build/.github/workflows/pr-lint-scripts.yml

name: Lint on Scripts
run-name: 'Shellcheck - PR #${{ github.event.pull_request.number }} ("${{ github.event.pull_request.title }}")'
#
# Run ShellCheck on all scripts and generate report as build artifact
#

on:
  workflow_dispatch:
  pull_request:
    types: [opened, reopened, synchronize]

permissions:
  contents: read

concurrency:
  group: pipeline-lint-${{github.event.pull_request.number}}
  cancel-in-progress: true

jobs:
  Shellcheck:
    name: Shell script analysis
    runs-on: ubuntu-latest
    if: ${{ github.repository_owner == 'Armbian' }}

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 2

      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@c34c1c13a740b06851baff92ab9a653d93ad6ce7 # v46.0.3

      - name: List all changed files
        run: |

          # Use framework internal mechanism for checking `lib` and `extensions` code only one file is passed,
          # and source's are followed, thus the whole project is "understood" by shellcheck.
          # For example, when checking individual files, one variable might be thought "unused" because it
          # is only used in another file, which does not happen when done properly.

          bash lib/tools/shellcheck.sh

          ret=0

          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do

              if [[ ! "${file}" =~ lib/|extensions/|.py|.service|.rules|.network|.netdev ]]; then
                  if grep -qE "^#\!/.*bash" $file; then

                      shellcheck --severity=error $file || ret=$?

                  fi
              fi

          done

          exit $ret