Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CI] add shellcheck-workflow #32052

Merged
merged 9 commits into from
Apr 23, 2024
Merged

Conversation

led0nk
Copy link
Contributor

@led0nk led0nk commented Mar 31, 2024

Description:

So i fixed the issues which shellcheck displayed, which were only 3 double quote issues and the read -r issue.
After looking into the closed PR i also replaced printf-statements with echo.

For the shellcheck-worfklow I used https://github.com/ludeeus/action-shellcheck
I didn't find a way to check multiple directories at once, so we just use 2 steps here.

I added the disabled checks provided by the intentional issue, but i'm not quite sure if we need to add -x here. Couldn't find anything in the documentation so far.

On top of that i'm not quite sure if we should run the shellcheck in dependency of any other workflows or just on its own.

Edit:
I added the option ignore_paths so that shellcheck-action is only run in specified paths and ignores subpaths of this directory.

Link to tracking Issue:

Testing:

Documentation:

@led0nk led0nk requested review from a team and TylerHelmuth March 31, 2024 23:46
@led0nk
Copy link
Contributor Author

led0nk commented Apr 2, 2024

@mx-psi

@mx-psi mx-psi added the Skip Changelog PRs that do not require a CHANGELOG.md entry label Apr 2, 2024
@mx-psi
Copy link
Member

mx-psi commented Apr 2, 2024

I added the disabled checks provided by the intentional issue, but i'm not quite sure if we need to add -x here. Couldn't find anything in the documentation so far.

I think we need it because of

Running shellcheck spits:

  -x                  --external-sources         Allow 'source' outside of FILES

On top of that i'm not quite sure if we should run the shellcheck in dependency of any other workflows or just on its own.

Feels like a lint to me, I am also fine with a separate workflow at first to not make it required from the beginning.

I added the option ignore_paths so that shellcheck-action is only run in specified paths and ignores subpaths of this directory.

What's the motivation for that? I guess if something is inside .github/workflows/scripts/<something else> it's probably a script and we should lint it.

@led0nk
Copy link
Contributor Author

led0nk commented Apr 3, 2024

What's the motivation for that? I guess if something is inside .github/workflows/scripts/<something else> it's probably a script and we should lint it.
@mx-psi

Well if you want to, we could change that and let it check every *.sh-type.
I just did it because your initial command was looking for these directories and not for subdirectories.
In my first run it also checked for e.g. yaml / .config .... files, so i tried to prevent this, but seems like it doesn't happen anymore.

Fixed it in latest commit.

Btw we should consider what our severity-level should be, because with nothing set we will get failed shellcheck-runs because of info / warning-messages..

Edit:
Maybe we should also consider adding sth to makefile, so the contributer/user can shellcheck it running a simple command.

@led0nk
Copy link
Contributor Author

led0nk commented Apr 8, 2024

@TylerHelmuth what do you think?

@andrzej-stencel
Copy link
Member

andrzej-stencel commented Apr 10, 2024

In general, I'm not a fan of using GitHub Actions "actions" for everything, even for relatively simple things like this. Reasons:

  • It's not (easily) possible to reproduce the same run locally, which is a pain for contributors.
  • We are opening another potential security hole - if the action is compromised or maliciously modified, our workflow runs arbitrary code.

In this case, running shellcheck should be easy enough with docker run -v ... koalaman/shellcheck:v0.10.0 - no need to even install anything. This can and should be enclosed in a Makefile target to easily run the same exact command both locally and in CI.

@led0nk led0nk force-pushed the shellcheck branch 2 times, most recently from 8ce3df7 to 6951c4f Compare April 11, 2024 10:02
@songy23 songy23 added the ready to merge Code review completed; ready to merge by maintainers label Apr 11, 2024
@led0nk led0nk requested a review from evan-bradley April 18, 2024 16:37
@evan-bradley evan-bradley merged commit 520cade into open-telemetry:main Apr 23, 2024
171 checks passed
@evan-bradley
Copy link
Contributor

Thanks @led0nk!

@github-actions github-actions bot added this to the next release milestone Apr 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ready to merge Code review completed; ready to merge by maintainers Skip Changelog PRs that do not require a CHANGELOG.md entry
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants