gitlab-ci: move shellcheck to own job fenced by changes:

2025-03-12 18:21:09 +01:00 · 2025-03-12 18:21:09 +01:00 · 3b9d39ac61
commit 3b9d39ac61
parent aa9cc14991
3 changed files with 27 additions and 8 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -205,8 +205,7 @@ gradlew-fdroid:
        - gradlew-fdroid
        - tests/test_gradlew-fdroid
  script:
-    - apt-get install ca-certificates curl default-jdk-headless shellcheck unzip
-    - shellcheck --severity=error --color gradlew-fdroid tests/test_gradlew-fdroid
+    - apt-get install ca-certificates curl default-jdk-headless unzip
    - ./tests/test_gradlew-fdroid


@ -232,7 +231,6 @@ lint_format_bandit_checks:
          python3-nose
          python3-pip
          python3-yaml
-          shellcheck
    - $pip install --break-system-packages bandit pylint-gitlab
    - export EXITVALUE=0
    - function set_error() { export EXITVALUE=1; printf "\x1b[31mERROR `history|tail -2|head -1|cut -b 6-500`\x1b[0m\n"; }
@ -250,8 +248,6 @@ lint_format_bandit_checks:
            tests/*.py
            > pylint-report.json
        || set_error
-    - shellcheck --exclude SC2046,SC2090 --severity=warning --color tests/run-tests
-        || set_error
    - exit $EXITVALUE
  artifacts:
    reports:
@ -259,6 +255,29 @@ lint_format_bandit_checks:
    when: always


+shellcheck:
+  image: debian:bookworm-slim
+  rules:
+    - changes:
+        - .gitlab-ci.yml
+        - gradlew-fdroid
+        - hooks/install-hooks.sh
+        - hooks/pre-commit
+        - tests/run-tests
+        - tests/test_gradlew-fdroid
+  <<: *apt-template
+  script:
+    - apt-get install shellcheck
+    # TODO GitLab Code Quality report https://github.com/koalaman/shellcheck/issues/3155
+    - shellcheck --exclude SC2046,SC2090 --severity=warning --color
+        hooks/install-hooks.sh
+        hooks/pre-commit
+        tests/run-tests
+    # TODO make the gradlew things pass the standard above
+    - shellcheck --severity=error --color
+        gradlew-fdroid
+        tests/test_gradlew-fdroid
+
 # Check all the dependencies in Debian to mirror production.  CVEs are
 # generally fixed in the latest versions in pip/pypi.org, so it isn't
 # so important to scan that kind of install in CI.
--- a/hooks/install-hooks.sh
+++ b/hooks/install-hooks.sh
@ -2,7 +2,7 @@
 #
 # Install all the client hooks

-BASE_DIR="$(cd $(dirname $0); pwd -P)"
+BASE_DIR="$(cd $(dirname $0) || exit; pwd -P)"
 HOOK_NAMES="applypatch-msg pre-applypatch post-applypatch pre-commit prepare-commit-msg commit-msg post-commit pre-rebase post-checkout post-merge pre-receive update post-receive post-update pre-auto-gc"
 HOOK_DIR="$(git rev-parse --show-toplevel)/.git/hooks"

--- a/hooks/pre-commit
+++ b/hooks/pre-commit
@ -36,7 +36,7 @@ else
            *.rb)
                RB_FILES+=" $f"
                ;;
-            *.yml|.*.yml|.yamllint)
+            *.yml|*.yaml|.yamllint)
                YML_FILES+=" $f"
                ;;
            *)
@ -66,7 +66,7 @@ cmd_exists() {
 }

 find_command() {
-	for name in $@; do
+	for name in "$@"; do
 		for suff in "3" "-3" "-python3" ""; do
 			cmd=${name}${suff}
 			if cmd_exists $cmd; then