From 911aa6b6c86984e795ad884cb03e8b4569ada404 Mon Sep 17 00:00:00 2001
From: Kazuki Suda <kazuki.suda@gmail.com>
Date: Tue, 26 Jun 2018 11:10:43 +0900
Subject: [PATCH] Lint asset files using shellcheck (#30)

---
 .travis.yml      |  1 +
 CONTRIBUTING.md  |  8 +++-
 Makefile         |  5 +++
 assets/common.sh | 99 +++++++++++++++++++++++++++++-------------------
 assets/out       | 22 ++++++-----
 5 files changed, 85 insertions(+), 50 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 935d761..8b5a8d3 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -30,4 +30,5 @@ before_script:
 - JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}'; until kubectl get nodes -o jsonpath="$JSONPATH" 2>&1 | grep -q "Ready=True"; do sleep 1; done
 
 script:
+- make lint
 - make test
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index a99bd0b..5f30675 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,9 +1,15 @@
 # Contributing
 
-## Tests
+## Tests and Linting
 
 We use [BATS](https://github.com/sstephenson/bats) for testing, so, first make sure to install it.
 
 ```
 $ make test
 ```
+
+And you analyse code to prevent to be included bad code.
+
+```
+$ make lint
+```
diff --git a/Makefile b/Makefile
index 7cc248e..780da3e 100644
--- a/Makefile
+++ b/Makefile
@@ -1,3 +1,8 @@
 .PHONY: test
 test:
 		@scripts/run-bats.sh
+
+SHELLCHECK ?= docker run --rm -v $(shell pwd):/mnt koalaman/shellcheck:v0.5.0
+.PHONY: lint
+lint:
+		$(SHELLCHECK) assets/*
diff --git a/assets/common.sh b/assets/common.sh
index 8174987..6b1a3f3 100644
--- a/assets/common.sh
+++ b/assets/common.sh
@@ -8,14 +8,18 @@
 
 # setup_kubectl prepares kubectl and exports the KUBECONFIG environment variable.
 setup_kubectl() {
-  local payload=$1
+  local payload
+  payload=$1
 
-  export KUBECONFIG=$(mktemp $TMPDIR/kubernetes-resource-kubeconfig.XXXXXX)
+  KUBECONFIG="$(mktemp "$TMPDIR/kubernetes-resource-kubeconfig.XXXXXX")"
+  export KUBECONFIG
 
   # Optional. The path of kubeconfig file
-  local kubeconfig_file="$(jq -r '.params.kubeconfig_file // ""' < $payload)"
+  local kubeconfig_file
+  kubeconfig_file="$(jq -r '.params.kubeconfig_file // ""' < "$payload")"
   # Optional. The content of kubeconfig
-  local kubeconfig="$(jq -r '.source.kubeconfig // ""' < $payload)"
+  local kubeconfig
+  kubeconfig="$(jq -r '.source.kubeconfig // ""' < "$payload")"
 
   if [[ -n "$kubeconfig_file"  ]]; then
     if [[ ! -f "$kubeconfig_file" ]]; then
@@ -23,19 +27,23 @@ setup_kubectl() {
       exit 1
     fi
 
-    cat "$kubeconfig_file" > $KUBECONFIG
+    cat "$kubeconfig_file" > "$KUBECONFIG"
   elif [[ -n "$kubeconfig" ]]; then
-    echo "$kubeconfig" > $KUBECONFIG
+    echo "$kubeconfig" > "$KUBECONFIG"
   else
     # Optional. The address and port of the API server. Requires token.
-    local server="$(jq -r '.source.server // ""' < $payload)"
+    local server
+    server="$(jq -r '.source.server // ""' < "$payload")"
     # Optional. Bearer token for authentication to the API server. Requires server.
-    local token="$(jq -r '.source.token // ""' < $payload)"
+    local token
+    token="$(jq -r '.source.token // ""' < "$payload")"
     # Optional. A certificate file for the certificate authority.
-    local certificate_authority="$(jq -r '.source.certificate_authority // ""' < $payload)"
+    local certificate_authority
+    certificate_authority="$(jq -r '.source.certificate_authority // ""' < "$payload")"
     # Optional. If true, the API server's certificate will not be checked for
     # validity. This will make your HTTPS connections insecure. Defaults to false.
-    local insecure_skip_tls_verify="$(jq -r '.source.insecure_skip_tls_verify // ""' < $payload)"
+    local insecure_skip_tls_verify
+    insecure_skip_tls_verify="$(jq -r '.source.insecure_skip_tls_verify // ""' < "$payload")"
 
     if [[ -z "$server" || -z "$token" ]]; then
       echoerr 'You must specify "server" and "token", if not specify "kubeconfig".'
@@ -48,42 +56,47 @@ setup_kubectl() {
 
     # Build options for kubectl config set-credentials
     # Avoid to expose the token string by using placeholder
-    local set_credentials_opts="--token=**********"
-    exe kubectl config set-credentials $AUTH_NAME $set_credentials_opts
+    local set_credentials_opts
+    set_credentials_opts=("--token=**********")
+    exe kubectl config set-credentials "$AUTH_NAME" "${set_credentials_opts[@]}"
     # placeholder is replaced with actual token string
-    sed -i -e "s/[*]\{10\}/$token/" $KUBECONFIG
+    sed -i -e "s/[*]\\{10\\}/$token/" "$KUBECONFIG"
 
     # Build options for kubectl config set-cluster
-    local set_cluster_opts="--server=$server"
+    local set_cluster_opts
+    set_cluster_opts=("--server=$server")
     if [[ -n "$certificate_authority" ]]; then
-      local ca_file=$(mktemp $TMPDIR/kubernetes-resource-ca_file.XXXXXX)
-      echo -e "$certificate_authority" > $ca_file
-      set_cluster_opts="$set_cluster_opts --certificate-authority=$ca_file"
+      local ca_file
+      ca_file=$(mktemp "$TMPDIR/kubernetes-resource-ca_file.XXXXXX")
+      echo -e "$certificate_authority" > "$ca_file"
+      set_cluster_opts+=("--certificate-authority=$ca_file")
     fi
     if [[ "$insecure_skip_tls_verify" == "true" ]]; then
-      set_cluster_opts="$set_cluster_opts --insecure-skip-tls-verify"
+      set_cluster_opts+=("--insecure-skip-tls-verify")
     fi
-    exe kubectl config set-cluster $CLUSTER_NAME $set_cluster_opts
+    exe kubectl config set-cluster "$CLUSTER_NAME" "${set_cluster_opts[@]}"
 
-    exe kubectl config set-context $CONTEXT_NAME --user=$AUTH_NAME --cluster=$CLUSTER_NAME
+    exe kubectl config set-context "$CONTEXT_NAME" --user="$AUTH_NAME" --cluster="$CLUSTER_NAME"
 
-    exe kubectl config use-context $CONTEXT_NAME
+    exe kubectl config use-context "$CONTEXT_NAME"
   fi
 
   # Optional. The namespace scope. Defaults to default if doesn't specify in kubeconfig.
-  local namespace="$(jq -r '.params.namespace // ""' < $payload)"
+  local namespace
+  namespace="$(jq -r '.params.namespace // ""' < "$payload")"
   if [[ -z "$namespace" ]]; then
     # Optional. The namespace scope. Defaults to `default`. If set along with `kubeconfig`, `namespace` will override the namespace in the current-context
-    namespace="$(jq -r '.source.namespace // ""' < $payload)"
+    namespace="$(jq -r '.source.namespace // ""' < "$payload")"
   fi
   if [[ -n "$namespace" ]]; then
-    exe kubectl config set-context $(kubectl config current-context) --namespace="$namespace"
+    exe kubectl config set-context "$(kubectl config current-context)" --namespace="$namespace"
   fi
 
   # Optional. The name of the kubeconfig context to use.
-  local context="$(jq -r '.source.context // ""' < $payload)"
+  local context
+  context="$(jq -r '.source.context // ""' < "$payload")"
   if [[ -n "$context" ]]; then
-    exe kubectl config use-context $context
+    exe kubectl config use-context "$context"
   fi
 
   # Display the client and server version information
@@ -97,14 +110,18 @@ setup_kubectl() {
 
 # current_namespace outputs the current namespace.
 current_namespace() {
-  local namespace="$(kubectl config view -o "jsonpath={.contexts[?(@.name==\"$(kubectl config current-context)\")].context.namespace}")"
+  local namespace
+
+  namespace="$(kubectl config view -o "jsonpath={.contexts[?(@.name==\"$(kubectl config current-context)\")].context.namespace}")"
   [[ -z "$namespace" ]] && namespace=default
   echo $namespace
 }
 
 # current_cluster outputs the address and port of the API server.
 current_cluster() {
-  local cluster="$(kubectl config view -o "jsonpath={.contexts[?(@.name==\"$(kubectl config current-context)\")].context.cluster}")"
+  local cluster
+
+  cluster="$(kubectl config view -o "jsonpath={.contexts[?(@.name==\"$(kubectl config current-context)\")].context.cluster}")"
   kubectl config view -o "jsonpath={.clusters[?(@.name==\"${cluster}\")].cluster.server}"
 }
 
@@ -114,31 +131,33 @@ current_cluster() {
 # $2: The interval (sec) on which to check whether all pods are ready.
 # $3: A label selector to identify a set of pods which to check whether those are ready. Defaults to every pods in the namespace.
 wait_until_pods_ready() {
-  local period="$1"
-  local interval="$2"
-  local selector="${3}"
+  local period interval selector template
+
+  period="$1"
+  interval="$2"
+  selector="$3"
 
   echo "Waiting for pods to be ready for ${period}s (interval: ${interval}s, selector: ${selector:-''})"
 
   # The list of "<pod-name> <ready(True|False)>" which is excluded terminating and failed/succeeded pods.
-  local template="$(cat <<EOL
+  template="$(cat <<EOL
 {{- range .items -}}
 {{- if and (not .metadata.deletionTimestamp) (ne .status.phase "Failed") (ne .status.phase "Succeeded") -}}
-{{.metadata.name}}{{range .status.conditions}}{{if eq .type "Ready"}} {{.status}}{{end}}{{end}}{{"\n"}}
+{{.metadata.name}}{{range .status.conditions}}{{if eq .type "Ready"}} {{.status}}{{end}}{{end}}{{"\\n"}}
 {{- end -}}
 {{- end -}}
 EOL
 )"
 
   local statuses not_ready ready
-  for ((i=0; i<$period; i+=$interval)); do
+  for ((i=0; i<period; i+=interval)); do
     sleep "$interval"
 
-    statuses="$(kubectl get po --selector=$selector -o template --template="$template")"
+    statuses="$(kubectl get po --selector="$selector" -o template --template="$template")"
     not_ready="$(echo "$statuses" | grep -c "False" ||:)"
     ready="$(echo "$statuses" | grep -c "True" ||:)"
 
-    echo "Waiting for pods to be ready... ($ready/$(($not_ready + $ready)))"
+    echo "Waiting for pods to be ready... ($ready/$((not_ready + ready)))"
 
     if [[ "$not_ready" -eq 0 ]]; then
       return 0
@@ -152,17 +171,19 @@ EOL
 
 # echoerr prints an error message in red color.
 echoerr() {
-  echo -e "\e[01;31mERROR: $@\e[0m"
+  echo -e "\\e[01;31mERROR: $*\\e[0m"
 }
 
 # exe executes the command after printing the command trace to stdout
 exe() {
-  echo "+ $@"; "$@"
+  echo "+ $*"; "$@"
 }
 
 # on_exit prints the last error code if it isning  0.
 on_exit() {
-  local code=$?
+  local code
+
+  code=$?
   [[ $code -ne 0 ]] && echo && echoerr "Failed with error code $code"
   return $code
 }
diff --git a/assets/out b/assets/out
index a340d87..d71bca6 100755
--- a/assets/out
+++ b/assets/out
@@ -12,36 +12,38 @@ set -o pipefail
 exec 3>&1 # make stdout available as fd 3 for the result
 exec 1>&2 # redirect all output to stderr for logging
 
-source $(dirname $0)/common.sh
+# shellcheck source=assets/common.sh
+source "$(dirname "$0")/common.sh"
 
 # Print the last exit code if it isn't 0 when this process exits
 trap 'on_exit' EXIT
 
 # The first argument is a path to the directory containing the build's full set of sources.
 source_dir=$1
-cd $source_dir
+cd "$source_dir"
 
-payload=$(mktemp $TMPDIR/kubernetes-resource-request.XXXXXX)
-cat > $payload <&0
+payload=$(mktemp "$TMPDIR/kubernetes-resource-request.XXXXXX")
+cat > "$payload" <&0
 
-setup_kubectl $payload
+setup_kubectl "$payload"
 
 # Required. Specify the operation that you want to perform on one or more
 # resources, for example apply, delete, label.
-kubectl_command="$(jq -r '.params.kubectl // ""' < $payload)"
+kubectl_command="$(jq -r '.params.kubectl // ""' < "$payload")"
 if [[ -z "$kubectl_command" ]]; then
   echoerr 'kubectl must be specified in params.'
   exit 1
 fi
 
-exe kubectl $(eval "echo $kubectl_command")
+IFS=" " read -r -a kubectl_arguments <<< "$(eval "echo $kubectl_command")"
+exe kubectl "${kubectl_arguments[@]}"
 
 # Optional. The number of seconds that waits until all pods are ready. Defaults to `30`.
-wait_until_ready="$(jq -r '.params.wait_until_ready // 30' < $payload)"
+wait_until_ready="$(jq -r '.params.wait_until_ready // 30' < "$payload")"
 # Optional. The interval (sec) on which to check whether all pods are ready or not. Defaults to `3`.
-wait_until_ready_interval="$(jq -r '.params.wait_until_ready_interval // 3' < $payload)"
+wait_until_ready_interval="$(jq -r '.params.wait_until_ready_interval // 3' < "$payload")"
 # Optional. A label selector to identify a set of pods which to check whether those are ready. Defaults to every pods in the namespace.
-wait_until_ready_selector="$(jq -r '.params.wait_until_ready_selector // ""' < $payload)"
+wait_until_ready_selector="$(jq -r '.params.wait_until_ready_selector // ""' < "$payload")"
 
 if [[ "$wait_until_ready" -ne 0 ]]; then
   wait_until_pods_ready "$wait_until_ready" "$wait_until_ready_interval" "$wait_until_ready_selector"