From cf343b44e356c5f89f673c4331249179c5bd85c9 Mon Sep 17 00:00:00 2001 From: Andrew Grimberg Date: Wed, 12 Apr 2023 07:10:03 -0700 Subject: [PATCH] Refactor: pre-commit cleanups Cleanup errors being caught by pre-commit that is preventing GitHub Actions runs of pre-commit (aka pre-commit run -a) from passing Issue: RELENG-4687 Change-Id: I09636538d1d34e5ab2deeb05c112632540a17368 Signed-off-by: Andrew Grimberg --- docs/jjb/lf-docker-jobs.rst | 2 +- docs/jjb/lf-go-jobs.rst | 2 +- docs/jjb/lf-info-vote.rst | 3 --- docs/jjb/lf-maven-jobs.rst | 8 ++++---- docs/jjb/lf-python-jobs.rst | 2 +- docs/jjb/lf-release-jobs.rst | 19 +++++++++---------- jenkins-init-scripts/create-swap-file.sh | 2 +- jenkins-init-scripts/disable-firewall.sh | 2 +- jenkins-init-scripts/lf-env.sh | 1 + jjb/lf-c-cpp-jobs.yaml | 2 +- jjb/lf-maven-jobs.yaml | 2 +- jjb/lf-python-jobs.yaml | 2 +- ...AVA_HOME-directory-detection-b164f29820d36206.yaml | 15 +++++++-------- .../fix-sbom-file-creation-12eb6bc1d0cdaf36.yaml | 4 ++-- .../notes/refactor-tox-pyenv-f5b3aac7eec3725d.yaml | 4 ++-- .../revert_clm_maven_plugin-db2a239e6aa22f07.yaml | 2 +- .../upgrade-git-review-2.3.1-b3cc401a6c8ae58a.yaml | 4 ++-- shell/capture-instance-metadata.sh | 2 +- shell/common-variables.sh | 1 + shell/docker-login.sh | 2 +- shell/maven-sonar.sh | 3 +++ shell/python-tools-install.sh | 2 ++ shell/release-job.sh | 4 +++- shell/sbom-generator.sh | 2 ++ shell/sigul-sign-dir.sh | 15 +++++++++------ shell/sigul-sign.sh | 6 +++--- shell/update-java-alternatives.sh | 1 + 27 files changed, 62 insertions(+), 52 deletions(-) diff --git a/docs/jjb/lf-docker-jobs.rst b/docs/jjb/lf-docker-jobs.rst index a10624ba..0a6fcc9a 100644 --- a/docs/jjb/lf-docker-jobs.rst +++ b/docs/jjb/lf-docker-jobs.rst @@ -262,7 +262,7 @@ Builds the code, downloads and runs a Snyk CLI scan of the code into the Snyk da builder steps. (default: "") :post_docker_build_script: Build script to execute after the main verify builder steps. (default: "") - :snyk-cli-options: Additional Snyk CLI options. (default: '') + :snyk-cli-options: Snyk CLI options. (default: '') :stream: Keyword that represents a release code-name. Often the same as the branch. (default: master) :submodule-recursive: Whether to checkout submodules recursively. diff --git a/docs/jjb/lf-go-jobs.rst b/docs/jjb/lf-go-jobs.rst index 5dc105cc..6cac0471 100644 --- a/docs/jjb/lf-go-jobs.rst +++ b/docs/jjb/lf-go-jobs.rst @@ -49,7 +49,7 @@ Builds the code, downloads and runs a Snyk CLI scan of the code into the Snyk da :build-timeout: Timeout in minutes before aborting build. (default: 60) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) :java-version: Version of Java to use for the build. (default: openjdk11) - :snyk-cli-options: Additional Snyk CLI options. (default: '') + :snyk-cli-options: Snyk CLI options. (default: '') :stream: Keyword that represents a release code-name. Often the same as the branch. (default: master) :submodule-recursive: Whether to checkout submodules recursively. diff --git a/docs/jjb/lf-info-vote.rst b/docs/jjb/lf-info-vote.rst index 733a5510..35f2dd83 100644 --- a/docs/jjb/lf-info-vote.rst +++ b/docs/jjb/lf-info-vote.rst @@ -7,9 +7,6 @@ Info Vote Job Job counts the votes from the committers against a change to the INFO.yaml file -If needed, will also check for a majority of TSC voters -(not yet implemented) - Auto-merges the change on a majority vote. diff --git a/docs/jjb/lf-maven-jobs.rst b/docs/jjb/lf-maven-jobs.rst index e9b7ddec..00c6313b 100644 --- a/docs/jjb/lf-maven-jobs.rst +++ b/docs/jjb/lf-maven-jobs.rst @@ -215,7 +215,7 @@ Builds the code, downloads and runs a Snyk CLI scan of the code into the Snyk da :mvn-opts: Sets MAVEN_OPTS to start up the JVM running Maven. (default: '') :mvn-params: Parameters to pass to the mvn CLI. (default: '') :mvn-version: Version of maven to use. (default: mvn35) - :snyk-cli-options: Additional Snyk CLI options. (default: '') + :snyk-cli-options: Snyk CLI options. (default: '') :stream: Keyword that represents a release code-name. Often the same as the branch. (default: master) :submodule-recursive: Whether to checkout submodules recursively. @@ -477,7 +477,7 @@ directory is then used later to deploy to Nexus. (default: false) :sbom-generator-version: SBOM generator version to download and run if using sbom-generator. (default: v0.0.10) - :sbom-path: Path where SBOM is going to be executed from. + :sbom-path: SBOM execution path. (default: $WORKSPACE) :sign-artifacts: Sign artifacts with Sigul. (default: false) :stream: Keyword that represents a release code-name. @@ -583,7 +583,7 @@ multi-branch configuration. :sonarcloud-project-organization: SonarCloud project organization. (default: '') :sonarcloud-api-token-cred-id: Jenkins credential ID which has the SonarCloud API Token. - This one SHOULDN'T be overwritten as per we are standarizing the credential ID for all + This one SHOULDN'T be overwritten as we are standarizing the credential ID for all projects (default: 'sonarcloud-api-token') :sonarcloud-java-version: Version of Java to use for the Sonar scan. (default: openjdk11) :stream: Keyword that represents a release code-name. @@ -648,7 +648,7 @@ This job runs on dev branches and its triggered on new patchsets. :sonarcloud-project-organization: SonarCloud project organization. (default: '') :sonarcloud-api-token-cred-id: Jenkins credential ID which has the SonarCloud API Token. - This one SHOULDN'T be overwritten as per we are standarizing the credential ID for all + This one SHOULDN'T be overwritten as we are standarizing the credential ID for all projects (default: 'sonarcloud-api-token') :sonarcloud-java-version: Version of Java to use for the Sonar scan. (default: openjdk11) :sonarcloud-qualitygate-wait: SonarCloud flag that forces the analysis step to diff --git a/docs/jjb/lf-python-jobs.rst b/docs/jjb/lf-python-jobs.rst index 6a3e338c..5aeb9212 100644 --- a/docs/jjb/lf-python-jobs.rst +++ b/docs/jjb/lf-python-jobs.rst @@ -112,7 +112,7 @@ does not support multi-branch. share a Nexus IQ system to avoid project name collision. We recommend inserting a trailing - dash if using this parameter. For example 'odl-'. (default: '') - :nexus-target-build: Target directory or file to be scanned by Nexus IQ CLI + :nexus-target-build: Target directory or file for scanning by Nexus IQ CLI (default: "\*\*/\*") :pre-build-script: Shell script to run before tox. Useful for setting up dependencies. (default: a string with a shell comment) diff --git a/docs/jjb/lf-release-jobs.rst b/docs/jjb/lf-release-jobs.rst index f872808b..98bc1537 100644 --- a/docs/jjb/lf-release-jobs.rst +++ b/docs/jjb/lf-release-jobs.rst @@ -9,16 +9,15 @@ staging area to a release area. A release yaml file controls the process, and Jenkins promotes the artifact when a project committer merges the release yaml file in Gerrit. -To use the self-release process, create a releases/ or .releases/ -directory at the root of the project repository, add one release yaml -file to it, and submit a change set with that release yaml file. The -required contents of the release yaml file are different for each type -of release, see the schemas and examples shown below. The version -string in the release yaml file should be a valid Semantic Versioning -(SemVer) string, matching the pattern "#.#.#" where "#" is one or more -digits. A version string matching the pattern "v#.#.#" is also -accepted. Upon merge of the change, a Jenkins job promotes the -artifact and pushes a gpg-signed tag to the repository. +To use the self-release process, create a releases/ or .releases/ directory at +the root of the project repository, add one release yaml file to it, and submit +a change set with that release yaml file. The required contents of the release +yaml file are different for each release, see the schemas and examples shown +below. The version string in the release yaml file should be a valid Semantic +Versioning (SemVer) string, matching the pattern "#.#.#" where "#" is one or +more digits. A version string matching the pattern "v#.#.#" is also accepted. +Upon merge of the change, a Jenkins job promotes the artifact and pushes a +gpg-signed tag to the repository. .. note:: diff --git a/jenkins-init-scripts/create-swap-file.sh b/jenkins-init-scripts/create-swap-file.sh index 6f077388..8090bce6 100755 --- a/jenkins-init-scripts/create-swap-file.sh +++ b/jenkins-init-scripts/create-swap-file.sh @@ -19,7 +19,7 @@ blockCount=${SWAP_SIZE-''} # Else: No Swap case $blockCount in '') blockCount=1 ;; - [0-9]*) blockCount=$blockCount ;; + [0-9]*) ;; *) exit ;; esac [[ $blockCount == 0 ]] && exit diff --git a/jenkins-init-scripts/disable-firewall.sh b/jenkins-init-scripts/disable-firewall.sh index b3efb22d..13ae8cf1 100755 --- a/jenkins-init-scripts/disable-firewall.sh +++ b/jenkins-init-scripts/disable-firewall.sh @@ -16,7 +16,7 @@ case "$OS" in systemctl stop firewalld ;; CentOS|RedHat) - os_release_ver = "$(facter operatingsystemrelease | cut -d '.' -f1)" + os_release_ver="$(facter operatingsystemrelease | cut -d '.' -f1)" if [ "${os_release_ver}" -lt "7" ]; then service iptables stop else diff --git a/jenkins-init-scripts/lf-env.sh b/jenkins-init-scripts/lf-env.sh index f80dc798..16bf8109 100644 --- a/jenkins-init-scripts/lf-env.sh +++ b/jenkins-init-scripts/lf-env.sh @@ -209,6 +209,7 @@ lf-activate-venv () { pyenv versions if command -v pyenv 1>/dev/null 2>&1; then eval "$(pyenv init - --no-rehash)" + # shellcheck disable=SC2046 pyenv local $(lf-pyver "${python}") fi fi diff --git a/jjb/lf-c-cpp-jobs.yaml b/jjb/lf-c-cpp-jobs.yaml index 92057b70..1b448de9 100644 --- a/jjb/lf-c-cpp-jobs.yaml +++ b/jjb/lf-c-cpp-jobs.yaml @@ -514,7 +514,7 @@ wrappers: - credentials-binding: - text: - credential-id: '{sonarcloud-api-token-cred-id}' + credential-id: "{sonarcloud-api-token-cred-id}" variable: API_TOKEN - job-template: diff --git a/jjb/lf-maven-jobs.yaml b/jjb/lf-maven-jobs.yaml index 55198629..99ab3138 100644 --- a/jjb/lf-maven-jobs.yaml +++ b/jjb/lf-maven-jobs.yaml @@ -1377,7 +1377,7 @@ wrappers: - credentials-binding: - text: - credential-id: '{sonarcloud-api-token-cred-id}' + credential-id: "{sonarcloud-api-token-cred-id}" variable: API_TOKEN triggers: diff --git a/jjb/lf-python-jobs.yaml b/jjb/lf-python-jobs.yaml index 4e1dcf92..bb123f47 100644 --- a/jjb/lf-python-jobs.yaml +++ b/jjb/lf-python-jobs.yaml @@ -632,7 +632,7 @@ wrappers: - credentials-binding: - text: - credential-id: '{sonarcloud-api-token-cred-id}' + credential-id: "{sonarcloud-api-token-cred-id}" variable: API_TOKEN builders: diff --git a/releasenotes/notes/Fix-JAVA_HOME-directory-detection-b164f29820d36206.yaml b/releasenotes/notes/Fix-JAVA_HOME-directory-detection-b164f29820d36206.yaml index e5540f1b..c5866613 100644 --- a/releasenotes/notes/Fix-JAVA_HOME-directory-detection-b164f29820d36206.yaml +++ b/releasenotes/notes/Fix-JAVA_HOME-directory-detection-b164f29820d36206.yaml @@ -1,12 +1,12 @@ --- prelude: > - OpenDaylight jenkins maven jobs with jdk17 and CentOS7 currently fails - with a confusing message stating that the JAVA_HOME variable is not - correctly set. - This can happen in various cases, usually when there is a mismatch - between the jdk used by maven and the folder pointed by JAVA_HOME. - It appears that openjdk17 is not available with CentOS7 and that - the folder indeed does not exist + OpenDaylight jenkins maven jobs with jdk17 and CentOS7 currently fails + with a confusing message stating that the JAVA_HOME variable is not + correctly set. + This can happen in various cases, usually when there is a mismatch + between the jdk used by maven and the folder pointed by JAVA_HOME. + It appears that openjdk17 is not available with CentOS7 and that + the folder indeed does not exist issues: - | Current message (JAVA_HOME variable is not set) is confusing and can lead @@ -21,4 +21,3 @@ other: - | Adapt and refactor code consequently to be more agnostic to distribution and jdk installation specificities - diff --git a/releasenotes/notes/fix-sbom-file-creation-12eb6bc1d0cdaf36.yaml b/releasenotes/notes/fix-sbom-file-creation-12eb6bc1d0cdaf36.yaml index 650d8a6e..5486e773 100644 --- a/releasenotes/notes/fix-sbom-file-creation-12eb6bc1d0cdaf36.yaml +++ b/releasenotes/notes/fix-sbom-file-creation-12eb6bc1d0cdaf36.yaml @@ -1,7 +1,7 @@ --- prelude: > - The SBOM generator script creates an spdx file in the root level. - When the artifacts are staged the file gets overwritten. + The SBOM generator script creates an spdx file in the root level. + When the artifacts are staged the file gets overwritten. fixes: - | Create the spdx file as ${PROJECT}-sbom-${release_version}.spdx diff --git a/releasenotes/notes/refactor-tox-pyenv-f5b3aac7eec3725d.yaml b/releasenotes/notes/refactor-tox-pyenv-f5b3aac7eec3725d.yaml index 7d1304cf..8eb472dc 100644 --- a/releasenotes/notes/refactor-tox-pyenv-f5b3aac7eec3725d.yaml +++ b/releasenotes/notes/refactor-tox-pyenv-f5b3aac7eec3725d.yaml @@ -1,7 +1,7 @@ --- prelude: > - PyPI verify jobs requires Python 3.x. The tox run picks up default version - of python instead of the version made available through pyenv. + PyPI verify jobs requires Python 3.x. The tox run picks up default version + of python instead of the version made available through pyenv. issues: - | Re-factor lf-activate-venv() to skip a return, while the venv is diff --git a/releasenotes/notes/revert_clm_maven_plugin-db2a239e6aa22f07.yaml b/releasenotes/notes/revert_clm_maven_plugin-db2a239e6aa22f07.yaml index a310a0c8..bf2f9aeb 100644 --- a/releasenotes/notes/revert_clm_maven_plugin-db2a239e6aa22f07.yaml +++ b/releasenotes/notes/revert_clm_maven_plugin-db2a239e6aa22f07.yaml @@ -1,7 +1,7 @@ --- fixes: - | - The latest (2.42.0.01) clm-maven-plugin introduced an error in our + The latest (2.42.0.01) clm-maven-plugin introduced an error in our environment. Failed to execute goal com.sonatype.clm:clm-maven-plugin:2.42.0-01:index diff --git a/releasenotes/notes/upgrade-git-review-2.3.1-b3cc401a6c8ae58a.yaml b/releasenotes/notes/upgrade-git-review-2.3.1-b3cc401a6c8ae58a.yaml index 0c385630..3144bb14 100644 --- a/releasenotes/notes/upgrade-git-review-2.3.1-b3cc401a6c8ae58a.yaml +++ b/releasenotes/notes/upgrade-git-review-2.3.1-b3cc401a6c8ae58a.yaml @@ -1,7 +1,7 @@ --- prelude: > - Update openstack images with the auto update image requires more recent - version of git-review > 2.2. + Update openstack images with the auto update image requires more recent + version of git-review > 2.2. upgrade: - | The previous version of git-review is incompatible with the latest version of diff --git a/shell/capture-instance-metadata.sh b/shell/capture-instance-metadata.sh index 172ed109..a5e0051c 100644 --- a/shell/capture-instance-metadata.sh +++ b/shell/capture-instance-metadata.sh @@ -15,7 +15,7 @@ echo "---> capture-instance-metadata.sh" source ~/lf-env.sh if [[ "${PYTHON:-}" -ne "" ]]; then - lf-activate-venv --python $PYTHON lftools + lf-activate-venv --python "$PYTHON" lftools elif python3; then lf-activate-venv --python python3 lftools else diff --git a/shell/common-variables.sh b/shell/common-variables.sh index b7aa52ae..0001ac83 100644 --- a/shell/common-variables.sh +++ b/shell/common-variables.sh @@ -13,6 +13,7 @@ echo "---> common-variables.sh" # scripts. It is meant to be sourced in other scripts so that the variables can # be called. +# shellcheck disable=SC2140 MAVEN_OPTIONS="$(echo --show-version \ --batch-mode \ -Djenkins \ diff --git a/shell/docker-login.sh b/shell/docker-login.sh index 97e030b3..73d0603c 100644 --- a/shell/docker-login.sh +++ b/shell/docker-login.sh @@ -79,7 +79,7 @@ set_creds() { do_login() { docker_version=$( docker -v | awk '{print $3}') if version_lt "$docker_version" "17.06.0" && \ - "$DOCKERHUB_REGISTRY" == "docker.io" && \ + [ "$DOCKERHUB_REGISTRY" == "docker.io" ] && \ "$DOCKERHUB_EMAIL:-none" != 'none' then docker login -u "$USER" -p "$PASS" -e "$2" "$1" diff --git a/shell/maven-sonar.sh b/shell/maven-sonar.sh index 9c82633c..a2de475e 100644 --- a/shell/maven-sonar.sh +++ b/shell/maven-sonar.sh @@ -25,6 +25,7 @@ params+=("--settings $SETTINGS_FILE") # Disable SC2086 because we want to allow word splitting for $MAVEN_* parameters. # shellcheck disable=SC2086 +# shellcheck disable=SC2048 _JAVA_OPTIONS="$JAVA_OPTS" $MVN $MAVEN_GOALS \ -e -Dsonar \ ${params[*]} \ @@ -51,11 +52,13 @@ fi if [ -n "$SONARCLOUD_JAVA_VERSION" ] && [ "$SET_JDK_VERSION" != "$SONARCLOUD_JAVA_VERSION" ]; then export SET_JDK_VERSION="$SONARCLOUD_JAVA_VERSION" bash <(curl -s https://raw.githubusercontent.com/lfit/releng-global-jjb/master/shell/update-java-alternatives.sh) + # shellcheck source=/dev/null source /tmp/java.env fi # Disable SC2086 because we want to allow word splitting for $MAVEN_* parameters. # shellcheck disable=SC2086 +# shellcheck disable=SC2048 "$MVN" $SONAR_MAVEN_GOAL \ -e -Dsonar -Dsonar.host.url="$SONAR_HOST_URL" \ ${params[*]} \ diff --git a/shell/python-tools-install.sh b/shell/python-tools-install.sh index 4c528d20..65702b73 100644 --- a/shell/python-tools-install.sh +++ b/shell/python-tools-install.sh @@ -15,9 +15,11 @@ set -eufo pipefail # Souce the python version from lf-env.sh if available. python="python3" if [[ -f ~/lf-env.sh ]]; then + # shellcheck source=/dev/null source ~/lf-env.sh lf-activate-venv --python "$python" lftools # Save the virtualenv path + # shellcheck disable=SC2154 echo "$lf_venv" > "/tmp/.os_lf_venv" elif [[ -d /opt/pyenv ]]; then echo "Setup up pyenv" diff --git a/shell/release-job.sh b/shell/release-job.sh index 24bb0d6c..792cbdd3 100644 --- a/shell/release-job.sh +++ b/shell/release-job.sh @@ -404,6 +404,7 @@ artifact_release_file(){ wget "${path}"/"${name}" -o artifacts/"${name}" if [[ "$JOB_NAME" =~ "merge" ]] && [[ "$DRY_RUN" = false ]]; then #lftools sign sigul artifacts + # shellcheck disable=SC2261 curl -v -u : --upload-file \ "${NEXUS_URL}"/content/repositories/releases/org/"${ORG}"/"${VERSION}"/"${name}" \; fi @@ -469,7 +470,8 @@ maven_release_file(){ # forward from the tagging point, then a spur commit is created # for the tag taghash="$(awk '{print $NF}' "$PATCH_DIR/taglist.log")" - if [ "${taghash}" = $(git rev-parse origin/${GERRIT_BRANCH}) ]; then + # shellcheck disable=SC2046 + if [ "${taghash}" = $(git rev-parse "origin/${GERRIT_BRANCH}") ]; then git checkout "origin/${GERRIT_BRANCH}" # sentinal file touch .testhash diff --git a/shell/sbom-generator.sh b/shell/sbom-generator.sh index c63efd68..2ffca284 100644 --- a/shell/sbom-generator.sh +++ b/shell/sbom-generator.sh @@ -28,8 +28,10 @@ fi # Extract SBOM bin in SBOM_PATH # This is a workaround until the --path flag works # https://github.com/opensbom-generator/spdx-sbom-generator/issues/227 +# shellcheck disable=SC2086 tar -xzf "${SBOM_LOCATION}" -C ${SBOM_PATH} echo "INFO: running spdx-sbom-generator" +# shellcheck disable=SC2086 cd ${SBOM_PATH} ./spdx-sbom-generator "${SBOM_FLAGS:-}" -g "$GLOBAL_SETTINGS_FILE" -o "${WORKSPACE}"/archives diff --git a/shell/sigul-sign-dir.sh b/shell/sigul-sign-dir.sh index 724f1907..d3995ace 100644 --- a/shell/sigul-sign-dir.sh +++ b/shell/sigul-sign-dir.sh @@ -22,14 +22,16 @@ OS=$(facter operatingsystem | tr '[:upper:]' '[:lower:]') OS_RELEASE=$(facter lsbdistrelease | tr '[:upper:]' '[:lower:]') if [[ "$OS_RELEASE" == "8" && "$OS" == 'centos' ]]; then # Get Dockerfile and the enterpoint to build the docker image. + # shellcheck disable=SC2140 wget -O "${WORKSPACE}/sigul-sign.sh" "https://raw.githubusercontent.com/"\ "lfit/releng-global-jjb/master/shell/sigul-sign.sh" + # shellcheck disable=SC2140 wget -O "${WORKSPACE}/Dockerfile" "https://raw.githubusercontent.com/"\ "lfit/releng-global-jjb/master/docker/Dockerfile" # Setup the docker environment for jenkins user - docker build -f ${WORKSPACE}/Dockerfile \ - --build-arg SIGN_DIR=${SIGN_DIR} \ + docker build -f "${WORKSPACE}/Dockerfile" \ + --build-arg SIGN_DIR="${SIGN_DIR}" \ -t sigul-sign . docker volume create --driver local \ @@ -40,16 +42,17 @@ if [[ "$OS_RELEASE" == "8" && "$OS" == 'centos' ]]; then docker volume inspect wrkspc_vol + # shellcheck disable=SC2140 docker run -e SIGUL_KEY="${SIGUL_KEY}" \ -e SIGUL_PASSWORD="${SIGUL_PASSWORD}" \ - -e SIGUL_CONFIG=${SIGUL_CONFIG} \ - -e SIGN_DIR=${SIGN_DIR} \ - -e WORKSPACE=${WORKSPACE} \ + -e SIGUL_CONFIG="${SIGUL_CONFIG}" \ + -e SIGN_DIR="${SIGN_DIR}" \ + -e WORKSPACE="${WORKSPACE}" \ --name sigul-sign \ --security-opt label:disable \ --mount type=bind,source="/w/workspace",target="/w/workspace" \ --mount type=bind,source="/home/jenkins",target="/home/jenkins" \ - -u root:root -w $(pwd) sigul-sign + -u root:root -w "$(pwd)" sigul-sign # change the .asc files owner permissions back to jenkins sudo chown -R jenkins:jenkins "${SIGN_DIR}" diff --git a/shell/sigul-sign.sh b/shell/sigul-sign.sh index d5c674f2..ca476ea5 100644 --- a/shell/sigul-sign.sh +++ b/shell/sigul-sign.sh @@ -20,9 +20,9 @@ find "${SIGN_DIR}" -type f ! -name "*.asc" \ ! -name "_remote.repositories" \ ! -name "*.lastUpdated" \ ! -name "maven-metadata-local.xml" \ - ! -name "maven-metadata.xml" > ${WORKSPACE}/sign.lst + ! -name "maven-metadata.xml" > "${WORKSPACE}/sign.lst" -if [ -s ${WORKSPACE}/sign.lst ]; then +if [ -s "${WORKSPACE}/sign.lst" ]; then echo "Sign list is not empty" fi @@ -30,7 +30,7 @@ files_to_sign=() while IFS= read -rd $'\n' line; do files_to_sign+=("$line") sigul --batch -c "${SIGUL_CONFIG}" sign-data -a -o "${line}.asc" "${SIGUL_KEY}" "${line}" < "${SIGUL_PASSWORD}" -done < ${WORKSPACE}/sign.lst +done < "${WORKSPACE}/sign.lst" if [ "${#files_to_sign[@]}" -eq 0 ]; then echo "ERROR: No files to sign. Quitting..." diff --git a/shell/update-java-alternatives.sh b/shell/update-java-alternatives.sh index d6c069ec..01b972bc 100644 --- a/shell/update-java-alternatives.sh +++ b/shell/update-java-alternatives.sh @@ -51,6 +51,7 @@ esac if ! [ -d "$JAVA_HOME" ]; then echo "$JAVA_HOME directory not found - trying to find an approaching one" if ls -d "$JAVA_HOME"*; then + # shellcheck disable=SC2012 JAVA_HOME=$(ls -d "$JAVA_HOME"* | head -1) export JAVA_HOME else -- 2.16.6