From 135b0cce14db6dd53d35c2cebff2b5118164d00c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 11:47:40 +0200 Subject: [PATCH] Switch to Differential ShellCheck MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 51e48076..2d8f047c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,9 +16,13 @@ jobs: smoke-tests: if: github.event.pull_request.draft == false runs-on: ubuntu-latest + permissions: + security-events: write # required by Differential ShellCheck steps: - name: Checkout repository uses: actions/checkout@v4.2.2 + with: + fetch-depth: 0 # Differential ShellCheck requires full git history - name: Check scripts in repository are executable run: | @@ -28,14 +32,17 @@ jobs: # If FAIL is 1 then we fail. [[ $FAIL == 1 ]] && exit 1 || echo "Scripts are executable!" - - name: Run shellcheck - uses: ludeeus/action-shellcheck@master + - name: Differential ShellCheck + uses: redhat-plumbers-in-action/differential-shellcheck@v5 with: - check_together: 'yes' - format: tty - severity: warning - env: - SHELLCHECK_OPTS: -x # Enable shellcheck -x option (follow external sources) + token: ${{ secrets.GITHUB_TOKEN }} + + - if: ${{ runner.debug == '1' && !cancelled() }} + name: Upload artifact with ShellCheck defects in SARIF format + uses: actions/upload-artifact@v4 + with: + name: Differential ShellCheck SARIF + path: ${{ steps.ShellCheck.outputs.sarif }} - name: Spell-Checking uses: codespell-project/actions-codespell@master