diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml index deaabbcb..e4f8a264 100644 --- a/.github/workflows/differential-shellcheck.yml +++ b/.github/workflows/differential-shellcheck.yml @@ -50,3 +50,11 @@ jobs: name: Differential ShellCheck SARIF path: ${{ steps.ShellCheck.outputs.sarif }} retention-days: 7 + + - if: ${{ always() }} + name: Upload artifact with defects in XHTML format + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + with: + name: Differential ShellCheck HTML + path: ${{ steps.ShellCheck.outputs.html }} + retention-days: 7 diff --git a/README.md b/README.md index be42acb4..895f055d 100644 --- a/README.md +++ b/README.md @@ -346,6 +346,29 @@ Relative path to SARIF file containing detected defects. Example of use: sarif_file: ${{ steps.ShellCheck.outputs.sarif }} ``` +### html + +Relative path to HTML file containing detected defects. Example of use: + +```yaml +- id: ShellCheck + name: Differential ShellCheck + uses: redhat-plumbers-in-action/differential-shellcheck@v5 + +- if: ${{ always() }} + name: Upload artifact with ShellCheck defects in HTML format + uses: actions/upload-artifact@v4 + with: + name: Differential ShellCheck HTML + path: ${{ steps.ShellCheck.outputs.html }} +``` + +[Example](docs/example.xhtml) of HTML output: + +

+ HTML output example +

+ ## Using with Private repositories Differential ShellCheck GitHub Action could be used in private repositories by any user. But code scanning-related features are available only for GitHub Enterprise users, as mentioned in [GitHub Documentation](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning): diff --git a/action.yml b/action.yml index df88027b..25cbcc09 100644 --- a/action.yml +++ b/action.yml @@ -82,7 +82,9 @@ inputs: outputs: sarif: - description: 'The SARIF file containing defects' + description: The SARIF file containing defects + html: + description: The HTML file containing defects runs: using: docker diff --git a/docs/example.xhtml b/docs/example.xhtml new file mode 100644 index 00000000..0177d256 --- /dev/null +++ b/docs/example.xhtml @@ -0,0 +1,71 @@ + + + +Scan Results + +

Scan Results

+

List of Defects

+
+Error: SHELLCHECK_WARNING: [#def1]
+docs/example.sh:7:7: info[SC2086]: Double quote to prevent globbing and word splitting.
+#    4|   # Quoting
+#    5|   # =======
+#    6|   
+#    7|->  echo $1                           # Unquoted variables
+#    8|    rm "~/my file.txt"                # Quoted tilde expansion
+#    9|    v='--verbose="true"'; cmd $v      # Literal quotes in variables
+#   10|   # touch $@                          # Unquoted $@
+
+Error: SHELLCHECK_WARNING: [#def2]
+docs/example.sh:8:6: warning[SC2088]: Tilde does not expand in quotes. Use $HOME.
+#    5|   # =======
+#    6|   
+#    7|    echo $1                           # Unquoted variables
+#    8|->  rm "~/my file.txt"                # Quoted tilde expansion
+#    9|    v='--verbose="true"'; cmd $v      # Literal quotes in variables
+#   10|   # touch $@                          # Unquoted $@
+#   11|   # echo 'Path is $PATH'              # Variables in single quotes
+
+Error: SHELLCHECK_WARNING: [#def3]
+docs/example.sh:9:4: warning[SC2089]: Quotes/backslashes will be treated literally. Rewrite using set/"$@" or functions.
+#    6|   
+#    7|    echo $1                           # Unquoted variables
+#    8|    rm "~/my file.txt"                # Quoted tilde expansion
+#    9|->  v='--verbose="true"'; cmd $v      # Literal quotes in variables
+#   10|   # touch $@                          # Unquoted $@
+#   11|   # echo 'Path is $PATH'              # Variables in single quotes
+#   12|   # trap "echo Took ${SECONDS}s" 0    # Prematurely expanded trap
+
+Error: SHELLCHECK_WARNING: [#def4]
+docs/example.sh:9:28: warning[SC2090]: Quotes/backslashes in this variable will not be respected.
+#    6|   
+#    7|    echo $1                           # Unquoted variables
+#    8|    rm "~/my file.txt"                # Quoted tilde expansion
+#    9|->  v='--verbose="true"'; cmd $v      # Literal quotes in variables
+#   10|   # touch $@                          # Unquoted $@
+#   11|   # echo 'Path is $PATH'              # Variables in single quotes
+#   12|   # trap "echo Took ${SECONDS}s" 0    # Prematurely expanded trap
+
+Error: SHELLCHECK_WARNING: [#def5]
+docs/example.sh:9:28: style[SC2248]: Prefer double quoting even when variables don't contain special characters.
+#    6|   
+#    7|    echo $1                           # Unquoted variables
+#    8|    rm "~/my file.txt"                # Quoted tilde expansion
+#    9|->  v='--verbose="true"'; cmd $v      # Literal quotes in variables
+#   10|   # touch $@                          # Unquoted $@
+#   11|   # echo 'Path is $PATH'              # Variables in single quotes
+#   12|   # trap "echo Took ${SECONDS}s" 0    # Prematurely expanded trap
+
+Error: SHELLCHECK_WARNING: [#def6]
+docs/example.sh:9:28: style[SC2250]: Prefer putting braces around variable references even when not strictly required.
+#    6|   
+#    7|    echo $1                           # Unquoted variables
+#    8|    rm "~/my file.txt"                # Quoted tilde expansion
+#    9|->  v='--verbose="true"'; cmd $v      # Literal quotes in variables
+#   10|   # touch $@                          # Unquoted $@
+#   11|   # echo 'Path is $PATH'              # Variables in single quotes
+#   12|   # trap "echo Took ${SECONDS}s" 0    # Prematurely expanded trap
+
+
+ + diff --git a/docs/images/html-output-exmple.png b/docs/images/html-output-exmple.png new file mode 100644 index 00000000..b1bff37e Binary files /dev/null and b/docs/images/html-output-exmple.png differ diff --git a/src/index.sh b/src/index.sh index 76a935fe..7d5db3d6 100755 --- a/src/index.sh +++ b/src/index.sh @@ -108,7 +108,14 @@ csgrep \ --set-scan-prop='tool-url:https://www.shellcheck.net/wiki/' \ "${WORK_DIR}sarif-defects.log" > output.sarif +# Produce report in HTML format +cshtml \ + "${WORK_DIR}sarif-defects.log" > output.xhtml + +# shellcheck disable=SC2154 +# GITHUB_OUTPUT is GitHub Actions environment variable echo "sarif=output.sarif" >> "${GITHUB_OUTPUT}" +echo "html=output.xhtml" >> "${GITHUB_OUTPUT}" # SARIF upload if [[ -n "${INPUT_TOKEN}" ]]; then diff --git a/test/index.bats b/test/index.bats index 18e4bf28..d6eedc0b 100644 --- a/test/index.bats +++ b/test/index.bats @@ -21,7 +21,7 @@ setup () { } teardown () { - rm -f ../base-shellcheck.err ../changed-files.txt ../defects.log ../fixes.log ../head-shellcheck.err ./output.sarif + rm -f ../base-shellcheck.err ../changed-files.txt ../defects.log ../fixes.log ../head-shellcheck.err ./output.sarif ./output.xhtml export \ SCRIPT_DIR="" \