1berry/fdroidserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gitlab-ci: move shellcheck to own job fenced by changes:

Browse Source
This commit is contained in:
Hans-Christoph Steiner 2025-03-12 18:21:09 +01:00
parent aa9cc14991
commit 3b9d39ac61
3 changed files with 27 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
.gitlab-ci.yml
View File

@ -205,8 +205,7 @@ gradlew-fdroid:
- gradlew-fdroid - gradlew-fdroid
- tests/test_gradlew-fdroid - tests/test_gradlew-fdroid
script: script:
- apt-get install ca-certificates curl default-jdk-headless shellcheck unzip - apt-get install ca-certificates curl default-jdk-headless unzip
- shellcheck --severity=error --color gradlew-fdroid tests/test_gradlew-fdroid
- ./tests/test_gradlew-fdroid - ./tests/test_gradlew-fdroid
@ -232,7 +231,6 @@ lint_format_bandit_checks:
python3-nose python3-nose
python3-pip python3-pip
python3-yaml python3-yaml
shellcheck
- $pip install --break-system-packages bandit pylint-gitlab - $pip install --break-system-packages bandit pylint-gitlab
- export EXITVALUE=0 - export EXITVALUE=0
- function set_error() { export EXITVALUE=1; printf "\x1b[31mERROR `history|tail -2|head -1|cut -b 6-500`\x1b[0m\n"; } - function set_error() { export EXITVALUE=1; printf "\x1b[31mERROR `history|tail -2|head -1|cut -b 6-500`\x1b[0m\n"; }
@ -250,8 +248,6 @@ lint_format_bandit_checks:
tests/*.py tests/*.py
> pylint-report.json > pylint-report.json
|| set_error || set_error
- shellcheck --exclude SC2046,SC2090 --severity=warning --color tests/run-tests
|| set_error
- exit $EXITVALUE - exit $EXITVALUE
artifacts: artifacts:
reports: reports:
@ -259,6 +255,29 @@ lint_format_bandit_checks:
when: always when: always
shellcheck:
image: debian:bookworm-slim
rules:
- changes:
- .gitlab-ci.yml
- gradlew-fdroid
- hooks/install-hooks.sh
- hooks/pre-commit
- tests/run-tests
- tests/test_gradlew-fdroid
<<: *apt-template
script:
- apt-get install shellcheck
# TODO GitLab Code Quality report https://github.com/koalaman/shellcheck/issues/3155
- shellcheck --exclude SC2046,SC2090 --severity=warning --color
hooks/install-hooks.sh
hooks/pre-commit
tests/run-tests
# TODO make the gradlew things pass the standard above
- shellcheck --severity=error --color
gradlew-fdroid
tests/test_gradlew-fdroid
# Check all the dependencies in Debian to mirror production. CVEs are # Check all the dependencies in Debian to mirror production. CVEs are
# generally fixed in the latest versions in pip/pypi.org, so it isn't # generally fixed in the latest versions in pip/pypi.org, so it isn't
# so important to scan that kind of install in CI. # so important to scan that kind of install in CI.

2
hooks/install-hooks.sh
View File

@ -2,7 +2,7 @@
# #
# Install all the client hooks # Install all the client hooks
BASE_DIR="$(cd $(dirname $0); pwd -P)" BASE_DIR="$(cd $(dirname $0) || exit; pwd -P)"
HOOK_NAMES="applypatch-msg pre-applypatch post-applypatch pre-commit prepare-commit-msg commit-msg post-commit pre-rebase post-checkout post-merge pre-receive update post-receive post-update pre-auto-gc" HOOK_NAMES="applypatch-msg pre-applypatch post-applypatch pre-commit prepare-commit-msg commit-msg post-commit pre-rebase post-checkout post-merge pre-receive update post-receive post-update pre-auto-gc"
HOOK_DIR="$(git rev-parse --show-toplevel)/.git/hooks" HOOK_DIR="$(git rev-parse --show-toplevel)/.git/hooks"

4
hooks/pre-commit
View File

@ -36,7 +36,7 @@ else
*.rb) *.rb)
RB_FILES+=" $f" RB_FILES+=" $f"
;; ;;
*.yml|.*.yml|.yamllint) *.yml|*.yaml|.yamllint)
YML_FILES+=" $f" YML_FILES+=" $f"
;; ;;
*) *)
@ -66,7 +66,7 @@ cmd_exists() {
} }
find_command() { find_command() {
for name in $@; do for name in "$@"; do
for suff in "3" "-3" "-python3" ""; do for suff in "3" "-3" "-python3" ""; do
cmd=${name}${suff} cmd=${name}${suff}
if cmd_exists $cmd; then if cmd_exists $cmd; then