Sync repo templates ⚙
Sync with coreos/repo-templates@5cf8e0dafae4e781c2593ee0f0d6f268b5b5f594.
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
new file mode 100644
index 0000000..302c823
--- /dev/null
+++ b/.github/workflows/shellcheck.yml
@@ -0,0 +1,24 @@
+# Template generated by https://github.com/coreos/repo-templates; do not edit downstream
+
+name: ShellCheck
+
+on:
+ pull_request:
+ branches: [main]
+
+permissions:
+ contents: read
+
+jobs:
+ shellcheck:
+ name: Shellcheck
+ runs-on: ubuntu-latest
+ container: quay.io/coreos-assembler/fcos-buildroot:testing-devel
+ steps:
+ - name: Check out repository
+ uses: actions/checkout@v3
+ # https://github.com/actions/checkout/issues/760
+ - name: Mark git checkout as safe
+ run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+ - name: Run ShellCheck
+ run: ci/shellcheck
diff --git a/ci/shellcheck b/ci/shellcheck
new file mode 100755
index 0000000..7543bd3
--- /dev/null
+++ b/ci/shellcheck
@@ -0,0 +1,35 @@
+#!/bin/bash
+# Template generated by https://github.com/coreos/repo-templates; do not edit downstream
+
+set -euo pipefail
+
+main() {
+ local found_errors="false"
+ # Let's start with error, then we can do warning, info, style
+ local -r severity="error"
+
+ while IFS= read -r -d '' f; do
+ # Skip non-text files that are very unlikely to be shell scripts
+ if [[ "$(file -b --mime-type "${f}" | sed 's|/.*||')" != "text" ]]; then
+ continue
+ fi
+ shebang="$(head -1 "${f}")"
+ if [[ "${f}" == *.sh ]] || \
+ [[ ${shebang} =~ ^#!/.*/bash.* ]] || \
+ [[ ${shebang} =~ ^#!/.*/env\ bash ]]; then
+ echo "[+] Checking ${f}"
+ shellcheck --external-sources --shell bash --severity="${severity}" "${f}" || found_errors="true"
+ bash -n "${f}" || found_errors="true"
+ fi
+ done< <(find . -path "./.git" -prune -o -path "./vendor" -prune -o -type f -print0)
+
+ if [[ "${found_errors}" != "false" ]]; then
+ echo "[+] Found errors with ShellCheck"
+ exit 1
+ fi
+
+ echo "[+] No error found with ShellCheck"
+ exit 0
+}
+
+main "${@}"
