diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..17acf34 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,24 @@ +name: lint + +on: [push] + +jobs: + lint: + name: Run ShellCheck + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Install ShellCheck + run: sudo apt-get install shellcheck + + - name: Find shell scripts with \#!/bin/sh and run ShellCheck + run: | + files=$(find . -type f ! -path '*/\.*' -exec grep -lE '^#!(/usr)?/bin/sh' {} +) + if [ -n "$files" ]; then + shellcheck -a -S warning -s sh $files + else + echo "No shell scripts with #!/bin/sh shebang found." + fi diff --git a/.shellcheckrc b/.shellcheckrc new file mode 100644 index 0000000..bc0cd11 --- /dev/null +++ b/.shellcheckrc @@ -0,0 +1 @@ +disable=SC1090 diff --git a/check-pots.sh b/check-pots.sh index 67cceac..bb1ad4d 100755 --- a/check-pots.sh +++ b/check-pots.sh @@ -1,11 +1,11 @@ #!/bin/sh -set -euo pipefail +set -eu # Debug any running pots by performing a basic healthcheck check_tree() { if [ -e $1 ]; then - if [ $(ls $1 | wc -l) = 0 ]; then + if [ "$(ls $1 | wc -l)" -eq 0 ]; then echo "[debug] $1 for $pot is empty" fi else @@ -16,13 +16,13 @@ check_tree() { check_pot() { # Are needed rcvars enabled for the pot? rcvar=$(pot exec -p $pot sysrc sshd_enable) - if [ $(echo $rcvar | grep -o NO ) ]; then + if [ "$(echo $rcvar | grep -o NO )" ]; then echo "[warning] sshd is disabled on $pot" fi # Is the pot configured to use pkg? for pkg in pkg64 pkg64c pk64cb; do - if [ -z $(pot exec -p $pot which $pkg) ]; then + if [ -z "$(pot exec -p $pot which $pkg)" ]; then echo "[warning] $pkg on $pot was not found" fi @@ -40,7 +40,7 @@ check_pot() { echo "[debug] attempting healthchecks on all pots currently active" pots=$(pot ps | grep -v '===' | wc -l) -if [ $(echo $pots) > 0 ]; then +if [ "$(echo $pots)" -gt 0 ]; then for pot in $pots; do echo "[debug] checking $pot" check_pot diff --git a/config.sh b/config.sh index 4f18cf6..c66aa49 100755 --- a/config.sh +++ b/config.sh @@ -1,15 +1,17 @@ #!/bin/sh -set -eo pipefail -SCRIPTDIR=$(realpath $(dirname $0)) +set -e +SCRIPTDIR=$(realpath "$(dirname $0)") -if [ "$1" != '--url' -o "$3" != '--token' ] ; then +if [ "$1" != '--url' ] || [ "$3" != '--token' ]; then + # shellcheck disable=all echo usage ./config.sh --url https://github.com/{account}/{repo} --token {token} echo Copy this command from the GitHub actions runner setup page exit 1 fi # Generate a random string for the runner name, if using config.sh without variables -export RANDOM=$(LC_ALL=C tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 8) +RANDOM="$(LC_ALL=C tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 8)" +export RANDOM . ${SCRIPTDIR}/check-envs.sh mkdir -p ${RUNNER_CONFIG_DIRECTORY} diff --git a/create-base.sh b/create-base.sh index bb5721f..3601228 100755 --- a/create-base.sh +++ b/create-base.sh @@ -1,5 +1,5 @@ #!/bin/sh -set -eo pipefail +set -e if [ ! "${CHERIBSD_BUILD_ID}" ]; then mkdir -p /usr/local/share/freebsd/MANIFESTS/ ARCH=$(curl -s \ @@ -14,7 +14,7 @@ if [ ! "${CHERIBSD_BUILD_ID}" ]; then CHERIBSD_BUILD_ID=$(echo $ARCH | awk -F " " '{print $NF}') fi -if [ ! $(pot ls -b | grep -o ${CHERIBSD_BUILD_ID}) ]; then +if [ ! "$(pot ls -b | grep -o "${CHERIBSD_BUILD_ID}")" ]; then echo Creating base pot for $CHERIBSD_BUILD_ID pot create-base -r $CHERIBSD_BUILD_ID diff --git a/create-runner.sh b/create-runner.sh index 919e9cd..153a850 100755 --- a/create-runner.sh +++ b/create-runner.sh @@ -1,5 +1,5 @@ #!/bin/sh -set -eo pipefail +set -e EXTRA_FLAVOURS= if [ "${RUNNER_FLAVOURS}" ] ; then diff --git a/flavours/github-act-configure.sh b/flavours/github-act-configure.sh index 75c5f59..c3b30fa 100755 --- a/flavours/github-act-configure.sh +++ b/flavours/github-act-configure.sh @@ -13,7 +13,7 @@ ARCH=$(curl -s \ grep -Eo "\w{1,}\.\w{1,}" | sort -u) CHERIBSD_BUILD_ID=$(echo ${ARCH} | awk -F " " '{print $NF}') # Configure the runner -cd /root/runner +cd /root/runner || return 1 GODEBUG="asyncpreemptoff=1" /usr/local64/bin/github-act-runner configure \ --url "${GITHUB_URL}" \ --token "${GITHUB_TOKEN}" \ diff --git a/flavours/github-act.sh b/flavours/github-act.sh index e1481d8..cedb5e7 100755 --- a/flavours/github-act.sh +++ b/flavours/github-act.sh @@ -1,15 +1,18 @@ #!/bin/sh export PAGER=/bin/cat +# Source os-release to get the OS name +. /etc/os-release + # Update to the latest stable release -case $( . /etc/os-release; echo $NAME ) in - FreeBSD) +if [ "$NAME" = "FreeBSD" ]; then freebsd-update --not-running-from-cron fetch install - ;& - CheriBSD) - echo skipped freebsd-update for CheriBSD - ;; -esac + echo "FreeBSD update completed." +fi + +if [ "$NAME" = "CheriBSD" ]; then + echo "skipped freebsd-update for $NAME" +fi pkg64 install -y git node bash diff --git a/get_token.sh b/get_token.sh index 4ad644b..f79c158 100755 --- a/get_token.sh +++ b/get_token.sh @@ -1,5 +1,5 @@ #!/bin/sh -set -eo pipefail +set -e # Ensure GITHUB_PAT and GITHUB_ORG environment variables are set if [ -z "$GITHUB_PAT" ] || [ -z "$GITHUB_ORG" ]; then diff --git a/gh_actions b/gh_actions index 23332f6..5e8a285 100755 --- a/gh_actions +++ b/gh_actions @@ -5,6 +5,8 @@ # BEFORE: securelevel # KEYWORD: shutdown +# shellcheck disable=SC2034 + . /etc/rc.subr PATH=$PATH:/usr/local64/bin @@ -22,8 +24,8 @@ gh_actions_running=/var/run/github-runners gh_actions_start() { - local POT touch /var/run/github-runners + # shellcheck disable=SC2154 for RUNNER_NAME in ${gh_actions_pots} ; do export RUNNER_NAME run-actions-runner.sh > /dev/null 2> /dev/null & @@ -46,7 +48,7 @@ gh_actions_stop() sleep 1 # FIXME: This is racy. if [ -f /var/run/github-runners.${RUNNER_NAME} ]; then - kill `cat /var/run/github-runners.${RUNNER_NAME}` + kill "$(cat "/var/run/github-runners.${RUNNER_NAME}")" fi fi fi @@ -61,7 +63,7 @@ gh_actions_stop() while [ -f /var/run/github-runners.${RUNNER_NAME} ]; do sleep 1 COUNT=$(expr $COUNT + 1) - if [ $(expr $COUNT % 10) -eq 0 ] ; then + if [ "$(expr $COUNT % 10)" -eq 0 ] ; then echo Waiting for ${RUNNER_NAME} to exit... fi done @@ -77,11 +79,11 @@ gh_actions_status() for RUNNER_NAME in ${gh_actions_pots} ; do pot info -qr -p ${RUNNER_NAME}-ephemeral > /dev/null 2>&1 if [ $? -eq 0 ] ; then - echo -n ${RUNNER_NAME} pot running + printf "%s" "${RUNNER_NAME} pot running" if [ -f /var/run/github-runners.${RUNNER_NAME} ]; then - echo " managed by process $(cat /var/run/github-runners.${RUNNER_NAME})" + printf " managed by process %s\n" "$(cat /var/run/github-runners.${RUNNER_NAME})" else - echo " but appears to be orphaned" + printf " but appears to be orphaned\n" fi fi done diff --git a/install.sh b/install.sh index 2f6a937..b2f92a7 100755 --- a/install.sh +++ b/install.sh @@ -1,5 +1,5 @@ #!/bin/sh -set -euo pipefail +set -eu POT=$(which pot) FLAVOURS=$(dirname ${POT})/../etc/pot/flavours if [ ! -d ${FLAVOURS} ]; then @@ -7,7 +7,7 @@ if [ ! -d ${FLAVOURS} ]; then exit 1 fi -echo Installing flavours to $(realpath ${FLAVOURS}) +echo Installing flavours to "$(realpath ${FLAVOURS})" install -m 644 flavours/github-act flavours/github-act-configured ${FLAVOURS} install flavours/bootstrap ${FLAVOURS} install flavours/github-act ${FLAVOURS} diff --git a/jobs/clean-pots.sh b/jobs/clean-pots.sh index c5c7365..2892294 100755 --- a/jobs/clean-pots.sh +++ b/jobs/clean-pots.sh @@ -1,5 +1,5 @@ #!/bin/sh -set -euo pipefail +set -eu # Remove any misconfigured jails diff --git a/jobs/count-pots.sh b/jobs/count-pots.sh index 07a4b1b..64c4fba 100755 --- a/jobs/count-pots.sh +++ b/jobs/count-pots.sh @@ -1,11 +1,11 @@ #!/bin/sh -set -euo pipefail +set -eu # Print health status pots=$(pot ls -p -q | wc -l) runners=$(sysrc gh_actions_pots | wc -l) -if [ "$(echo $pots)" > 0 ] || [ "$(echo $runners)" > 0 ]; then +if [ "$(echo $pots)" -gt 0 ] || [ "$(echo $runners)" -gt 0 ]; then echo "Runner health check: $(date -R) $pots pot(s) found $runners runner(s) configured to start automatically" diff --git a/jobs/restart-actions.sh b/jobs/restart-actions.sh index 44deb06..dfc2f2f 100755 --- a/jobs/restart-actions.sh +++ b/jobs/restart-actions.sh @@ -4,7 +4,7 @@ old_set=$(sysrc -n -q gh_actions_pots) new_set=$(pot ls -p -q | grep -i "cheribsd" | grep -v "-ephemeral") -if [ ! "$(echo $old_set)" == "$(echo $new_set)" ]; then +if [ ! "$(echo $old_set)" = "$(echo $new_set)" ]; then echo "Adding new runners to rc.conf:" $new_set sysrc -q -x gh_actions_pots echo gh_actions_pots=\"$new_set\" >> /etc/rc.conf @@ -12,7 +12,7 @@ fi # Restart the host's GitHub Actions service -if [ "$(sysrc -n gh_actions_enable)" == "YES" ]; then +if [ "$(sysrc -n gh_actions_enable)" = "YES" ]; then echo "Starting all available runners" service gh_actions start fi diff --git a/jobs/scrub-pool.sh b/jobs/scrub-pool.sh index 5ea87f0..ce1b430 100755 --- a/jobs/scrub-pool.sh +++ b/jobs/scrub-pool.sh @@ -1,9 +1,9 @@ #!/bin/sh -set -euo pipefail +set -eu # Perform consistency checks on ZFS pools -if [ $(zpool status | grep -c ONLINE) > 0 ]; then +if [ "$(zpool status | grep -c ONLINE)" -gt 0 ]; then for pool in $(zpool list -o name | tail -n 1); do /sbin/zpool scrub $pool done diff --git a/recreate-runner.sh b/recreate-runner.sh index c2016f4..304b9ab 100755 --- a/recreate-runner.sh +++ b/recreate-runner.sh @@ -1,6 +1,6 @@ #!/bin/sh -set -eo pipefail -SCRIPTDIR=$(realpath $(dirname $0)) +set -e +SCRIPTDIR=$(realpath "$(dirname $0)") . ${SCRIPTDIR}/check-envs.sh # We are going to reinject the configuration from a prior config directory, diff --git a/run-actions-runner.sh b/run-actions-runner.sh index 11652a1..7a32bcc 100755 --- a/run-actions-runner.sh +++ b/run-actions-runner.sh @@ -1,5 +1,5 @@ #!/bin/sh -set -euo pipefail +set -eu if [ -f /var/run/github-runners.${RUNNER_NAME} ]; then echo ${RUNNER_NAME} already running. echo Please delete /var/run/github-runners.${RUNNER_NAME} if the system did not gracefully shut down.