.github/workflows/differential-shellcheck.yml

   1 ---
   2 # https://github.com/redhat-plumbers-in-action/differential-shellcheck#readme
   3
   4 name: Differential ShellCheck
   5 on:
   6   push:
   7     branches:
   8       - main
   9   pull_request:
  10     branches:
  11       - main
  12
  13 permissions:
  14   contents: read
  15
  16 jobs:
  17   lint:
  18     if: github.event.repository.name != 'systemd-security'
  19     runs-on: ubuntu-latest
  20
  21     permissions:
  22       security-events: write
  23
  24     steps:
  25       - name: Repository checkout
  26         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
  27         with:
  28           fetch-depth: 0
  29
  30       - name: Differential ShellCheck
  31         uses: redhat-plumbers-in-action/differential-shellcheck@91e2582e40236f831458392d905578d680baa138
  32         with:
  33           # exclude all `.in` files because they may contain unsupported syntax, and they have to be preprocessed first
  34           # TEMPORARY: exclude bash completion files, they would generate too many defects in Code scanning dashboard (600+)
  35           # exclude zsh completion files, zsh is not supported by ShellCheck
  36           exclude-path: |
  37             '**/*.in'
  38             'shell-completion/bash/*'
  39             'shell-completion/zsh/*'
  40           token: ${{ secrets.GITHUB_TOKEN }}