Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow specifying WORK_DIR for intermediate files #393

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 15 additions & 13 deletions src/index.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ CURRENT_DIR="$(dirname "$(readlink -f "$0")")"
# shellcheck source=functions.sh
. "${SCRIPT_DIR="${CURRENT_DIR}/"}functions.sh"

WORK_DIR="${WORK_DIR-../}"

declare \
GITHUB_STEP_SUMMARY

Expand All @@ -27,20 +29,20 @@ is_full_scan_demanded
FULL_SCAN=$?

if [[ ${FULL_SCAN} -eq 0 ]]; then
git ls-tree -r --name-only -z "${GITHUB_REF_NAME-"main"}" > ../files.txt
git ls-tree -r --name-only -z "${GITHUB_REF_NAME-"main"}" > "${WORK_DIR}files.txt"

all_scripts=()
get_scripts_for_scanning "../files.txt" "all_scripts"
get_scripts_for_scanning "${WORK_DIR}files.txt" "all_scripts"
fi

if ! [[ ${FULL_SCAN} -eq 0 ]] || ! is_strict_check_on_push_demanded; then
# https://github.com/actions/runner/issues/342
# Get the names of files from range of commits (excluding deleted files)
# BASE and HEAD are always set, it is checked inside pick_base_and_head_hash function
git diff --name-only -z --diff-filter=db "${BASE}".."${HEAD}" > ../changed-files.txt
git diff --name-only -z --diff-filter=db "${BASE}".."${HEAD}" > "${WORK_DIR}changed-files.txt"

only_changed_scripts=()
get_scripts_for_scanning "../changed-files.txt" "only_changed_scripts"
get_scripts_for_scanning "${WORK_DIR}changed-files.txt" "only_changed_scripts"
fi

echo -e "${VERSIONS_HEADING}"
Expand All @@ -58,25 +60,25 @@ echo
# ------------ #

if [[ ${FULL_SCAN} -eq 0 ]]; then
execute_shellcheck "${all_scripts[@]}" > ../full-shellcheck.err
execute_shellcheck "${all_scripts[@]}" > "${WORK_DIR}full-shellcheck.err"
fi

exit_status=0

if ! is_strict_check_on_push_demanded; then
execute_shellcheck "${only_changed_scripts[@]}" > ../head-shellcheck.err
execute_shellcheck "${only_changed_scripts[@]}" > "${WORK_DIR}head-shellcheck.err"

# Checkout the base branch/commit
git checkout --force --quiet -b ci_br_dest "${BASE}" || git checkout --force --quiet "${BASE}"

execute_shellcheck "${only_changed_scripts[@]}" > ../base-shellcheck.err
execute_shellcheck "${only_changed_scripts[@]}" > "${WORK_DIR}base-shellcheck.err"

get_fixes "../base-shellcheck.err" "../head-shellcheck.err"
get_fixes "${WORK_DIR}base-shellcheck.err" "${WORK_DIR}head-shellcheck.err"
evaluate_and_print_fixes

get_defects "../head-shellcheck.err" "../base-shellcheck.err"
get_defects "${WORK_DIR}head-shellcheck.err" "${WORK_DIR}base-shellcheck.err"
else
mv ../full-shellcheck.err ../defects.log
mv "${WORK_DIR}full-shellcheck.err" "${WORK_DIR}defects.log"
fi

echo
Expand All @@ -89,9 +91,9 @@ exit_status=$?

# Upload all defects when Full scan was requested
if [[ ${FULL_SCAN} -eq 0 ]]; then
cp ../full-shellcheck.err ../sarif-defects.log
cp "${WORK_DIR}full-shellcheck.err" "${WORK_DIR}sarif-defects.log"
else
cp ../defects.log ../sarif-defects.log
cp "${WORK_DIR}defects.log" "${WORK_DIR}sarif-defects.log"
fi

shellcheck_version=$(get_shellcheck_version)
Expand All @@ -103,7 +105,7 @@ csgrep \
--set-scan-prop='tool:ShellCheck' \
--set-scan-prop="tool-version:${shellcheck_version}" \
--set-scan-prop='tool-url:https://www.shellcheck.net/wiki/' \
'../sarif-defects.log' > output.sarif
"${WORK_DIR}sarif-defects.log" > output.sarif

echo "sarif=output.sarif" >> "${GITHUB_OUTPUT}"

Expand Down
4 changes: 3 additions & 1 deletion src/summary.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# shellcheck shell=bash
# SPDX-License-Identifier: GPL-3.0-or-later

WORK_DIR="${WORK_DIR-../}"

# Print scanning summary
summary () {
scan_summary=""
Expand Down Expand Up @@ -72,7 +74,7 @@ Scanned/Changed scripts: \`${#list_of_changed_scripts[@]}\`
get_number_of () {
[[ $# -le 0 ]] && return 1

file="../${1}.log"
file="${WORK_DIR}${1}.log"
[[ -s "${file}" ]] || return 1

jq '.defects | length' "${file}"
Expand Down
14 changes: 8 additions & 6 deletions src/validation.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
# shellcheck source=summary.sh
. "${SCRIPT_DIR=}summary.sh"

WORK_DIR="${WORK_DIR-../}"

# Get file containing fixes based on two input files
# $1 - <string> absolute path to a file containing results from BASE scan
# $2 - <string> absolute path to a file containing results from HEAD scan
Expand All @@ -12,19 +14,19 @@
get_fixes () {
[[ $# -le 1 ]] && return 1

csdiff --fixed "${1}" "${2}" > ../fixes.log
csdiff --fixed "${1}" "${2}" > "${WORK_DIR}fixes.log"
}

# Function to evaluate results of fixed defects and to provide feedback on standard output
# It expects file '../fixes.log' to contain fixes
# $? - return value is always 0
evaluate_and_print_fixes () {
gather_statistics "../fixes.log"
gather_statistics "${WORK_DIR}fixes.log"

num_of_fixes=$(get_number_of fixes)
if [[ "${num_of_fixes}" -gt 0 ]]; then
echo -e "✅ ${GREEN}Fixed defects${NOCOLOR}"
csgrep --embed-context 2 ../fixes.log
csgrep --embed-context 2 "${WORK_DIR}fixes.log"
else
echo -e "ℹ️ ${YELLOW}No Fixes!${NOCOLOR}"
fi
Expand All @@ -38,21 +40,21 @@ evaluate_and_print_fixes () {
get_defects () {
[[ $# -le 1 ]] && return 1

csdiff --fixed "${1}" "${2}" > ../defects.log
csdiff --fixed "${1}" "${2}" > "${WORK_DIR}defects.log"
}

# Function to evaluate results of defects and to provide feedback on standard output
# It expects file '../defects.log' to contain defects
# $? - return value - 0 on success
evaluate_and_print_defects () {
gather_statistics "../defects.log"
gather_statistics "${WORK_DIR}defects.log"

num_of_defects=$(get_number_of defects)
if [[ "${num_of_defects}" -gt 0 ]] ; then
print_statistics

echo -e "✋ ${YELLOW}Defects, NEEDS INSPECTION${NOCOLOR}"
csgrep --embed-context 4 ../defects.log
csgrep --embed-context 4 "${WORK_DIR}defects.log"
return 1
fi

Expand Down