From 64f8c7f5f3546d87ffec43503d7388e790c2f800 Mon Sep 17 00:00:00 2001
From: Josh Priddle <jpriddle@me.com>
Date: Mon, 31 Mar 2025 04:48:09 -0400
Subject: [PATCH] Add gh-shellcheck

---
 .github/workflows/ci.yml | 23 +++++++++++++++
 LICENSE                  | 21 +++++++++++++
 README.md                | 24 +++++++++++++++
 gh-shellcheck            | 64 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 132 insertions(+)
 create mode 100644 .github/workflows/ci.yml
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100755 gh-shellcheck

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..084538e
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,23 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  ci:
+    name: Run test suite
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      # - name: Install itspriddle/gh-shellcheck
+      #   run:
+      #     gh extension install itspriddle/gh-shellcheck
+
+      - name: Run shellcheck
+        run: |
+          ./gh-shellcheck
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..8a8fa9f
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Joshua Priddle <jpriddle@me.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..262d856
--- /dev/null
+++ b/README.md
@@ -0,0 +1,24 @@
+# gh-shellcheck
+
+This is just a simple script to run ShellCheck on all shell scripts in a
+git repository and print nice annotations on GitHub Actions.
+
+In your workflow, do something like:
+
+```yaml
+jobs:
+  shellcheck:
+    name: Run shellcheck
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install itspriddle/gh-shellcheck
+        run:
+          gh extension install itspriddle/gh-shellcheck
+
+      - name: Run shellcheck
+        run: |
+          gh shellcheck
+```
diff --git a/gh-shellcheck b/gh-shellcheck
new file mode 100755
index 0000000..a39f686
--- /dev/null
+++ b/gh-shellcheck
@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+# Usage: gh-shellcheck
+
+if [[ "$GH_SHELLCHECK" ]]; then
+  export PS4='+ [${BASH_SOURCE##*/}:${LINENO}] '
+  set -x
+fi
+
+set -euo pipefail
+
+if [[ "${1:-}" = "-h" ]] || [[ "${1:-}" = "--help" ]]; then
+  sed -ne '/^#/!q;s/^#$/# /;/^# /s/^# //p' < "$0" |
+    awk -v f="${1//-/}" 'f == "h" && $1 == "Usage:" { print; exit }; f != "h"'
+  exit 1
+fi
+
+# Find all bash (or bats) files in the current git repo
+find_bash_files() {
+  {
+    git ls-files '**.sh' '**.bash' '**.bats' 2>/dev/null
+
+    git grep --untracked -l -e '^#!/bin/bash' -e '^#!/usr/bin/env bash$'
+  } | sort | uniq
+}
+
+BASH_FILES=()
+
+while IFS= read -r file; do
+  BASH_FILES+=("$file")
+done < <(find_bash_files)
+
+if [[ ${#BASH_FILES[@]} -eq 0 ]]; then
+  if git rev-parse --is-inside-work-tree &>/dev/null; then
+    echo "No Bash files found in the current git repo" >&2
+    exit 0
+  else
+    echo "Not a git repo" >&2
+    exit 1
+  fi
+fi
+
+if ! type shellcheck &>/dev/null; then
+  echo "shellcheck is not installed" >&2
+  exit 1
+fi
+
+if ! type jq &>/dev/null; then
+  echo "jq is not installed" >&2
+  exit 1
+fi
+
+shellcheck -f json "${BASH_FILES[@]}" |
+  jq --raw-output \
+    --argjson types '{"error":"error","info":"notice","style":"notice","warning":"warning"}' \
+    --raw-output '.[] |
+      "::\($types[.level] // "notice") " +
+      "file=\(.file)," +
+      "line=\(.line)," +
+      "endLine=\(.endLine)," +
+      "col=\(.column)," +
+      "endColumn=\(.endColumn)," +
+      "title=ShellCheck SC\(.code) (\(.level))" +
+      "::\(.message) See https://github.com/koalaman/shellcheck/wiki/SC\(.code)"
+    '