shellcheck

Author: gchait

Kubernetes/finalize-k8s-obj.sh

@@ -1,6 +1,7 @@
 kubectl patch KIND -n NAMESPACE NAME -p '{"metadata":{"finalizers":[]}}' --type='merge'
 
 # Many:
-kubectl get flinkdeployment,flinksessionjob -n ${k8s_namespace} | \
+k8s_namespace="xxx"
+kubectl get flinkdeployment,flinksessionjob -n "${k8s_namespace}" | \
   grep flink | awk '{print $1}' | xargs -I {} kubectl patch \
-  -n ${k8s_namespace} {} -p '{"metadata":{"finalizers":[]}}' --type='merge' || true
+  -n "${k8s_namespace}" {} -p '{"metadata":{"finalizers":[]}}' --type='merge' || true

Kubernetes/sealed-secret-gen.sh

@@ -1,11 +1,9 @@
-PASS_LEN=${PASS_LEN:-xxx}
-SCRIPT_NAME=$(basename "$0")
-ARGS="$*"
+PASS_LEN="${PASS_LEN:-xxx}"
 SEAL_CMD="/usr/bin/env kubeseal --controller-namespace sealed-secrets -o yaml --allow-empty-data --scope xxx"
 TMP_FILE=/tmp/sealedsecret.yaml
 
 while getopts "h?pi:" opt; do
-  case "$opt" in
+  case "${opt}" in
     h|\?)
       echo '+------------------------------------HELP------------------------------------+'
       echo '| This script can generate a SealedSecret from a given Secret.               |'
@@ -18,52 +16,52 @@ while getopts "h?pi:" opt; do
       ;;
     p)
         # shellcheck disable=SC2181
-        password=$(export LC_CTYPE=C; false; while [ $? -ne 0 ]; do tr -dc A-Za-z0-9 < /dev/urandom | \
-                   head -c "$PASS_LEN"; done)
+        password=$(export LC_CTYPE=C; false; while [ "${?}" -ne 0 ]; do \
+          tr -dc A-Za-z0-9 < /dev/urandom | head -c "${PASS_LEN}"; done)
       ;;
-    i)  input_file=$OPTARG
+    i)  input_file="${OPTARG}"
       ;;
   esac
 done
 
 shift $((OPTIND-1))
 [ "${1:-}" = "--" ] && shift
 
-if [ -n "$1" ]; then
-  echo "Unknown argument: $1" >&2
+if [ -n "${1}" ]; then
+  echo "Unknown argument: ${1}" >&2
   exit 2
 fi
 
-if [ -z "$input_file" ]; then
+if [ -z "${input_file}" ]; then
   echo "Required argument is missing: -i <file containing a Kubernetes Secret>." >&2
   exit 2
 fi
 
-if [ ! -f "$input_file" ]; then
-  echo "File not found: $input_file." >&2
+if [ ! -f "${input_file}" ]; then
+  echo "File not found: ${input_file}." >&2
   exit 1
 fi
 
-input=$(yq 'del(.metadata.namespace)' "$input_file" | sed '/ null$/d')
-echo "$input" | $SEAL_CMD > $TMP_FILE
-name=$(yq '.metadata.name' "$input_file")
+input=$(yq 'del(.metadata.namespace)' "${input_file}" | sed '/ null$/d')
+echo "${input}" | ${SEAL_CMD} > "${TMP_FILE}"
+name=$(yq '.metadata.name' "${input_file}")
 
-if [ -n "$password" ]; then
-  echo -n "$password" | kubectl create secret generic "$name" \
+if [ -n "${password}" ]; then
+  echo -n "${password}" | kubectl create secret generic "${name}" \
     --dry-run=client --from-file=password=/dev/stdin -o yaml | \
-    $SEAL_CMD --merge-into $TMP_FILE
+    ${SEAL_CMD} --merge-into "${TMP_FILE}"
 fi
 
-result=$(sed '/ null$/d' $TMP_FILE)
-rm -f $TMP_FILE
+result=$(sed '/ null$/d' "${TMP_FILE}")
+rm -f "${TMP_FILE}"
 
 echo "# Input:"
 echo "# ---"
 # shellcheck disable=SC2001
-echo "$input" | sed 's/^/# /g'
+echo "${input}" | sed 's/^/# /g'
 echo
 
 echo "# Result:"
 echo ---
-echo "$result" | yq 'del(.spec.template)'
+echo "${result}" | yq 'del(.spec.template)'
 echo

Other/LinuxAdventures/FedoraGnome/bootstrap.sh

@@ -7,7 +7,7 @@ configure_user() {
     https://github.com/romkatv/powerlevel10k.git ~/powerlevel10k --depth 1
 
   # Dotfiles
-  if [ ${OS_USERNAME} = "vagrant" ]; then
+  if [ "${OS_USERNAME}" = "vagrant" ]; then
     cp -r /vagrant/Home/.* ~/
   else
     cp -Lr ./Home/.* ~/
@@ -32,7 +32,7 @@ get_docker() {
     /etc/docker/daemon.json
   systemctl restart docker
   systemctl enable docker
-  usermod -aG docker ${OS_USERNAME}
+  usermod -aG docker "${OS_USERNAME}"
 }
 
 # Base repo packages
@@ -58,10 +58,10 @@ wget -qO /usr/local/bin/pfetch \
   https://raw.githubusercontent.com/dylanaraps/pfetch/master/pfetch
 chmod +x /usr/local/bin/pfetch
 
-if [ ${OS_USERNAME} = "vagrant" ]; then
+if [ "${OS_USERNAME}" = "vagrant" ]; then
   # De-bloat
   hostnamectl hostname fedora
-  > /etc/motd
+  true > /etc/motd
   grep "#PrintLastLog yes" /etc/ssh/sshd_config \
     && sed -i "s/#PrintLastLog yes/PrintLastLog no/" /etc/ssh/sshd_config \
     && systemctl restart sshd
@@ -78,5 +78,5 @@ fi
 
 # Regular user configuration
 export -f configure_user
-su ${OS_USERNAME} -c "bash -xec configure_user"
-chsh -s $(which zsh) ${OS_USERNAME}
+su "${OS_USERNAME}" -c "bash -xec configure_user"
+chsh -s "$(which zsh)" "${OS_USERNAME}"

Other/LinuxAdventures/TumbleweedPlasma/bootstrap.sh

@@ -6,6 +6,7 @@ get_executable() {
 }
 
 get_repo() {
+  # shellcheck disable=SC2015
   cd "$1" && git pull || git clone "$2" "$1"
 }
 

Other/LinuxAdventures/UnusedDistros/Virtual/bootstrap-ubuntu.sh

@@ -18,7 +18,7 @@ pretty() {
   # p10k
   [[ -d ~/.oh-my-zsh/custom/themes/powerlevel10k ]] || git clone \
     --depth=1 https://github.com/romkatv/powerlevel10k.git \
-    ${ZSH_CUSTOM:-${HOME}/.oh-my-zsh/custom}/themes/powerlevel10k
+    "${ZSH_CUSTOM:-${HOME}/.oh-my-zsh/custom}/themes/powerlevel10k"
 
   # Main venv
   python3 -m venv ~/.venv
@@ -54,6 +54,7 @@ install -m 0755 -d /etc/apt/keyrings
   gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
   chmod a+r /etc/apt/keyrings/docker.gpg; }
 
+# shellcheck disable=SC2027,SC2046
 echo \
   "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] \
   https://download.docker.com/linux/ubuntu \
@@ -66,7 +67,7 @@ apt-get install -yq docker-ce docker-ce-cli containerd.io \
 echo '{"default-address-pools":[{"base":"10.2.0.0/16","size":24}]}' > /etc/docker/daemon.json
 
 systemctl restart docker
-usermod -aG docker ${OS_USER}
+usermod -aG docker "${OS_USER}"
 # Docker end
 
 # MongoDB repo
@@ -109,7 +110,7 @@ chmod +x /usr/local/bin/websocat
 
 export -f pretty
 su ${OS_USER} -c "bash -xec pretty"
-chsh -s $(which zsh) ${OS_USER}
+chsh -s "$(which zsh)" "${OS_USER}"
 
 apt_up
 echo REMEMBER TO BRING YOUR DOTFILES NOW

Other/LinuxAdventures/UnusedDistros/Virtual/chown-zyp-cache.sh

@@ -1 +1 @@
-sudo chown -Rv $USER: /var/cache/zypp/raw
+sudo chown -Rv "${USER}:" /var/cache/zypp/raw

Other/VagrantSetup/Vagrant/bootstrap.sh

@@ -7,7 +7,7 @@ configure_user() {
     https://github.com/romkatv/powerlevel10k.git ~/powerlevel10k --depth 1
 
   # Dotfiles
-  if [ ${OS_USERNAME} = "vagrant" ]; then
+  if [ "${OS_USERNAME}" = "vagrant" ]; then
     cp -r /vagrant/Home/.* ~/
   else
     cp -Lr ./Home/.* ~/
@@ -32,7 +32,7 @@ get_docker() {
     /etc/docker/daemon.json
   systemctl restart docker
   systemctl enable docker
-  usermod -aG docker ${OS_USERNAME}
+  usermod -aG docker "${OS_USERNAME}"
 }
 
 # Base repo packages
@@ -58,10 +58,10 @@ wget -qO /usr/local/bin/pfetch \
   https://raw.githubusercontent.com/dylanaraps/pfetch/master/pfetch
 chmod +x /usr/local/bin/pfetch
 
-if [ ${OS_USERNAME} = "vagrant" ]; then
+if [ "${OS_USERNAME}" = "vagrant" ]; then
   # De-bloat
   hostnamectl hostname fedora
-  > /etc/motd
+  true > /etc/motd
   grep "#PrintLastLog yes" /etc/ssh/sshd_config \
     && sed -i "s/#PrintLastLog yes/PrintLastLog no/" /etc/ssh/sshd_config \
     && systemctl restart sshd
@@ -78,5 +78,5 @@ fi
 
 # Regular user configuration
 export -f configure_user
-su ${OS_USERNAME} -c "bash -xec configure_user"
-chsh -s $(which zsh) ${OS_USERNAME}
+su "${OS_USERNAME}" -c "bash -xec configure_user"
+chsh -s "$(which zsh)" "${OS_USERNAME}"

Other/VagrantSetup/macos-vagrant-vars.sh

@@ -1,3 +1,5 @@
+# shellcheck disable=SC2003,SC2046
+
 export VAGRANT_EXPERIMENTAL="disks"
 
 CALC_MEM=$(expr $(system_profiler SPHardwareDataType | \
@@ -13,5 +15,5 @@ export GIT_EMAIL="53366531+gchait@users.noreply.github.com"
 export DISK_GB=200
 export PORT_TCP=8080
 
-export MEMORY=$(( ${CALC_MEM} > 1024 ? ${CALC_MEM} : 1024 ))
-export CPUS=$(( ${CALC_CPU} > 1 ? ${CALC_CPU} : 1 ))
+export MEMORY=$(( CALC_MEM > 1024 ? CALC_MEM : 1024 ))
+export CPUS=$(( CALC_CPU > 1 ? CALC_CPU : 1 ))

Other/VagrantSetup/vagrant-debian-bootstrap.sh

@@ -24,7 +24,7 @@ pretty() {
   # p10k
   [[ -d ~/.oh-my-zsh/custom/themes/powerlevel10k ]] || git clone \
     --depth=1 https://github.com/romkatv/powerlevel10k.git \
-    ${ZSH_CUSTOM:-${HOME}/.oh-my-zsh/custom}/themes/powerlevel10k
+    "${ZSH_CUSTOM:-${HOME}/.oh-my-zsh/custom}/themes/powerlevel10k"
 
   # Main venv
   python3 -m venv ~/.venv
@@ -61,6 +61,7 @@ install -m 0755 -d /etc/apt/keyrings
   gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
   chmod a+r /etc/apt/keyrings/docker.gpg; }
 
+# shellcheck disable=SC2027,SC2046
 echo \
   "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] \
   https://download.docker.com/linux/debian \
@@ -121,11 +122,11 @@ chmod +x /usr/local/bin/websocat
 # User configuration for vagrant
 export -f pretty
 su vagrant -c "bash -xec pretty"
-chsh -s $(which zsh) vagrant
+chsh -s "$(which zsh)" vagrant
 
 # Ensure the filesystem takes the whole virtual disk
 growpart /dev/sda 1 || true
 resize2fs /dev/sda1 || true
 
-> /etc/motd
+true > /etc/motd
 apt_up

Shell/AWS/ec2-csv.sh

@@ -1,3 +1,4 @@
+# shellcheck disable=SC2016
 aws ec2 describe-instances \
   --filters "Name=instance-state-name,Values=running,stopped,stopping,shutting-down" \
   --query 'Reservations[].Instances[].{Name: Tags[?Key==`Name`].Value | [0], xxx: Tags[?Key==`xxx`].Value | [0], InstanceId: InstanceId, State: State.Name, Type: InstanceType}' \

Shell/AWS/get-all-cidrs.sh

@@ -6,15 +6,15 @@ profiles=$(grep -Eo "^\[profile (.+)\]$" ~/.aws/config | cut -d" " -f2 | tr -d "
 regions="XXX XXX XXX"
 output=""
 
-for profile in $profiles; do
-  for region in $regions; do
-    echo "Checking $region in $profile..." >&2
+for profile in ${profiles}; do
+  for region in ${regions}; do
+    echo "Checking ${region} in ${profile}..." >&2
     output+=$(aws ec2 describe-vpcs --output text --query "Vpcs[*].[CidrBlock]" \
-      --region "$region"  --profile "$profile" 2> /dev/null)
+      --region "${region}"  --profile "${profile}" 2> /dev/null)
     output+="\n"
   done
 done
 
 echo >&2
 echo "Results:" >&2
-echo -e "$output" | sort | grep --color=never .
+echo -e "${output}" | sort | grep --color=never .

Shell/AWS/gp2-gp3.sh

@@ -1,11 +1,11 @@
-regions=$($AWS ec2 describe-regions --output text | cut -f4)
+regions=$(${AWS} ec2 describe-regions --output text | cut -f4)
 
 for region in ${regions}; do
   echo "------------------------------------"
-  echo "Iterating over region $region ..."
+  echo "Iterating over region ${region}..."
 
   # shellcheck disable=SC2016
-  volume_ids=$($AWS ec2 describe-volumes --region "$region" \
+  volume_ids=$($AWS ec2 describe-volumes --region "${region}" \
     --filters Name=volume-type,Values=gp2 --output text \
     --query 'Volumes[?Size <= `1000`].VolumeId')
 

Shell/AWS/impersonate-role-aws.sh

@@ -1,2 +1,3 @@
+# shellcheck disable=SC2046
 eval $(aws sts assume-role --role-arn arn:aws:iam::123456789123:role/myAwesomeRole --role-session-name test | \
   jq -r '.Credentials | "export AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)\nexport AWS_SESSION_TOKEN=\(.SessionToken)\n"')

Shell/AWS/run-ecs-task.sh

@@ -1,3 +1,4 @@
+# shellcheck disable=SC2086
 set -o allexport
 source .env
 set +o allexport

Shell/AWS/update-eks-addons.sh

@@ -1,11 +1,13 @@
 eks_version=$(xxxxx)
+region="yyyyy"
+cluster_name="zzzzz"
 
 for addon in vpc-cni coredns kube-proxy aws-ebs-csi-driver; do
-  addon_version=$(aws eks describe-addon-versions --region ${region} --addon-name ${addon} \
-    --kubernetes-version ${eks_version} --query 'addons[].addonVersions[0].addonVersion' --output text)
+  addon_version=$(aws eks describe-addon-versions --region "${region}" --addon-name "${addon}" \
+    --kubernetes-version "${eks_version}" --query 'addons[].addonVersions[0].addonVersion' --output text)
 
-  aws eks update-addon --region ${region} --cluster-name ${cluster_name} \
-    --addon-name ${addon} --addon-version ${addon_version} --resolve-conflicts XXX
+  aws eks update-addon --region "${region}" --cluster-name "${cluster_name}" \
+    --addon-name "${addon}" --addon-version "${addon_version}" --resolve-conflicts XXX
 
-  aws eks wait addon-active --region ${region} --cluster-name ${cluster_name} --addon-name ${addon}
+  aws eks wait addon-active --region "${region}" --cluster-name "${cluster_name}" --addon-name "${addon}"
 done

Shell/AWS/update-eks-node-group.sh

@@ -1,7 +1,9 @@
 node_group_name=$(xxxxx)
+region="yyyyy"
+cluster_name="zzzzz"
 
-aws eks update-nodegroup-version --cluster-name ${cluster_name} --region ${region} \
-  --nodegroup-name ${node_group_name}
+aws eks update-nodegroup-version --cluster-name "${cluster_name}" \
+  --region "${region}" --nodegroup-name "${node_group_name}"
 
-aws eks wait nodegroup-active --cluster-name ${cluster_name} --region ${region} \
-  --nodegroup-name ${node_group_name}
+aws eks wait nodegroup-active --cluster-name "${cluster_name}" \
+  --region "${region}" --nodegroup-name "${node_group_name}"

Shell/Git/promote-monochart.sh

@@ -1,15 +1,17 @@
+# shellcheck disable=SC2154,SC2016
+
 # If full merge
-cd ${manifest_dir}
-git checkout ${dest_branch}
-git merge ${src_branch} --no-commit --strategy-option theirs
+cd "${manifest_dir}"
+git checkout "${dest_branch}"
+git merge "${src_branch}" --no-commit --strategy-option theirs
 rm -f .git/MERGE_HEAD
 
 # If single service
-cd ${manifest_dir}
+cd "${manifest_dir}"
 export new_tag=$(yq '.${specific_app}.bbbbb' xxxx/yyyy.yaml)
-git checkout ${dest_branch}
+git checkout "${dest_branch}"
 yq '. | .${specific_app}.bbbbb = env(new_tag)' xxxx/yyyy.yaml > yyyy.yaml.tmp \
   && mv yyyy.yaml.tmp xxxx/yyyy.yaml
-git checkout ${src_branch} -- zxxxx/${specific_app}.yaml
+git checkout "${src_branch}" -- "zxxxx/${specific_app}.yaml"
 
 ### PUSH LOGIC GOES HERE ###

Shell/Packages/get-distro.sh

@@ -1 +1,2 @@
-if [ $(grep "^ID=" /etc/os-release | cut -d"=" -f2 | tr -d '"') = "almalinux" ]; then echo yes; fi
+release=$(grep "^ID=" /etc/os-release | cut -d"=" -f2 | tr -d '"')
+if [ "${release}" = "almalinux" ]; then echo yes; fi

Shell/gunicorn-django-run.sh

@@ -3,9 +3,10 @@
 # ./manage.py collectstatic --noinput
 ./manage.py migrate
 
+# shellcheck disable=SC2046
 gunicorn xx.wsgi \
-  --workers ${WORKERS} \
-  --threads ${THREADS} \
-  --bind 0.0.0.0:${PORT} \
+  --workers "${WORKERS}" \
+  --threads "${THREADS}" \
+  --bind "0.0.0.0:${PORT}" \
   --access-logfile - \
-  --log-level $([ ${DEBUG:-0} = 1 ] && echo debug || echo info)
+  --log-level $([ "${DEBUG:-0}" = 1 ] && echo debug || echo info)