diff options
| author | Sebastian Holmin <sebastian.holmin@mullvad.net> | 2024-01-25 11:44:41 +0100 |
|---|---|---|
| committer | Markus Pettersson <markus.pettersson@mullvad.net> | 2024-02-02 11:04:48 +0100 |
| commit | b6e0545e1b5ae2fbcb6655bd4d28739cf9f943d6 (patch) | |
| tree | 40644f1100793192c23fd7491978dc26ad1fef97 /ci | |
| parent | 1438e369b10bbf50900d9e380329001513de2c1e (diff) | |
| download | mullvadvpn-b6e0545e1b5ae2fbcb6655bd4d28739cf9f943d6.tar.xz mullvadvpn-b6e0545e1b5ae2fbcb6655bd4d28739cf9f943d6.zip | |
Fix `shellcheck` lints of our various bash scripts
The following lints have been fixed:
SC2046,SC2086,SC2068,SC2148,SC2007,SC2004,SC2006,
SC2164,SC2145,SC1091,SC2034,SC2155.
Diffstat (limited to 'ci')
| -rwxr-xr-x | ci/buildserver-build.sh | 1 | ||||
| -rwxr-xr-x | ci/buildserver-upload.sh | 1 | ||||
| -rw-r--r-- | ci/ios/build-app.sh | 2 | ||||
| -rw-r--r-- | ci/ios/buildserver-build-ios.sh | 7 | ||||
| -rw-r--r-- | ci/ios/run-build-and-upload.sh | 2 | ||||
| -rw-r--r-- | ci/ios/run-in-vm.sh | 3 | ||||
| -rw-r--r-- | ci/ios/upload-app.sh | 2 | ||||
| -rwxr-xr-x | ci/prepare-apt-repository.sh | 1 | ||||
| -rwxr-xr-x | ci/prepare-rpm-repository.sh | 1 | ||||
| -rwxr-xr-x | ci/publish-linux-repositories.sh | 1 | ||||
| -rwxr-xr-x | ci/verify-locked-down-signatures.sh | 5 |
11 files changed, 18 insertions, 8 deletions
diff --git a/ci/buildserver-build.sh b/ci/buildserver-build.sh index 2b9d2a4904..8032c99b04 100755 --- a/ci/buildserver-build.sh +++ b/ci/buildserver-build.sh @@ -20,6 +20,7 @@ LAST_BUILT_DIR="$SCRIPT_DIR/last-built" BRANCHES_TO_BUILD=("origin/main") +# shellcheck source=ci/buildserver-config.sh source "$SCRIPT_DIR/buildserver-config.sh" # Ask for the passphrase to the signing keys diff --git a/ci/buildserver-upload.sh b/ci/buildserver-upload.sh index 0a585d5e9c..fde7c192b8 100755 --- a/ci/buildserver-upload.sh +++ b/ci/buildserver-upload.sh @@ -7,6 +7,7 @@ CODE_SIGNING_KEY_FINGERPRINT="A1198702FC3E0A09A9AE5B75D5A1D4F266DE8DDF" SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +# shellcheck source=ci/buildserver-config.sh source "$SCRIPT_DIR/buildserver-config.sh" cd "$UPLOAD_DIR" diff --git a/ci/ios/build-app.sh b/ci/ios/build-app.sh index abf6fac1cd..d2eb5907b1 100644 --- a/ci/ios/build-app.sh +++ b/ci/ios/build-app.sh @@ -17,7 +17,7 @@ cd ~/build/ios rm -r Build # Instantiate Xcconfig templates. -for file in ./Configurations/*.template ; do cp $file ${file//.template/} ; done +for file in ./Configurations/*.template ; do cp "$file" "${file//.template/}" ; done IOS_PROVISIONING_PROFILES_DIR=~/provisioning-profiles \ PATH=/usr/local/go/bin:$PATH \ diff --git a/ci/ios/buildserver-build-ios.sh b/ci/ios/buildserver-build-ios.sh index fab47acd97..9a94a442c6 100644 --- a/ci/ios/buildserver-build-ios.sh +++ b/ci/ios/buildserver-build-ios.sh @@ -14,7 +14,7 @@ export GIT_DIR="$GIT_WORK_TREE/.git" function run_git { # `git submodule` needs more info than just $GIT_DIR and $GIT_WORK_TREE. # But -C makes it work. - git -C $GIT_WORK_TREE $@ + git -C "$GIT_WORK_TREE" "$@" } @@ -43,7 +43,7 @@ function build_ref() { fi run_git reset --hard - run_git checkout $tag + run_git checkout "$tag" run_git submodule update run_git clean -df @@ -92,7 +92,8 @@ function run_build_loop() { run_git tag | xargs git tag -d > /dev/null run_git fetch --prune --tags 2> /dev/null || continue - local tags=( $(run_git tag | grep "$TAG_PATTERN_TO_BUILD") ) + local tags + tags=( $(run_git tag | grep "$TAG_PATTERN_TO_BUILD") ) for tag in "${tags[@]}"; do build_ref "refs/tags/$tag" diff --git a/ci/ios/run-build-and-upload.sh b/ci/ios/run-build-and-upload.sh index 6c15389331..769ba484ee 100644 --- a/ci/ios/run-build-and-upload.sh +++ b/ci/ios/run-build-and-upload.sh @@ -10,7 +10,7 @@ set -eu -o pipefail # Add SSH key for iOS build VMs to be able to SSH into them without user interaction -eval $(ssh-agent) +eval "$(ssh-agent)" ssh-add ~/.ssh/ios-vm-key # This single path really screws with XCode and wireguard-go's makefiles, which diff --git a/ci/ios/run-in-vm.sh b/ci/ios/run-in-vm.sh index 331ba04af4..fb0a719e40 100644 --- a/ci/ios/run-in-vm.sh +++ b/ci/ios/run-in-vm.sh @@ -1,3 +1,4 @@ +#!/usr/bin/env bash # This takes the following positional arguments # 1. tart VM name # 2. Script to execute in the VM @@ -23,7 +24,7 @@ sleep 10 # apparently, there's a difference between piping into zsh like this and doing # a <(echo $SCRIPT). -cat "$SCRIPT" | ssh admin@$(tart ip "$VM_NAME") bash /dev/stdin +cat "$SCRIPT" | ssh admin@"$(tart ip "$VM_NAME")" bash /dev/stdin script_status=$? kill $vm_pid diff --git a/ci/ios/upload-app.sh b/ci/ios/upload-app.sh index aebb444384..d6e207def2 100644 --- a/ci/ios/upload-app.sh +++ b/ci/ios/upload-app.sh @@ -1,8 +1,10 @@ #!/usr/bin/env bash +set -eu # Upload script to run in `ios-upload` VM to upload a newly built IPA to TestFlight VM_UPLOAD_IPA_PATH="/Volumes/My Shared Files/build-output/MullvadVPN.ipa" API_KEY_PATH="$HOME/ci/app-store-connect-key.json" cd ci/ +# shellcheck source=/dev/null source ~/.bash_profile bundle exec fastlane pilot upload --api-key-path "${API_KEY_PATH}" --ipa "${VM_UPLOAD_IPA_PATH}" diff --git a/ci/prepare-apt-repository.sh b/ci/prepare-apt-repository.sh index 784a6c92f8..5f4eee9746 100755 --- a/ci/prepare-apt-repository.sh +++ b/ci/prepare-apt-repository.sh @@ -9,6 +9,7 @@ set -eu SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +# shellcheck source=ci/buildserver-config.sh source "$SCRIPT_DIR/buildserver-config.sh" artifact_dir=$1 diff --git a/ci/prepare-rpm-repository.sh b/ci/prepare-rpm-repository.sh index bb89dce2bc..22616c591f 100755 --- a/ci/prepare-rpm-repository.sh +++ b/ci/prepare-rpm-repository.sh @@ -9,6 +9,7 @@ set -eu SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +# shellcheck source=ci/buildserver-config.sh source "$SCRIPT_DIR/buildserver-config.sh" artifact_dir=$1 diff --git a/ci/publish-linux-repositories.sh b/ci/publish-linux-repositories.sh index bca8451834..76d09c33d9 100755 --- a/ci/publish-linux-repositories.sh +++ b/ci/publish-linux-repositories.sh @@ -9,6 +9,7 @@ set -eu SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +# shellcheck source=ci/buildserver-config.sh source "$SCRIPT_DIR/buildserver-config.sh" while [ "$#" -gt 0 ]; do diff --git a/ci/verify-locked-down-signatures.sh b/ci/verify-locked-down-signatures.sh index 8199a27984..407f5f3f28 100755 --- a/ci/verify-locked-down-signatures.sh +++ b/ci/verify-locked-down-signatures.sh @@ -2,7 +2,8 @@ set -eu shopt -s nullglob -readonly SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +readonly SCRIPT_DIR readonly REPO_DIR="$SCRIPT_DIR/.." # In the CI environment we would like to import trusted public keys from a file, @@ -76,7 +77,7 @@ for locked_path in $locked_down_paths; do # Check if important file has been removed. if [[ ! -e "$REPO_DIR/$locked_path" ]]; then - echo "$locked_path was removed. If this was intentional, remove it from `verify-locked-down-signatures.yml`." + echo "$locked_path was removed. If this was intentional, remove it from 'verify-locked-down-signatures.yml'" important_file_was_removed=1 fi done |