search

sonatype-nexus-community / iq-github-action

Sonatype Lifecycle GitHub Action
Apache License 2.0
9 stars 10 forks source link

Multiple issues with the shell code #17

Open ModeSevenIndustrialSolutions opened 3 days ago

ModeSevenIndustrialSolutions commented 3 days ago

I will add further information on this ticket and raise a pull request with a potential fix.

Here is the output from the shellcheck linting tool, for example:

shellcheck...............................................................Failed

  • hook id: shellcheck
  • exit code: 1

In entrypoint.sh line 18: if [[ "true" == "${7}" ]]; then ^--------------------^ SC3010 (warning): In POSIX sh, [[ ]] is undefined.

In entrypoint.sh line 24: if [[ $DEBUG_ENABLED == 1 ]]; then ^-----------------------^ SC3010 (warning): In POSIX sh, [[ ]] is undefined.

In entrypoint.sh line 25: echo $1 ^-- SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: echo "$1"

In entrypoint.sh line 41: if [[ $DEBUG_ENABLED == 1 ]]; then ^-----------------------^ SC3010 (warning): In POSIX sh, [[ ]] is undefined.

In entrypoint.sh line 46: if [[ ! -z "$8" ]]; then ^-------------^ SC3010 (warning): In POSIX sh, [[ ]] is undefined. ^-- SC2236 (style): Use -n instead of ! -z.

In entrypoint.sh line 49: if [ ! -z "$9" ]; then ^-- SC2236 (style): Use -n instead of ! -z.

In entrypoint.sh line 54: if [[ "true" == "${10}" ]]; then ^---------------------^ SC3010 (warning): In POSIX sh, [[ ]] is undefined.

In entrypoint.sh line 61: /sonatype/evaluate $EVALUATE_OPTS $TARGET ^------------^ SC2086 (info): Double quote to prevent globbing and word splitting. ^-----^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: /sonatype/evaluate "$EVALUATE_OPTS" "$TARGET"

For more information: https://www.shellcheck.net/wiki/SC3010 -- In POSIX sh, [[ ]] is undefined. https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ... https://www.shellcheck.net/wiki/SC2236 -- Use -n instead of ! -z.

ModeSevenIndustrialSolutions commented 2 days ago

I don't think it's correct to be calling /bin/sh in the endpoint.sh script shebang, and then using [[ and ]] in the script body. Those require non-standard shell functions, so the should either be toggled to bash, or it should be modified to use standard comparison features. I don't think any of the shell code specificallyrequires double brackets, so I think Paul Horton submitted the patch here that introduced this, it was perhaps simply through habit:

https://github.com/sonatype-nexus-community/iq-github-action/commit/5b3e3369baec98fe805bf608c7192978e43bed98#diff-6f9d41d046756f0ddc2fcee0626bdb50100d12b88f293734eff742818e03efa2R50

Also, we have double negative comparisons and unquoted variables that should also be addressed in the script code.

ModeSevenIndustrialSolutions commented 2 days ago

Raised PR: https://github.com/sonatype-nexus-community/iq-github-action/pull/22