From 9e71f01a207cf014418a1822d1e44b560b3162c8 Mon Sep 17 00:00:00 2001 From: Ian Lewis Date: Sat, 18 Jun 2022 02:27:48 +0900 Subject: [PATCH] Fix shellcheck errors (#338) * Fix shellcheck issues in assert.sh * Fix shellcheck issues --- .github/workflows/scripts/assert.sh | 312 +++++++++--------- .github/workflows/scripts/builder-fetch.sh | 22 +- .github/workflows/scripts/e2e-assert.sh | 6 +- .github/workflows/scripts/e2e-utils.sh | 3 +- .../scripts/pre-submit.e2e.go.default.sh | 18 +- 5 files changed, 182 insertions(+), 179 deletions(-) diff --git a/.github/workflows/scripts/assert.sh b/.github/workflows/scripts/assert.sh index a7d06b8b4..bd9edba27 100755 --- a/.github/workflows/scripts/assert.sh +++ b/.github/workflows/scripts/assert.sh @@ -10,7 +10,7 @@ ## Function list based on: ## http://junit.sourceforge.net/javadoc/org/junit/Assert.html ## Log methods : inspired by -## - https://natelandau.com/bash-scripting-utilities/ +## - https://natelandau.com/bash-scripting-utilities/ ## author: Mark Torok ## ## date: 07. Dec. 2016 @@ -22,229 +22,233 @@ # Note: from https://github.com/torokmark/assert.sh/blob/main/assert.sh. if command -v tput &>/dev/null && tty -s; then - RED=$(tput setaf 1) - GREEN=$(tput setaf 2) - MAGENTA=$(tput setaf 5) - NORMAL=$(tput sgr0) - BOLD=$(tput bold) + RED=$(tput setaf 1) + GREEN=$(tput setaf 2) + MAGENTA=$(tput setaf 5) + NORMAL=$(tput sgr0) + BOLD=$(tput bold) else - RED=$(echo -en "\e[31m") - GREEN=$(echo -en "\e[32m") - MAGENTA=$(echo -en "\e[35m") - NORMAL=$(echo -en "\e[00m") - BOLD=$(echo -en "\e[01m") + RED=$(echo -en "\e[31m") + GREEN=$(echo -en "\e[32m") + MAGENTA=$(echo -en "\e[35m") + NORMAL=$(echo -en "\e[00m") + BOLD=$(echo -en "\e[01m") fi log_header() { - printf "\n${BOLD}${MAGENTA}========== %s ==========${NORMAL}\n" "$@" >&2 + printf "\n${BOLD}${MAGENTA}========== %s ==========${NORMAL}\n" "$@" >&2 } log_success() { - printf "${GREEN}✔ %s${NORMAL}\n" "$@" >&2 + printf "${GREEN}✔ %s${NORMAL}\n" "$@" >&2 } log_failure() { - printf "${RED}✖ %s${NORMAL}\n" "$@" >&2 + printf "${RED}✖ %s${NORMAL}\n" "$@" >&2 } - assert_eq() { - local expected="$1" - local actual="$2" - local msg="${3-}" - - if [ "$expected" == "$actual" ]; then - return 0 - else - [ "${#msg}" -gt 0 ] && log_failure "$expected == $actual :: $msg" || true - return 1 - fi + local expected="$1" + local actual="$2" + local msg="${3-}" + + if [ "$expected" == "$actual" ]; then + return 0 + else + ([ "${#msg}" -gt 0 ] && log_failure "$expected == $actual :: $msg") || true + return 1 + fi } assert_not_eq() { - local expected="$1" - local actual="$2" - local msg="${3-}" - - if [ ! "$expected" == "$actual" ]; then - return 0 - else - [ "${#msg}" -gt 0 ] && log_failure "$expected != $actual :: $msg" || true - return 1 - fi + local expected="$1" + local actual="$2" + local msg="${3-}" + + if [ ! "$expected" == "$actual" ]; then + return 0 + else + ([ "${#msg}" -gt 0 ] && log_failure "$expected != $actual :: $msg") || true + return 1 + fi } assert_true() { - local actual="$1" - local msg="${2-}" + local actual="$1" + local msg="${2-}" - assert_eq true "$actual" "$msg" - return "$?" + assert_eq true "$actual" "$msg" + return "$?" } assert_false() { - local actual="$1" - local msg="${2-}" + local actual="$1" + local msg="${2-}" - assert_eq false "$actual" "$msg" - return "$?" + assert_eq false "$actual" "$msg" + return "$?" } assert_array_eq() { + # There is a bug in a shellcheck type check that bleeds across function + # scope so these variables need to have a different name. + # See: https://github.com/koalaman/shellcheck/issues/1225 + declare -a expecteda=("${!1-}") + declare -a actuala=("${!2}") - declare -a expected=("${!1-}") - # echo "AAE ${expected[@]}" - - declare -a actual=("${!2}") - # echo "AAE ${actual[@]}" + local msg="${3-}" - local msg="${3-}" + local return_code=0 + if [ ! "${#expecteda[@]}" == "${#actuala[@]}" ]; then + return_code=1 + fi - local return_code=0 - if [ ! "${#expected[@]}" == "${#actual[@]}" ]; then - return_code=1 - fi + local i + for ((i = 1; i < ${#expecteda[@]} + 1; i += 1)); do + if [ ! "${expecteda[$i - 1]}" == "${actuala[$i - 1]}" ]; then + return_code=1 + break + fi + done - local i - for (( i=1; i < ${#expected[@]} + 1; i+=1 )); do - if [ ! "${expected[$i-1]}" == "${actual[$i-1]}" ]; then - return_code=1 - break + if [ "$return_code" == 1 ]; then + ([ "${#msg}" -gt 0 ] && log_failure "(${expecteda[*]}) != (${actuala[*]}) :: $msg") || true fi - done - - if [ "$return_code" == 1 ]; then - [ "${#msg}" -gt 0 ] && log_failure "(${expected[*]}) != (${actual[*]}) :: $msg" || true - fi - return "$return_code" + return "$return_code" } assert_array_not_eq() { + # There is a bug in a shellcheck type check that bleeds across function + # scope so these variables need to have a different name. + # See: https://github.com/koalaman/shellcheck/issues/1225 + declare -a expecteda=("${!1-}") + declare -a actuala=("${!2}") - declare -a expected=("${!1-}") - declare -a actual=("${!2}") + local msg="${3-}" - local msg="${3-}" + local return_code=1 + if [ ! "${#expecteda[@]}" == "${#actuala[@]}" ]; then + return_code=0 + fi - local return_code=1 - if [ ! "${#expected[@]}" == "${#actual[@]}" ]; then - return_code=0 - fi + local i + for ((i = 1; i < ${#expecteda[@]} + 1; i += 1)); do + if [ ! "${expecteda[$i - 1]}" == "${actuala[$i - 1]}" ]; then + return_code=0 + break + fi + done - local i - for (( i=1; i < ${#expected[@]} + 1; i+=1 )); do - if [ ! "${expected[$i-1]}" == "${actual[$i-1]}" ]; then - return_code=0 - break + if [ "$return_code" == 1 ]; then + ([ "${#msg}" -gt 0 ] && log_failure "(${expecteda[*]}) == (${actuala[*]}) :: $msg") || true fi - done - if [ "$return_code" == 1 ]; then - [ "${#msg}" -gt 0 ] && log_failure "(${expected[*]}) == (${actual[*]}) :: $msg" || true - fi - - return "$return_code" + return "$return_code" } assert_empty() { - local actual=$1 - local msg="${2-}" + local actual=$1 + local msg="${2-}" - assert_eq "" "$actual" "$msg" - return "$?" + assert_eq "" "$actual" "$msg" + return "$?" } assert_not_empty() { - local actual=$1 - local msg="${2-}" + local actual=$1 + local msg="${2-}" - assert_not_eq "" "$actual" "$msg" - return "$?" + assert_not_eq "" "$actual" "$msg" + return "$?" } assert_contain() { - local haystack="$1" - local needle="${2-}" - local msg="${3-}" + local haystack="$1" + local needle="${2-}" + local msg="${3-}" - if [ -z "${needle:+x}" ]; then - return 0; - fi + if [ -z "${needle:+x}" ]; then + return 0 + fi - if [ -z "${haystack##*$needle*}" ]; then - return 0 - else - [ "${#msg}" -gt 0 ] && log_failure "$haystack doesn't contain $needle :: $msg" || true - return 1 - fi + # needle is used as a search pattern. + # shellcheck disable=SC2295 + if [ -z "${haystack##*$needle*}" ]; then + return 0 + else + ([ "${#msg}" -gt 0 ] && log_failure "$haystack doesn't contain $needle :: $msg") || true + return 1 + fi } assert_not_contain() { - local haystack="$1" - local needle="${2-}" - local msg="${3-}" + local haystack="$1" + local needle="${2-}" + local msg="${3-}" - if [ -z "${needle:+x}" ]; then - return 0; - fi + if [ -z "${needle:+x}" ]; then + return 0 + fi - if [ "${haystack##*$needle*}" ]; then - return 0 - else - [ "${#msg}" -gt 0 ] && log_failure "$haystack contains $needle :: $msg" || true - return 1 - fi + # needle is used as a search pattern. + # shellcheck disable=SC2295 + if [ "${haystack##*$needle*}" ]; then + return 0 + else + ([ "${#msg}" -gt 0 ] && log_failure "$haystack contains $needle :: $msg") || true + return 1 + fi } assert_gt() { - local first="$1" - local second="$2" - local msg="${3-}" - - if [[ "$first" -gt "$second" ]]; then - return 0 - else - [ "${#msg}" -gt 0 ] && log_failure "$first > $second :: $msg" || true - return 1 - fi + local first="$1" + local second="$2" + local msg="${3-}" + + if [[ "$first" -gt "$second" ]]; then + return 0 + else + ([ "${#msg}" -gt 0 ] && log_failure "$first > $second :: $msg") || true + return 1 + fi } assert_ge() { - local first="$1" - local second="$2" - local msg="${3-}" - - if [[ "$first" -ge "$second" ]]; then - return 0 - else - [ "${#msg}" -gt 0 ] && log_failure "$first >= $second :: $msg" || true - return 1 - fi + local first="$1" + local second="$2" + local msg="${3-}" + + if [[ "$first" -ge "$second" ]]; then + return 0 + else + ([ "${#msg}" -gt 0 ] && log_failure "$first >= $second :: $msg") || true + return 1 + fi } assert_lt() { - local first="$1" - local second="$2" - local msg="${3-}" - - if [[ "$first" -lt "$second" ]]; then - return 0 - else - [ "${#msg}" -gt 0 ] && log_failure "$first < $second :: $msg" || true - return 1 - fi + local first="$1" + local second="$2" + local msg="${3-}" + + if [[ "$first" -lt "$second" ]]; then + return 0 + else + ([ "${#msg}" -gt 0 ] && log_failure "$first < $second :: $msg") || true + return 1 + fi } assert_le() { - local first="$1" - local second="$2" - local msg="${3-}" - - if [[ "$first" -le "$second" ]]; then - return 0 - else - [ "${#msg}" -gt 0 ] && log_failure "$first <= $second :: $msg" || true - return 1 - fi + local first="$1" + local second="$2" + local msg="${3-}" + + if [[ "$first" -le "$second" ]]; then + return 0 + else + ([ "${#msg}" -gt 0 ] && log_failure "$first <= $second :: $msg") || true + return 1 + fi } diff --git a/.github/workflows/scripts/builder-fetch.sh b/.github/workflows/scripts/builder-fetch.sh index e36a9956b..db01eea73 100755 --- a/.github/workflows/scripts/builder-fetch.sh +++ b/.github/workflows/scripts/builder-fetch.sh @@ -14,22 +14,22 @@ set -euo pipefail PREFIX="refs/tags/" # Extract version. -if [[ "$BUILDER_REF" =~ "^$PREFIX*" ]]; then +if [[ "$BUILDER_REF" =~ ^$PREFIX* ]]; then echo "Invalid ref: $BUILDER_REF" exit 2 fi BUILDER_TAG="${BUILDER_REF#"$PREFIX"}" -if [[ "$BUILDER_TAG" = "$(echo -n "$BUILDER_TAG" | grep -P '^[a-f\d]{40}$')" ]]; then +if [[ "$BUILDER_TAG" == "$(echo -n "$BUILDER_TAG" | grep -P '^[a-f\d]{40}$')" ]]; then echo "Builder referenced by hash: $BUILDER_TAG" echo "Resolving..." - + RELEASE_TAG="" # List the releases and find the corepsonding hash. RELEASE_LIST=$(gh release -R "$BUILDER_REPOSITORY" -L 50 list) - while read line; do + while read -r line; do TAG=$(echo "$line" | cut -f1) BRANCH=$(gh release -R "$BUILDER_REPOSITORY" view "$TAG" --json targetCommitish --jq '.targetCommitish') if [[ "$BRANCH" != "main" ]]; then @@ -41,9 +41,9 @@ if [[ "$BUILDER_TAG" = "$(echo -n "$BUILDER_TAG" | grep -P '^[a-f\d]{40}$')" ]]; echo "Found tag $BUILDER_TAG match at tag $TAG and commit $COMMIT" break fi - done <<< "$RELEASE_LIST" + done <<<"$RELEASE_LIST" - if [[ -z "$RELEASE_TAG" ]]; then + if [[ -z "$RELEASE_TAG" ]]; then echo "Tag not found for $BUILDER_TAG" exit 3 fi @@ -73,13 +73,13 @@ echo "verifier hash verification has passed" # Verify the provenance of the builder. chmod a+x "$VERIFIER_RELEASE_BINARY" ./"$VERIFIER_RELEASE_BINARY" --branch "main" \ - --tag "$BUILDER_TAG" \ - --artifact-path "$BUILDER_RELEASE_BINARY" \ - --provenance "$BUILDER_RELEASE_BINARY.intoto.jsonl" \ - --source "github.com/$BUILDER_REPOSITORY" || exit 6 + --tag "$BUILDER_TAG" \ + --artifact-path "$BUILDER_RELEASE_BINARY" \ + --provenance "$BUILDER_RELEASE_BINARY.intoto.jsonl" \ + --source "github.com/$BUILDER_REPOSITORY" || exit 6 BUILDER_COMMIT=$(gh api /repos/"$BUILDER_REPOSITORY"/git/ref/tags/"$BUILDER_TAG" | jq -r '.object.sha') -PROVENANCE_COMMIT=$(cat "$BUILDER_RELEASE_BINARY.intoto.jsonl" | jq -r '.payload' | base64 -d | jq -r '.predicate.materials[0].digest.sha1') +PROVENANCE_COMMIT=$(jq -r '.payload' <"$BUILDER_RELEASE_BINARY.intoto.jsonl" | base64 -d | jq -r '.predicate.materials[0].digest.sha1') if [[ "$BUILDER_COMMIT" != "$PROVENANCE_COMMIT" ]]; then echo "Builder commit sha $BUILDER_COMMIT != provenance material $PROVENANCE_COMMIT" exit 5 diff --git a/.github/workflows/scripts/e2e-assert.sh b/.github/workflows/scripts/e2e-assert.sh index ea6e0504b..9643bda8f 100755 --- a/.github/workflows/scripts/e2e-assert.sh +++ b/.github/workflows/scripts/e2e-assert.sh @@ -3,15 +3,13 @@ source "./.github/workflows/scripts/assert.sh" e2e_assert_eq() { - assert_eq "$@" - if [ "$?" != "0" ]; then + if ! assert_eq "$@"; then exit 1 fi } e2e_assert_not_eq() { - assert_not_eq "$@" - if [ "$?" != "0" ]; then + if ! assert_not_eq "$@"; then exit 1 fi } diff --git a/.github/workflows/scripts/e2e-utils.sh b/.github/workflows/scripts/e2e-utils.sh index da3e0dee6..2f5016d4f 100755 --- a/.github/workflows/scripts/e2e-utils.sh +++ b/.github/workflows/scripts/e2e-utils.sh @@ -41,7 +41,8 @@ e2e_verify_predicate_buildConfig_step_command() { # $3: expected value. e2e_verify_predicate_buildConfig_step_env() { local attestation="$2" - local expected="$(echo -n "$3" | jq -c '.| sort')" + local expected + expected="$(echo -n "$3" | jq -c '.| sort')" if [[ "${expected}" == "[]" ]]; then _e2e_verify_query "${attestation}" "null" ".predicate.buildConfig.steps[$1].env" diff --git a/.github/workflows/scripts/pre-submit.e2e.go.default.sh b/.github/workflows/scripts/pre-submit.e2e.go.default.sh index 9296c5eea..b8c959ea6 100755 --- a/.github/workflows/scripts/pre-submit.e2e.go.default.sh +++ b/.github/workflows/scripts/pre-submit.e2e.go.default.sh @@ -46,14 +46,14 @@ e2e_verify_predicate_buildConfig_step_env "1" "$ATTESTATION" "[\"GOOS=linux\",\" e2e_verify_predicate_buildConfig_step_workingDir "1" "$ATTESTATION" "$PWD/internal/builders/go/e2e-presubmits" if [[ -n "$LDFLAGS" ]]; then - e2e_verify_predicate_buildConfig_step_command "1" "$ATTESTATION" "[\"build\",\"-mod=vendor\",\"-trimpath\",\"-tags=netgo\",\"-ldflags=-X main.gitVersion=v1.2.3 -X main.gitCommit=abcdef -X main.gitBranch=$BRANCH\",\"-o\",\"$BINARY\",\"main.go\"]" - chmod a+x ./"$BINARY" - V=$(./"$BINARY" | grep 'GitVersion: v1.2.3') - C=$(./"$BINARY" | grep 'GitCommit: abcdef') - B=$(./"$BINARY" | grep "GitBranch: main") - e2e_assert_not_eq "$V" "" "GitVersion should not be empty" - e2e_assert_not_eq "$C" "" "GitCommit should not be empty" - e2e_assert_not_eq "$B" "" "GitBranch should not be empty" + e2e_verify_predicate_buildConfig_step_command "1" "$ATTESTATION" "[\"build\",\"-mod=vendor\",\"-trimpath\",\"-tags=netgo\",\"-ldflags=-X main.gitVersion=v1.2.3 -X main.gitCommit=abcdef -X main.gitBranch=$BRANCH\",\"-o\",\"$BINARY\",\"main.go\"]" + chmod a+x ./"$BINARY" + V=$(./"$BINARY" | grep 'GitVersion: v1.2.3') + C=$(./"$BINARY" | grep 'GitCommit: abcdef') + B=$(./"$BINARY" | grep "GitBranch: main") + e2e_assert_not_eq "$V" "" "GitVersion should not be empty" + e2e_assert_not_eq "$C" "" "GitCommit should not be empty" + e2e_assert_not_eq "$B" "" "GitBranch should not be empty" else - e2e_verify_predicate_buildConfig_step_command "1" "$ATTESTATION" "[\"build\",\"-mod=vendor\",\"-trimpath\",\"-tags=netgo\",\"-o\",\"$BINARY\",\"main.go\"]" + e2e_verify_predicate_buildConfig_step_command "1" "$ATTESTATION" "[\"build\",\"-mod=vendor\",\"-trimpath\",\"-tags=netgo\",\"-o\",\"$BINARY\",\"main.go\"]" fi