From ca1bab3c1b012533844a8c5c3586886e131bf716 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 10:34:42 +0200 Subject: [PATCH 1/8] Fix more shellcheck warnings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .shellcheckrc | 3 ++- advanced/Scripts/api.sh | 1 - advanced/Scripts/list.sh | 3 +++ advanced/Scripts/piholeARPTable.sh | 2 ++ advanced/Scripts/piholeCheckout.sh | 3 ++- advanced/Scripts/piholeDebug.sh | 10 ++++++---- advanced/Scripts/piholeLogFlush.sh | 2 ++ advanced/Scripts/query.sh | 6 +----- advanced/Scripts/update.sh | 5 +++-- advanced/Scripts/updatecheck.sh | 2 +- advanced/Scripts/utils.sh | 1 - advanced/Scripts/version.sh | 6 ++---- advanced/Templates/pihole-FTL-poststop.sh | 1 + advanced/Templates/pihole-FTL-prestart.sh | 1 + automated install/basic-install.sh | 4 ++-- automated install/uninstall.sh | 3 +++ gravity.sh | 7 ++++--- pihole | 4 ++++ 18 files changed, 39 insertions(+), 25 deletions(-) diff --git a/.shellcheckrc b/.shellcheckrc index 37eee86d..8e0b8387 100644 --- a/.shellcheckrc +++ b/.shellcheckrc @@ -1 +1,2 @@ -disable=SC1090,SC1091 # Ignore warnings about being unable to follow sourced files +external-sources=true # allow shellcheck to read external sources +disable=SC3043 #disable SC3043: In POSIX sh, local is undefined. diff --git a/advanced/Scripts/api.sh b/advanced/Scripts/api.sh index 79fc90f4..65a4eaa5 100755 --- a/advanced/Scripts/api.sh +++ b/advanced/Scripts/api.sh @@ -1,5 +1,4 @@ #!/usr/bin/env sh -# shellcheck disable=SC3043 #https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index 3280ebfa..c07b0f2d 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -11,9 +11,11 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source="./utils.sh" source "${utilsfile}" readonly apifile="${PI_HOLE_SCRIPT_DIR}/api.sh" +# shellcheck source="./api.sh" source "${apifile}" # Determine database location @@ -38,6 +40,7 @@ typeId="" comment="" colfile="/opt/pihole/COL_TABLE" +# shellcheck source="./COL_TABLE" source ${colfile} helpFunc() { diff --git a/advanced/Scripts/piholeARPTable.sh b/advanced/Scripts/piholeARPTable.sh index e0565148..8257eb3e 100755 --- a/advanced/Scripts/piholeARPTable.sh +++ b/advanced/Scripts/piholeARPTable.sh @@ -11,11 +11,13 @@ coltable="/opt/pihole/COL_TABLE" if [[ -f ${coltable} ]]; then +# shellcheck source="./COL_TABLE" source ${coltable} fi readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source="./utils.sh" source "${utilsfile}" # Determine database location diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index be5c9dc5..bde8a355 100755 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -11,6 +11,7 @@ readonly PI_HOLE_FILES_DIR="/etc/.pihole" # shellcheck disable=SC2034 SKIP_INSTALL="true" +# shellcheck source="../../automated install/basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # webInterfaceGitUrl set in basic-install.sh @@ -218,7 +219,7 @@ checkout() { if [ $status -eq 1 ]; then # Binary for requested branch is not available, may still be # int he process of being built or CI build job failed - printf " %b Binary for requested branch is not available, please try again later.\\n" ${CROSS} + printf " %b Binary for requested branch is not available, please try again later.\\n" "${CROSS}" printf " If the issue persists, please contact Pi-hole Support and ask them to re-generate the binary.\\n" exit 1 elif [ $status -eq 2 ]; then diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index f4226299..1b196a80 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -8,7 +8,6 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. -# shellcheck source=/dev/null # -e option instructs bash to immediately exit if any command [1] has a non-zero exit status # -u a reference to any variable you haven't previously defined @@ -27,6 +26,7 @@ PIHOLE_COLTABLE_FILE="${PIHOLE_SCRIPTS_DIRECTORY}/COL_TABLE" # These provide the colors we need for making the log more readable if [[ -f ${PIHOLE_COLTABLE_FILE} ]]; then +# shellcheck source=./COL_TABLE source ${PIHOLE_COLTABLE_FILE} else COL_NC='\e[0m' # No Color @@ -41,7 +41,7 @@ else #OVER="\r\033[K" fi -# shellcheck disable=SC1091 +# shellcheck source=/dev/null . /etc/pihole/versions # Read the value of an FTL config key. The value is printed to stdout. @@ -213,7 +213,7 @@ compare_local_version_to_git_version() { local local_status local_status=$(git status -s) # echo this information out to the user in a nice format - if [ ${local_version} ]; then + if [ "${local_version}" ]; then log_write "${TICK} Version: ${local_version}" elif [ -n "${DOCKER_VERSION}" ]; then log_write "${TICK} Version: Pi-hole Docker Container ${COL_BOLD}${DOCKER_VERSION}${COL_NC}" @@ -488,7 +488,9 @@ run_and_print_command() { local output output=$(${cmd} 2>&1) # If the command was successful, - if [[ $? -eq 0 ]]; then + local return_code + return_code=$? + if [[ "${return_code}" -eq 0 ]]; then # show the output log_write "${output}" else diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 58c6a41d..ab88fb73 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -9,10 +9,12 @@ # Please see LICENSE file for your rights under this license. colfile="/opt/pihole/COL_TABLE" +# shellcheck source="./COL_TABLE" source ${colfile} readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source="./utils.sh" source "${utilsfile}" # In case we're running at the same time as a system logrotate, use a diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index 43498f17..aeebba3a 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -1,10 +1,5 @@ #!/usr/bin/env sh - -# Ignore warning about `local` being undefinded in POSIX -# shellcheck disable=SC3043 -# https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions - # Pi-hole: A black hole for Internet advertisements # (c) 2023 Pi-hole, LLC (https://pi-hole.net) # Network-wide ad blocking via your own hardware. @@ -22,6 +17,7 @@ domain="" # Source color table colfile="/opt/pihole/COL_TABLE" +# shellcheck source="./COL_TABLE" . "${colfile}" # Source api functions diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index e94ef0fd..7e13054e 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -21,10 +21,11 @@ SKIP_INSTALL=true # when --check-only is passed to this script, it will not perform the actual update CHECK_ONLY=false +# shellcheck source="../../automated install/basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" -# shellcheck disable=SC1091 +# shellcheck source=./COL_TABLE source "/opt/pihole/COL_TABLE" -# shellcheck disable=SC1091 +# shellcheck source="./utils.sh" source "${PI_HOLE_INSTALL_DIR}/utils.sh" # is_repo() sourced from basic-install.sh diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 6cd485eb..62bcbcf3 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -39,7 +39,7 @@ function get_remote_hash() { } # Source the utils file for addOrEditKeyValPair() -# shellcheck disable=SC1091 +# shellcheck source="./utils.sh" . /opt/pihole/utils.sh ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") diff --git a/advanced/Scripts/utils.sh b/advanced/Scripts/utils.sh index adce8144..d4a6957c 100755 --- a/advanced/Scripts/utils.sh +++ b/advanced/Scripts/utils.sh @@ -1,5 +1,4 @@ #!/usr/bin/env sh -# shellcheck disable=SC3043 #https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) diff --git a/advanced/Scripts/version.sh b/advanced/Scripts/version.sh index 54b89498..e932fe63 100755 --- a/advanced/Scripts/version.sh +++ b/advanced/Scripts/version.sh @@ -8,18 +8,16 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. -# Ignore warning about `local` being undefinded in POSIX -# shellcheck disable=SC3043 -# https://github.com/koalaman/shellcheck/wiki/SC3043#exceptions - # Source the versions file populated by updatechecker.sh cachedVersions="/etc/pihole/versions" if [ -f ${cachedVersions} ]; then + # shellcheck source=/dev/null . "$cachedVersions" else echo "Could not find /etc/pihole/versions. Running update now." pihole updatechecker + # shellcheck source=/dev/null . "$cachedVersions" fi diff --git a/advanced/Templates/pihole-FTL-poststop.sh b/advanced/Templates/pihole-FTL-poststop.sh index d196e3da..e7db109d 100755 --- a/advanced/Templates/pihole-FTL-poststop.sh +++ b/advanced/Templates/pihole-FTL-poststop.sh @@ -3,6 +3,7 @@ # Source utils.sh for getFTLConfigValue() PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source="../Scripts/utils.sh" . "${utilsfile}" # Get file paths diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index aae26cf3..056cb21c 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -3,6 +3,7 @@ # Source utils.sh for getFTLConfigValue() PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source="../Scripts/utils.sh" . "${utilsfile}" # Get file paths diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ef6e02c6..2d9041a2 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -153,6 +153,7 @@ done # If the color table file exists, if [[ -f "${coltable}" ]]; then # source it + # shellcheck source="../advanced/Scripts/COL_TABLE" source "${coltable}" # Otherwise, else @@ -1871,7 +1872,6 @@ clone_or_reset_repos() { # Download FTL binary to random temp directory and install FTL binary # Disable directive for SC2120 a value _can_ be passed to this function, but it is passed from an external script that sources this one -# shellcheck disable=SC2120 FTLinstall() { # Local, named variables local str="Downloading and Installing FTL" @@ -2400,7 +2400,7 @@ main() { # /opt/pihole/utils.sh should be installed by installScripts now, so we can use it if [ -f "${PI_HOLE_INSTALL_DIR}/utils.sh" ]; then - # shellcheck disable=SC1091 + # shellcheck source="../advanced/Scripts/utils.sh" source "${PI_HOLE_INSTALL_DIR}/utils.sh" else printf " %b Failure: /opt/pihole/utils.sh does not exist .\\n" "${CROSS}" diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 9020d275..9b118627 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -8,7 +8,9 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. +# shellcheck source="../advanced/Scripts/COL_TABLE" source "/opt/pihole/COL_TABLE" +# shellcheck source="../advanced/Scripts/utils.sh" source "/opt/pihole/utils.sh" ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") @@ -42,6 +44,7 @@ fi readonly PI_HOLE_FILES_DIR="/etc/.pihole" # shellcheck disable=SC2034 SKIP_INSTALL="true" +# shellcheck source="./basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # package_manager_detect() sourced from basic-install.sh diff --git a/gravity.sh b/gravity.sh index 102ec15f..d7dfadf6 100755 --- a/gravity.sh +++ b/gravity.sh @@ -15,11 +15,13 @@ export LC_ALL=C PI_HOLE_SCRIPT_DIR="/opt/pihole" # Source utils.sh for GetFTLConfigValue utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source=./advanced/Scripts/utils.sh . "${utilsfile}" coltable="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" +# shellcheck source=./advanced/Scripts/COL_TABLE . "${coltable}" -# shellcheck disable=SC1091 +# shellcheck source=./advanced/Scripts/database_migration/gravity-db.sh . "/etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh" basename="pihole" @@ -767,8 +769,7 @@ gravity_DownloadBlocklistFromUrl() { fi if [[ "${download}" == true ]]; then - # shellcheck disable=SC2086 - httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L ${compression} ${cmd_ext} ${modifiedOptions} -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null) + httpCode=$(curl --connect-timeout ${curl_connect_timeout} -s -L "${compression}" "${cmd_ext}" "${modifiedOptions}" -w "%{http_code}" "${url}" -o "${listCurlBuffer}" 2>/dev/null) fi case $url in diff --git a/pihole b/pihole index c780308d..7b645030 100755 --- a/pihole +++ b/pihole @@ -17,13 +17,16 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" PI_HOLE_BIN_DIR="/usr/local/bin" readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" +# shellcheck source=./advanced/Scripts/COL_TABLE.sh source "${colfile}" readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" +# shellcheck source=./advanced/Scripts/utils.sh source "${utilsfile}" # Source api functions readonly apifile="${PI_HOLE_SCRIPT_DIR}/api.sh" +# shellcheck source=./advanced/Scripts/api.sh source "${apifile}" versionsfile="/etc/pihole/versions" @@ -31,6 +34,7 @@ if [ -f "${versionsfile}" ]; then # Only source versionsfile if the file exits # fixes a warning during installation where versionsfile does not exist yet # but gravity calls `pihole -status` and thereby sourcing the file + # shellcheck source=/dev/null source "${versionsfile}" fi From 3732ea736542e6651d7f6fd9adcadf78640b29f2 Mon Sep 17 00:00:00 2001 From: Adam Warner Date: Mon, 7 Apr 2025 10:24:53 +0100 Subject: [PATCH 2/8] Remove shellcheck directives that no longer serve any purpose Signed-off-by: Adam Warner --- advanced/Scripts/piholeCheckout.sh | 4 ---- advanced/Scripts/piholeDebug.sh | 1 - advanced/Scripts/update.sh | 1 - automated install/basic-install.sh | 1 - automated install/uninstall.sh | 1 - 5 files changed, 8 deletions(-) diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index bde8a355..21e9df9f 100755 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -9,7 +9,6 @@ # Please see LICENSE file for your rights under this license. readonly PI_HOLE_FILES_DIR="/etc/.pihole" -# shellcheck disable=SC2034 SKIP_INSTALL="true" # shellcheck source="../../automated install/basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" @@ -61,7 +60,6 @@ checkout() { exit 1; fi - # shellcheck disable=SC2154 if ! is_repo "${webInterfaceDir}" ; then echo -e " ${COL_LIGHT_RED}Error: Web Admin repo is missing from system!" echo -e " Please re-run install script from https://github.com/pi-hole/pi-hole${COL_NC}" @@ -106,7 +104,6 @@ checkout() { echo "master" > /etc/pihole/ftlbranch chmod 644 /etc/pihole/ftlbranch elif [[ "${1}" == "core" ]] ; then - # shellcheck disable=SC2154 str="Fetching branches from ${piholeGitUrl}" echo -ne " ${INFO} $str" if ! fully_fetch_repo "${PI_HOLE_FILES_DIR}" ; then @@ -134,7 +131,6 @@ checkout() { fi checkout_pull_branch "${PI_HOLE_FILES_DIR}" "${2}" elif [[ "${1}" == "web" ]] ; then - # shellcheck disable=SC2154 str="Fetching branches from ${webInterfaceGitUrl}" echo -ne " ${INFO} $str" if ! fully_fetch_repo "${webInterfaceDir}" ; then diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 1b196a80..caff6c5e 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -935,7 +935,6 @@ parse_file() { # Get the lines that are in the file(s) and store them in an array for parsing later local file_info if [[ -f "$filename" ]]; then - #shellcheck disable=SC2016 IFS=$'\r\n' command eval 'file_info=( $(cat "${filename}") )' else read -r -a file_info <<< "$filename" diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index 7e13054e..bcd1889a 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -15,7 +15,6 @@ readonly ADMIN_INTERFACE_GIT_URL="https://github.com/pi-hole/web.git" readonly PI_HOLE_GIT_URL="https://github.com/pi-hole/pi-hole.git" readonly PI_HOLE_FILES_DIR="/etc/.pihole" -# shellcheck disable=SC2034 SKIP_INSTALL=true # when --check-only is passed to this script, it will not perform the actual update diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 2d9041a2..983d75d7 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -769,7 +769,6 @@ chooseInterface() { # All further interfaces are deselected status="OFF" done - # shellcheck disable=SC2086 # Disable check for double quote here as we are passing a string with spaces PIHOLE_INTERFACE=$(dialog --no-shadow --keep-tite --output-fd 1 \ --cancel-label "Exit" --ok-label "Select" \ diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 9b118627..1d365a37 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -42,7 +42,6 @@ else fi readonly PI_HOLE_FILES_DIR="/etc/.pihole" -# shellcheck disable=SC2034 SKIP_INSTALL="true" # shellcheck source="./basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" From 23fc53c618d0b4243644be3f950d0b27829dae40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 11:32:14 +0200 Subject: [PATCH 3/8] Set -x option for shellcheck GHA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0fadb6f4..51e48076 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,6 +34,8 @@ jobs: check_together: 'yes' format: tty severity: warning + env: + SHELLCHECK_OPTS: -x # Enable shellcheck -x option (follow external sources) - name: Spell-Checking uses: codespell-project/actions-codespell@master From 135b0cce14db6dd53d35c2cebff2b5118164d00c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 11:47:40 +0200 Subject: [PATCH 4/8] Switch to Differential ShellCheck MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 51e48076..2d8f047c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,9 +16,13 @@ jobs: smoke-tests: if: github.event.pull_request.draft == false runs-on: ubuntu-latest + permissions: + security-events: write # required by Differential ShellCheck steps: - name: Checkout repository uses: actions/checkout@v4.2.2 + with: + fetch-depth: 0 # Differential ShellCheck requires full git history - name: Check scripts in repository are executable run: | @@ -28,14 +32,17 @@ jobs: # If FAIL is 1 then we fail. [[ $FAIL == 1 ]] && exit 1 || echo "Scripts are executable!" - - name: Run shellcheck - uses: ludeeus/action-shellcheck@master + - name: Differential ShellCheck + uses: redhat-plumbers-in-action/differential-shellcheck@v5 with: - check_together: 'yes' - format: tty - severity: warning - env: - SHELLCHECK_OPTS: -x # Enable shellcheck -x option (follow external sources) + token: ${{ secrets.GITHUB_TOKEN }} + + - if: ${{ runner.debug == '1' && !cancelled() }} + name: Upload artifact with ShellCheck defects in SARIF format + uses: actions/upload-artifact@v4 + with: + name: Differential ShellCheck SARIF + path: ${{ steps.ShellCheck.outputs.sarif }} - name: Spell-Checking uses: codespell-project/actions-codespell@master From 5002ce8ba76b0e5b9dc04412c63e14b3e429113e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 14:01:47 +0200 Subject: [PATCH 5/8] Source files relative to the repos root MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Scripts/list.sh | 6 +++--- advanced/Scripts/piholeARPTable.sh | 4 ++-- advanced/Scripts/piholeCheckout.sh | 2 +- advanced/Scripts/piholeDebug.sh | 2 +- advanced/Scripts/piholeLogFlush.sh | 4 ++-- advanced/Scripts/query.sh | 3 ++- advanced/Scripts/update.sh | 6 +++--- advanced/Scripts/updatecheck.sh | 2 +- advanced/Templates/pihole-FTL-poststop.sh | 2 +- advanced/Templates/pihole-FTL-prestart.sh | 2 +- automated install/basic-install.sh | 4 ++-- automated install/uninstall.sh | 6 +++--- pihole | 3 ++- 13 files changed, 24 insertions(+), 22 deletions(-) diff --git a/advanced/Scripts/list.sh b/advanced/Scripts/list.sh index c07b0f2d..fa356f16 100755 --- a/advanced/Scripts/list.sh +++ b/advanced/Scripts/list.sh @@ -11,11 +11,11 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck source="./utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" source "${utilsfile}" readonly apifile="${PI_HOLE_SCRIPT_DIR}/api.sh" -# shellcheck source="./api.sh" +# shellcheck source="./advanced/Scripts/api.sh" source "${apifile}" # Determine database location @@ -40,7 +40,7 @@ typeId="" comment="" colfile="/opt/pihole/COL_TABLE" -# shellcheck source="./COL_TABLE" +# shellcheck source="./advanced/Scripts/COL_TABLE" source ${colfile} helpFunc() { diff --git a/advanced/Scripts/piholeARPTable.sh b/advanced/Scripts/piholeARPTable.sh index 8257eb3e..c62acdbc 100755 --- a/advanced/Scripts/piholeARPTable.sh +++ b/advanced/Scripts/piholeARPTable.sh @@ -11,13 +11,13 @@ coltable="/opt/pihole/COL_TABLE" if [[ -f ${coltable} ]]; then -# shellcheck source="./COL_TABLE" +# shellcheck source="./advanced/Scripts/COL_TABLE" source ${coltable} fi readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck source="./utils.sh" +# shellcheck source=./advanced/Scripts/utils.sh source "${utilsfile}" # Determine database location diff --git a/advanced/Scripts/piholeCheckout.sh b/advanced/Scripts/piholeCheckout.sh index 21e9df9f..beaac5f1 100755 --- a/advanced/Scripts/piholeCheckout.sh +++ b/advanced/Scripts/piholeCheckout.sh @@ -10,7 +10,7 @@ readonly PI_HOLE_FILES_DIR="/etc/.pihole" SKIP_INSTALL="true" -# shellcheck source="../../automated install/basic-install.sh" +# shellcheck source="./automated install/basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # webInterfaceGitUrl set in basic-install.sh diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index caff6c5e..70c0ffe2 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -26,7 +26,7 @@ PIHOLE_COLTABLE_FILE="${PIHOLE_SCRIPTS_DIRECTORY}/COL_TABLE" # These provide the colors we need for making the log more readable if [[ -f ${PIHOLE_COLTABLE_FILE} ]]; then -# shellcheck source=./COL_TABLE +# shellcheck source=./advanced/Scripts/COL_TABLE source ${PIHOLE_COLTABLE_FILE} else COL_NC='\e[0m' # No Color diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index ab88fb73..84610fda 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -9,12 +9,12 @@ # Please see LICENSE file for your rights under this license. colfile="/opt/pihole/COL_TABLE" -# shellcheck source="./COL_TABLE" +# shellcheck source="./advanced/Scripts/COL_TABLE" source ${colfile} readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck source="./utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" source "${utilsfile}" # In case we're running at the same time as a system logrotate, use a diff --git a/advanced/Scripts/query.sh b/advanced/Scripts/query.sh index aeebba3a..18c018dc 100755 --- a/advanced/Scripts/query.sh +++ b/advanced/Scripts/query.sh @@ -17,10 +17,11 @@ domain="" # Source color table colfile="/opt/pihole/COL_TABLE" -# shellcheck source="./COL_TABLE" +# shellcheck source="./advanced/Scripts/COL_TABLE" . "${colfile}" # Source api functions +# shellcheck source="./advanced/Scripts/api.sh" . "${PI_HOLE_INSTALL_DIR}/api.sh" Help() { diff --git a/advanced/Scripts/update.sh b/advanced/Scripts/update.sh index bcd1889a..08a50be1 100755 --- a/advanced/Scripts/update.sh +++ b/advanced/Scripts/update.sh @@ -20,11 +20,11 @@ SKIP_INSTALL=true # when --check-only is passed to this script, it will not perform the actual update CHECK_ONLY=false -# shellcheck source="../../automated install/basic-install.sh" +# shellcheck source="./automated install/basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" -# shellcheck source=./COL_TABLE +# shellcheck source=./advanced/Scripts/COL_TABLE source "/opt/pihole/COL_TABLE" -# shellcheck source="./utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" source "${PI_HOLE_INSTALL_DIR}/utils.sh" # is_repo() sourced from basic-install.sh diff --git a/advanced/Scripts/updatecheck.sh b/advanced/Scripts/updatecheck.sh index 62bcbcf3..44f21419 100755 --- a/advanced/Scripts/updatecheck.sh +++ b/advanced/Scripts/updatecheck.sh @@ -39,7 +39,7 @@ function get_remote_hash() { } # Source the utils file for addOrEditKeyValPair() -# shellcheck source="./utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" . /opt/pihole/utils.sh ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") diff --git a/advanced/Templates/pihole-FTL-poststop.sh b/advanced/Templates/pihole-FTL-poststop.sh index e7db109d..504e2382 100755 --- a/advanced/Templates/pihole-FTL-poststop.sh +++ b/advanced/Templates/pihole-FTL-poststop.sh @@ -3,7 +3,7 @@ # Source utils.sh for getFTLConfigValue() PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck source="../Scripts/utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" . "${utilsfile}" # Get file paths diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index 056cb21c..579309d3 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -3,7 +3,7 @@ # Source utils.sh for getFTLConfigValue() PI_HOLE_SCRIPT_DIR='/opt/pihole' utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" -# shellcheck source="../Scripts/utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" . "${utilsfile}" # Get file paths diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 983d75d7..9d364ffa 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -153,7 +153,7 @@ done # If the color table file exists, if [[ -f "${coltable}" ]]; then # source it - # shellcheck source="../advanced/Scripts/COL_TABLE" + # shellcheck source="./advanced/Scripts/COL_TABLE" source "${coltable}" # Otherwise, else @@ -2399,7 +2399,7 @@ main() { # /opt/pihole/utils.sh should be installed by installScripts now, so we can use it if [ -f "${PI_HOLE_INSTALL_DIR}/utils.sh" ]; then - # shellcheck source="../advanced/Scripts/utils.sh" + # shellcheck source="./advanced/Scripts/utils.sh" source "${PI_HOLE_INSTALL_DIR}/utils.sh" else printf " %b Failure: /opt/pihole/utils.sh does not exist .\\n" "${CROSS}" diff --git a/automated install/uninstall.sh b/automated install/uninstall.sh index 1d365a37..a158e595 100755 --- a/automated install/uninstall.sh +++ b/automated install/uninstall.sh @@ -8,9 +8,9 @@ # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. -# shellcheck source="../advanced/Scripts/COL_TABLE" +# shellcheck source="./advanced/Scripts/COL_TABLE" source "/opt/pihole/COL_TABLE" -# shellcheck source="../advanced/Scripts/utils.sh" +# shellcheck source="./advanced/Scripts/utils.sh" source "/opt/pihole/utils.sh" ADMIN_INTERFACE_DIR=$(getFTLConfigValue "webserver.paths.webroot")$(getFTLConfigValue "webserver.paths.webhome") @@ -43,7 +43,7 @@ fi readonly PI_HOLE_FILES_DIR="/etc/.pihole" SKIP_INSTALL="true" -# shellcheck source="./basic-install.sh" +# shellcheck source="./automated install/basic-install.sh" source "${PI_HOLE_FILES_DIR}/automated install/basic-install.sh" # package_manager_detect() sourced from basic-install.sh diff --git a/pihole b/pihole index 7b645030..2c3a433b 100755 --- a/pihole +++ b/pihole @@ -17,7 +17,7 @@ readonly PI_HOLE_SCRIPT_DIR="/opt/pihole" PI_HOLE_BIN_DIR="/usr/local/bin" readonly colfile="${PI_HOLE_SCRIPT_DIR}/COL_TABLE" -# shellcheck source=./advanced/Scripts/COL_TABLE.sh +# shellcheck source=./advanced/Scripts/COL_TABLE source "${colfile}" readonly utilsfile="${PI_HOLE_SCRIPT_DIR}/utils.sh" @@ -431,6 +431,7 @@ piholeCheckoutFunc() { exit 0 fi + #shellcheck source=./advanced/Scripts/piholeCheckout.sh source "${PI_HOLE_SCRIPT_DIR}"/piholeCheckout.sh shift checkout "$@" From b271dbf606560a50c0e18dea60dfdb7f8a129853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 14:11:39 +0200 Subject: [PATCH 6/8] Set shellcheck level to warning, can be lowered later MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2d8f047c..ea7f71c3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -35,6 +35,7 @@ jobs: - name: Differential ShellCheck uses: redhat-plumbers-in-action/differential-shellcheck@v5 with: + severity: warning token: ${{ secrets.GITHUB_TOKEN }} - if: ${{ runner.debug == '1' && !cancelled() }} From bda81cb2f5b1785beead193487cffe596d5faa3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 7 Apr 2025 21:25:29 +0200 Subject: [PATCH 7/8] Remove debug SARIF upload MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ea7f71c3..b9f38800 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -38,13 +38,6 @@ jobs: severity: warning token: ${{ secrets.GITHUB_TOKEN }} - - if: ${{ runner.debug == '1' && !cancelled() }} - name: Upload artifact with ShellCheck defects in SARIF format - uses: actions/upload-artifact@v4 - with: - name: Differential ShellCheck SARIF - path: ${{ steps.ShellCheck.outputs.sarif }} - - name: Spell-Checking uses: codespell-project/actions-codespell@master with: From 0f511ad5744167c4dbe821966734ad2b632fbf30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Tue, 8 Apr 2025 17:50:19 +0200 Subject: [PATCH 8/8] Remove token and use sarif-fmt for nicer CLI output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- .github/workflows/test.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b9f38800..5d73f31b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,8 +16,6 @@ jobs: smoke-tests: if: github.event.pull_request.draft == false runs-on: ubuntu-latest - permissions: - security-events: write # required by Differential ShellCheck steps: - name: Checkout repository uses: actions/checkout@v4.2.2 @@ -36,7 +34,8 @@ jobs: uses: redhat-plumbers-in-action/differential-shellcheck@v5 with: severity: warning - token: ${{ secrets.GITHUB_TOKEN }} + display-engine: sarif-fmt + - name: Spell-Checking uses: codespell-project/actions-codespell@master