From c26430f868da45c64a4271051a2797adf61e8c9a Mon Sep 17 00:00:00 2001 From: Marco Ferrari Date: Thu, 25 Apr 2024 21:47:55 +0200 Subject: [PATCH] feat: support arbitrary shellcheck config paths (#5571) - Support passing an arbitrary path to the shellcheck configuration file with the BASH_CONFIG_FILE_NAME variable. This brings shellcheck in line with other linters that support configuration files. - Enable shellcheck external sources using a directive in the configuration file, so users can eventually override it if not needed. - Export command configuration variables that subprocesses might need. Close #5414 --- README.md | 9 +++++---- TEMPLATES/.shellcheckrc | 4 ++++ lib/functions/linterCommands.sh | 9 ++++++++- lib/linter.sh | 1 + test/inspec/super-linter/controls/super_linter.rb | 1 + 5 files changed, 19 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 6133d705..8811eb00 100644 --- a/README.md +++ b/README.md @@ -192,10 +192,11 @@ You can configure super-linter using the following environment variables: |-------------------------------------------------|---------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **ANSIBLE_CONFIG_FILE** | `.ansible-lint.yml` | Filename for [Ansible-lint configuration](https://ansible.readthedocs.io/projects/lint/configuring/) (ex: `.ansible-lint`, `.ansible-lint.yml`) | | **ANSIBLE_DIRECTORY** | `/ansible` | Flag to set the root directory for Ansible file location(s), relative to `DEFAULT_WORKSPACE`. Set to `.` to use the top-level of the `DEFAULT_WORKSPACE`. | -| **BASH_EXEC_IGNORE_LIBRARIES** | `false` | If set to `true`, shell files with a file extension and no shebang line are ignored when checking if the executable bit is set. | +| **BASH_EXEC_IGNORE_LIBRARIES** | `false` | If set to `true`, shell files with a file extension and no shebang line are ignored when checking if the executable bit is set. | +| **BASH_FILE_NAME** | `.shellcheckrc` | Filename for [Shellcheck](https://github.com/koalaman/shellcheck/blob/master/shellcheck.1.md#rc-files) | | **BASH_SEVERITY** | `style` | Specify the minimum severity of errors to consider in shellcheck. Valid values in order of severity are error, warning, info and style. | | **CHECKOV_FILE_NAME** | `.checkov.yaml` | Configuration filename for Checkov. | -| **CLANG_FORMAT_FILE_NAME** | `.clang-format` | Configuration filename for [clang-format](https://clang.llvm.org/docs/ClangFormatStyleOptions.html). | +| **CLANG_FORMAT_FILE_NAME** | `.clang-format` | Configuration filename for [clang-format](https://clang.llvm.org/docs/ClangFormatStyleOptions.html). | | **CREATE_LOG_FILE** | `false` | If set to `true`, it creates the log file. You can set the log filename using the `LOG_FILE` environment variable. This overrides any existing log files. | | **CSS_FILE_NAME** | `.stylelintrc.json` | Filename for [Stylelint configuration](https://github.com/stylelint/stylelint) (ex: `.stylelintrc.yml`, `.stylelintrc.yaml`) | | **DEFAULT_BRANCH** | Default repository branch when running on GitHub Actions, `master` otherwise | The name of the repository default branch. There's no need to configure this variable when running on GitHub Actions | @@ -234,7 +235,7 @@ You can configure super-linter using the following environment variables: | **PYTHON_ISORT_CONFIG_FILE** | `.isort.cfg` | Filename for [isort configuration](https://pycqa.github.io/isort/docs/configuration/config_files.html) (ex: `.isort.cfg`, `pyproject.toml`) | | **PYTHON_MYPY_CONFIG_FILE** | `.mypy.ini` | Filename for [mypy configuration](https://mypy.readthedocs.io/en/stable/config_file.html) (ex: `.mypy.ini`, `setup.config`) | | **PYTHON_PYLINT_CONFIG_FILE** | `.python-lint` | Filename for [pylint configuration](https://pylint.pycqa.org/en/latest/user_guide/run.html?highlight=rcfile#command-line-options) (ex: `.python-lint`, `.pylintrc`) | -| **PYTHON_RUFF_CONFIG_FILE** | `.ruff.toml` | Filename for [ruff configuration](https://docs.astral.sh/ruff/configuration/) | +| **PYTHON_RUFF_CONFIG_FILE** | `.ruff.toml` | Filename for [ruff configuration](https://docs.astral.sh/ruff/configuration/) | | **RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES** | not set | Comma-separated filenames for [renovate shareable config preset](https://docs.renovatebot.com/config-presets/) (ex: `default.json`) | | **RUBY_CONFIG_FILE** | `.ruby-lint.yml` | Filename for [rubocop configuration](https://docs.rubocop.org/rubocop/configuration.html) (ex: `.ruby-lint.yml`, `.rubocop.yml`) | | **SCALAFMT_CONFIG_FILE** | `.scalafmt.conf` | Filename for [scalafmt configuration](https://scalameta.org/scalafmt/docs/configuration.html) (ex: `.scalafmt.conf`) | @@ -306,7 +307,7 @@ You can configure super-linter using the following environment variables: | **VALIDATE_PYTHON_ISORT** | `true` | Flag to enable or disable the linting process of the Python language. (Utilizing: isort) | | **VALIDATE_PYTHON_MYPY** | `true` | Flag to enable or disable the linting process of the Python language. (Utilizing: mypy) | | **VALIDATE_PYTHON_PYLINT** | `true` | Flag to enable or disable the linting process of the Python language. (Utilizing: pylint) | -| **VALIDATE_PYTHON_RUFF** | `true` | Flag to enable or disable the linting process of the Python language. (Utilizing: ruff) | +| **VALIDATE_PYTHON_RUFF** | `true` | Flag to enable or disable the linting process of the Python language. (Utilizing: ruff) | | **VALIDATE_R** | `true` | Flag to enable or disable the linting process of the R language. | | **VALIDATE_RAKU** | `true` | Flag to enable or disable the linting process of the Raku language. | | **VALIDATE_RENOVATE** | `true` | Flag to enable or disable the linting process of the Renovate configuration files. | diff --git a/TEMPLATES/.shellcheckrc b/TEMPLATES/.shellcheckrc index 472bfba3..9a5cf93b 100644 --- a/TEMPLATES/.shellcheckrc +++ b/TEMPLATES/.shellcheckrc @@ -1 +1,5 @@ +# Look for 'source'd files relative to the checked script source-path=SCRIPTDIR + +# Allow opening any 'source'd file, even if not specified as input +external-sources=true diff --git a/lib/functions/linterCommands.sh b/lib/functions/linterCommands.sh index ea91503c..8df40b7e 100755 --- a/lib/functions/linterCommands.sh +++ b/lib/functions/linterCommands.sh @@ -13,8 +13,12 @@ # shellcheck disable=SC2034 # Variable is referenced in other scripts LINTER_COMMANDS_ARRAY_ANSIBLE=(ansible-lint -c "${ANSIBLE_LINTER_RULES}" "&& echo \"Linted: {}\"") LINTER_COMMANDS_ARRAY_ARM=(pwsh -NoProfile -NoLogo -Command "\"Import-Module ${ARM_TTK_PSD1} ; \\\${config} = \\\$(Import-PowerShellDataFile -Path ${ARM_LINTER_RULES}) ; Test-AzTemplate @config -TemplatePath '{}'; if (\\\${Error}.Count) { exit 1 }\"") -LINTER_COMMANDS_ARRAY_BASH=(shellcheck --color --external-sources) +LINTER_COMMANDS_ARRAY_BASH=(shellcheck --color --rcfile "${BASH_LINTER_RULES}") +# This check and the BASH_SEVERITY variable are needed until Shellcheck supports +# setting severity using its config file. +# Ref: https://github.com/koalaman/shellcheck/issues/2178 if [ -n "${BASH_SEVERITY}" ]; then + export BASH_SEVERITY LINTER_COMMANDS_ARRAY_BASH+=(--severity="${BASH_SEVERITY}") fi LINTER_COMMANDS_ARRAY_BASH_EXEC=(bash-exec '{}') @@ -44,6 +48,7 @@ LINTER_COMMANDS_ARRAY_EDITORCONFIG=(editorconfig-checker -config "${EDITORCONFIG LINTER_COMMANDS_ARRAY_ENV=(dotenv-linter) LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS=(actionlint -config-file "${GITHUB_ACTIONS_LINTER_RULES}") if [ "${GITHUB_ACTIONS_COMMAND_ARGS}" != "null" ] && [ -n "${GITHUB_ACTIONS_COMMAND_ARGS}" ]; then + export GITHUB_ACTIONS_COMMAND_ARGS LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS+=("${GITHUB_ACTIONS_COMMAND_ARGS}") fi LINTER_COMMANDS_ARRAY_GITLEAKS=(gitleaks detect --no-banner --no-git --redact --config "${GITLEAKS_LINTER_RULES}" --verbose --source) @@ -66,6 +71,7 @@ LINTER_COMMANDS_ARRAY_JSX=(eslint --no-eslintrc -c "${JSX_LINTER_RULES}") LINTER_COMMANDS_ARRAY_KOTLIN=(ktlint "{/}") LINTER_COMMANDS_ARRAY_KUBERNETES_KUBECONFORM=(kubeconform -strict) if [ "${KUBERNETES_KUBECONFORM_OPTIONS}" != "null" ] && [ -n "${KUBERNETES_KUBECONFORM_OPTIONS}" ]; then + export KUBERNETES_KUBECONFORM_OPTIONS LINTER_COMMANDS_ARRAY_KUBERNETES_KUBECONFORM+=("${KUBERNETES_KUBECONFORM_OPTIONS}") fi LINTER_COMMANDS_ARRAY_LATEX=(chktex -q -l "${LATEX_LINTER_RULES}") @@ -85,6 +91,7 @@ LINTER_COMMANDS_ARRAY_NATURAL_LANGUAGE=(textlint -c "${NATURAL_LANGUAGE_LINTER_R LINTER_COMMANDS_ARRAY_OPENAPI=(spectral lint -r "${OPENAPI_LINTER_RULES}" -D) LINTER_COMMANDS_ARRAY_PERL=(perlcritic) if [ "${PERL_PERLCRITIC_OPTIONS}" != "null" ] && [ -n "${PERL_PERLCRITIC_OPTIONS}" ]; then + export PERL_PERLCRITIC_OPTIONS LINTER_COMMANDS_ARRAY_PERL+=("${PERL_PERLCRITIC_OPTIONS}") fi LINTER_COMMANDS_ARRAY_PHP_BUILTIN=(php -l -c "${PHP_BUILTIN_LINTER_RULES}") diff --git a/lib/linter.sh b/lib/linter.sh index 7d2f4c7d..76241a29 100755 --- a/lib/linter.sh +++ b/lib/linter.sh @@ -149,6 +149,7 @@ debug "TFLINT_LOG: ${TFLINT_LOG}" ANSIBLE_FILE_NAME="${ANSIBLE_CONFIG_FILE:-.ansible-lint.yml}" # shellcheck disable=SC2034 # Variable is referenced indirectly ARM_FILE_NAME=".arm-ttk.psd1" +BASH_FILE_NAME="${BASH_FILE_NAME:-".shellcheckrc"}" BASH_SEVERITY="${BASH_SEVERITY:-""}" CHECKOV_FILE_NAME="${CHECKOV_FILE_NAME:-".checkov.yaml"}" # shellcheck disable=SC2034 # Variable is referenced indirectly diff --git a/test/inspec/super-linter/controls/super_linter.rb b/test/inspec/super-linter/controls/super_linter.rb index 8be2475e..5037a3f8 100644 --- a/test/inspec/super-linter/controls/super_linter.rb +++ b/test/inspec/super-linter/controls/super_linter.rb @@ -501,6 +501,7 @@ control "super-linter-validate-files" do "/action/lib/.automation/.ruby-lint.yml", "/action/lib/.automation/.ruff.toml", "/action/lib/.automation/.scalafmt.conf", + "/action/lib/.automation/.shellcheckrc", "/action/lib/.automation/.snakefmt.toml", "/action/lib/.automation/.sql-config.json", "/action/lib/.automation/.sqlfluff",