bazel: add shellcheck to //:check

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2024-10-01 01:36:09 -04:00 · 2023-03-16 14:24:53 +01:00 · 2023-03-16 14:24:53 +01:00 · 0fc15b2393
commit 0fc15b2393
parent e72e544444
12 changed files with 158 additions and 55 deletions
--- a/.github/workflows/test-shellcheck.yml
+++ b/.github/workflows/test-shellcheck.yml
@ -1,45 +0,0 @@
-name: Shellcheck
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
-      - "release/**"
-    paths:
-      - "**.sh"
-      - "**.bash"
-      - "image/**"
-      - ".github/workflows/test-shellcheck.yml"
-  pull_request:
-    paths:
-      - "**.sh"
-      - "**.bash"
-      - "image/**"
-      - ".github/workflows/test-shellcheck.yml"
-
-jobs:
-  shellcheck:
-    name: Shellcheck
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
-        with:
-          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
-
-      - name: Setup Go environment
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
-        with:
-          go-version: "1.20.2"
-
-      - name: Install shellfmt
-        shell: bash
-        run: |
-          go install github.com/katexochen/sh/v3/cmd/shfmt@faf7f58964998201d22efe41fef41ae4e1953f3b # v3.6.0
-
-      - name: Run ShellCheck
-        uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
-        with:
-          severity: info
-          ignore_paths: charts/cilium
-          additional_files: $(shfmt -f . | grep -v helm/charts/cilium)
--- a/WORKSPACE.bazel
+++ b/WORKSPACE.bazel
@ -136,3 +136,8 @@ oci_register_toolchains(
 load("//bazel/toolchains:multirun_deps.bzl", "multirun_deps")

 multirun_deps()
+
+# CI deps
+load("//bazel/toolchains:ci_deps.bzl", "ci_deps")
+
+ci_deps()
--- a/bazel/ci/BUILD.bazel
+++ b/bazel/ci/BUILD.bazel
@ -1,7 +1,7 @@
 load("@bazel_gazelle//:def.bzl", "gazelle")
 load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "multirun")
 load("@com_github_bazelbuild_buildtools//buildifier:def.bzl", "buildifier", "buildifier_test")
-load("//bazel/sh:def.bzl", "repo_command", "sh_template")
+load("//bazel/sh:def.bzl", "noop_warn", "repo_command", "sh_template")

 gazelle(name = "gazelle_generate")

@ -64,6 +64,34 @@ sh_template(
    template = "shfmt.sh.in",
 )

+noop_warn(
+    name = "shellcheck_noop_warning",
+    warning = "Shellcheck should have been executed, but is currently not available for your platform.",
+)
+
+alias(
+    name = "com_github_koalaman_shellcheck",
+    actual = select({
+        "@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_koalaman_shellcheck_darwin_x86_64//:shellcheck_bin",
+        "@io_bazel_rules_go//go/platform:darwin_arm64": ":shellcheck_noop_warning",
+        "@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_koalaman_shellcheck_linux_x86_64//:shellcheck_bin",
+        "@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_koalaman_shellcheck_linux_aaarch64//:shellcheck_bin",
+    }),
+)
+
+sh_template(
+    name = "shellcheck",
+    data = [
+        ":com_github_koalaman_shellcheck",
+        "@com_github_katexochen_sh_v3//cmd/shfmt",
+    ],
+    substitutions = {
+        "@@SHELLCHECK@@": "$(rootpath :com_github_koalaman_shellcheck)",
+        "@@SHFMT@@": "$(rootpath @com_github_katexochen_sh_v3//cmd/shfmt)",
+    },
+    template = "shellcheck.sh.in",
+)
+
 repo_command(
    name = "gofumpt",
    args = [
@ -84,7 +112,6 @@ multirun(
        ":gazelle_generate",
        ":buildifier_fix",
    ],
-    jobs = 1,  # execute sequentially
    visibility = ["//visibility:public"],
 )

@ -94,7 +121,9 @@ multirun(
    commands = [
        ":gazelle_check",
        ":buildifier_check",
-    ],
-    jobs = 0,
+    ] + select({
+        "@io_bazel_rules_go//go/platform:darwin_arm64": [":shellcheck_noop_warning"],
+        "//conditions:default": [":shellcheck"],
+    }),
    visibility = ["//visibility:public"],
 )
--- a/bazel/ci/shellcheck.sh.in
+++ b/bazel/ci/shellcheck.sh.in
@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+lib=$(realpath @@BASE_LIB@@) || exit 1
+shfmt=$(realpath @@SHFMT@@) || exit 1
+shellcheck=$(realpath @@SHELLCHECK@@) || exit 1
+
+# shellcheck source=../sh/lib.bash
+if ! source "${lib}"; then
+  echo "Error: could not find import"
+  exit 1
+fi
+
+cd "${BUILD_WORKSPACE_DIRECTORY}" || exit 1
+
+scriptsStr=$(${shfmt} -f "${BUILD_WORKSPACE_DIRECTORY}")
+readarray -t <<< "${scriptsStr}"
+scripts=("${MAPFILE[@]}")
+
+excludeDirs=(
+  "cli/internal/helm/charts/cilium"
+  "build"
+)
+
+echo "The following scripts are excluded and won't be linted with shellcheck:"
+for exclude in "${excludeDirs[@]}"; do
+  for i in "${!scripts[@]}"; do
+    if [[ ${scripts[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}"* ]]; then
+      echo "  ${scripts[i]}"
+      unset 'scripts[i]'
+    fi
+  done
+done
+
+echo "Linting the following scripts with shellcheck:"
+for script in "${scripts[@]}"; do
+  echo "  ${script}"
+done
+
+statuscode=0
+for file in "${scripts[@]}"; do
+  ${shellcheck} --severity=info "${file}" || statuscode=$?
+done
+
+exit "${statuscode}"
--- a/bazel/ci/shfmt.sh.in
+++ b/bazel/ci/shfmt.sh.in
@ -3,7 +3,7 @@
 lib=$(realpath @@BASE_LIB@@) || exit 1
 shfmt=$(realpath @@SHFMT@@) || exit 1

-# shellcheck source=lib.bash
+# shellcheck source=../sh/lib.bash
 if ! source "${lib}"; then
  echo "Error: could not find import"
  exit 1
@ -16,12 +16,15 @@ readarray -t <<< "${scriptsStr}"
 scripts=("${MAPFILE[@]}")

 excludeDirs=(
-  "helm/charts/cilium"
+  "cli/internal/helm/charts/cilium"
+  "build"
 )

+echo "The following scripts are excluded and won't be formatted with shfmt:"
 for exclude in "${excludeDirs[@]}"; do
  for i in "${!scripts[@]}"; do
-    if [[ ${scripts[i]} == *"${exclude}"* ]]; then
+    if [[ ${scripts[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}"* ]]; then
+      echo "  ${scripts[i]}"
      unset 'scripts[i]'
    fi
  done
--- a/bazel/ci/tidy.sh.in
+++ b/bazel/ci/tidy.sh.in
@ -3,7 +3,7 @@
 lib=$(realpath @@BASE_LIB@@) || exit 1
 go=$(realpath @@GO@@) || exit 1

-# shellcheck source=lib.bash
+# shellcheck source=../sh/lib.bash
 if ! source "${lib}"; then
  echo "Error: could not find import"
  exit 1
--- a/bazel/devbuild/prepare_developer_workspace.sh.in
+++ b/bazel/devbuild/prepare_developer_workspace.sh.in
@ -9,7 +9,7 @@ upgrade_agent=$(realpath @@UPGRADE_AGENT@@) || exit 1
 cli=$(realpath @@CLI@@) || exit 1
 cdbg=$(realpath @@CDBG@@) || exit 1

-# shellcheck source=../ci/lib.bash
+# shellcheck source=../sh/lib.bash
 if ! source "${lib}"; then
  echo "Error: could not find import"
  exit 1
--- a/bazel/sh/BUILD.bazel
+++ b/bazel/sh/BUILD.bazel
@ -1,4 +1,7 @@
-exports_files(["repo_command.sh.in"])
+exports_files([
+    "repo_command.sh.in",
+    "noop_warn.sh.in",
+])

 sh_library(
    name = "base_lib",
--- a/bazel/sh/def.bzl
+++ b/bazel/sh/def.bzl
@ -90,3 +90,23 @@ def repo_command(name, **kwargs):
        template = "//bazel/sh:repo_command.sh.in",
        **kwargs
    )
+
+def noop_warn(name, **kwargs):
+    """Build a sh_binary that warns about a step beeing replaced by a no-op.
+
+    Args:
+        name: name
+        **kwargs: **kwargs
+    """
+    warning = kwargs.pop("warning", "The binary that should have been executed is likely not available on your platform.")
+    warning = "\\033[0;33mWARNING:\\033[0m This step is a no-op. %s" % warning
+    substitutions = {
+        "@@WARNING@@": warning,
+    }
+
+    sh_template(
+        name = name,
+        substitutions = substitutions,
+        template = "//bazel/sh:noop_warn.sh.in",
+        **kwargs
+    )
--- a/bazel/sh/noop_warn.sh.in
+++ b/bazel/sh/noop_warn.sh.in
@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+echo -e "@@WARNING@@"
--- a/bazel/toolchains/BUILD.shellcheck.bazel
+++ b/bazel/toolchains/BUILD.shellcheck.bazel
@ -0,0 +1,8 @@
+genrule(
+    name = "shellcheck_bin",
+    srcs = ["shellcheck"],
+    outs = ["shellcheck_bin_out"],
+    cmd = "cp $< $@",  # Copy the binary to the output directory.
+    executable = True,
+    visibility = ["//visibility:public"],
+)
--- a/bazel/toolchains/ci_deps.bzl
+++ b/bazel/toolchains/ci_deps.bzl
@ -0,0 +1,33 @@
+"""CI dependencies"""
+
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+
+def ci_deps():
+    _shellcheck_deps()
+
+def _shellcheck_deps():
+    http_archive(
+        name = "com_github_koalaman_shellcheck_linux_x86_64",
+        urls = [
+            "https://github.com/koalaman/shellcheck/releases/download/v0.9.0/shellcheck-v0.9.0.linux.x86_64.tar.xz",
+        ],
+        sha256 = "700324c6dd0ebea0117591c6cc9d7350d9c7c5c287acbad7630fa17b1d4d9e2f",
+        strip_prefix = "shellcheck-v0.9.0",
+        build_file = "//bazel/toolchains:BUILD.shellcheck.bazel",
+    )
+    http_archive(
+        name = "com_github_koalaman_shellcheck_linux_aaarch64",
+        urls = [
+            "https://github.com/koalaman/shellcheck/releases/download/v0.9.0/shellcheck-v0.9.0.linux.aarch64.tar.xz",
+        ],
+        strip_prefix = "shellcheck-v0.9.0",
+        build_file = "//bazel/toolchains:BUILD.shellcheck.bazel",
+    )
+    http_archive(
+        name = "com_github_koalaman_shellcheck_darwin_x86_64",
+        urls = [
+            "https://github.com/koalaman/shellcheck/releases/download/v0.9.0/shellcheck-v0.9.0.darwin.x86_64.tar.xz",
+        ],
+        strip_prefix = "shellcheck-v0.9.0",
+        build_file = "//bazel/toolchains:BUILD.shellcheck.bazel",
+    )