$DRAFT_RELEASE` This is false positive, but since it is only ShellCheck defect in this script, let's clean it. Signed-off-by: Jan Macku --- build_and_release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build_and_release.sh b/build_and_release.sh index e4c9cf6..3f2f171 100755 --- a/build_and_release.sh +++ b/build_and_release.sh @@ -24,7 +24,7 @@ if [[ $GH_RELEASE_TAG = *-* ]]; then fi draft_release="" -if [[ "$DRAFT_RELEASE" = "true" ]]; then +if [[ "${DRAFT_RELEASE:-}" = "true" ]]; then draft_release="--draft" fi