scripts/.github/workflows/shell-check.yml
copilot-swe-agent[bot] 4df13b568a refactor: improve workflow security and remove redundant exit code
- Remove pull_request_target to avoid executing untrusted fork code
- Remove redundant exit 1 from failure step
- Update documentation to reflect changes
- Standard pull_request trigger handles forks securely

Co-authored-by: kuhyx <147418882+kuhyx@users.noreply.github.com>
2026-01-07 21:41:08 +00:00

58 lines
1.5 KiB
YAML

name: Shell Script Linting
on:
push:
branches: [ main, master ]
paths:
- '**.sh'
- '**.bash'
- '**.zsh'
- '.github/workflows/shell-check.yml'
- 'scripts/meta/shell_check.sh'
pull_request:
branches: [ main, master ]
paths:
- '**.sh'
- '**.bash'
- '**.zsh'
- '.github/workflows/shell-check.yml'
- 'scripts/meta/shell_check.sh'
jobs:
shellcheck:
name: Lint Shell Scripts
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install shellcheck
run: |
sudo apt-get update
sudo apt-get install -y shellcheck
- name: Install shfmt
run: |
cd /tmp
SHFMT_VERSION="3.8.0"
wget -q "https://github.com/mvdan/sh/releases/download/v${SHFMT_VERSION}/shfmt_v${SHFMT_VERSION}_linux_amd64" -O shfmt
chmod +x shfmt
sudo mv shfmt /usr/local/bin/
shfmt -version
- name: Run shell_check.sh
run: |
bash scripts/meta/shell_check.sh --skip-install
- name: Report status
if: success()
run: echo "✅ All shell scripts passed linting checks!"
- name: Provide help on failure
if: failure()
run: |
echo "❌ Shell script linting failed!"
echo "This check is required to merge PRs into main/master."
echo "Please run 'bash scripts/meta/shell_check.sh' locally and fix any issues."