Skip to content

Commit

Permalink
Allow specifying WORK_DIR for intermediate files (#393)
Browse files Browse the repository at this point in the history
  • Loading branch information
mpoberezhniy authored Apr 29, 2024
1 parent 52bab0c commit 8f0e0a6
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 20 deletions.
28 changes: 15 additions & 13 deletions src/index.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ CURRENT_DIR="$(dirname "$(readlink -f "$0")")"
# shellcheck source=functions.sh
. "${SCRIPT_DIR="${CURRENT_DIR}/"}functions.sh"

WORK_DIR="${WORK_DIR-../}"

declare \
GITHUB_STEP_SUMMARY

Expand All @@ -27,20 +29,20 @@ is_full_scan_demanded
FULL_SCAN=$?

if [[ ${FULL_SCAN} -eq 0 ]]; then
git ls-tree -r --name-only -z "${GITHUB_REF_NAME-"main"}" > ../files.txt
git ls-tree -r --name-only -z "${GITHUB_REF_NAME-"main"}" > "${WORK_DIR}files.txt"

all_scripts=()
get_scripts_for_scanning "../files.txt" "all_scripts"
get_scripts_for_scanning "${WORK_DIR}files.txt" "all_scripts"
fi

if ! [[ ${FULL_SCAN} -eq 0 ]] || ! is_strict_check_on_push_demanded; then
# https://github.com/actions/runner/issues/342
# Get the names of files from range of commits (excluding deleted files)
# BASE and HEAD are always set, it is checked inside pick_base_and_head_hash function
git diff --name-only -z --diff-filter=db "${BASE}".."${HEAD}" > ../changed-files.txt
git diff --name-only -z --diff-filter=db "${BASE}".."${HEAD}" > "${WORK_DIR}changed-files.txt"

only_changed_scripts=()
get_scripts_for_scanning "../changed-files.txt" "only_changed_scripts"
get_scripts_for_scanning "${WORK_DIR}changed-files.txt" "only_changed_scripts"
fi

echo -e "${VERSIONS_HEADING}"
Expand All @@ -58,25 +60,25 @@ echo
# ------------ #

if [[ ${FULL_SCAN} -eq 0 ]]; then
execute_shellcheck "${all_scripts[@]}" > ../full-shellcheck.err
execute_shellcheck "${all_scripts[@]}" > "${WORK_DIR}full-shellcheck.err"
fi

exit_status=0

if ! is_strict_check_on_push_demanded; then
execute_shellcheck "${only_changed_scripts[@]}" > ../head-shellcheck.err
execute_shellcheck "${only_changed_scripts[@]}" > "${WORK_DIR}head-shellcheck.err"

# Checkout the base branch/commit
git checkout --force --quiet -b ci_br_dest "${BASE}" || git checkout --force --quiet "${BASE}"

execute_shellcheck "${only_changed_scripts[@]}" > ../base-shellcheck.err
execute_shellcheck "${only_changed_scripts[@]}" > "${WORK_DIR}base-shellcheck.err"

get_fixes "../base-shellcheck.err" "../head-shellcheck.err"
get_fixes "${WORK_DIR}base-shellcheck.err" "${WORK_DIR}head-shellcheck.err"
evaluate_and_print_fixes

get_defects "../head-shellcheck.err" "../base-shellcheck.err"
get_defects "${WORK_DIR}head-shellcheck.err" "${WORK_DIR}base-shellcheck.err"
else
mv ../full-shellcheck.err ../defects.log
mv "${WORK_DIR}full-shellcheck.err" "${WORK_DIR}defects.log"
fi

echo
Expand All @@ -89,9 +91,9 @@ exit_status=$?

# Upload all defects when Full scan was requested
if [[ ${FULL_SCAN} -eq 0 ]]; then
cp ../full-shellcheck.err ../sarif-defects.log
cp "${WORK_DIR}full-shellcheck.err" "${WORK_DIR}sarif-defects.log"
else
cp ../defects.log ../sarif-defects.log
cp "${WORK_DIR}defects.log" "${WORK_DIR}sarif-defects.log"
fi

shellcheck_version=$(get_shellcheck_version)
Expand All @@ -103,7 +105,7 @@ csgrep \
--set-scan-prop='tool:ShellCheck' \
--set-scan-prop="tool-version:${shellcheck_version}" \
--set-scan-prop='tool-url:https://www.shellcheck.net/wiki/' \
'../sarif-defects.log' > output.sarif
"${WORK_DIR}sarif-defects.log" > output.sarif

echo "sarif=output.sarif" >> "${GITHUB_OUTPUT}"

Expand Down
4 changes: 3 additions & 1 deletion src/summary.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
# shellcheck shell=bash
# SPDX-License-Identifier: GPL-3.0-or-later

WORK_DIR="${WORK_DIR-../}"

# Print scanning summary
summary () {
scan_summary=""
Expand Down Expand Up @@ -72,7 +74,7 @@ Scanned/Changed scripts: \`${#list_of_changed_scripts[@]}\`
get_number_of () {
[[ $# -le 0 ]] && return 1

file="../${1}.log"
file="${WORK_DIR}${1}.log"
[[ -s "${file}" ]] || return 1

jq '.defects | length' "${file}"
Expand Down
14 changes: 8 additions & 6 deletions src/validation.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
# shellcheck source=summary.sh
. "${SCRIPT_DIR=}summary.sh"

WORK_DIR="${WORK_DIR-../}"

# Get file containing fixes based on two input files
# $1 - <string> absolute path to a file containing results from BASE scan
# $2 - <string> absolute path to a file containing results from HEAD scan
Expand All @@ -12,19 +14,19 @@
get_fixes () {
[[ $# -le 1 ]] && return 1

csdiff --fixed "${1}" "${2}" > ../fixes.log
csdiff --fixed "${1}" "${2}" > "${WORK_DIR}fixes.log"
}

# Function to evaluate results of fixed defects and to provide feedback on standard output
# It expects file '../fixes.log' to contain fixes
# $? - return value is always 0
evaluate_and_print_fixes () {
gather_statistics "../fixes.log"
gather_statistics "${WORK_DIR}fixes.log"

num_of_fixes=$(get_number_of fixes)
if [[ "${num_of_fixes}" -gt 0 ]]; then
echo -e "${GREEN}Fixed defects${NOCOLOR}"
csgrep --embed-context 2 ../fixes.log
csgrep --embed-context 2 "${WORK_DIR}fixes.log"
else
echo -e "ℹ️ ${YELLOW}No Fixes!${NOCOLOR}"
fi
Expand All @@ -38,21 +40,21 @@ evaluate_and_print_fixes () {
get_defects () {
[[ $# -le 1 ]] && return 1

csdiff --fixed "${1}" "${2}" > ../defects.log
csdiff --fixed "${1}" "${2}" > "${WORK_DIR}defects.log"
}

# Function to evaluate results of defects and to provide feedback on standard output
# It expects file '../defects.log' to contain defects
# $? - return value - 0 on success
evaluate_and_print_defects () {
gather_statistics "../defects.log"
gather_statistics "${WORK_DIR}defects.log"

num_of_defects=$(get_number_of defects)
if [[ "${num_of_defects}" -gt 0 ]] ; then
print_statistics

echo -e "${YELLOW}Defects, NEEDS INSPECTION${NOCOLOR}"
csgrep --embed-context 4 ../defects.log
csgrep --embed-context 4 "${WORK_DIR}defects.log"
return 1
fi

Expand Down

0 comments on commit 8f0e0a6

Please sign in to comment.