Describe the issue

In the default configuration, no annotations are created for "notes".

I guess it's because Github Actions don't understand what "note" is - https://github.com/actions/toolkit/blob/master/docs/problem-matchers.md:

severity: a group number containing either 'warning' or 'error' case-insensitive. Defaults to error

Links

• Link to action run: https://github.com/amezin/gnome-shell-extension-ddterm/runs/2639521628
• Link to action configuration: https://github.com/amezin/gnome-shell-extension-ddterm/blob/a5db87a01654cc571fb6f790d52641fa4f7d1a82/.github/workflows/lint.yml#L34-L39

How do I add a flag to the action? Like -e SC1091.

I tried this:

on: push
name: ShellCheck
jobs:
  shellcheck:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - name: shellcheck
      uses: ludeeus/action-shellcheck@master
      with:
        args: -e SC1091

but it has no effect.

It is common for projects to be exposed to shell scripts from other, third party projects added with, for example, git subtree

EXCLUDE_DIRS allows this action to skip specified directories, to accommodate such a case.

As the title says :)

The idea

Support v1 tag.

Implementation

Add the tag to commit 94e0aab.

Additional context

Some people might want to use version 1 of this action:

- name: Run ShellCheck
  uses: ludeeus/action-shellcheck@v1

But that's currently not supported.

Describe the issue

If instead of, as in your example:

on:
  push:
    branches:
      - master

I have:

on: [push]

does the uses line become just

      uses: ludeeus/action-shellcheck

or do I have to use some macro to specify the current branch? What macro might that be?

Describe the issue

I am using shellcheck on a bash script which sources another file using a relative path like

# shellcheck source=./local_file
source "${BASH_SOURCE%/*}/local_file"

when I run shellcheck -x on my machine this doesn't give errors.

I am using action-shellcheck to run shellcheck on push.

My action file looks like this:

name: shellcheck
on: [push] ## run on every push
jobs:
  shellcheck:
    name: Shellcheck
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Run ShellCheck
      uses: ludeeus/action-shellcheck@master
      env:
        SHELLCHECK_OPTS: -x

However the action fails and I get the error note: Not following: ./prod.config: openBinaryFile: does not exist (No such file or directory) [SC1091].
This is the same error that I get when I run shellcheck locally without the -x option.

Checklist

• This Feature Request only contains 1 request (if you have multiple open multiple feature requests).

The idea

It would be nice to make a release. The diff since the last release is a bit long :)

Implementation

Not sure if you have automated releases, but probably just clicking the release button and generating the readme would be good enough.

Alternatives

Using the master release of this repo would be an alternative, but using a released version would be great so we know what goes into the release vs potentially floating to something not-bc.

Additional context

I use this action in Dokku and it's great! I was updating actions and noticed this one doesn't have a recent release, hence the issue.

I have a directory in my repository which contains "bash" in the name. The actions tries to open the directory for linting and exits with an error:

./builder/data/etc/bash_completion.d: ./builder/data/etc/bash_completion.d: openBinaryFile: inappropriate type (is a directory)

Adding:

with:
    ignore: bash_completion.d

doesnt help :(

Looks like it currently only runs on *.sh files

I am using this command with propose error and dont detect it.

incomplete echo
ech -e "${bkwhite}\\n\\n ${bld}${red}%@. \\n #@@@@. *@@@@@@@@@@@@, \\n .@@@@@@@@@@@@@@@@@@& \\n @@@@@( \\n @@& \\n${bkwhite}"

For example, I have a repo that uses the shellcheck action and there are several issues returned by shellcheck

In ./bin/pkenv_test_shellcheck.sh line 32:
abort() {
^-- SC2120: abort references arguments, but none are ever passed.


In ./bin/pkenv_test_shellcheck.sh line 45:
  } | abort
      ^---^ SC2119: Use abort "$@" if function's $1 should mean script's $1.


In ./bin/pkenv_test_shellcheck.sh line 58:
    } | abort
        ^---^ SC2119: Use abort "$@" if function's $1 should mean script's $1.

An example is
https://github.com/tchia04/pkenv/pull/2/checks?check_run_id=227477616#step:4:332

The return code is non-zero. Why the pull request show the check was successful?
I am expecting it to fail it the shellcheck returns non-zero

It would be useful to know which build triggered the comment, so some link to the build within the comment can help.

Describe the issue

I'm probably doing something wrong, but I can't seem to get annotations out of the problem-matcher.

Here's a run,

But no annotation for that warning is captured.

Links

(Sorry, private repository)

Config,

    steps:
      - uses: actions/checkout@v2
      - uses: ludeeus/action-shellcheck@master
        with:
          scandir: ${{ matrix.scripts }}
          severity: warning

          # This is passed to find, so using this option (istead of the intended
          # paths) will make ShellCheck run on all files in the directory
          additional_files: '-true'

Hi there!

Thanks for shellcheck

I had tried use scandir option when got message

find: unrecognized: compose_test.go

My .yml

 - uses: actions/checkout@v2
 - name: Run ShellCheck
   uses: ludeeus/action-shellcheck@master
   with:
      scandir: './scripts'
      check_together: 'yes'

I've tried variant like scandir: 'scripts' but got error again

Could you help me?

Thanks for advance

Checklist

• This Feature Request only contains 1 request (if you have multiple open multiple feature requests).

The idea

I would like to disable the following warning:

Implementation

How do you see this being implemented?
As simple as possible. Perhaps default to false?

Alternatives

Are there any alternative solutions or features you've considered?
I have considered using another GitHub Action because this behavior is undesirable for the project I am working on.

Additional context

You can see the background discussion why I want to disable this here.

Thanks for building this action!

Thanks for this handy action! Very cleanly implemented. As a reminder, you have a new feature advertised in the README and available in master that hasn't been released yet: the scandir option.

0.5.0...master

Keep up the great work!

Checklist

• This Feature Request only contains 1 request (if you have multiple open multiple feature requests).

The idea

This is more of a question but there was no template for it. Is there any way to make Shellcheck exit out to Code Scanning Alerts instead? The big red X next to the commits make them seem like they're a bigger problem than they actually are for the scope of my project. It's my first time trying out Github Actions, so when I set up CodeQL I thought Shellcheck was going to behave in the same way.

Implementation

Shellcheck scans like CodeQL would, and if it finds any errors instead of marking them publicly on the repository, it sends notifications to the repo's Secutiy section under "Code scanning alerts".

Alternatives

I'm not aware of any, but if you do know please let me know!

Additional context

It also leaves failure notifications every time it runs while the script hasn't yet been modified, which could also be sent to "Code scanning alerts".

Checklist

• This Feature Request only contains 1 request (if you have multiple open multiple feature requests).

The idea

Create a new release of this action to include ignore pattern c2b45dd

Implementation

Create release via GitHub

Additional context

Using the new feature together with dependabot is hard as dependabot will try to downgrade this action to the latest release.

Checklist

• This Feature Request only contains 1 request (if you have multiple open multiple feature requests).

The idea

Allow arm64 instances like Amazon's Graviton2/Graviton3 running Ubuntu

Implementation

How do you see this being implemented?

Add a new variable for arm64 instead of x86 in the yaml and download the appropriate version

Alternatives

Are there any alternative solutions or features you've considered?

No

Additional context

N/A

Checklist

• This Feature Request only contains 1 request (if you have multiple open multiple feature requests).

The idea

problem matchers will make github annotate source files with violations.

Implementation

How do you see this being implemented?

• https://github.com/actions/toolkit/blob/main/docs/problem-matchers.md
• https://fusectore.dev/2021/11/19/github-action-problem-matchers.html

Alternatives

Are there any alternative solutions or features you've considered?

Additional context

Is there a plan for a new release to address https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/. I see changes in master branch but stable release will be better.

cc @ludeeus

The idea

It'd be great to have arm64 builds of this action. Currently it doesn't seem to work well:

Run ludeeus/action-shellcheck@master
  with:
    scandir: ./bin
    disable_matcher: false
    format: gcc
    version: stable
Run if [[ "Linux" == "macOS" ]]; then
Run "/runner/_work/_actions/ludeeus/action-shellcheck/master/shellcheck" --version
/runner/_work/_temp/fff516ca-6c1[2](https://github.comXXX/actions/runs/4064350496/jobs/7015480234#step:4:2)-[4](https://github.com/XXX/actions/runs/4064350496/jobs/7015480234#step:4:4)20c-ad1a-[5](https://github.com/XXX/actions/runs/4064350496/jobs/7015480234#step:4:5)ba8f8d4ba81.sh: line 1: /runner/_work/_actions/ludeeus/action-shellcheck/master/shellcheck: cannot execute binary file: Exec format error
Error: Process completed with exit code 12[6](https://github.com/messhelden/XXX/actions/runs/4064350496/jobs/7015480234#step:4:6).

Implementation

Perhaps this build process for arm64 still works: https://github.com/koalaman/aarch64-builder

Alternatives

Can't see any.

Additional context

We're almost 100% graviton shop on AWS, this is slightly blocking us.

We use this action across 10+ projects and would like to get updates without having to manually do it.

The convention is a v2 tag that is moved when the version updates.

We use:

- uses: fischerscode/tagger@v0

for this to do it automatically. Thanks for your consideration.

I've had some issues running this action, it's picking up all sorts of files (javascript, go, etc).

I know I can set an exclude to exclude all the directories that don't contain shell scripts in my project but that seems a little counter intuitive.

Run ludeeus/action-shellcheck@master
/usr/bin/docker run --name d346b9a69434f4483696d184d929557435_bdb93b --label 3888d3 --workdir /github/workspace --rm -e INPUT_IGNORE -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/gogs/gogs":"/github/workspace" 3888d3:46b9a69434f4483696d184d929557435

In ./internal/route/user/profile.go line 1:
// Copyright 2015 The Gogs Authors. All rights reserved.
^-- SC1127: Was this intended as a comment? Use # in sh.
^-- SC2148: Tips depend on target shell and yours is unknown. Add a shebang.


In ./internal/route/user/profile.go line 2:
// Use of this source code is governed by a MIT-style
^-- SC1127: Was this intended as a comment? Use # in sh.


In ./internal/route/user/profile.go line 3:
// license that can be found in the LICENSE file.
^-- SC1127: Was this intended as a comment? Use # in sh.

Having a look at the script that runs in the container, I think the problem appears to be here.

readarray -d '' tmp < <(find . "${excludes[@]}" -type f ! -name '*.*' -perm /111  -print0)
for file in "${tmp[@]}"; do
    head -n1 "$file" | grep -Eqs "^#! */[^ ]*/[abkz]*sh" || continue
    filepaths+=("$file")
done

Build: 644229756 is green, but...

GHA comment suggests something else on the EA31337/EA-Tester/pull/181 PR:

It suggests there are no errors:

No errors or shellcheck is disabled

but the next line suggests that there are some issues:

The files above have some shellcheck issues.

Same for shfmt:

No errors or shfmt is disabled

but the next line suggests that there are some formatting problems.

Maybe the action shouldn't comment anything on no errors?

Also, it would be great to show which build triggered the comment (GH-12).

Describe the issue

How do i ignore multiple paths?

Could another stable release be made? The default branch contains a bunch of useful features like #44, but it's not always desirable to use the latest version of a github action.

My PRs just started failing with:

##[error]Unable to process command '::add-matcher::.github/problem-matcher.json' successfully.
##[error]Could not find file '/home/runner/work/chrono/chrono/.github/problem-matcher.json'.

Example: https://github.com/chronotope/chrono/pull/447/checks?check_run_id=839552633

Hi.

First of all, thank you for this action. I've been using it with success in several projects.

Recently, there was a bump in the underlying shellcheck version which, via fixing some issues, surfaced some others.

I was caught off guard, but still was able to fix those issues. Upon visiting this actions' page I found that I can specify with element version, to fix the underlying shellcheck version to use, but this seems to exist only in the master branch.

Since I consider CI to be less stable if I use master (which is effectively what caught me off guard in the first place) I'm requesting a post-1.1.0 release, if possible.

Thank you.

Describe the issue

Trying to run it on Windows machine, but it's not working.

jobs:
  test:
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Run ShellCheck
        uses: ludeeus/action-shellcheck@master

Checklist

• This Feature Request only contains 1 request (if you have multiple open multiple feature requests).

The idea

It would be great to be able to specify a specific shellcheck version instead of always downloading stable. This would allow users to upgrade shellcheck on a timeline that makes sense for their codebase vs automatically grabbing the latest stable and potentially introducing CI failures.

Implementation

A new input named shellcheck-version. Required would be set to false, and the default would be stable.

Alternatives

Do nothing, and only allow stable to be installed.

Additional context

This PR introduces failures on unchanged files due to a new release of shellcheck.

Describe the issue

When using this action in my project, the action prints a deprecation notice that set-output is deprecated.

Warning: The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

My shellcheck action is pretty standard:

on: push

name: 'Trigger: Push action'

jobs:
  shellcheck:
    name: Shellcheck
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Run ShellCheck
      uses: ludeeus/action-shellcheck@master

Checklist

• This Feature Request only contains 1 request (if you have multiple open multiple feature requests).

The idea

Allow to skip downloading shellcheck if it is installed already.

Implementation

• As an if condition on the step "Download shellcheck" (set by a new input or by a special value of "version")
• or probably better check in the bash script of this step if the command is available (maybe if "version" is (like) "-stable" and downloads "stable" if not available).

Alternatives

???

Additional context

shellcheck is installed on ubuntu runners: https://github.com/actions/runner-images/blob/ubuntu22/20230710.1/images/linux/Ubuntu2204-Readme.md#installed-apt-packages

Checklist

• This Feature Request only contains 1 request (if you have multiple open multiple feature requests).

The idea

Right now, it is possible to tell the action to ignore directories that match a particular pattern. But it is not possible to ignore a specific file that may live within one of the directories. Being able to ignore files (vs directories) would make it possible to ignore some scripts in a directory but not all of them.

This could be useful in ignoring scripts produced by third-parties (that we don't want to check), like Gradle's gradlew script.

Implementation

Improve the step that excludes paths to also exclude files that match the pattern given in the ignore config property. Maybe use grep instead of how it's implemented now (that would allow folks to use grep's patterns to match files/directories to exclude).

Alternatives

Additional context

Describe the issue

Run ludeeus/[email protected]
  with:
    scandir: .
    disable_matcher: false
    format: gcc
tar (child): xz: Cannot exec: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now
Error: Process completed with exit code 2.

Links

N/A

Describe the issue

Hi! I am trying to configure the ShellCheck Action to ignore specific files at specific paths. E.g. if I have a project structure like

└── examples
    └── bad.sh

I would like to ignore ./examples/bad.sh. It seems I can use ignore_paths to ignore everything under examples, or ignore_names to ignore any files called bad.sh, but it's not clear how to ignore files at specific paths. This is problematic if I have directories with some files to ignore, or file names to ignore, but only in certain directories:

├── examples
│   ├── bad.sh
│   └── good.sh
└── good_examples
    └── bad.sh

I'm not familiar with GitHub Actions, and though I skimmed the code, I couldn't figure out whether this was supported or not. I tried various configurations, but none seemed to work the way I wanted. This might be a feature request instead of a bug. Any help or advice is appreciated, thanks!

Links

• Link to action run: https://github.com/bi1yeu/shellcheck-gh-action-test/runs/5780506120?check_suite_focus=true
• Link to action configuration: https://github.com/bi1yeu/shellcheck-gh-action-test/blob/294aaede0b0367ff63b75de857f456bb706ecc3e/.github/workflows/shellcheck.yml
• tried a whole bunch of configurations on this PR bi1yeu/shellcheck-gh-action-test#1

Running shellcheck using the action, fails on macos-latest

Here is a demo

It would be nice if this action works for macOS as well for cross-OS script testing

Checklist

• This Feature Request only contains 1 request (if you have multiple open multiple feature requests).

The idea

The documentation should be clearer (with examples) whether or not ignore_paths and ignore_names can take glob patterns and/or regex.

Implementation

If it's not supported, clarify that.

If it is supported, include an example like:

    ...
    - name: Run ShellCheck
      uses: ludeeus/action-shellcheck@master
      with:
        ignore_paths: >-
          ignoreme
          ignoremetoo
        ignore_names: >-
          ignorable.sh
          .zsh*

Checklist

• This Feature Request only contains 1 request (if you have multiple open multiple feature requests).

The idea

I want to be able to tell shellcheck to check my script against different shells, (eg: shellcheck dir/*.sh --shell=sh). I want to be able to specify which shell to check against. Shellcheck allows the following inputs when using this flag:

• bash
• sh
• dash
• ksh

Implementation

Add an input to this action such as shell which takes one of the four supported shells to check against mentioned above.

Alternatives

NA

Additional context

NA