ci: validate actions and fix actionlint warnings

some actions like Coverity and CFLite aren't run on every PR so to make
sure they are more or less fine when they are changed it makes sense to
at least check them with superlinter/actionlint: https://github.com/rhysd/actionlint

The following warnings were fixed along the way:
```
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2086:info:6:14: Double quote to prevent globbing and word splitting [shellcheck]
   |
55 |       run: |
   |       ^~~~
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2046:warning:6:40: Quote this to prevent word splitting [shellcheck]
   |
55 |       run: |
   |       ^~~~
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2006:style:6:40: Use $(...) notation instead of legacy backticked `...` [shellcheck]
   |
55 |       run: |
   |       ^~~~
```
```
.github/workflows/coverity.yml:31:9: shellcheck reported issue in this script: SC2086:info:1:93: Double quote to prevent globbing and word splitting [shellcheck]
   |
31 |         run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
   |         ^~~~
```

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index a164d16fbf07ee0ee0eef63a5d2846d3fa55283d..46b2863080f5dc43bafad22ed870050650913a2a 100644 (file)
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -28,7 +28,7 @@ jobs:
         uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
       # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
       - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable
-        run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
+        run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> "$GITHUB_ENV"
       - name: Install Coverity tools
         run: tools/get-coverity.sh
       # Reuse the setup phase of the unit test script to avoid code duplication

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 4d72a9829f3375540d222f44841cbfe28033162e..14b3343796c845f52fa89abb23a57b34f2bb23b8 100644 (file)
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -44,3 +44,4 @@ jobs:
           MULTI_STATUS: true
           VALIDATE_ALL_CODEBASE: false
           VALIDATE_BASH: true
+          VALIDATE_GITHUB_ACTIONS: true

diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 966e364f713c502d8d2e4c9a8bf9271c7c128a12..daf009a3b119e0f6eb4eae425b7e21f9173e1a4b 100644 (file)
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -58,7 +58,7 @@ jobs:
         sudo apt build-dep systemd
         meson build
         ninja -C build
-        sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn`
+        sudo ln -svf "$PWD/build/systemd-nspawn" "$(which systemd-nspawn)"
         systemd-nspawn --version
 
     - name: Build ${{ matrix.distro }}