Extracts and checks shell scripts in Github Workflows for potential issues using shellcheck (https://github.com/koalaman/shellcheck).
Project description
shellcheck-gha
This Python script extracts shell scripts from GitHub workflows
(jobs.<job_id>.steps[*].run) and runs them against ShellCheck.
Installation
Requirements:
- Python ≥ 3.11
- ShellCheck ≥ 0.9.0, available on
apt,brew,cabal,dnf, andpkg.
PyPI (prefered)
The project is hosted on PyPI at https://pypi-hypernode.com/project/shellcheck-gha/. To install the project, run:
$ pip install shellcheck-gha
From Source
Alternatively, the project can be cloned and installed using poetry.
$ git clone https://github.com/saleor/shellcheck-gha
$ pip install poetry
$ poetry install
$ shellcheck-gha --help
Usage
$ shellcheck-gha --help
usage: shellcheck-gha [-h] [--default-shell DEFAULT_SHELL] [--verbose] [--debug] directory
positional arguments:
directory
options:
-h, --help show this help message and exit
--default-shell DEFAULT_SHELL
The default shell running in the workflow(s)
--verbose Show more details about the execution.
--debug Add debug information (takes precedence over --verbose).
Example
$ shellcheck-gha .
=== Results: 2 file(s) have findings ===
Scanned 5 files (16 shell scripts)
[INFO] In bad.yaml:
Message: Double quote to prevent globbing and word splitting.
More information: https://www.shellcheck.net/wiki/SC2086
Code:
test $USE_GITIGNORE == true
^^^^^^^^^^^^^^^
[INFO] In tests/sample_workflows/with-findings.yaml:
Message: Double quote to prevent globbing and word splitting.
More information: https://www.shellcheck.net/wiki/SC2086
Code:
echo $BAD_JOB1
^^^^^^^^^^
[INFO] In tests/sample_workflows/with-findings.yaml:
Message: Double quote to prevent globbing and word splitting.
More information: https://www.shellcheck.net/wiki/SC2086
Code:
echo $BAD_JOB1
^^^^^^^^^^
Goals
- Only check *nix related shells (sh, bash, ksh)
- Provide useful logs that allow the users to quickly find the problematic code in their workflow.
Non-Goals
- Differential checking (base vs head commit)
- Logical understanding of GitHub workflows, such as (but not limited to):
- Handling
defaults.run.shell - Support for string interpolation (
${{ ... }})
- Handling
- Tracking down exact locations of the findings (line numbers, columns)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
shellcheck_gha-0.1.0.tar.gz
(8.1 kB
view details)
Built Distribution
File details
Details for the file shellcheck_gha-0.1.0.tar.gz.
File metadata
- Download URL: shellcheck_gha-0.1.0.tar.gz
- Upload date:
- Size: 8.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/4.0.2 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 17fb417a357ea8ce7f22004fd64327bf39e62fcf6084ab423dd4ece4a7a0f2be |
|
| MD5 | 48731e922d7d9804a122c00d85a4b509 |
|
| BLAKE2b-256 | f24daa7a3a326acafcf0cfb79df2a0743a3d53768b71617e0b6a708268fc9bc5 |
File details
Details for the file shellcheck_gha-0.1.0-py3-none-any.whl.
File metadata
- Download URL: shellcheck_gha-0.1.0-py3-none-any.whl
- Upload date:
- Size: 10.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/4.0.2 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d31b76b8ef55a387ac166b70ecf3ee2a453abd2e2980c829bd4970050e185a4d |
|
| MD5 | 07afe87cb281ef03a53bef4da27a6038 |
|
| BLAKE2b-256 | 0e2886a30f9208ab8abb3de52c82bd6d6a6572668f5b3802caf60c6daac18adf |
