Skip to content

Perform static code analysis on shell scripts using ShellCheck.

License

Notifications You must be signed in to change notification settings

CICDToolbox/shellcheck

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CICDToolbox logo
Github Build Status License Created
Release Released Commits since release

Overview

A tool to perform static code analysis on shell scripts using ShellCheck.

This tool has been tested against the following:

  1. GitHub Actions
  2. Travis CI
  3. CircleCI
  4. BitBucket pipelines
  5. Local command line

However due to the way that they are built they should work on most CICD platforms where you can run arbitrary scripts.

We provide a script which pulls the latest copy of all the CICD tools and places them in a local bin directory to allow them to be run any time locally for added validation.

Basic Usage

on: [push, pull_request]

jobs:
  build:
    name: ShellCheck
    runs-on: ubuntu-latest

    steps:
      - name: Checkout the Repository
        uses: actions/checkout@v4

      - name: Perform ShellCheck Analysis
        run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/shellcheck/master/pipeline.sh)

Configuration Options

The following environment variables can be set in order to customise the script.

Name Default Value Purpose
INCLUDE_FILES Unset A comma separated list of files to include for being scanned. You can also use regex to do pattern matching.
EXCLUDE_FILES Unset A comma separated list of files to exclude from being scanned. You can also use regex to do pattern matching.
NO_COLOR False Turn off the color in the output.
REPORT_ONLY False Generate the report but do not fail the build even if an error occurred.
SHOW_ERRORS True Show the actual errors instead of just which files had errors.
SHOW_SKIPPED False Show which files are being skipped.

If you set INCLUDE_FILES - it will skip ALL files that do not match, including anything in EXCLUDE_FILES.

You can use any combination of the above settings.

on: [push, pull_request]

jobs:
  build:
    name: ShellCheck
    runs-on: ubuntu-latest

    steps:
      - name: Checkout the Repository
        uses: actions/checkout@v4

      - name: Perform ShellCheck Analysis
        env:
          REPORT_ONLY: true
          SHOW_ERRORS: true
        run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/shellcheck/master/pipeline.sh)

Example Output

This is an example of the output report generated by this tool, this is the actual output from the tool running against itself.

--------------------------------------------------------------------- Stage 1: Parameters --
 No parameters given
---------------------------------------------------------- Stage 2: Install Prerequisites --
 [ OK ] docker pull --quiet koalaman/shellcheck:stable
------------------------------------------------------- Stage 3: Run shellcheck (v0.10.0) --
 [ OK ] .github/scripts/check-jobs.sh
 [ OK ] pipeline.sh
 [ OK ] tests/advanced-tests
 [ OK ] tests/bash.sh
 [ OK ] tests/dash.sh
 [ OK ] tests/ksh.sh
 [ OK ] tests/no-extension
 [ OK ] tests/sh.sh
------------------------------------------------------------------------- Stage 4: Report --
 Total: 8, OK: 8, Failed: 0, Skipped: 0
----------------------------------------------------------------------- Stage 5: Complete --

File Identification

Shell scripts are identified using the following code:

file -b "${filename}" | grep -qE '(shell|dash) script'

AND

[[ ${filename} =~ \.(sh|bash|dash|ksh)$ ]]