Created
June 27, 2019 23:24
-
-
Save spiffxp/ffafabd45db206366c363087ae281c74 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Copyright 2018 The Kubernetes Authors. | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| set -o errexit | |
| set -o nounset | |
| set -o pipefail | |
| KUBE_ROOT="$(cd "$(dirname "${BASH_SOURCE}")/.." && pwd -P)" | |
| # just enough copy-paste from kuberentes/kubernetes/hack/* files to get | |
| # the rest of this script to work | |
| # kube::util::check-file-in-alphabetical-order <file> | |
| # Check that the file is in alphabetical order | |
| # | |
| function kube::util::check-file-in-alphabetical-order { | |
| local failure_file="$1" | |
| if ! diff -u "${failure_file}" <(LC_ALL=C sort "${failure_file}"); then | |
| { | |
| echo | |
| echo "${failure_file} is not in alphabetical order. Please sort it:" | |
| echo | |
| echo " LC_ALL=C sort -o ${failure_file} ${failure_file}" | |
| echo | |
| } >&2 | |
| false | |
| fi | |
| } | |
| # Example: kube::util::trap_add 'echo "in trap DEBUG"' DEBUG | |
| # See: http://stackoverflow.com/questions/3338030/multiple-bash-traps-for-the-same-signal | |
| kube::util::trap_add() { | |
| local trap_add_cmd | |
| trap_add_cmd=$1 | |
| shift | |
| for trap_add_name in "$@"; do | |
| local existing_cmd | |
| local new_cmd | |
| # Grab the currently defined trap commands for this trap | |
| existing_cmd=$(trap -p "${trap_add_name}" | awk -F"'" '{print $2}') | |
| if [[ -z "${existing_cmd}" ]]; then | |
| new_cmd="${trap_add_cmd}" | |
| else | |
| new_cmd="${trap_add_cmd};${existing_cmd}" | |
| fi | |
| # Assign the test. Disable the shellcheck warning telling that trap | |
| # commands should be single quoted to avoid evaluating them at this | |
| # point instead evaluating them at run time. The logic of adding new | |
| # commands to a single trap requires them to be evaluated right away. | |
| # shellcheck disable=SC2064 | |
| trap "${new_cmd}" "${trap_add_name}" | |
| done | |
| } | |
| # arguments: target, item1, item2, item3, ... | |
| # returns 0 if target is in the given items, 1 otherwise. | |
| kube::util::array_contains() { | |
| local search="$1" | |
| local element | |
| shift | |
| for element; do | |
| if [[ "${element}" == "${search}" ]]; then | |
| return 0 | |
| fi | |
| done | |
| return 1 | |
| } | |
| # the below is copy-paste from kubernetes/kubernetes/hack/verify-shellcheck.sh | |
| # required version for this script, if not installed on the host we will | |
| # use the official docker image instead. keep this in sync with SHELLCHECK_IMAGE | |
| SHELLCHECK_VERSION="0.6.0" | |
| # upstream shellcheck latest stable image as of January 10th, 2019 | |
| SHELLCHECK_IMAGE="koalaman/shellcheck-alpine:v0.6.0@sha256:7d4d712a2686da99d37580b4e2f45eb658b74e4b01caf67c1099adc294b96b52" | |
| # fixed name for the shellcheck docker container so we can reliably clean it up | |
| SHELLCHECK_CONTAINER="k8s-shellcheck" | |
| # disabled lints | |
| disabled=( | |
| # this lint disallows non-constant source, which we use extensively without | |
| # any known bugs | |
| 1090 | |
| # this lint prefers command -v to which, they are not the same | |
| 2230 | |
| ) | |
| # comma separate for passing to shellcheck | |
| join_by() { | |
| local IFS="$1"; | |
| shift; | |
| echo "$*"; | |
| } | |
| SHELLCHECK_DISABLED="$(join_by , "${disabled[@]}")" | |
| readonly SHELLCHECK_DISABLED | |
| # creates the shellcheck container for later use | |
| create_container () { | |
| # TODO(bentheelder): this is a performance hack, we create the container with | |
| # a sleep MAX_INT32 so that it is effectively paused. | |
| # We then repeatedly exec to it to run each shellcheck, and later rm it when | |
| # we're done. | |
| # This is incredibly much faster than creating a container for each shellcheck | |
| # call ... | |
| docker run --name "${SHELLCHECK_CONTAINER}" -d --rm -v "${KUBE_ROOT}:${KUBE_ROOT}" -w "${KUBE_ROOT}" --entrypoint="sleep" "${SHELLCHECK_IMAGE}" 2147483647 | |
| } | |
| # removes the shellcheck container | |
| remove_container () { | |
| docker rm -f "${SHELLCHECK_CONTAINER}" &> /dev/null || true | |
| } | |
| # ensure we're linting the k8s source tree | |
| cd "${KUBE_ROOT}" | |
| # Find all shell scripts excluding: | |
| # - Anything git-ignored - No need to lint untracked files. | |
| # - ./_* - No need to lint output directories. | |
| # - ./.git/* - Ignore anything in the git object store. | |
| # - ./vendor* - Vendored code should be fixed upstream instead. | |
| # - ./third_party/*, but re-include ./third_party/forked/* - only code we | |
| # forked should be linted and fixed. | |
| all_shell_scripts=() | |
| while IFS=$'\n' read -r script; | |
| do git check-ignore -q "$script" || all_shell_scripts+=("$script"); | |
| done < <(find . -name "*.sh" \ | |
| -not \( \ | |
| -path ./_\* -o \ | |
| -path ./.git\* -o \ | |
| -path ./vendor\* -o \ | |
| \( -path ./third_party\* -a -not -path ./third_party/forked\* \) \ | |
| \)) | |
| # make sure known failures are sorted | |
| failure_file="${KUBE_ROOT}/hack/.shellcheck_failures" | |
| kube::util::check-file-in-alphabetical-order "${failure_file}" | |
| # load known failure files | |
| failing_files=() | |
| while IFS=$'\n' read -r script; | |
| do failing_files+=("$script"); | |
| done < <(cat "${failure_file}") | |
| # detect if the host machine has the required shellcheck version installed | |
| # if so, we will use that instead. | |
| HAVE_SHELLCHECK=false | |
| if which shellcheck &>/dev/null; then | |
| detected_version="$(shellcheck --version | grep 'version: .*')" | |
| if [[ "${detected_version}" = "version: ${SHELLCHECK_VERSION}" ]]; then | |
| HAVE_SHELLCHECK=true | |
| fi | |
| fi | |
| # tell the user which we've selected and possibly set up the container | |
| if ${HAVE_SHELLCHECK}; then | |
| echo "Using host shellcheck ${SHELLCHECK_VERSION} binary." | |
| else | |
| echo "Using shellcheck ${SHELLCHECK_VERSION} docker image." | |
| # remove any previous container, ensure we will attempt to cleanup on exit, | |
| # and create the container | |
| remove_container | |
| kube::util::trap_add 'remove_container' EXIT | |
| if ! output="$(create_container 2>&1)"; then | |
| { | |
| echo "Failed to create shellcheck container with output: " | |
| echo "" | |
| echo "${output}" | |
| } >&2 | |
| exit 1 | |
| fi | |
| fi | |
| # if KUBE_JUNIT_REPORT_DIR is set, disable colorized output. | |
| # Colorized output causes malformed XML in the JUNIT report. | |
| SHELLCHECK_COLORIZED_OUTPUT="auto" | |
| if [[ -n "${KUBE_JUNIT_REPORT_DIR:-}" ]]; then | |
| SHELLCHECK_COLORIZED_OUTPUT="never" | |
| fi | |
| # common arguments we'll pass to shellcheck | |
| SHELLCHECK_OPTIONS=( | |
| # allow following sourced files that are not specified in the command, | |
| # we need this because we specify one file at at time in order to trivially | |
| # detect which files are failing | |
| "--external-sources" | |
| # include our disabled lints | |
| "--exclude=${SHELLCHECK_DISABLED}" | |
| # set colorized output | |
| "--color=${SHELLCHECK_COLORIZED_OUTPUT}" | |
| ) | |
| # lint each script, tracking failures | |
| errors=() | |
| not_failing=() | |
| for f in "${all_shell_scripts[@]}"; do | |
| set +o errexit | |
| if ${HAVE_SHELLCHECK}; then | |
| failedLint=$(shellcheck "${SHELLCHECK_OPTIONS[@]}" "${f}") | |
| else | |
| failedLint=$(docker exec -t ${SHELLCHECK_CONTAINER} \ | |
| shellcheck "${SHELLCHECK_OPTIONS[@]}" "${f}") | |
| fi | |
| set -o errexit | |
| kube::util::array_contains "${f}" "${failing_files[@]}" && in_failing=$? || in_failing=$? | |
| if [[ -n "${failedLint}" ]] && [[ "${in_failing}" -ne "0" ]]; then | |
| errors+=( "${failedLint}" ) | |
| fi | |
| if [[ -z "${failedLint}" ]] && [[ "${in_failing}" -eq "0" ]]; then | |
| not_failing+=( "${f}" ) | |
| fi | |
| done | |
| # Check to be sure all the files that should pass lint are. | |
| if [ ${#errors[@]} -eq 0 ]; then | |
| echo 'Congratulations! All shell files are passing lint (excluding those in hack/.shellcheck_failures).' | |
| else | |
| { | |
| echo "Errors from shellcheck:" | |
| for err in "${errors[@]}"; do | |
| echo "$err" | |
| done | |
| echo | |
| echo 'Please review the above warnings. You can test via "./hack/verify-shellcheck"' | |
| echo 'If the above warnings do not make sense, you can exempt this package from shellcheck' | |
| echo 'checking by adding it to hack/.shellcheck_failures (if your reviewer is okay with it).' | |
| echo | |
| } >&2 | |
| exit 1 | |
| fi | |
| if [[ ${#not_failing[@]} -gt 0 ]]; then | |
| { | |
| echo "Some files in hack/.shellcheck_failures are passing shellcheck. Please remove them." | |
| echo | |
| for f in "${not_failing[@]}"; do | |
| echo " $f" | |
| done | |
| echo | |
| } >&2 | |
| exit 1 | |
| fi | |
| # Check that all failing_files actually still exist | |
| gone=() | |
| for f in "${failing_files[@]}"; do | |
| kube::util::array_contains "$f" "${all_shell_scripts[@]}" || gone+=( "$f" ) | |
| done | |
| if [[ ${#gone[@]} -gt 0 ]]; then | |
| { | |
| echo "Some files in hack/.shellcheck_failures do not exist anymore. Please remove them." | |
| echo | |
| for f in "${gone[@]}"; do | |
| echo " $f" | |
| done | |
| echo | |
| } >&2 | |
| exit 1 | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment