ci: Introduce shellcheck

ivov · Nov 23, 2024 · e6dacbf · e6dacbf
1 parent c7bd545
commit e6dacbf
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 4 deletions.
diff --git a/.github/workflows/lint-test-vet.yml → .github/workflows/go-check.yml b/.github/workflows/lint-test-vet.yml → .github/workflows/go-check.yml
@@ -1,9 +1,25 @@
-name: Lint, test, vet
+name: Go check
 
 on: push
 
 jobs:
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      go_changed: ${{ steps.filter.outputs.any_changed }}
+    steps:
+      - uses: actions/[email protected]
+      - uses: tj-actions/changed-files@v43
+        id: filter
+        with:
+          files: |
+            **/*.go
+            go.mod
+            go.sum
+
   checks:
+    needs: changes
+    if: ${{ needs.changes.outputs.go_changed == 'true' }}
     timeout-minutes: 5
     runs-on: ubuntu-latest
     steps:

diff --git a/.github/workflows/shell-check.yml b/.github/workflows/shell-check.yml
@@ -0,0 +1,25 @@
+name: Shell check
+
+on: push
+
+jobs:
+  checks:
+    timeout-minutes: 1
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/[email protected]
+
+    - name: Get changed files
+      id: changed-files
+      uses: tj-actions/changed-files@v43
+      with:
+        files: infrastructure/02-configure/**/*.sh
+
+    - name: Shell check
+      uses: ludeeus/[email protected]
+      if: steps.changed-files.outputs.any_changed == 'true'
+      with:
+        version: v0.10.0
+        scandir: './infrastructure/02-configure'
+        severity: style # check all levels of issues
+        check_together: true # check all scripts in single run
diff --git a/infrastructure/02-configure/backup-restore.sh b/infrastructure/02-configure/backup-restore.sh
@@ -13,7 +13,6 @@ fi
 APP_DIR="$HOME/.n8n-shortlink"
 BACKUP_DIR="$APP_DIR/backup"
 BACKUP_ENCRYPTION_KEY="$BACKUP_DIR/n8n-shortlink-backup-encryption.key"
-BACKUP_LOG_FILE="$BACKUP_DIR/backup.log"
 RESTORED_DB="$BACKUP_DIR/restored.sqlite"
 
 BUCKET_NAME=$(grep bucket_name ~/.aws/config | cut -d '=' -f2 | tr -d ' ')
@@ -28,18 +27,22 @@ BUCKET_URI="s3://$BUCKET_NAME/$BACKUP_NAME"
 bold='\033[1m'
 unbold='\033[0m'
 
-rm -f $RESTORED_DB
+rm -f "$RESTORED_DB"
 
 echo -e "Selected backup: ${bold}$BACKUP_NAME${unbold}"
 echo "Downloading backup..."
 aws s3 cp "$BUCKET_URI" "./$BACKUP_NAME" > /dev/null 2>&1
+
+# shellcheck disable=SC2181
 if [ $? -ne 0 ]; then
   echo "Failed to download backup from S3"
   exit 1
 fi
 
 echo "Decrypting and restoring backup..."
 openssl enc -d -aes-256-cbc -in "./$BACKUP_NAME" -pass "file:$BACKUP_ENCRYPTION_KEY" -pbkdf2 | gunzip | sqlite3 "$RESTORED_DB"
+
+# shellcheck disable=SC2181
 if [ $? -ne 0 ]; then
   echo "Failed to decrypt and restore backup"
   rm -f "./$BACKUP_NAME"

diff --git a/infrastructure/02-configure/backup-run.sh b/infrastructure/02-configure/backup-run.sh
@@ -41,15 +41,17 @@ log_message() {
 #        compress + encrypt
 # ==================================
 
-sqlite3 $APP_DB .dump | gzip > "$TEMP_DIR/$PLAINTEXT_BACKUP_NAME"
+sqlite3 "$APP_DB" .dump | gzip > "$TEMP_DIR/$PLAINTEXT_BACKUP_NAME"
 
+# shellcheck disable=SC2181
 if [ $? -ne 0 ]; then
   log_message "Failed to dump and compress database"
   exit 1
 fi
 
 openssl enc -aes-256-cbc -salt -in "$TEMP_DIR/$PLAINTEXT_BACKUP_NAME" -out "$TEMP_DIR/$ENCRYPTED_BACKUP_NAME" -pass "file:$BACKUP_ENCRYPTION_KEY" -pbkdf2
 
+# shellcheck disable=SC2181
 if [ $? -ne 0 ]; then
   log_message "Failed to encrypt backup"
   exit 1