From 70cb310c54ac8086bdf7ff26ce3a67f999005e87 Mon Sep 17 00:00:00 2001 From: Charles Herlin Date: Thu, 17 Jan 2019 12:39:15 +0100 Subject: [PATCH] FEAT: automate shellcheck test with docker IMP: search for all .sh files to shellcheck If no file is passed as argument, shellchek will be run on all .sh files Fix dockerfile location and expand full shellcheck options --- shellcheck/Dockerfile.shellcheck | 13 +++++++++++++ shellcheck/docker_build_and_run_shellcheck.sh | 7 +++++++ shellcheck/launch_shellcheck.sh | 15 +++++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 shellcheck/Dockerfile.shellcheck create mode 100755 shellcheck/docker_build_and_run_shellcheck.sh create mode 100755 shellcheck/launch_shellcheck.sh diff --git a/shellcheck/Dockerfile.shellcheck b/shellcheck/Dockerfile.shellcheck new file mode 100644 index 0000000..e688fdb --- /dev/null +++ b/shellcheck/Dockerfile.shellcheck @@ -0,0 +1,13 @@ +FROM ubuntu:latest + +RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y shellcheck + +COPY . /opt/debian-cis/ + +COPY debian/default /etc/default/cis-hardening +RUN sed -i 's#cis-hardening#debian-cis#' /etc/default/cis-hardening + +WORKDIR /opt/debian-cis + +ENTRYPOINT ["/opt/debian-cis/shellcheck/launch_shellcheck.sh"] + diff --git a/shellcheck/docker_build_and_run_shellcheck.sh b/shellcheck/docker_build_and_run_shellcheck.sh new file mode 100755 index 0000000..1ce1aac --- /dev/null +++ b/shellcheck/docker_build_and_run_shellcheck.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -e + +dockerfile="$(dirname "$0")/Dockerfile.shellcheck" +docker build -f "$dockerfile" -t debiancis-shellcheck "$(dirname "$0")"/../ +docker run --rm debiancis-shellcheck "$@" + diff --git a/shellcheck/launch_shellcheck.sh b/shellcheck/launch_shellcheck.sh new file mode 100755 index 0000000..f6f84e1 --- /dev/null +++ b/shellcheck/launch_shellcheck.sh @@ -0,0 +1,15 @@ +#!/bin/bash + + +files="" + +if [ $# -eq 0 ]; then + files=$(find . -name "*.sh") +else + files="$*" +fi + +for f in $files; do + printf "\e[1;36mRunning shellcheck on: %s \e[0m\n" "$f" + /usr/bin/shellcheck --color=always --external-sources --shell=bash "$f" +done