github/shellcheck
1
0
Fork 0
mirror of https://github.com/koalaman/shellcheck.git synced 2024-12-21 19:41:25 -08:00
Code Issues Packages Projects Releases Wiki Activity
Page: GitHub Actions
Pages
Azure Pipelines Buildkite CentOS6 Checks CircleCI Contrib DevGuide Directive GitHub Actions GitLab CI Home Ignore Integration JUnit JUnit2text More Installation Guides Optional Parser error Phabricator Recursiveness SC1000 SC1001 SC1003 SC1004 SC1007 SC1008 SC1009 SC1010 SC1011 SC1012 SC1014 SC1015 SC1016 SC1017 SC1018 SC1019 SC1020 SC1026 SC1027 SC1028 SC1029 SC1033 SC1034 SC1035 SC1036 SC1037 SC1038 SC1039 SC1040 SC1041 SC1043 SC1044 SC1045 SC1046 SC1047 SC1048 SC1049 SC1050 SC1051 SC1052 SC1053 SC1054 SC1055 SC1056 SC1057 SC1058 SC1059 SC1060 SC1061 SC1062 SC1063 SC1064 SC1065 SC1066 SC1067 SC1068 SC1069 SC1070 SC1071 SC1072 SC1073 SC1074 SC1075 SC1076 SC1077 SC1078 SC1079 SC1080 SC1081 SC1082 SC1083 SC1084 SC1086 SC1087 SC1088 SC1089 SC1090 SC1091 SC1092 SC1094 SC1095 SC1097 SC1098 SC1099 SC1100 SC1101 SC1102 SC1103 SC1104 SC1105 SC1106 SC1107 SC1108 SC1109 SC1110 SC1111 SC1112 SC1113 SC1114 SC1115 SC1116 SC1117 SC1118 SC1119 SC1120 SC1121 SC1122 SC1123 SC1124 SC1125 SC1126 SC1127 SC1128 SC1129 SC1130 SC1131 SC1132 SC1133 SC1134 SC1135 SC1136 SC1137 SC1138 SC1139 SC1140 SC1141 SC1142 SC1143 SC1144 SC1145 SC2000 SC2001 SC2002 SC2003 SC2004 SC2005 SC2006 SC2007 SC2008 SC2009 SC2010 SC2011 SC2012 SC2013 SC2014 SC2015 SC2016 SC2017 SC2018 SC2019 SC2020 SC2021 SC2022 SC2023 SC2024 SC2025 SC2026 SC2027 SC2028 SC2029 SC2030 SC2031 SC2032 SC2033 SC2034 SC2035 SC2036 SC2037 SC2038 SC2039 SC2040 SC2041 SC2042 SC2043 SC2044 SC2045 SC2046 SC2048 SC2049 SC2050 SC2051 SC2053 SC2054 SC2055 SC2056 SC2057 SC2058 SC2059 SC2060 SC2061 SC2062 SC2063 SC2064 SC2065 SC2066 SC2067 SC2068 SC2069 SC2070 SC2071 SC2072 SC2073 SC2074 SC2075 SC2076 SC2077 SC2078 SC2079 SC2080 SC2081 SC2082 SC2083 SC2084 SC2086 SC2087 SC2088 SC2089 SC2090 SC2091 SC2092 SC2093 SC2094 SC2095 SC2096 SC2097 SC2098 SC2099 SC2100 SC2101 SC2102 SC2103 SC2104 SC2105 SC2106 SC2107 SC2108 SC2109 SC2110 SC2111 SC2112 SC2113 SC2114 SC2115 SC2116 SC2117 SC2118 SC2119 SC2120 SC2121 SC2122 SC2123 SC2124 SC2125 SC2126 SC2127 SC2128 SC2129 SC2130 SC2139 SC2140 SC2141 SC2142 SC2143 SC2144 SC2145 SC2146 SC2147 SC2148 SC2149 SC2150 SC2151 SC2152 SC2153 SC2154 SC2155 SC2156 SC2157 SC2158 SC2159 SC2160 SC2161 SC2162 SC2163 SC2164 SC2165 SC2166 SC2167 SC2168 SC2169 SC2170 SC2171 SC2172 SC2173 SC2174 SC2175 SC2176 SC2177 SC2178 SC2179 SC2180 SC2181 SC2182 SC2183 SC2184 SC2185 SC2186 SC2187 SC2188 SC2189 SC2190 SC2191 SC2192 SC2193 SC2194 SC2195 SC2196 SC2197 SC2198 SC2199 SC2200 SC2201 SC2202 SC2203 SC2204 SC2205 SC2206 SC2207 SC2208 SC2209 SC2210 SC2211 SC2212 SC2213 SC2214 SC2215 SC2216 SC2217 SC2218 SC2219 SC2220 SC2221 SC2222 SC2223 SC2224 SC2225 SC2226 SC2227 SC2229 SC2230 SC2231 SC2232 SC2233 SC2234 SC2235 SC2236 SC2237 SC2238 SC2239 SC2240 SC2241 SC2242 SC2243 SC2244 SC2245 SC2246 SC2247 SC2248 SC2249 SC2250 SC2251 SC2252 SC2253 SC2254 SC2255 SC2256 SC2257 SC2258 SC2259 SC2260 SC2261 SC2262 SC2263 SC2264 SC2265 SC2266 SC2267 SC2268 SC2269 SC2270 SC2271 SC2272 SC2273 SC2274 SC2275 SC2276 SC2277 SC2278 SC2279 SC2280 SC2281 SC2282 SC2283 SC2284 SC2285 SC2286 SC2287 SC2288 SC2289 SC2290 SC2291 SC2292 SC2293 SC2294 SC2295 SC2296 SC2297 SC2298 SC2299 SC2300 SC2301 SC2302 SC2303 SC2304 SC2305 SC2306 SC2307 SC2308 SC2309 SC2310 SC2311 SC2312 SC2313 SC2314 SC2315 SC2316 SC2317 SC2318 SC2319 SC2320 SC2321 SC2322 SC2323 SC2324 SC2325 SC2326 SC2327 SC2328 SC2329 SC2330 SC3001 SC3002 SC3003 SC3004 SC3005 SC3006 SC3007 SC3008 SC3009 SC3010 SC3011 SC3012 SC3013 SC3014 SC3015 SC3016 SC3017 SC3018 SC3019 SC3020 SC3021 SC3022 SC3023 SC3024 SC3025 SC3026 SC3028 SC3029 SC3030 SC3031 SC3032 SC3033 SC3034 SC3035 SC3036 SC3037 SC3038 SC3039 SC3040 SC3041 SC3042 SC3043 SC3044 SC3045 SC3046 SC3047 SC3048 SC3049 SC3050 SC3051 SC3052 SC3053 SC3054 SC3055 SC3056 SC3057 SC3059 SC3060 SCXXXX Template TravisCI checkstyle2text severity ”ErrorCode
6 GitHub Actions
Mr. Walls edited this page 2024-12-20 20:36:22 -08:00
Table of Contents

GitHub Actions is a powerful automation platform that can run ShellCheck against your shell scripts. ShellCheck is pre-installed on GitHub's Ubuntu runners, making it easy to integrate into your workflows.

Basic Usage

The simplest way to run ShellCheck is directly using the pre-installed binary:

name: "ShellCheck"
on: [push, pull_request]

jobs:
  shellcheck:
    name: ShellCheck
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: Run ShellCheck
      run: shellcheck **/*.sh

GitHub Advanced Security Integration

To use ShellCheck with GitHub Advanced Security code scanning, you can use shellcheck-scan which generates SARIF reports:

name: ShellCheck SARIF
on: [push, pull_request]

jobs:
  scan:
    name: ShellCheck Analysis
    runs-on: ubuntu-latest
    permissions:
      security-events: write  # required for uploading SARIF results
      actions: read          # only required for workflows in private repositories
      contents: read
    steps:
    - uses: actions/checkout@v4
    - name: Run ShellCheck with SARIF output
      uses: reactive-firewall/shellcheck-scan@v1

Differential ShellCheck

GitHub action for running ShellCheck differentially. New findings are reported directly at GitHub pull requests (using SARIF format).

Usage:

name: Differential ShellCheck
on:
  push:
    branches: [ main ]
  pull_request:
    branches: [main]

permissions:
  contents: read

jobs:
  lint:
    runs-on: ubuntu-latest

    permissions:
      # required for all workflows
      security-events: write

      # only required for workflows in private repositories
      actions: read
      contents: read

    steps: 
      - name: Repository checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Differential ShellCheck
        uses: redhat-plumbers-in-action/differential-shellcheck@v5
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

Advanced Configuration

Customizing ShellCheck Options

ShellCheck supports various options that can be used in your workflow:

- name: Run ShellCheck
  run: |
    shellcheck \
      --severity=warning \  # Set minimum severity
      --shell=bash \       # Specify shell dialect
      --format=gcc \       # Set output format
      **/*.sh

Common Options

  • -S [error|warning|info|style]: Set minimum severity of errors to consider
  • -s [sh|bash|dash|ksh]: Specify shell dialect
  • -e [SC1234,SC2345]: Exclude specific error codes
  • -f [checkstyle|diff|gcc|json|quiet|tty]: Set output format

Version Pinning

To ensure reproducible builds, you can pin to a specific ShellCheck version:

- name: Install specific ShellCheck version
  run: |
    wget https://github.com/koalaman/shellcheck/releases/download/v0.9.0/shellcheck-v0.9.0.linux.x86_64.tar.xz
    tar -xf shellcheck-v0.9.0.linux.x86_64.tar.xz
    sudo cp shellcheck-v0.9.0/shellcheck /usr/bin/

Example Configurations

Check All Shell Scripts

- name: Run ShellCheck
  run: find . -type f -name "*.sh" -exec shellcheck {} +

Using with Matrix Strategy

jobs:
  shellcheck:
    strategy:
      matrix:
        shell: [bash, sh, dash, ksh]
    steps:
    - name: Run ShellCheck
      run: shellcheck --shell=${{ matrix.shell }} **/*.sh

Selective Checking

- name: Check scripts in specific directory
  run: shellcheck scripts/*.sh src/scripts/*.sh

Additional Resources

Last updated: 2024-12-21 by @reactive-firewall

ShellCheck

Each individual ShellCheck warning has its own wiki page like SC1000. Use GitHub Wiki's "Pages" feature above to find a specific one, or see Checks.