-
Notifications
You must be signed in to change notification settings - Fork 202
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: add shellcheck gh action, lint fixes, parallel acts #298
base: trunk
Are you sure you want to change the base?
Conversation
62d116b
to
9851484
Compare
50befb9
to
bc19c19
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are a lot of style-only changes included here (namely, a dramatic but non-universal adoption of bracing variable expansions); I'm fine with these being included (they are, at worst, benign so long as the braces don't change the expansion, which some of the included ones do), but it's a ton of noise making the review much harder.
In the future, any style-only changes should be in a separate commit so they can be reviewed separately; ideally including a script which could be used to apply the style change so that the reviewer can verify the changes are entirely mechanical style modifications.
@HalosGhost I did see the braces recommendation a lot via shellcheck. A warning not an error. I tried to clear as many warnings as I could for this PR |
9c5ec61
to
2609413
Compare
Divide and conquer PR new plan |
2609413
to
3d4a0cb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know that this script is really providing a lot of benefit; It's a lot of boilerplate for what is essentially just
git ls-files '*.sh' | xargs -n 1 -P "$CPUS" shellcheck
But it adds the ceremony of dep-checking, writing the output to a file, and some ad-hoc inspection of that file. The only strict benefit is that it offers a shortcut for people not familiar with shellcheck.
Especially since I expect the GH action that uses this script to be much slower than the native action (because the native action doesn't need to spin up a bare ubuntu container, clone the repo, install all the dependencies, and then run this script).
This is the strongest argument I've seen so far for a command-runner (the least interesting use of Make
) instead of the ad-hoc script paradigm we've had so far in this repo.
I'd love comments/thoughts from @maurermi as well. At the very least, I think the GH action should be the native form instead of this; and that immediately calls into question the benefit this script offers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I find it very helpful for making shell script changes and being able to run scripts/shellcheck.sh
to generate the report right away without having to remember the command above and then how to tee to a file etc.
1d89264
to
1d4dc50
Compare
1d4dc50
to
0c2e29b
Compare
scripts/shellcheck.sh
Outdated
CYAN="\e[36m" | ||
YELLOW="\e[33m" | ||
BLUE="\e[34m" | ||
RED="\e[31m" | ||
GREEN="\e[32m" | ||
RST_COLOR="\e[0m" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm always a bit hesitant to use color in shell output. If nothing else, I think it has to be used sparingly, and this strikes me as a bit excessive. Is there a specific motivation for having such colorized output?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I find its much easier to understand the key insights quickly with the color. A friend who works in UI actually recommended I add it. We do have color output in some of the other scripts such as ./scripts/install-build-tools.sh
and ./scripts/setup-dependencies.sh
failing:
passing:
The shellcheck report itself ./shellcheck-report.txt
does not have color.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The report can have color, because shellcheck
supports configurable colorization.
Other scripts do have color, and we should unify them at some point to behave well for accessibility reasons (color can be helpful, but it can also be terrible; the most accessible option is to support configuration). However, most of those are either run-once, run-super-rarely, or are intended for pipelines and not really for humans (like the end-to-end kubernetes test). If we want to support colorization in this tool, we should at least support a basic way of disabling/enabling it (as shellcheck
does).
The gold standard is to offer -c|--color[=WHEN]
where WHEN
can be one of auto
(which disables color when the output is going to a pipe or file, and is a bit tricky to really get right), always
, and never
(defaulting to auto
); and, to support the NO_COLOR
environment variable. We should, at least, support the env-var if not something more flexible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK - gave this a shot
scripts/shellcheck.sh
Outdated
fi | ||
} | ||
|
||
check_report() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you clarify for me why you prefer having the report saved to a file instead of just sending to stdout
? This adds a lot of complexity and requires you to deal with things like cache-invalidation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I allow for both. Send to file always, and --view
option to see stdout.
When I am fixing errors I can search very easily in a file, but the stdout could exceed 1000 lines of output and be harder to view the errors of a code. Can grep the stdout but error messages take different amounts of line space so would have to play with grep -B2 -A4
etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You barely need to add anything to support outputting to a file (because shells support redirection). Is overriding this default behavior (how almost all other command-line utilities work) of-use? Why not just redirect the output to a file as you need to?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It creates two files now so this wouldn't be trivial anymore
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It now creates two files by running shellcheck
twice every time, once at the requested severity level, and one bypassing the user's choice to make a "full" report. Why do this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The default for shellcheck is 'style' and that seems too strict to make a github action/prevent code from getting in. My script defaults to 'error'.
There are over 100 messages of severity stricter than 'error' (warning, info, style) which I don't want myself or others to be blind to when turning in shell scripts or modifying them.
Very good to have the full report for commit 2 to mow down (warning, info, style) messages. And future reference. Plus being able to see if a certain code is a nuisance more than a help and to deliberate over making it an exclude if so.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
“It would be better to give contributors more feedback than is enforced or asked for” does not feel sufficient to me to rationalize the additional complication of bypassing the standard convention of printing output to stdout
(which can be captured by file-redirection should the caller desire). Moreover, even though deriving from a positive motivation, taking an argument to specify severity level and then ignoring it intentionally (note that this will duplicate effort entirely if the user specifies the severity to be equal to shellcheck
's default) comes close to being user-hostile (and our users in this case, are contributors)!
If you feel strongly that we should prefer a less restrictive severity level by-default, make the argument for why (and we would instead default to that severity level, perhaps disabling specific codes we find less-than-useful).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Error is the least restrictive severity level as anything more strict gets ignored in pass/fail of the stage.
What if we changed it to warning or info as default and used whichever one in the gh action? Can discuss in slack/zoom if need be.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My phrasing might have been confusing. I meant less-restrictive in the sense of “print more diagnostics”. As I alluded to, I'm comfortable with “raising” the default from error to something higher, but I would ask that you make an argument for why we should prefer that. I appreciate unifying standards across the repository, and improving the CI/CD, and raising the bar for quality of code committed; but, for a research project predominantly focused on engineering novel solutions and not-at-all currently driven by productionization, these improvements are quality-of-life, not top-priority or of most research-interest. Adding friction for contributors absolutely must be justified; it isn't free.
0e25109
to
034d69e
Compare
@HalosGhost Incorporated your suggestions. Added more intelligent coloring, waived error codes/severity messages, summary report. Can be viewed here: https://github.com/mit-dci/opencbdc-tx/actions/runs/10501604065/job/29091863763?pr=298 The waivers are more powerful when looking beyond errors (majority of the info warnings are about variable quotations 'SC2086') $ ./scripts/shellcheck.sh -C auto -S info -e SC2034 -e SC2086 -e SC1010 Edit: I will add a path to the full report as well in the next push |
034d69e
to
924f737
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll make a full review after the file-output/severity issue has been appropriately resolved or justified.
924f737
to
2f83bdb
Compare
This commit made with the assistance of github copilot Signed-off-by: Morgan Rockett <[email protected]>
2f83bdb
to
f110abe
Compare
check_shellcheck_install | ||
parse_cli_args "$@" | ||
|
||
if [[ "$COLOR" != "never" ]]; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is fine, but auto
should be removed from the help output, it's not being handled (which is okay! handling auto-coloring is a bit sticky).
This adds a shellcheck github workflow to check lint our shell files after discussion with @HalosGhost
I fixed a bunch of warnings / errors / info messages from shellcheck across our *.sh scripts.
Edit: added
I assume we will want a
scripts/shellcheck.sh
script to tidy up the.github/workflows/ci.yml :: shellcheck
stage - and to have an easy way for users to run shellcheck / view reports.act -j shellcheck --container-architecture linux/amd64