ci: add shellcheck

cd99cbe4 · Andrew Newdigate · 87979ea8 · cd99cbe4 · cd99cbe4 · cd99cbe4
Unverified Commit cd99cbe4 authored 2 years ago by Andrew Newdigate
--- a/.gitlab-ci-asdf-versions.yml
+++ b/.gitlab-ci-asdf-versions.yml
 # DO NOT MANUALLY EDIT; Run ./scripts/update-asdf-version-variables to update this
 variables:
    GL_ASDF_GOLANG_VERSION: 1.17.6
-    GL_ASDF_SHELLCHECK_VERSION: 0.7.0
+    GL_ASDF_SHELLCHECK_VERSION: 0.8.0
    GL_ASDF_SHFMT_VERSION: 3.4.3
--- a/.gitlab-ci-default-asdf-versions.yml
+++ b/.gitlab-ci-default-asdf-versions.yml
 # DO NOT MANUALLY EDIT; Run ./scripts/update-asdf-version-variables to update this
 variables:
    GL_COMMON_CI_TASKS_DEFAULT_ASDF_GOLANG_VERSION: 1.17.6
-    GL_COMMON_CI_TASKS_DEFAULT_ASDF_SHELLCHECK_VERSION: 0.7.0
+    GL_COMMON_CI_TASKS_DEFAULT_ASDF_SHELLCHECK_VERSION: 0.8.0
    GL_COMMON_CI_TASKS_DEFAULT_ASDF_SHFMT_VERSION: 3.4.3
--- a/.tool-versions
+++ b/.tool-versions
@@ -3,5 +3,5 @@
 # NOTE: please add new plugins to ./scripts/install-asdf-plugins.sh when adding items here
  
 golang 1.17.6
-shellcheck 0.7.0
+shellcheck 0.8.0
 shfmt 3.4.3
--- a/README.md
+++ b/README.md
@@ -21,6 +21,7 @@ Includes the following tasks:
 1. [`semantic-release.yml`](#semantic-release): runs [`semantic-release`](https://semantic-release.gitbook.io/semantic-release/) on your repository.
 1. [`asdf-tool-versions.yml`](#asdf-tool-versions): ensures that `.tool-versions` file is synced with .gitlab-ci-asdf-versions.yml, that all the plugins are declared in `./scripts/install-asdf-plugins.sh` and that ASDF is generally working.
 1. [`shfmt.yml`](#shfmt): validates that shell-scripts use a canonical formatting.
+1. [`shellcheck.yml`](#shellcheck): performs linting for shell scripts using [shellcheck](https://www.shellcheck.net/).
  
 ```yaml
 # Requires stages validate and release
@@ -36,7 +37,7 @@ include:
  # common to all projects using this template library.
  # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/README.md#templatesstandardyml
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: templates/standard.yml
 ```
  
@@ -68,7 +69,7 @@ include:
  # Runs golang standard tests, including tests, goreleaser, golangci-lint and go-mod-tidy
  # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/README.md#templatesgolangyml
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: templates/golang.yml
 ```
  
@@ -88,7 +89,7 @@ stages:
  
 include:
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: 'gitlab-scanners.yml'
 ```
  
@@ -104,7 +105,7 @@ stages:
  
 include:
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: 'golangci-lint.yml'
 ```
  
@@ -121,7 +122,7 @@ stages:
  
 include:
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: 'editorconfig-check.yml'
 ```
  
@@ -162,7 +163,7 @@ stages:
  
 include:
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: 'semantic-release.yml'
 ```
  
@@ -244,7 +245,7 @@ variables:
 include:
  # build binary release artifacts with goreleaser
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: goreleaser.yml
 ```
  
@@ -273,7 +274,7 @@ include:
  # and that ASDF is generally working
  # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/README.md#asdf-tool-versions
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: asdf-tool-versions.yml
 ```
  
@@ -307,7 +308,7 @@ include:
  
  # Runs tflint on all terraform module directories
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: tflint.yml
 ```
  
@@ -331,7 +332,7 @@ include:
  
  # Ensures that all terraform files are correctly formatted
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: terraform-format.yml
 ```
  
@@ -358,7 +359,7 @@ include:
  
  # Ensures that all terraform files are syntactically valid
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: terraform-validate.yml
 ```
  
@@ -393,7 +394,7 @@ include:
  # Upgrades dependencies on a schedule
  # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/README.md#renovate-bot
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: renovate-bot.yml
 ```
  
@@ -418,7 +419,7 @@ include:
  # Runs Go unit tests
  # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/README.md#go-unittests
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: go-unittests.yml
 ```
  
@@ -443,11 +444,10 @@ include:
  # Perform `go mod tidy` and ensure that go.mod and go.sum are tidy.
  # see https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/README.md#go-mod-tidy
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.16.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: go-mod-tidy.yml
 ```
  
-
 ### [`shfmt`](./shfmt.yml)
  
 Validates that shell-scripts use a canonical formatting.
@@ -472,6 +472,37 @@ include:
  # Ensure that all shell-scripts are formatted according to a
  # standard canonical format
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
-    ref: v1.13.0 # renovate:managed
+    ref: v1.17.0 # renovate:managed
    file: shfmt.yml
 ```
+
+### [`shellcheck`](./shellcheck.yml)
+
+Performs linting for shell scripts using [Shellcheck](https://www.shellcheck.net/).
+
+1. Ensure that the `GL_ASDF_SHELLCHECK_VERSION` version is configured.
+1. Supports the `COMMON_TASK_VALIDATIONS_EXCLUDES_REGEXP` variable, for excluding paths from validation.
+1. Arguments for Shellcheck can optionally be passed through the variable `SHELLCHECK_ARGS`
+
+```yaml
+stages:
+  - validate
+
+# Not needed if .gitlab-ci-asdf-versions.yml is included...
+variables:
+  GL_ASDF_SHELLCHECK_VERSION: ...
+  # Exclude vendor and files directories from validation
+  COMMON_TASK_VALIDATIONS_EXCLUDES_REGEXP: '^\.(/vendor/|/files/)'
+  # Any arguments for shellcheck
+  SHELLCHECK_ARGS: --source-path=. --source-path=./test/ --source-path=./test/lib/ --source-path=./test/integration/ --external-sources
+
+include:
+  # Not required, but recommended
+  - local: .gitlab-ci-asdf-versions.yml
+
+  # Ensure that all shell-scripts are formatted according to a
+  # standard canonical format
+  - project: 'gitlab-com/gl-infra/common-ci-tasks'
+    ref: v1.17.0 # renovate:managed
+    file: shellcheck.yml
+```
--- a/shellcheck.yml
+++ b/shellcheck.yml
+shellcheck:
+  stage: validate
+  needs: []
+  image: alpine:3
+  script:
+    - apk add grep
+    - SHELLCHECK_VERSION=${GL_ASDF_SHELLCHECK_VERSION:-$GL_COMMON_CI_TASKS_DEFAULT_ASDF_SHELLCHECK_VERSION}
+    - wget https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz -O shellcheck.tar.xz
+    - tar -x --strip-components 1 -f shellcheck.tar.xz -C /usr/local/bin
+    - rm shellcheck.tar.xz
+    - (
+        find . -type f \( -perm -u=x -not -name "*.sh" \) -not -path "*/.*/*" -print0 | xargs -0 grep -rIzlE '^#![[:blank:]]*(/usr/bin/env sh|/usr/bin/env bash|/bin/sh|/bin/bash)';
+        find . -type f -name "*.sh" -not -path "*/.*/*"
+      ) | grep -vE "${COMMON_TASK_VALIDATIONS_EXCLUDES_REGEXP:-__ignored__}" | xargs shellcheck $SHELLCHECK_ARGS
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
--- a/templates/golang.yml
+++ b/templates/golang.yml
 include:
+  # Keep the following items in alphabetical order
  - local: go-mod-tidy.yml
  - local: go-unittests.yml
  - local: golangci-lint.yml

--- a/templates/standard.yml
+++ b/templates/standard.yml
 include:
  - local: .gitlab-ci-default-asdf-versions.yml
-  - local: gitlab-scanners.yml
+  # Keep the following items in alphabetical order
+  - local: asdf-tool-versions.yml
  - local: editorconfig-check.yml
+  - local: gitlab-scanners.yml
+  - local: renovate-bot.yml
  - local: semantic-release.yml
-  - local: asdf-tool-versions.yml
+  - local: shellcheck.yml
  - local: shfmt.yml
-  - local: renovate-bot.yml