Create shellcheck.yml

🚀 shellcheck scanning.

Author: reactive-firewall

.github/workflows/shellcheck.yml

@@ -0,0 +1,24 @@
+name: ShellCheck SARIF
+on: [push, pull_request]
+
+permissions: {}  # Setting default permissions to none for enhanced security
+
+jobs:
+  shellcheck:
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+      pull-requests: read  # to get PR metadata
+      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
+    name: ShellCheck Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+      - name: Shellcheck Scan
+        uses: reactive-firewall/shellcheck-scan@v1
+        with:  # optional arguments
+          match: 'tests/* **/*.bash'
+          publish-artifacts: true
+        if: ${{ success() }}