search

CircleCI-Public / shellcheck-orb

An orb for ShellCheck, a static analysis tool for shell scripts (https://shellcheck.net) — check all scripts in your repository on every commit
https://circleci.com/developer/orbs/orb/circleci/shellcheck
MIT License
19 stars 26 forks source link

Exclusions cause false-negatives #37

Closed calvis closed 3 years ago

calvis commented 3 years ago

Orb version:

2.2.2

What happened:

Here's a minimal reproduction: https://github.com/calvis/shellcheck-orb-bug

From the build output of the shellcheck-orb-exclusion job:

scripts/bad-script
Invalid number: 1071

The exclusion is passed to shellcheck as 1071 (note the space). This syntax error causes shellcheck to abort without checking the scripts, yet the orb reports No ShellCheck Errors Found and succeeds.

Expected behavior:

All three of the jobs in this repository should fail.

Additional Information:

There's a space where the exclude augment is built: https://github.com/CircleCI-Public/shellcheck-orb/blob/1e15b638c8142accca6c83a29e2768d11c837298/src/scripts/check.sh#L3

The tests for this orb show the same error: https://app.circleci.com/pipelines/github/CircleCI-Public/shellcheck-orb/291/workflows/9ba866dc-66cb-4eb7-bcf9-c6378cb72b32/jobs/1003

timobrembeck commented 3 years ago

I just tested this out and the trailing space is indeed the culprit. See: