Download a pinned version of Shellcheck

2026-05-13 13:58:57 +00:00 · 2021-02-18 21:48:23 -05:00 · 2021-02-18 21:48:23 -05:00 · 562c610b86
commit 562c610b86
parent a08f8227d4
6 changed files with 68 additions and 27 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -3,27 +3,6 @@ name: Build and Test
 on: push

 jobs:
-  # There's no need for shellcheck to run in a separate job, but the
-  # main "manager" job uses ubuntu-16.04, and only ubuntu-20.04+ has
-  # a recent enough version of shellcheck.  TODO: Merge these jobs.
-  shellcheck:
-    name: shellcheck
-    runs-on: "ubuntu-20.04"
-
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@v1
-
-      - name: Install Node.js, NPM and Yarn
-        uses: actions/setup-node@v1
-        with:
-          node-version: 12
-
-      - name: Lint
-        run: |
-          shellcheck -V
-          yarn shellcheck
-
  manager:
    name: Build and Test
    
@ -45,9 +24,7 @@ jobs:
          node-version: 12

      - name: Show Environment Info
-        run: |
-          yarn -v
-          shellcheck -V
+        run: yarn -v

      - name: Get yarn cache directory path
        id: yarn-cache-dir-path
@ -64,7 +41,7 @@ jobs:
        run: yarn --prefer-offline

      - name: Lint
-        run: yarn tslint
+        run: yarn lint

      - name: Manager
        run: |
--- a/.gitignore
+++ b/.gitignore
@ -6,3 +6,4 @@ node_modules/
 yarn-error.log
 .vscode/
 .idea/
+third_party/shellcheck/download/
--- a/package.json
+++ b/package.json
@ -14,10 +14,10 @@
    "node": "^12"
  },
  "scripts": {
-    "clean": "rm -rf src/*/node_modules/ build/ node_modules/ src/server_manager/install_scripts/do_install_script.ts",
+    "clean": "rm -rf src/*/node_modules/ build/ node_modules/ src/server_manager/install_scripts/do_install_script.ts third_party/shellcheck/download/",
    "do": "bash ./scripts/do_action.sh",
    "lint": "yarn shellcheck && yarn tslint",
-    "shellcheck": "find src scripts -name *.sh -exec shellcheck {} +",
+    "shellcheck": "find src scripts third_party/shellcheck -name *.sh -exec third_party/shellcheck/run.sh {} +",
    "tslint": "tslint 'src/**/*.ts' -e '**/node_modules/**'"
  },
  "workspaces": [
--- a/third_party/shellcheck/README.md
+++ b/third_party/shellcheck/README.md
@ -0,0 +1,10 @@
+# Outline Shellcheck Wrapper
+
+This directory is used to lint our scripts using [Shellcheck](https://www.shellcheck.net/).  To ensure consistency across developer systems, the included script
+* Attempts to identify the developer's OS (Linux, macOS, or Windows)
+* Downloads a pinned version of Shellcheck into `./download`
+* Checks the archive hash
+* Extracts the executable
+* Runs the executable
+
+The executable is cached on the developer's system after the first download.  To clear the cache, run `rm download` (or `yarn clean` in the repository root).
--- a/third_party/shellcheck/hashes.sha256
+++ b/third_party/shellcheck/hashes.sha256
@ -0,0 +1,3 @@
+b080c3b659f7286e27004aa33759664d91e15ef2498ac709a452445d47e3ac23  shellcheck-v0.7.1.darwin.x86_64.tar.xz
+64f17152d96d7ec261ad3086ed42d18232fcb65148b44571b564d688269d36c8  shellcheck-v0.7.1.linux.x86_64.tar.xz
+1763f8f4a639d39e341798c7787d360ed79c3d68a1cdbad0549c9c0767a75e98  shellcheck-v0.7.1.zip
--- a/third_party/shellcheck/run.sh
+++ b/third_party/shellcheck/run.sh
@ -0,0 +1,50 @@
+#!/bin/bash -eu
+#
+# Copyright 2021 The Outline Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+readonly VERSION='v0.7.1'
+readonly DOWNLOAD='download'
+
+# The relative location of this script.
+dir="$(dirname "$0")/${DOWNLOAD}"
+readonly dir
+
+declare file="shellcheck-${VERSION}" # Name of the file to download
+declare cmd="${dir}/shellcheck-${VERSION}" # Path to the executable
+case "$(uname -s)" in
+  Linux) file+='.linux.x86_64.tar.xz'; cmd+='/shellcheck';;
+  Darwin) file+='.darwin.x86_64.tar.xz'; cmd+='/shellcheck';;
+  *) file+='.zip'; cmd+='.exe';; # Presume Windows/Cygwin
+esac
+readonly file cmd
+
+if [[ ! -s "${cmd}" ]]; then
+  mkdir -p "${dir}"
+
+  readonly url="https://github.com/koalaman/shellcheck/releases/download/${VERSION}/${file}"
+  curl --location --fail --output "${dir}/${file}" "${url}"
+
+  pushd "${dir}"
+  sha256sum --check --ignore-missing ../hashes.sha256
+  if [[ "${file}" == *'.tar.xz' ]]; then
+    tar xf "${file}"
+  else
+    unzip "${file}"
+  fi
+  popd > /dev/null
+  chmod +x "${cmd}"
+fi
+
+"${cmd}" "$@"