hawtio · tadayosi · Mar 11, 2024 · Mar 11, 2024
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -48,3 +48,7 @@ jobs:
         id: lint
         if: steps.install.outcome == 'success'
         run: yarn lint --max-warnings=0
+      - name: Shellcheck
+        shell: bash
+        run: |
+          ./scripts/shellcheck.sh
diff --git a/deploy/script/generate-proxying.sh b/deploy/script/generate-proxying.sh
@@ -23,7 +23,7 @@ This script generates a client certificate and then creates a TLS secret with it
 for Hawtio proxying on OpenShift 4.
 
 Usage:
-  $(basename $0) [-h] [SECRET_NAME] [CN]
+  $(basename "$0") [-h] [SECRET_NAME] [CN]
 
 Options:
   -h    Show this help
@@ -33,12 +33,13 @@ EOT
 
 kube_binary() {
   local k
-  k=$(command -v ${1} 2> /dev/null)
+  k=$(command -v "${1}" 2> /dev/null)
+  # shellcheck disable=SC2181
   if [ $? != 0 ]; then
     return
   fi
 
-  echo ${k}
+  echo "${k}"
 }
 
 while getopts h OPT; do
@@ -52,7 +53,7 @@ while getopts h OPT; do
 done
 
 if [ -n "${KUBECLI}" ]; then
-  KUBECLI=$(kube_binary ${KUBECLI})
+  KUBECLI=$(kube_binary "${KUBECLI}")
 else
   # try finding oc
   KUBECLI=$(kube_binary oc)
@@ -113,10 +114,10 @@ openssl req -new -key server.key -out server.csr -config csr.conf
 # Issue the signed certificate
 openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000 -extensions v3_ext -extfile csr.conf
 
-if ${KUBECLI} get secret ${SECRET_NAME} -n ${NAMESPACE} 1> /dev/null 2>& 1; then
+if ${KUBECLI} get secret "${SECRET_NAME}" -n "${NAMESPACE}" 1> /dev/null 2>& 1; then
   echo "The secret ${SECRET_NAME} in ${NAMESPACE} already exists"
   exit 0
 fi
 
 # Create the secret for Hawtio Online
-${KUBECLI} create secret tls ${SECRET_NAME} --cert server.crt --key server.key -n ${NAMESPACE}
+${KUBECLI} create secret tls "${SECRET_NAME}" --cert server.crt --key server.key -n "${NAMESPACE}"
diff --git a/deploy/script/generate-serving.sh b/deploy/script/generate-serving.sh
@@ -7,7 +7,7 @@ usage() {
 This script creates a TLS secret for Hawtio serving on Kubernetes.
 
 Usage:
-  $(basename $0) [-h] [-k tls_key] [-c tls_crt] [SECRET_NAME] [CN]
+  $(basename "$0") [-h] [-k tls_key] [-c tls_crt] [SECRET_NAME] [CN]
 
 Options:
   -c tls_key   TLS key
@@ -19,12 +19,13 @@ EOT
 
 kube_binary() {
   local k
-  k=$(command -v ${1} 2> /dev/null)
+  k=$(command -v "${1}" 2> /dev/null)
+  # shellcheck disable=SC2181
   if [ $? != 0 ]; then
     return
   fi
 
-  echo ${k}
+  echo "${k}"
 }
 
 while getopts c:k:h OPT; do
@@ -42,7 +43,7 @@ done
 shift $((OPTIND - 1))
 
 if [ -n "${KUBECLI}" ]; then
-  KUBECLI=$(kube_binary ${KUBECLI})
+  KUBECLI=$(kube_binary "${KUBECLI}")
 else
   # try finding oc
   KUBECLI=$(kube_binary oc)
@@ -83,10 +84,10 @@ if [ -z "${TLS_CRT}" ]; then
   TLS_CRT=tls.crt
 fi
 
-if ${KUBECLI} get secret ${SECRET_NAME} -n ${NAMESPACE} 1> /dev/null 2>& 1; then
+if ${KUBECLI} get secret "${SECRET_NAME}" -n "${NAMESPACE}" 1> /dev/null 2>& 1; then
   echo "The secret ${SECRET_NAME} in ${NAMESPACE} already exists"
   exit 0
 fi
 
 # Create the secret for Hawtio Online
-${KUBECLI} create secret tls ${SECRET_NAME} --cert tls.crt --key tls.key -n ${NAMESPACE}
+${KUBECLI} create secret tls "${SECRET_NAME}" --cert tls.crt --key tls.key -n "${NAMESPACE}"
diff --git a/docker/nginx.sh b/docker/nginx.sh
@@ -7,9 +7,9 @@ NGINX_HTML="/usr/share/nginx/html"
 HAWTIO_HTML="${NGINX_HTML}/online"
 
 # nginx.conf parameter default values
-export NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZE=${NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZE:-10m}
-export NGINX_CLIENT_BODY_BUFFER_SIZE=${NGINX_CLIENT_BODY_BUFFER_SIZE:-256k}
-export NGINX_PROXY_BUFFERS=${NGINX_PROXY_BUFFERS:-16 128k}
+export NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZE="${NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZE:-10m}"
+export NGINX_CLIENT_BODY_BUFFER_SIZE="${NGINX_CLIENT_BODY_BUFFER_SIZE:-256k}"
+export NGINX_PROXY_BUFFERS="${NGINX_PROXY_BUFFERS:-16 128k}"
 
 export OPENSHIFT=true
 
@@ -19,11 +19,11 @@ check_openshift_api() {
   TOKEN=$(cat ${SERVICEACCOUNT}/token)
   CACERT=${SERVICEACCOUNT}/ca.crt
 
-  STATUS_CODE=$(curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/apis/apps.openshift.io/v1 --write-out '%{http_code}' --silent --output /dev/null)
+  STATUS_CODE=$(curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET "${APISERVER}"/apis/apps.openshift.io/v1 --write-out '%{http_code}' --silent --output /dev/null)
   if [ "${STATUS_CODE}" != "200" ]; then
     OPENSHIFT=false
   fi
-  echo OpenShift API: ${OPENSHIFT} - ${STATUS_CODE} ${APISERVER}/apis/apps.openshift.io/v1
+  echo "OpenShift API: ${OPENSHIFT} - ${STATUS_CODE} ${APISERVER}/apis/apps.openshift.io/v1"
 }
 
 check_openshift_api
@@ -40,6 +40,7 @@ generate_nginx_gateway_conf() {
   if [ "${OPENSHIFT}" = "false" ]; then
     TEMPLATE=/nginx-gateway-k8s.conf.template
   fi
+  # shellcheck disable=SC2016
   envsubst '
     $NGINX_SUBREQUEST_OUTPUT_BUFFER_SIZE
     $NGINX_CLIENT_BODY_BUFFER_SIZE
@@ -58,6 +59,7 @@ else
   ln -sf /nginx.conf /etc/nginx/conf.d/nginx.conf
 fi
 
+# shellcheck disable=SC2181
 if [ $? = 0 ]; then
   echo Starting NGINX...
   nginx -g 'daemon off;'

diff --git a/docker/osconsole/config.sh b/docker/osconsole/config.sh
@@ -103,7 +103,7 @@ invalid() {
   exit 1
 }
 
-if [ "${OPENSHIFT}" == "true" ]; then
+if [ "${OPENSHIFT}" = "true" ]; then
   MASTER_KIND=openshift
 else
   MASTER_KIND=kubernetes

diff --git a/scripts/disable-jolokia-auth.sh b/scripts/disable-jolokia-auth.sh
@@ -1,18 +1,18 @@
 #!/bin/bash
 
 # target dc labeled 'provider=fabric8'
-if [ -z $1 ]; then
+if [ -z "$1" ]; then
   names=$(oc get dc --selector='provider=fabric8' -o 'jsonpath={.items[*].metadata.name}')
 else
   names=$1
 fi
 
-if [ -z $names ]; then
+if [ -z "$names" ]; then
   echo "No deployment configs are selected."
   exit 1
 fi
 
-echo $names | tr " " "\n"
+echo "$names" | tr " " "\n"
 read -p "Disable Jolokia authentication & SSL for these deployment configs? [y/N]: " -r yn
 if [ "$yn" != "y" ]; then
   exit 0
@@ -22,7 +22,7 @@ for name in $names; do
   echo "Disabling: $name"
 
   echo "  oc set env dc/$name AB_JOLOKIA_AUTH_OPENSHIFT=false AB_JOLOKIA_PASSWORD_RANDOM=false AB_JOLOKIA_OPTS=useSslClientAuthentication=false,protocol=https"
-  oc set env dc/$name \
+  oc set env dc/"$name" \
     AB_JOLOKIA_AUTH_OPENSHIFT=false \
     AB_JOLOKIA_PASSWORD_RANDOM=false \
     AB_JOLOKIA_OPTS=useSslClientAuthentication=false,protocol=https

diff --git a/scripts/shellcheck.sh b/scripts/shellcheck.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+excludes=""
+
+target_dirs=(
+  "scripts"
+  "deploy/openshift/cluster"
+  "deploy/script"
+  "docker"
+  "docker/osconsole"
+)
+
+for dir in "${target_dirs[@]}"; do
+  echo Linting "$dir/*.sh"
+  shellcheck "$dir"/*.sh -e "$excludes"
+done