Skip to content

[CI] Solve python_safety failure regarding pip version #1365

[CI] Solve python_safety failure regarding pip version

[CI] Solve python_safety failure regarding pip version #1365

Workflow file for this run

name: shellcheck
on: [pull_request, push]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
shellcheck:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login != github.event.pull_request.base.repo.owner.login
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Download shellcheck
run: |
curl -sSfL "$(curl -sSf 'https://api.github.com/repos/koalaman/shellcheck/releases/latest' | mawk -F\" '/"browser_download_url.*\.linux\.x86_64\.tar\.xz"/{print $4;exit}')" -o shellcheck.tar.xz
tar --wildcards --strip-components=1 -xf shellcheck.tar.xz '*/shellcheck'
rm shellcheck.tar.xz
- name: Run shellcheck
run: |
mapfile -t FILES < <(find . -not \( -path './.git' -prune \) -type f) # read all files to array
for i in "${!FILES[@]}"
do
[[ ${FILES[$i]##*/} =~ '.'[^.]*'sh'$ ]] && continue # file has shell extension
[[ $(mawk 'NR==1 && $0 ~ /^#!.*sh([[:blank:]]|$)/{print;exit}' "${FILES[$i]}") ]] && continue # file has shell shebang
unset -v "FILES[$i]" # else remove from array
done
./shellcheck -xC -o all -e SC2244,SC2250,SC2312 "${FILES[@]}"