From 5c104ebec6d590c22b62fe62b7a0919a5d3d8407 Mon Sep 17 00:00:00 2001
From: Joakim Roubert <joakim.roubert@axis.com>
Date: Wed, 20 May 2020 23:08:45 +0200
Subject: [PATCH] Run shellcheck for all shell scripts in repository (#4441)

* Run shellcheck for all shell scripts in repository

Update the shellcheck command in static_checks.yml to not only scan the
contents of ./bin, but search for all files with mimetype
text/x-shellscript and feed them to shellcheck.

Certainly, this is a tad more time consuming than just scanning one
directory, but still a quite fast thing to do while it prevents any
new scripts to fly under the radar.

(Also, there is no need to exclude *.nuspec or *.ps1 from the find
command as they do not have the text/x-shellscript mimetype.)

Change-Id: I7433d231e8a315df65c03ee8765914e782057343
Signed-off-by: Joakim Roubert <joakimr@axis.com>

* Updates after review comment

Move shellcheck of all scripts to own script that is then called by
static_checks.yml as suggested by @kleimkuhler.
Also updated sources for helm-build and kind-load so that the
new shellcheck-all script can be called from any directory.

Change-Id: I9e82230459cb843c4143ec979c93060f424baed8
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
---
 .github/workflows/static_checks.yml | 16 +---------------
 bin/create-release-tag              |  2 +-
 bin/helm-build                      |  2 +-
 bin/kind-load                       |  4 ++--
 bin/shellcheck-all                  | 22 ++++++++++++++++++++++
 5 files changed, 27 insertions(+), 19 deletions(-)
 create mode 100755 bin/shellcheck-all

diff --git a/.github/workflows/static_checks.yml b/.github/workflows/static_checks.yml
index ba81f37c3..e03d358cc 100644
--- a/.github/workflows/static_checks.yml
+++ b/.github/workflows/static_checks.yml
@@ -68,24 +68,10 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v2
     - name: shellcheck
-      # TODO: Each file listed here is excluded from shellcheck because it
-      # fails. As we fix files we can remove them from this list.
-      #
-      # Once we have this list paired down signficantly, we can switch to
-      # disabling specific checks across all files, for example:
-      # bin/shellcheck bin/* --exclude=SC1000
-      #
       # For more information on shellcheck failures:
       # https://github.com/koalaman/shellcheck/wiki/Checks
       run: |
-        find ./bin -type f \
-        ! -name docker-build-proxy \
-        ! -name minikube-start-hyperv.bat \
-        ! -name test-cleanup \
-        ! -name _test-run.sh \
-        ! -name *.nuspec \
-        ! -name *.ps1 \
-        | xargs -I {} bin/shellcheck -x -P ./bin {}
+        bin/shellcheck-all
   markdown_lint:
     name: Markdown lint
     runs-on: ubuntu-18.04
diff --git a/bin/create-release-tag b/bin/create-release-tag
index 0a36b8406..d8e382122 100755
--- a/bin/create-release-tag
+++ b/bin/create-release-tag
@@ -85,7 +85,7 @@ if [ $# -ne 1 ]; then
 fi
 
 bindir=$( cd "${BASH_SOURCE[0]%/*}" && pwd )
-# shellcheck source=bin/_release.sh
+# shellcheck source=_release.sh
 tmp=$(. "$bindir"/_release.sh; extract_release_notes)
 
 # Create a signed tag with the commit message.
diff --git a/bin/helm-build b/bin/helm-build
index 41f6537fa..dc0a0e7b2 100755
--- a/bin/helm-build
+++ b/bin/helm-build
@@ -32,7 +32,7 @@ rootdir=$( cd "$bindir"/.. && pwd )
 
 # `bin/helm-build package` assumes the presence of "$rootdir"/target/helm/index-pre.yaml which is downloaded in the chart_deploy CI job
 if [ "$1" = package ]; then
-    # shellcheck source=bin/_tag.sh
+    # shellcheck source=_tag.sh
     . "$bindir"/_tag.sh
     tag=$(named_tag)
     clean_head || { echo 'There are uncommitted changes'; exit 1; }
diff --git a/bin/kind-load b/bin/kind-load
index f175f646d..1df3b7478 100755
--- a/bin/kind-load
+++ b/bin/kind-load
@@ -58,9 +58,9 @@ cluster=${1:-"kind"}
 
 bindir=$( cd "${0%/*}" && pwd )
 
-# shellcheck source=bin/_tag.sh
+# shellcheck source=_tag.sh
 . "$bindir"/_tag.sh
-# shellcheck source=bin/_docker.sh
+# shellcheck source=_docker.sh
 . "$bindir"/_docker.sh
 
 TAG=${TAG:-$(head_root_tag)}
diff --git a/bin/shellcheck-all b/bin/shellcheck-all
new file mode 100755
index 000000000..cec07eaf0
--- /dev/null
+++ b/bin/shellcheck-all
@@ -0,0 +1,22 @@
+#!/bin/sh -eu
+
+bindir=$( cd "${0%/*}" && pwd )
+rootdir=$( cd "$bindir"/.. && pwd )
+
+# TODO: Each file excluded from the shell script search result below is
+# excluded from shellcheck because it fails. As we fix files we can remove them
+# from this exclusion list. And this comment when all files pass shellcheck.
+
+# For more information on shellcheck failures:
+# https://github.com/koalaman/shellcheck/wiki/Checks
+
+# We want the word splitting for the shellcheck arguments
+# shellcheck disable=SC2046
+"$bindir"/shellcheck -x -P "$bindir" $(find "$rootdir" -type f \
+		! -path "$bindir"/docker-build-proxy \
+		! -path "$bindir"/_log.sh \
+		! -path "$bindir"/test-cleanup \
+		! -path "$bindir"/_test-run.sh \
+		! -path "$rootdir"/cni-plugin/deployment/scripts/install-cni.sh \
+		! -path "$rootdir"/.git/hooks/\*.sample \
+		| while read -r f; do [ "$(file -b --mime-type "$f")" = 'text/x-shellscript' ] && printf '%s\0' "$f"; done | xargs -0)