ci: add shellcheck lint workflow; fix 6 violations

Uses \$'...' quoting for spinner backslash (SC1003). Adds source=/dev/null for /etc/os-release (SC1091). Splits local+assign for ip and current_version (SC2155). Adds disable comments for intentional literal regex matches (SC2076). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-13 23:40:58 -04:00
parent daafb6c4fb
commit c765b4c26e
2 changed files with 28 additions and 4 deletions
@@ -0,0 +1,20 @@
+name: Lint
+
+on:
+  push:
+    branches: ["**"]
+  pull_request:
+    branches: ["**"]
+
+jobs:
+  shell-lint:
+    name: Shell (shellcheck)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install shellcheck
+        run: apt-get update -qq && apt-get install -y -qq shellcheck
+
+      - name: Run shellcheck
+        run: find . -name "*.sh" -exec shellcheck {} +
@@ -150,7 +150,7 @@ unit_file_exists() {
 wait_for_process() {
    local pid="$1"
    local delay="${2:-0.1}"
-    local spinner='|/-\'
+    local spinner=$'|/-\\'
    local i=0

    while kill -0 "$pid" 2>/dev/null; do
@@ -177,6 +177,7 @@ get_system_info() {
    else
        echo -e "\n${GREEN}=== OS Information ===${NC}"
        if [[ -f /etc/os-release ]]; then
+            # shellcheck source=/dev/null
            source /etc/os-release
            echo -e "${GREEN}Distribution:${NC} $PRETTY_NAME"
        else
@@ -545,7 +546,8 @@ get_node_exporter_status() {
    echo -e "\n${GREEN}=== Node Exporter Status ===${NC}"
    if systemctl is-active --quiet node_exporter 2>/dev/null; then
        echo -e "${GREEN}Service:${NC} Running"
-        local ip=$(hostname -I | awk '{print $1}')
+        local ip
+        ip=$(hostname -I | awk '{print $1}')
        echo -e "${GREEN}Metrics URL:${NC} http://${ip}:9100/metrics"
        if ss -tlnp 2>/dev/null | grep -q ':9100'; then
            echo -e "${GREEN}Port 9100:${NC} Listening"
@@ -589,6 +591,7 @@ run_selective_checks() {
    # Validate check names
    IFS=',' read -ra check_array <<< "$checks"
    for check in "${check_array[@]}"; do
+        # shellcheck disable=SC2076  # intentional literal match (not regex)
        if [[ ! " $VALID_CHECKS " =~ " $check " ]]; then
            log_message error "Unknown check: $check"
            echo "Valid checks: $VALID_CHECKS"
@@ -675,7 +678,8 @@ check_services() {

 check_pve_version() {
    local min_version="6.0"
-    local current_version=$(pveversion | grep -oP 'pve-manager/\K[0-9]+\.[0-9]+' || echo "0.0")
+    local current_version
+    current_version=$(pveversion | grep -oP 'pve-manager/\K[0-9]+\.[0-9]+' || echo "0.0")
    if (( $(echo "$current_version < $min_version" | bc -l) )); then
        log_message warn "Proxmox VE version $current_version may not support all features"
    fi
@@ -872,7 +876,7 @@ validate_input() {
    fi
    # Extract the option name (before any = sign)
    local opt_name="${input%%=*}"
-    # Check against whitelist
+    # shellcheck disable=SC2076  # intentional literal match (not regex)
    if [[ ! " $VALID_OPTIONS " =~ " $opt_name " ]]; then
        return 1
    fi