From 5467ffada5e65be3ce3e80d865f57f4c27dceed1 Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon.deziel@canonical.com>
Date: Tue, 26 Sep 2023 13:24:22 -0400
Subject: [PATCH] github: add differential shellcheck to get in PR feedback

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
---
 .github/workflows/tests.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 70e77984dd80..7d6914ff4175 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -27,6 +27,22 @@ jobs:
         uses: actions/dependency-review-action@v3
         if: github.event_name == 'pull_request'
 
+      # XXX: `make static-analysis` also run shellcheck but this one provides
+      #      useful feedback in the PR through github-code-scanning bot
+      - id: ShellCheck
+        name: Differential ShellCheck
+        uses: redhat-plumbers-in-action/differential-shellcheck@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+        if: github.event_name == 'pull_request'
+
+      - if: ${{ always() }}
+        name: Upload artifact with ShellCheck defects in SARIF format
+        uses: actions/upload-artifact@v3
+        with:
+          name: Differential ShellCheck SARIF
+          path: ${{ steps.ShellCheck.outputs.sarif }}
+
       - name: Install Go
         uses: actions/setup-go@v4
         with: