7x31/shellcheck
1
0
Fork 0
mirror of https://github.com/koalaman/shellcheck.git synced 2025-10-03 19:29:44 +08:00
Code Issues Packages Projects Releases Wiki Activity

Updated with more comprehensive documentation and alternative GHA options

Mr. Walls
2024-12-20 20:36:05 -08:00
parent 7e05075585
commit 08ee1c043a
1 changed files with 118 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
GitHub-Actions.md

@@ -1,3 +1,47 @@
# GitHub Actions
GitHub Actions is a powerful automation platform that can run ShellCheck against your shell scripts. ShellCheck is pre-installed on GitHub's Ubuntu runners, making it easy to integrate into your workflows.
## Basic Usage
The simplest way to run ShellCheck is directly using the pre-installed binary:
```yaml
name: "ShellCheck"
on: [push, pull_request]
jobs:
shellcheck:
name: ShellCheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run ShellCheck
run: shellcheck **/*.sh
```
## GitHub Advanced Security Integration
To use ShellCheck with GitHub Advanced Security code scanning, you can use [shellcheck-scan](https://github.com/marketplace/actions/shellcheck-sarif-analysis) which generates SARIF reports:
```yaml
name: ShellCheck SARIF
on: [push, pull_request]
jobs:
scan:
name: ShellCheck Analysis
runs-on: ubuntu-latest
permissions:
security-events: write # required for uploading SARIF results
actions: read # only required for workflows in private repositories
contents: read
steps:
- uses: actions/checkout@v4
- name: Run ShellCheck with SARIF output
uses: reactive-firewall/shellcheck-scan@v1
```
## Differential ShellCheck ## Differential ShellCheck
GitHub action for running ShellCheck differentially. New findings are reported directly at GitHub pull requests (using SARIF format). GitHub action for running ShellCheck differentially. New findings are reported directly at GitHub pull requests (using SARIF format).
@@ -40,3 +84,77 @@ jobs:
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
``` ```
## Advanced Configuration
### Customizing ShellCheck Options
ShellCheck supports various options that can be used in your workflow:
```yaml
- name: Run ShellCheck
run: |
shellcheck \
--severity=warning \ # Set minimum severity
--shell=bash \ # Specify shell dialect
--format=gcc \ # Set output format
**/*.sh
```
### Common Options
- `-S [error|warning|info|style]`: Set minimum severity of errors to consider
- `-s [sh|bash|dash|ksh]`: Specify shell dialect
- `-e [SC1234,SC2345]`: Exclude specific error codes
- `-f [checkstyle|diff|gcc|json|quiet|tty]`: Set output format
### Version Pinning
To ensure reproducible builds, you can pin to a specific ShellCheck version:
```yaml
- name: Install specific ShellCheck version
run: |
wget https://github.com/koalaman/shellcheck/releases/download/v0.9.0/shellcheck-v0.9.0.linux.x86_64.tar.xz
tar -xf shellcheck-v0.9.0.linux.x86_64.tar.xz
sudo cp shellcheck-v0.9.0/shellcheck /usr/bin/
```
## Example Configurations
### Check All Shell Scripts
```yaml
- name: Run ShellCheck
run: find . -type f -name "*.sh" -exec shellcheck {} +
```
### Using with Matrix Strategy
```yaml
jobs:
shellcheck:
strategy:
matrix:
shell: [bash, sh, dash, ksh]
steps:
- name: Run ShellCheck
run: shellcheck --shell=${{ matrix.shell }} **/*.sh
```
### Selective Checking
```yaml
- name: Check scripts in specific directory
run: shellcheck scripts/*.sh src/scripts/*.sh
```
## Additional Resources
- [ShellCheck Documentation](https://github.com/koalaman/shellcheck)
- [GitHub Actions Documentation](https://docs.github.com/en/actions)
- [shellcheck-scan Action](https://github.com/marketplace/actions/shellcheck-sarif-analysis)
- [@redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck)
---
_Last updated: 2024-12-21 by [@reactive-firewall](https://github.com/reactive-firewall)_