Merge branch 'gh470_shellcheck'

php-coder · php-coder · commit 7cb4c8b0881b · 2017-11-23T23:01:23.000+01:00
Add support for scanning shell script by shellcheck. Fix #470
diff --git a/.travis.yml b/.travis.yml
@@ -24,6 +24,8 @@ before_script:
       if [ "$TRAVIS_PULL_REQUEST" != 'false' ]; then
         gem install danger nokogiri --no-ri --no-rdoc;
       fi;
+      sudo apt-get -qq update;
+      sudo apt-get install -y shellcheck;
     fi
 
 script:
diff --git a/Dangerfile b/Dangerfile
@@ -270,6 +270,32 @@ if File.file?(rflint_output)
 	print_errors_summary 'rflint', errors_count, 'https://github.com/php-coder/mystamps/wiki/rflint'
 end
 
+# Handle shellcheck output
+#
+# Example:
+# src/main/scripts/ci/deploy.sh:29:24: note: Double quote to prevent globbing and word splitting. [SC2086]
+# src/main/scripts/ci/common.sh:28:2: note: egrep is non-standard and deprecated. Use grep -E instead. [SC2196]
+#
+shellcheck_output = 'shellcheck.log'
+if File.file?(shellcheck_output)
+	errors_count = 0
+	File.readlines(shellcheck_output).each do |line|
+		errors_count += 1
+		
+		parsed = line.match(/^(?<file>[^:]+):(?<line>\d+):\d+:[^:]+: (?<msg>.+)/)
+		file   = parsed['file']
+		lineno = parsed['line']
+		msg    = parsed['msg']
+		msg, _, code = msg.rpartition('[')
+		msg    = msg.rstrip.sub(/\.$/, '')
+		code   = code.sub(/\]$/, '')
+		file   = github.html_link("#{file}#L#{lineno}")
+		fail("shellcheck error in #{file}:\n[#{code}](https://github.com/koalaman/shellcheck/wiki/#{code}): #{msg}")
+	end
+	# TODO: add link to wiki page
+	print_errors_summary 'shellcheck', errors_count
+end
+
 # Handle `mvn enforcer:enforce` results
 #
 # Example:
diff --git a/src/main/scripts/ci/check-build-and-verify.sh b/src/main/scripts/ci/check-build-and-verify.sh
@@ -15,6 +15,7 @@ if [ "${1:-}" = '--only-integration-tests' ]; then
 	RUN_ONLY_INTEGRATION_TESTS=yes
 fi
 
+# shellcheck source=src/main/scripts/ci/common.sh
 . "$(dirname "$0")/common.sh"
 
 CS_STATUS=
@@ -23,6 +24,7 @@ LICENSE_STATUS=
 POM_STATUS=
 BOOTLINT_STATUS=
 RFLINT_STATUS=
+SHELLCHECK_STATUS=
 JASMINE_STATUS=
 HTML_STATUS=
 ENFORCER_STATUS=
@@ -32,7 +34,7 @@ FINDBUGS_STATUS=
 VERIFY_STATUS=
 
 DANGER_STATUS=skip
-if [ "${SPRING_PROFILES_ACTIVE:-}" = 'travis' -a "${TRAVIS_PULL_REQUEST:-false}" != 'false' ]; then
+if [ "${SPRING_PROFILES_ACTIVE:-}" = 'travis' ] && [ "${TRAVIS_PULL_REQUEST:-false}" != 'false' ]; then
 	DANGER_STATUS=
 fi
 
@@ -46,20 +48,21 @@ if [ "$RUN_ONLY_INTEGRATION_TESTS" = 'no' ]; then
 	if [ -n "${TRAVIS_COMMIT_RANGE:-}" ]; then
 		echo "INFO: Range of the commits to be checked: $TRAVIS_COMMIT_RANGE"
 		echo 'INFO: List of the files modified by this commits range:'
-		git --no-pager diff --name-only $TRAVIS_COMMIT_RANGE -- | sed 's|^|      |' || :
+		git --no-pager diff --name-only "$TRAVIS_COMMIT_RANGE" -- | sed 's|^|      |' || :
 		
-		MODIFIED_FILES="$(git --no-pager diff --name-only $TRAVIS_COMMIT_RANGE -- 2>/dev/null || :)"
+		MODIFIED_FILES="$(git --no-pager diff --name-only "$TRAVIS_COMMIT_RANGE" -- 2>/dev/null || :)"
 		
 		if [ -n "$MODIFIED_FILES" ]; then
-			AFFECTS_POM_XML="$(echo "$MODIFIED_FILES"      | fgrep -xq 'pom.xml' || echo 'no')"
-			AFFECTS_TRAVIS_CFG="$(echo "$MODIFIED_FILES"   | fgrep -xq '.travis.yml' || echo 'no')"
-			AFFECTS_CS_CFG="$(echo "$MODIFIED_FILES"        | egrep -q '(checkstyle\.xml|checkstyle-suppressions\.xml)$' || echo 'no')"
+			AFFECTS_POM_XML="$(echo "$MODIFIED_FILES"      | grep -Fxq 'pom.xml' || echo 'no')"
+			AFFECTS_TRAVIS_CFG="$(echo "$MODIFIED_FILES"   | grep -Fxq '.travis.yml' || echo 'no')"
+			AFFECTS_CS_CFG="$(echo "$MODIFIED_FILES"        | grep -Eq '(checkstyle\.xml|checkstyle-suppressions\.xml)$' || echo 'no')"
 			AFFECTS_FB_CFG="$(echo "$MODIFIED_FILES"        |  grep -q 'findbugs-filter\.xml$' || echo 'no')"
 			AFFECTS_PMD_XML="$(echo "$MODIFIED_FILES"       |  grep -q 'pmd\.xml$' || echo 'no')"
 			AFFECTS_JS_FILES="$(echo "$MODIFIED_FILES"      |  grep -q '\.js$' || echo 'no')"
 			AFFECTS_HTML_FILES="$(echo "$MODIFIED_FILES"    |  grep -q '\.html$' || echo 'no')"
 			AFFECTS_JAVA_FILES="$(echo "$MODIFIED_FILES"    |  grep -q '\.java$' || echo 'no')"
 			AFFECTS_ROBOT_FILES="$(echo "$MODIFIED_FILES"   |  grep -q '\.robot$' || echo 'no')"
+			AFFECTS_SHELL_FILES="$(echo "$MODIFIED_FILES"   |  grep -q '\.sh$' || echo 'no')"
 			AFFECTS_GROOVY_FILES="$(echo "$MODIFIED_FILES"  |  grep -q '\.groovy$' || echo 'no')"
 			AFFECTS_PROPERTIES="$(echo "$MODIFIED_FILES"    |  grep -q '\.properties$' || echo 'no')"
 			AFFECTS_LICENSE_HEADER="$(echo "$MODIFIED_FILES" | grep -q 'license_header\.txt$' || echo 'no')"
@@ -70,9 +73,12 @@ if [ "$RUN_ONLY_INTEGRATION_TESTS" = 'no' ]; then
 				
 				if [ "$AFFECTS_JAVA_FILES" = 'no' ]; then
 					[ "$AFFECTS_FB_CFG" != 'no' ] || FINDBUGS_STATUS=skip
-					[ "$AFFECTS_CS_CFG" != 'no' -o "$AFFECTS_PROPERTIES" != 'no' ] || CS_STATUS=skip
 					[ "$AFFECTS_PMD_XML" != 'no' ] || PMD_STATUS=skip
 					
+					if [ "$AFFECTS_CS_CFG" = 'no' ] && [ "$AFFECTS_PROPERTIES" = 'no' ]; then
+						CS_STATUS=skip
+					fi
+					
 					if [ "$AFFECTS_GROOVY_FILES" = 'no' ]; then
 						TEST_STATUS=skip
 						
@@ -90,6 +96,7 @@ if [ "$RUN_ONLY_INTEGRATION_TESTS" = 'no' ]; then
 					HTML_STATUS=skip
 				fi
 				[ "$AFFECTS_ROBOT_FILES" != 'no' ] || RFLINT_STATUS=skip
+				[ "$AFFECTS_SHELL_FILES" != 'no' ] || SHELLCHECK_STATUS=skip
 			fi
 			echo 'INFO: Some checks could be skipped'
 		else
@@ -128,7 +135,7 @@ if [ "$RUN_ONLY_INTEGRATION_TESTS" = 'no' ]; then
 	print_status "$POM_STATUS" 'Check sorting of pom.xml'
 	
 	if [ "$BOOTLINT_STATUS" != 'skip' ]; then
-		find src -type f -name '*.html' | xargs bootlint \
+		find src -type f -name '*.html' -print0 | xargs -0 bootlint \
 			>bootlint.log 2>&1 || BOOTLINT_STATUS=fail
 	fi
 	print_status "$BOOTLINT_STATUS" 'Run bootlint'
@@ -146,6 +153,16 @@ if [ "$RUN_ONLY_INTEGRATION_TESTS" = 'no' ]; then
 	fi
 	print_status "$RFLINT_STATUS" 'Run robot framework lint'
 	
+	if [ "$SHELLCHECK_STATUS" != 'skip' ]; then
+		SHELL_FILES=( $(find src/main/scripts -type f -name '*.sh') )
+		shellcheck \
+			--shell bash \
+			--format gcc \
+			"${SHELL_FILES[@]}" \
+			>shellcheck.log 2>&1 || SHELLCHECK_STATUS=fail
+	fi
+	print_status "$SHELLCHECK_STATUS" 'Run shellcheck'
+	
 	if [ "$JASMINE_STATUS" != 'skip' ]; then
 		mvn --batch-mode jasmine:test \
 			>jasmine.log 2>&1 || JASMINE_STATUS=fail
@@ -213,18 +230,19 @@ fi
 print_status "$DANGER_STATUS" 'Run danger'
 
 if [ "$RUN_ONLY_INTEGRATION_TESTS" = 'no' ]; then
-	[ "$CS_STATUS" = 'skip' ]       || print_log cs.log        'Run CheckStyle'
-	[ "$PMD_STATUS" = 'skip' ]      || print_log pmd.log       'Run PMD'
-	[ "$LICENSE_STATUS" = 'skip' ]  || print_log license.log   'Check license headers'
-	[ "$POM_STATUS" = 'skip' ]      || print_log pom.log       'Check sorting of pom.xml'
-	[ "$BOOTLINT_STATUS" = 'skip' ] || print_log bootlint.log  'Run bootlint'
-	[ "$RFLINT_STATUS" = 'skip' ]   || print_log rflint.log    'Run robot framework lint'
-	[ "$JASMINE_STATUS" = 'skip' ]  || print_log jasmine.log   'Run JavaScript unit tests'
-	[ "$HTML_STATUS" = 'skip' ]     || print_log validator.log 'Run html5validator'
-	[ "$ENFORCER_STATUS" = 'skip' ] || print_log enforcer.log  'Run maven-enforcer-plugin'
-	[ "$TEST_STATUS" = 'skip' ]     || print_log test.log      'Run unit tests'
-	[ "$CODENARC_STATUS" = 'skip' ] || print_log codenarc.log  'Run CodeNarc'
-	[ "$FINDBUGS_STATUS" = 'skip' ] || print_log findbugs.log  'Run FindBugs'
+	[ "$CS_STATUS" = 'skip' ]         || print_log cs.log         'Run CheckStyle'
+	[ "$PMD_STATUS" = 'skip' ]        || print_log pmd.log        'Run PMD'
+	[ "$LICENSE_STATUS" = 'skip' ]    || print_log license.log    'Check license headers'
+	[ "$POM_STATUS" = 'skip' ]        || print_log pom.log        'Check sorting of pom.xml'
+	[ "$BOOTLINT_STATUS" = 'skip' ]   || print_log bootlint.log   'Run bootlint'
+	[ "$RFLINT_STATUS" = 'skip' ]     || print_log rflint.log     'Run robot framework lint'
+	[ "$SHELLCHECK_STATUS" = 'skip' ] || print_log shellcheck.log 'Run shellcheck'
+	[ "$JASMINE_STATUS" = 'skip' ]    || print_log jasmine.log    'Run JavaScript unit tests'
+	[ "$HTML_STATUS" = 'skip' ]       || print_log validator.log  'Run html5validator'
+	[ "$ENFORCER_STATUS" = 'skip' ]   || print_log enforcer.log   'Run maven-enforcer-plugin'
+	[ "$TEST_STATUS" = 'skip' ]       || print_log test.log       'Run unit tests'
+	[ "$CODENARC_STATUS" = 'skip' ]   || print_log codenarc.log   'Run CodeNarc'
+	[ "$FINDBUGS_STATUS" = 'skip' ]   || print_log findbugs.log   'Run FindBugs'
 fi
 
 print_log verify.log   'Run integration tests'
@@ -233,8 +251,8 @@ if [ "$DANGER_STATUS" != 'skip' ]; then
 	print_log danger.log 'Run danger'
 fi
 
-rm -f cs.log pmd.log license.log pom.log bootlint.log rflint.log jasmine.log validator.log enforcer.log test.log codenarc.log findbugs.log verify-raw.log verify.log danger.log
+rm -f cs.log pmd.log license.log pom.log bootlint.log rflint.log shellcheck.log jasmine.log validator.log enforcer.log test.log codenarc.log findbugs.log verify-raw.log verify.log danger.log
 
-if echo "$CS_STATUS$PMD_STATUS$LICENSE_STATUS$POM_STATUS$BOOTLINT_STATUS$RFLINT_STATUS$JASMINE_STATUS$HTML_STATUS$ENFORCER_STATUS$TEST_STATUS$CODENARC_STATUS$FINDBUGS_STATUS$VERIFY_STATUS$DANGER_STATUS" | fgrep -qs 'fail'; then
+if echo "$CS_STATUS$PMD_STATUS$LICENSE_STATUS$POM_STATUS$BOOTLINT_STATUS$RFLINT_STATUS$SHELLCHECK_STATUS$JASMINE_STATUS$HTML_STATUS$ENFORCER_STATUS$TEST_STATUS$CODENARC_STATUS$FINDBUGS_STATUS$VERIFY_STATUS$DANGER_STATUS" | grep -Fqs 'fail'; then
 	exit 1
 fi
diff --git a/src/main/scripts/ci/common.sh b/src/main/scripts/ci/common.sh
@@ -25,5 +25,5 @@ print_log() {
 	echo
 	printf "=====> \033[1;33m%s\033[0m\n" "$msg"
 	echo
-	egrep -v '^\[INFO\] Download(ing|ed):' "$log_file" || :
+	grep -Ev '^\[INFO\] Download(ing|ed):' "$log_file" || :
 }
diff --git a/src/main/scripts/ci/deploy.sh b/src/main/scripts/ci/deploy.sh
@@ -25,8 +25,13 @@ trap 'cleanup' EXIT SIGHUP SIGINT SIGTERM
 # See: http://docs.ansible.com/ansible/intro_getting_started.html#host-key-checking
 export ANSIBLE_HOST_KEY_CHECKING=False
 
+if [ -z "${encrypted_bf07cb25089f_key:-}" ] || [ -z "${encrypted_bf07cb25089f_iv:-}" ] ; then
+	echo >&2 'ERROR: encrypted_bf07cb25089f_key or encrypted_bf07cb25089f_iv were not defined!'
+	exit 1
+fi
+
 # Decrypt private key
-openssl aes-256-cbc -K $encrypted_bf07cb25089f_key -iv $encrypted_bf07cb25089f_iv -in "$PRIVATE_KEY.enc" -out "$PRIVATE_KEY" -d
+openssl aes-256-cbc -K "$encrypted_bf07cb25089f_key" -iv "$encrypted_bf07cb25089f_iv" -in "$PRIVATE_KEY.enc" -out "$PRIVATE_KEY" -d
 chmod 600 "$PRIVATE_KEY"
 
 ansible-playbook --inventory-file="$INVENTORY" "$PLAYBOOK" --syntax-check
diff --git a/src/main/scripts/ci/publish-code-coverage.sh b/src/main/scripts/ci/publish-code-coverage.sh
@@ -10,6 +10,7 @@ set -o errexit
 set -o pipefail
 
 
+# shellcheck source=src/main/scripts/ci/common.sh
 . "$(dirname "$0")/common.sh"
 
 JACOCO_FAIL=

Original file line number	Diff line number	Diff line change
`@@ -25,5 +25,5 @@ print_log() {`
`25`	`25`	`echo`
`26`	`26`	`printf "=====> \033[1;33m%s\033[0m\n" "$msg"`
`27`	`27`	`echo`
`28`		`- egrep -v '^\[INFO\] Download(ing\|ed):' "$log_file" \|\| :`
	`28`	`+ grep -Ev '^\[INFO\] Download(ing\|ed):' "$log_file" \|\| :`
`29`	`29`	`}`