使用shellcheck(https://github.com/koalaman/shellcheck)从GitHub Workflows中提取和检查shell脚本,以识别潜在问题。
项目描述
shellcheck-gha
此Python脚本从GitHub workflows(`jobs.<job_id>.steps[*].run`)中提取shell脚本,并对其运行ShellCheck。
安装
需求
- Python ≥ 3.11
- ShellCheck ≥ 0.9.0,可在
apt、brew、cabal、dnf和pkg上使用。
使用GitHub Actions(推荐)
可以将shellcheck-gha项目用作GitHub Workflow步骤
on:
push:
paths:
- .github/**
pull_request:
paths:
- .github/**
permissions:
contents: read
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run ShellCheck
uses: saleor/shellcheck-gha@v0
# Uncomment to customize the scan directory:
# with:
# scan-directory-path: .github/
[!重要]
默认情况下,只有./.github目录会被扫描(递归)。如果某些 GitHub 组合操作定义在.github目录之外,请考虑通过修改scan-directory-path参数来添加步骤以扫描额外的目录。
PyPI
项目托管在 PyPI 上,网址为 https://pypi.ac.cn/project/shellcheck-gha/。要安装项目,请运行
$ pip install shellcheck-gha
从源
或者,可以使用 poetry 克隆并安装项目。
$ git clone https://github.com/saleor/shellcheck-gha
$ pip install poetry
$ poetry install
$ shellcheck-gha --help
用法
$ shellcheck-gha --help
usage: shellcheck-gha [-h] [--default-shell DEFAULT_SHELL] [--verbose] [--debug] [--skip-unknown-files | --no-skip-unknown-files] [directory]
positional arguments:
directory
options:
-h, --help show this help message and exit
--default-shell DEFAULT_SHELL
The default shell running in the workflow(s)
--verbose Show more details about the execution.
--debug Add debug information (takes precedence over --verbose).
--skip-unknown-files, --no-skip-unknown-files
Whether to exit with an error on when parsing non-GitHub workflow or composite action YAML files. Skipping is useful when a directory
may be mixed with other YAML files (e.g. config files such as .github/dependabot.yaml). Unknown files are skipped by default.
示例
$ shellcheck-gha .
=== Results: 2 file(s) have findings ===
Scanned 5 files (16 shell scripts)
[INFO] In bad.yaml:
Message: Double quote to prevent globbing and word splitting.
More information: https://www.shellcheck.net/wiki/SC2086
Code:
test $USE_GITIGNORE == true
^^^^^^^^^^^^^^^
[INFO] In tests/sample_workflows/with-findings.yaml:
Message: Double quote to prevent globbing and word splitting.
More information: https://www.shellcheck.net/wiki/SC2086
Code:
echo $BAD_JOB1
^^^^^^^^^^
[INFO] In tests/sample_workflows/with-findings.yaml:
Message: Double quote to prevent globbing and word splitting.
More information: https://www.shellcheck.net/wiki/SC2086
Code:
echo $BAD_JOB2
^^^^^^^^^^
目标
- 仅检查与 *nix 相关的 shell(sh、bash、ksh)
- 提供有用的日志,使用户能够快速找到他们工作流程中的问题代码。
非目标
- 差异检查(基础提交与头提交)
- 对 GitHub 工作流程的逻辑理解,例如(但不限于)
- 处理
defaults.run.shell - 支持字符串插值(
${{ ... }})
- 处理
- 追踪发现的确切位置(行号、列)
下载文件
下载适用于您的平台的文件。如果您不确定选择哪个,请了解有关 安装软件包 的更多信息。
源分发
shellcheck_gha-0.1.2.tar.gz (9.7 kB 查看哈希)
构建分发
shellcheck_gha-0.1.2-py3-none-any.whl (11.4 kB 查看哈希)
关闭
shellcheck_gha-0.1.2.tar.gz 的哈希
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | 714eaf45c2dc544be5cb709b51220d9ca8ea5e8ea62c05844670432751eb2ee8 |
|
| MD5 | dec0e4f70d7a1377af7ef4162e2b953e |
|
| BLAKE2b-256 | eda63ebf2e72c1511c73c5e4c2dcdb5607f7a0ea148862780775ff463fcc4916 |
关闭
shellcheck_gha-0.1.2-py3-none-any.whl 的哈希
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | 6fcd645a34ba35801f00e0885ef0dc44adc36848c3b2a52c3fdf90bd05e5aac4 |
|
| MD5 | 8c2cad51aa293844d9337f231675bf2e |
|
| BLAKE2b-256 | 2546fb8263215f03fba2d33843b9f773b8c663f346101f77dd1b29bf721ae49c |