Using `shellcheck` to lint your bash/sh scripts.

Opening

Being involved in technology, specifically web, it does not take long we have to write a bash (or shell) script. If you work with server side technology this event happens very soon after logging into a server. As a Dev(Sec)Ops practitioner linting code during the a CI/CD process is a basic requirement for me personally. Until recently linting Bash/sh code for me was a painful process. However, like so much else it was just a matter of time before a solution was found to automate the process. Enter ‘shellcheck‘. 

Installation

For this quick demo I am running Ubuntu 18.04. The installation process is very straight forward, APT work for this.

sudo apt-get install -y shellcheck
That was easy.

Once executed we should see the standard install output. Just to make sure everything completed as expected I execute a quick version check.

shellcheck --version
Worked as expected.

And has hoped shellcheck is indeed installed.

Options

Getting to the options of shellcheck is as easy as the installation. A quick ‘–help’ argument provides us with the list of execution options.

shellcheck --help
Neat, colors and formatting!

Usage

So far so good. Now lets look at how it executes.  I has a BASH file in my home directory that provides the SVN history of a file so I used that as a demo.

shellcheck ./svn_file_history.sh
Oh man, I suck at BASH scripting.

Hey, that’s pretty neat. Give it is standard output it would be easy to pipe these messages to a reporting system or quality gate process. Nice.

Closing

shellcheck is one of those tools that makes life much easier, as long as you know about it before trying to write your own monster of a syntax checker.  Easy to install, easy to use, easy to integrate with it becomes yet another quality and security insurance step along the development pipeline.

Share your favorite linter in the comments so we can all learn.

Additional Resources


Also published on Medium.