diff --git a/README.md b/README.md index e444507..1356c49 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v1 + - name: Run ShellCheck uses: azohra/shell-linter@latest ``` @@ -69,14 +70,17 @@ Note that `exclude-paths` only accepts paths relative to your project's root dir To exclude a folder and it's content recursively just provide the path of the folder **without** a `/` at the end. In the example above, the entire folder at the path `tests/unit_tests` will be excluded from linting. -#### Run static analysis for all the shell scripts and only report issue with error severity: +#### Run static analysis for all the shell scripts and only report issues with error severity while excluding specific issues: ```yml - name: Run ShellCheck uses: azohra/shell-linter@latest with: path: "src/*.sh" severity: "error" + exclude-issues: "SC1068,SC1066" ``` +Note that `exclude-issues` contains a list of issues to ignore (example: "SC1068") comma-separated without any spaces. + #### Run analysis by using a specific version of Shell Linter: ```yml - name: Run ShellCheck @@ -85,12 +89,15 @@ To exclude a folder and it's content recursively just provide the path of the fo # Input -### `path` -Optional. Execute lint check on a specific file or folder. Default: `.` +### `exclude-issues` +Optional. Specify shellcheck issues to exclude during scan. For more information refer to [Checks](https://github.com/koalaman/shellcheck/wiki/Checks). Default: scan all issues. ### `exclude-paths` Optional. Exclude files and folders from ShellCheck scan. +### `path` +Optional. Execute lint check on a specific file or folder. Default: `.` + ### `severity` Optional. Specify minimum severity of errors to consider [style, info, warning, error]. Default: `style` diff --git a/action.yml b/action.yml index 84be49e..2f29f82 100644 --- a/action.yml +++ b/action.yml @@ -14,7 +14,10 @@ inputs: description: 'Specify files or folders to exclude during scan.' required: false default: '' - + exclude-issues: + description: 'Specify shellcheck issues to exclude during scan.' + required: false + default: '' runs: using: 'docker' image: 'Dockerfile' @@ -22,6 +25,7 @@ runs: - ${{ inputs.path }} - ${{ inputs.severity }} - ${{ inputs.exclude-paths}} + - ${{ inputs.exclude-issues }} branding: icon: 'check-circle' color: 'green' diff --git a/entrypoint.sh b/entrypoint.sh index 9bdf8b8..27175c5 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -4,7 +4,8 @@ input_paths="$1" severity_mode="$2" exclude_paths="$3" -execution_mode="$4" +exclude_issues="$4" +execution_mode="$5" my_dir=$(pwd) status_code="0" find_path_clauses=(! -path "${my_dir}/.git/*") @@ -31,6 +32,11 @@ process_input(){ done fi + optional_params="" + if [[ ! -z "$exclude_issues" ]]; then + optional_params="--exclude $exclude_issues" + fi + if [[ -n "$input_paths" && "$input_paths" != "." ]]; then for path in $(echo "$input_paths" | tr "," "\n"); do if [ -d "$path" ]; then @@ -58,7 +64,7 @@ scan_file(){ echo "###############################################" echo " Scanning $file" echo "###############################################" - shellcheck -x "$file_path" --severity="$severity_mode" + shellcheck -x "$file_path" --severity="$severity_mode" $optional_params local exit_code=$? if [ $exit_code -eq 0 ] ; then printf "%b" "Successfully scanned ${file_path} 🙌\n" diff --git a/test_data/exclude_issues/test_script_exclude_multiple_errors.sh b/test_data/exclude_issues/test_script_exclude_multiple_errors.sh new file mode 100644 index 0000000..98598c6 --- /dev/null +++ b/test_data/exclude_issues/test_script_exclude_multiple_errors.sh @@ -0,0 +1,6 @@ +#! /bin/bash + +var=World; echo "Hello " +echo "$(date)" + +$foo=42 diff --git a/test_data/exclude_issues/test_script_exclude_none.sh b/test_data/exclude_issues/test_script_exclude_none.sh new file mode 100644 index 0000000..0bf1a2d --- /dev/null +++ b/test_data/exclude_issues/test_script_exclude_none.sh @@ -0,0 +1,3 @@ +#! /bin/bash + +echo "Hello $name" diff --git a/test_data/exclude_issues/test_script_exclude_one_error.sh b/test_data/exclude_issues/test_script_exclude_one_error.sh new file mode 100644 index 0000000..4120880 --- /dev/null +++ b/test_data/exclude_issues/test_script_exclude_one_error.sh @@ -0,0 +1,3 @@ +#!/bin/sh +var = 42 +echo -n 42 diff --git a/tests/integration_tests/exclude_issues_tests.sh b/tests/integration_tests/exclude_issues_tests.sh new file mode 100644 index 0000000..6cbb55f --- /dev/null +++ b/tests/integration_tests/exclude_issues_tests.sh @@ -0,0 +1,37 @@ +#! /bin/bash + +source ./entrypoint.sh "" "" "" "" "--test" + +test_exclude_no_error(){ + input_paths="./test_data/exclude_issues/test_script_exclude_none.sh" + severity_mode="style" + exclude_issues="" + local expected_error="SC2154" + local actual_message=$(process_input) + + assertContains "Actual messages:$actual_message Did not find the message.\n" "$actual_message" "$expected_error" +} + +test_exclude_one_error(){ + input_paths="./test_data/exclude_issues/test_script_exclude_one_error.sh" + severity_mode="style" + exclude_issues="SC2283" + local expected_error="SC3037" + local not_expected_error="SC2283" + local actual_message=$(process_input) + + assertContains "Actual messages:$actual_message Did not find the message.\n" "$actual_message" "$expected_error" + assertNotContains "Actual messages:$actual_message contains the message.\n" "$actual_message" "$not_expected_error" +} + +test_exclude_multiple_errors(){ + input_paths="./test_data/exclude_issues/test_script_exclude_multiple_errors.sh" + severity_mode="style" + exclude_issues="SC1017,SC2281,SC2034,SC2154,SC2005" + local expected_message="Successfully scanned" + local actual_message=$(process_input) + + assertContains "Actual messages:$actual_message Did not find the message.\n" "$actual_message" "$expected_message" +} + +source ./tests/shunit2 diff --git a/tests/integration_tests/ignored_path_tests.sh b/tests/integration_tests/ignored_path_tests.sh index 313b2cc..dcb316b 100755 --- a/tests/integration_tests/ignored_path_tests.sh +++ b/tests/integration_tests/ignored_path_tests.sh @@ -1,7 +1,7 @@ #! /bin/bash # shellcheck disable=SC2155 -source ./entrypoint.sh "" "" "" "--test" +source ./entrypoint.sh "" "" "" "" "--test" test_ignore_directories(){ local exclude_paths="test_dir,severity_mode" diff --git a/tests/integration_tests/input_path_tests.sh b/tests/integration_tests/input_path_tests.sh index 941c6ba..10cce57 100755 --- a/tests/integration_tests/input_path_tests.sh +++ b/tests/integration_tests/input_path_tests.sh @@ -1,7 +1,7 @@ #! /bin/bash # shellcheck disable=SC2155 -source ./entrypoint.sh "" "" "" "--test" +source ./entrypoint.sh "" "" "" "" "--test" test_execution_mode(){ local expected_path=./test_data diff --git a/tests/integration_tests/severity_mode_tests.sh b/tests/integration_tests/severity_mode_tests.sh index b24bbec..0ca6372 100755 --- a/tests/integration_tests/severity_mode_tests.sh +++ b/tests/integration_tests/severity_mode_tests.sh @@ -1,6 +1,6 @@ #! /bin/bash -source ./entrypoint.sh "" "" "" "--test" +source ./entrypoint.sh "" "" "" "" "--test" test_severity_mode_invalid(){ input_paths="./test_data/severity_mode/test_script_warning.sh" diff --git a/tests/unit_tests/scan_tests.sh b/tests/unit_tests/scan_tests.sh index 45d62b6..84d7ea7 100755 --- a/tests/unit_tests/scan_tests.sh +++ b/tests/unit_tests/scan_tests.sh @@ -1,7 +1,7 @@ #! /bin/bash # shellcheck disable=SC2155 -source ./entrypoint.sh "" "style" "" "--test" +source ./entrypoint.sh "" "style" "" "" "--test" # scan_file tests test_scan_valid_script_with_extension(){