CI: add shellcheck job, with minimum severity set to error

We have way too many warnings to enable lower severity levels, but let's at least we don't introduce new errors.
2025-03-04 00:14:44 +01:00 · 2022-02-13 07:49:52 +00:00 · 2022-02-13 07:49:52 +00:00 · 5a6f6c2fc8
commit 5a6f6c2fc8
parent 398f584710
3 changed files with 91 additions and 0 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -37,6 +37,7 @@ build-all:

 test-all:
  stage: test
+  needs: ["build-all"]
  script:
      - make -C libraries/libapparmor check
      - make -C parser check
@ -51,6 +52,20 @@ test-all:
      - utils/test/htmlcov/
    when: always

+shellcheck:
+  stage: test
+  needs: []
+  script:
+  - apt-get install --no-install-recommends -y file shellcheck xmlstarlet
+  - shellcheck --version
+  - './tests/bin/shellcheck-tree --format=checkstyle --severity=error
+       | xmlstarlet tr tests/checkstyle2junit.xslt
+       > shellcheck.xml'
+  artifacts:
+    when: always
+    reports:
+      junit: shellcheck.xml
+
 # Disabled due to aa-logprof dependency on /sbin/apparmor_parser existing
 #      - make -C profiles check-profiles

--- a/tests/bin/shellcheck-tree
+++ b/tests/bin/shellcheck-tree
@ -0,0 +1,32 @@
+#!/usr/bin/python3
+
+import glob
+import re
+import subprocess
+import sys
+from pathlib import Path
+
+
+def is_excluded(f):
+    return re.match(r"^([.]git)/",
+                    f) or Path(f).is_dir()
+
+
+def mimetype(f):
+    return subprocess.run(['file', '--brief', '--mime-type', f],
+                          stdout=subprocess.PIPE,
+                          universal_newlines=True,
+                          check=True).stdout.rstrip()
+
+
+def is_shell_script(f):
+    return mimetype(f) == "text/x-shellscript"
+
+
+shell_scripts = [
+    f for f in glob.glob("**/*", recursive=True)
+    if not is_excluded(f) and is_shell_script(f)
+]
+
+sys.exit(
+    subprocess.run(['shellcheck'] + sys.argv[1:] + shell_scripts).returncode)
--- a/tests/checkstyle2junit.xslt
+++ b/tests/checkstyle2junit.xslt
@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+  <xsl:output encoding="UTF-8" method="xml"></xsl:output>
+
+  <xsl:template match="/">
+    <testsuite>
+      <xsl:attribute name="tests">
+        <xsl:value-of select="count(.//file)" />
+      </xsl:attribute>
+      <xsl:attribute name="failures">
+        <xsl:value-of select="count(.//error)" />
+      </xsl:attribute>
+      <xsl:for-each select="//checkstyle">
+        <xsl:apply-templates />
+      </xsl:for-each>
+    </testsuite>
+  </xsl:template>
+
+  <xsl:template match="file">
+    <testcase>
+      <xsl:attribute name="classname">
+        <xsl:value-of select="@name" />
+      </xsl:attribute>
+      <xsl:attribute name="name">
+        <xsl:value-of select="@name" />
+      </xsl:attribute>
+      <xsl:apply-templates select="node()" />
+    </testcase>
+  </xsl:template>
+
+  <xsl:template match="error">
+    <failure>
+      <xsl:attribute name="type">
+        <xsl:value-of select="@source" />
+      </xsl:attribute>
+      <xsl:text>Line </xsl:text>
+      <xsl:value-of select="@line" />
+      <xsl:text>: </xsl:text>
+      <xsl:value-of select="@message" />
+      <xsl:text> See https://www.shellcheck.net/wiki/</xsl:text>
+      <xsl:value-of select="substring(@source, '12')" />
+    </failure>
+  </xsl:template>
+</xsl:stylesheet>