Use differential-shellcheck instead of action-shellcheck #106
Conversation
It performs differential ShellCheck scans and report results directly on GitHub. documentation: https://github.com/redhat-plumbers-in-action/differential-shellcheck Signed-off-by: Jan Macku <[email protected]>
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
|
This looks cool!! do you have its as IDE-plugin(vs code) as static analysis tool? |
Unfortunately, no, but I believe you can use https://github.com/Microsoft/sarif-vscode-extension with this action. Once you link your GitHub account with sarif-vscode-extension, you should see the reports in your IDE.
|
|
LGTM |
This change doesn't change the core behavior of ShellCheck linting. Differential ShellCheck uses by default flag
-X. It will also exclude all shell scripts located intests/from linting.Some benefits of using differential ShellCheck Action
Differential ShellCheck is a GitHub Action that performs differential ShellCheck scans on shell scripts changed via PR and reports results directly in PR.
It is able to produce reports in SARIF format. GitHub understands this format and is able to display it nicely as a PR comment, and on the
Files Changedtab, please see below.Documentation is available at @redhat-plumbers-in-action/differential-shellcheck. Let me know If you are missing some feature or setting. I'm always happy to extend functionality.