v4.0.2

What's Changed

Bug Fixes

• Correctly handle character escaping in file names (e.g. ␣ and &) 🪂 (#190) @jamacku

Documentation

• Improve permission documentation 📖 (#192) @jamacku @james-callahan
• Return permissions into example of use 🔐 (#186) @jamacku
• Code documentation 📚 (#170) @jamacku

Automation and CI changes

• More tests 🧪 (#191) @jamacku

Dependency Updates

7 changes

• build(deps): bump github/codeql-action from 2.1.38 to 2.1.39 (#195) @dependabot
• build(deps): bump github/super-linter from 4.10.0 to 4.10.1 (#194) @dependabot
• build(deps): bump bobheadxi/deployments from 1.3.0 to 1.4.0 (#193) @dependabot
• build(deps): bump test/bats from 56507db to 5a47c79 (#183) @dependabot
• build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler from 2.0.3 to 2.0.4 (#182) @dependabot
• build(deps): bump github/codeql-action from 2.1.37 to 2.1.38 (#181) @dependabot
• build(deps): bump test/test_helper/bats-file from b45ed3d to 8ee7bb9 (#184) @dependabot

Full Changelog: v4.0.1...v4.0.2

v4.0.1

What's Changed

• Version Bump 🐤

Full Changelog: v4.0.0...v4.0.1

v4.0.0

What's Changed

• Tag latest is no longer available. Use major tags instead (e.g. v4).

• Action can be triggered using the GitHub push event

  on:
    push:
  
  jobs:
    lint:
      runs-on: ubuntu-latest
  
      steps:
        - uses: actions/checkout@v3
          with:
            fetch-depth: 0
  
        - uses: redhat-plumbers-in-action/differential-shellcheck@v4
          with:
            token: ${{ secrets.GITHUB_TOKEN }}

• Action now performs full scans on the push event by default and on the manual trigger when requested

• SARIF file is now exposed under output sarif for further use.

    - if: ${{ always() }}
      name: Upload artifact with defects in SARIF format
      uses: actions/upload-artifact@v3
      with:
        name: Differential ShellCheck SARIF
        path: ${{ steps.ShellCheck.outputs.sarif }}
        retention-days: 7

• Removal of unused output - ENV.LIST_OF_SCRIPTS

• Increased code coverage

• Some minor bugfixes, ShellCheck fixes, and CI updates

Breaking

• Don't update the latest tag, to avoid breakage 🛑 (#156) @jamacku

New

• Expose SARIF results as output for further use 📦 (#110) @jamacku, @kdudka
• Support full ShellCheck scans 🕵️ (#167) @jamacku, @siteshwar
• Add support for running Action on GitHub push event 🎄 (#165) @jamacku, @lzaoral, @kdudka

Bug Fixes

• Use GITHUB_EVENT_NAME only when var is undefined (#178) @jamacku

Maintenance

• Don't update the latest tag, to avoid breakage 🛑 (#156) @jamacku

Dependency Updates

9 changes

• build(deps): bump test/test_helper/bats-assert from 78fa631 to db015db (#175) @dependabot
• build(deps): bump test/bats from e6db0b8 to 56507db (#177) @dependabot
• build(deps): bump test/test_helper/bats-file from f9154f4 to b45ed3d (#176) @dependabot
• build(deps): bump release-drafter/release-drafter from 5.21.1 to 5.22.0 (#174) @dependabot
• build(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 (#173) @dependabot
• build(deps): bump actions/checkout from 3.2.0 to 3.3.0 (#172) @dependabot
• build(deps): bump github/super-linter from 4.9.7 to 4.10.0 (#171) @dependabot
• build(deps): bump test/bats from dc31213 to e6db0b8 (#169) @dependabot
• build(deps): bump ossf/scorecard-action from 2.1.0 to 2.1.2 (#168) @dependabot

Full Changelog: v3.3.1...v4.0.0

v3.3.1

What's Changed

Automation and CI changes

• Fix tagging of container image with major version 🐳 (#160) @jamacku

Dependency Updates

• build(deps): bump github/codeql-action from 2.1.36 to 2.1.37 (#161) @dependabot
• build(deps): bump actions/checkout from 3.1.0 to 3.2.0 (#162) @dependabot
• build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler from 2.0.1 to 2.0.3 (#163) @dependabot
• build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#164) @dependabot

Full Changelog: v3.3.0...v3.3.1

v3.3.0

What's Changed

New

• Show versions of important packages ❗ 📦 & Run unit tests with local changes 🧪 (#122) @jamacku, @kdudka

Maintenance

• Use csgrep --set-scan-prop to set scan tool as ShellCheck (#124) @jamacku

Documentation

• Add SPDX License header to all source files 📝 (#154) @jamacku, @lzaoral
• Update README 📰 (#143) @jamacku
• Create CODE_OF_CONDUCT.md 🤝 (#152) @jamacku

Other changes

• Create SECURITY.md 🚔 (#149) @jamacku
• Set strict permissions for GitHub Workflows 🔒 (#147) @jamacku
• Pin dependencies to SHA 📌 (#146) @jamacku
• Create CODEOWNERS 🦉 (#145) @jamacku
• Pin GitHub Actions to SHA1 📌 (#144) @jamacku

Automation and CI changes

• Fix deployment of test images - add missing permission 🚚 (#150) @jamacku

Dependency Updates

• build(deps): bump github/codeql-action from 2.1.35 to 2.1.36 (#157) @dependabot
• build(deps): bump Fedora from 36 to 37 and ShellCheck from 0.7.2 to 0.8.0 ⬆️ (#141) @dependabot
• build(deps): bump stefanbuck/github-issue-parser from 2 to 3 (#142) @dependabot

Full Changelog: v3.2.1...v3.3.0

v3.2.1

What's Changed

• Release bump

Full Changelog: v3.2.0...v3.2.1

v3.2.0

What's Changed

New

• Added support for SARIF severity levels 📊 (#127) @jamacku

Maintenance

• Add support for local testing with podman 🦭 (#138) @jamacku
• Add Makefile for easy local testing (#129) @jamacku

Other changes

• Add scorecard GitHub action 🦆 💯 (#126) @jamacku

Dependency Updates

7 changes

• build(deps): bump test/bats from ca5a2dc to dc31213 (#139) @dependabot
• build(deps): bump test/test_helper/bats-assert from ffe84ea to 78fa631 (#134) @dependabot
• build(deps): bump test/bats from e3bd116 to ca5a2dc (#133) @dependabot
• build(deps): bump ossf/scorecard-action from 2.0.4 to 2.0.6 (#132) @dependabot
• build(deps): bump test/bats from c0d2ca1 to e3bd116 (#131) @dependabot
• build(deps): bump ossf/scorecard-action from 2.0.3 to 2.0.4 (#128) @dependabot
• build(deps): bump test/bats from 008e8ce to c0d2ca1 (#125) @dependabot

Full Changelog: v3.1.1...v3.2.0

v3.1.1

What's Changed

Bug Fixes

• Don't check symbolic links - avoid warnings 🔗 (#123) @jamacku

Maintenance

• Pin important packages to their releases 📌 (#120) @jamacku @lzaoral
• Fixing defects reported by ShellCheck 🐞 (#114) @jamacku

Documentation

• Documentation improvements - including documentation of .shellcheckrc support ☑️ (#115) @jamacku
• Update README examples 🔢 (#113) @jamacku

Automation and CI changes

• Update to advanced-issue-labeler@v2 🏷️ (#109) @jamacku

Dependency Updates

• build(deps): bump test/bats from 0e8d70b to 008e8ce (#118) @dependabot
• build(deps): bump test/bats from 6733fc5 to 0e8d70b (#112) @dependabot
• build(deps): bump test/bats from c97b3a1 to 6733fc5 (#108) @dependabot

Full Changelog: v3.1.0...v3.1.1

v3.1.0

What's Changed

New

• Autodetection: add support for emacs and vi/vim file types specifications 📟 (#102) @jamacku

Bug Fixes

• Further improve autodetection of shell scripts (#104) @nemchik

Documentation

• doc: Remove trailing space from example 👻 (#97) @jamacku
• doc: Improve support of GitHub themes 📖 (#95) @jamacku

Automation and CI changes

• ci(Mergify): Add option to automatically rebase or squash PRs on merge 📦 (#105) @jamacku
• ci(Mergify): Delete head branch after merge 🗑️ (#98) @jamacku
• ci(Mergify): configuration update 🤖 (#96) @jamacku

Full Changelog: v3.0.1...v3.1.0

v3.0.1

What's Changed

Documentation

• Update repository examples 🌮 (#94) @jamacku

Full Changelog: v3.0.0...v3.0.1