.github: Add differential-shellcheck workflow for shell script analysis

Introduce a new GitHub workflow to run shellcheck on changed shell scripts. This workflow automatically detect and highlight potential shell script issues in pull requests. This change is a follow-up to commit 0700b32 which fixed an undefined variable issue in `install.sh`. It intends to leverage static analysis to improve script quality and catch potential errors early. Shellcheck will now: - Analyze all shell scripts modified in pull requests - Provide inline comments with specific issue details - Help prevent similar variable-related mistakes in the future See also https://github.com/redhat-plumbers-in-action/differential-shellcheck Signed-off-by: Kefu Chai <[email protected]>
tchaikov · Dec 3, 2024 · 322556e · 322556e
1 parent 3d67bb1
commit 322556e
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/.github/workflows/differential-shellcheck.yaml b/.github/workflows/differential-shellcheck.yaml
@@ -0,0 +1,32 @@
+---
+# https://github.com/redhat-plumbers-in-action/differential-shellcheck#readme
+
+name: Differential ShellCheck
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+permissions:
+  contents: read
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Differential ShellCheck
+        uses: redhat-plumbers-in-action/differential-shellcheck@v5
+        with:
+          severity: warning
+          token: ${{ secrets.GITHUB_TOKEN }}