Error while scanning shell scripts

[langohr]

For scanning shell scripts sonar is shellcheck to scan them.

Could you add

# Install ShellCheck RUN apt-get install shellcheck

to the docker files?

[newtmitch]

@langohr I'll take a look at this and see if I can also test myself on some shell scripts (I have very few at-hand, if you have an example project I can pull down to test this with, I'd be happy to do that).

[newtmitch]

I just recently moved the Dockerfile to alpine-only based images, as it appeared most, if not everyone, was using that as the basis for their work. I revved the openjdk base image to jdk 12, which is fine, but that uses Alpine v3.9. That version of Alpine doesn't include this package, as it shows up first in v3.11 (see https://pkgs.alpinelinux.org/packages?name=shellcheck&branch=v3.11).

The options for me to address this seem to be the following:

• reintroduce the non-alpine "full" image build I had previously
• upgrade openjdk to an even later version that uses a more recent version of Alpine
• decouple from the openjdk base image entirely and install java manually, allowing me to use whatever version of alpine I'd like

I don't like the idea of adding the non-alpine image back into the mix unless absolutely necessary, and I'm not sure this is the reason to do that quite yet. I'd like to examine the other two options first, given that also allows me to keep the alpine version separated from the other deps of the project. I prefer option 3 right now but I'll take a look.