search

ludeeus / action-shellcheck

GitHub action for ShellCheck.
MIT License
292 stars 69 forks source link

Add ability to specify shellcheck versions #43

Closed josegonzalez closed 2 years ago

josegonzalez commented 3 years ago

Checklist

The idea

It would be great to be able to specify a specific shellcheck version instead of always downloading stable. This would allow users to upgrade shellcheck on a timeline that makes sense for their codebase vs automatically grabbing the latest stable and potentially introducing CI failures.

Implementation

A new input named shellcheck-version. Required would be set to false, and the default would be stable.

Alternatives

Do nothing, and only allow stable to be installed.

Additional context

This PR introduces failures on unchanged files due to a new release of shellcheck.

jens-maus commented 3 years ago

After using this action for quite a while, one of my projects also hit the same issue: Suddenly shellcheck errors popped up even thought nothing was changed in the codebase, nor did dependabot update this shellcheck action in the corresponding github project. However, after investigation I also came to the same conclusion. Suddenly, this shellcheck action was using shellcheck 0.7.2 rather than 0.7.0 and the latest version (0.7.2) came with improvements which ended up in throwing errors in my CI checks.

While additional hints by newer shellcheck version are of course appreciated in principle, I also think that it should be more under the control of the corresponding developer using this shellcheck action to either decide which shellcheck version should be used rather than always picking the latest stable. Even better would be IMHO, if with a dedicated updated version (e.g. 1.1.0) of this shellcheck action it would fix the used shellcheck version to the current stable version effective at the time of the shellcheck action update. This would have resulted, e.g. in dependabot suggesting an update of this shellcheck action and directly showing new shellcheck errors. And on the other hand if no newer shellcheck-action update is proposed or scheduled, no new linter/shellcheck errors suddently popup without having modified anything.

See here for a short list of incidences which in fact resulted the shellcheck action bringing up new errors ending up in developer confusion:

https://github.com/home-assistant/operating-system/pull/1323#issuecomment-827654564 https://github.com/jens-maus/RaspberryMatic/commit/87280ab16b437aa788a6fe0fdfb19f08e15e2931