refactor(shell): FTRS-20911 Fix shell script reliability issues (#841)

Author: DomBaker

scripts/docker/dgoss.sh

@@ -24,7 +24,7 @@ error() {
 cleanup() {
     set +e
     { kill "$log_pid" && wait "$log_pid"; } 2> /dev/null
-    if [ -n "$CONTAINER_LOG_OUTPUT" ]; then
+    if [[ -n "$CONTAINER_LOG_OUTPUT" ]]; then
         cp "$tmp_dir/docker_output.log" "$CONTAINER_LOG_OUTPUT"
     fi
     rm -rf "$tmp_dir"
@@ -47,7 +47,7 @@ run(){
     case "$GOSS_FILES_STRATEGY" in
       mount)
         info "Starting $CONTAINER_RUNTIME container"
-        if [ "$CONTAINER_RUNTIME" == "podman" -a $# == 2 ]; then
+        if [[ "$CONTAINER_RUNTIME" == "podman" && $# == 2 ]]; then
             id=$($CONTAINER_RUNTIME run -d -v "$tmp_dir:/goss:z" "${@:2}" sleep infinity)
         else
             id=$($CONTAINER_RUNTIME run -d -v "$tmp_dir:/goss:z" "${@:2}")
@@ -113,7 +113,7 @@ case "$1" in
         fi
         [[ $GOSS_SLEEP ]] && { info "Sleeping for $GOSS_SLEEP"; sleep "$GOSS_SLEEP"; }
         info "Container health"
-        if [ "true" != "$($CONTAINER_RUNTIME inspect -f '{{.State.Running}}' "$id")" ]; then
+        if [[ "true" != "$($CONTAINER_RUNTIME inspect -f '{{.State.Running}}' "$id")" ]]; then
             $CONTAINER_RUNTIME logs "$id" >&2
             error "the container failed to start"
         fi

scripts/docker/docker.lib.sh

@@ -51,7 +51,7 @@ function docker-build() {
 
   # Tag the image with all the stated versions, see the documentation for more details
   for version in $(_get-all-effective-versions) latest; do
-    if [ ! -z "$version" ]; then
+    if [[ -n "$version" ]]; then
       $DOCKER_CMD tag "${tag}" "${DOCKER_IMAGE}:${version}"
     fi
   done
@@ -150,7 +150,7 @@ function version-create-effective-file() {
   local version_file="$dir/VERSION"
   local build_datetime=${BUILD_DATETIME:-$(date -u +'%Y-%m-%dT%H:%M:%S%z')}
 
-  if [ -f "$version_file" ]; then
+  if [[ -f "$version_file" ]]; then
     # shellcheck disable=SC2002
     cat "$version_file" | \
       sed "s/\(\${yyyy}\|\$yyyy\)/$(date --date="${build_datetime}" -u +"%Y")/g" | \
@@ -190,9 +190,9 @@ function docker-get-image-version-and-pull() {
   # match it by name and version regex, if given.
   local versions_file="${TOOL_VERSIONS:=$(git rev-parse --show-toplevel)/.tool-versions}"
   local version="latest"
-  if [ -f "$versions_file" ]; then
+  if [[ -f "$versions_file" ]]; then
     line=$(grep "docker/${name} " "$versions_file" | sed "s/^#\s*//; s/\s*#.*$//" | grep "${match_version:-".*"}")
-    [ -n "$line" ] && version=$(echo "$line" | awk '{print $2}')
+    [[ -n "$line" ]] && version=$(echo "$line" | awk '{print $2}')
   fi
 
   # Split the image version into two, tag name and digest sha256.
@@ -201,7 +201,7 @@ function docker-get-image-version-and-pull() {
 
   # Check if the image exists locally already
   if ! $DOCKER_CMD images | awk '{ print $1 ":" $2 }' | grep -q "^${name}:${tag}$"; then
-    if [ "$digest" != "latest" ]; then
+    if [[ "$digest" != "latest" ]]; then
       # Pull image by the digest sha256 and tag it
       $DOCKER_CMD pull \
         --platform linux/amd64 \
@@ -234,7 +234,7 @@ function _create-effective-dockerfile() {
   # Dockerfile.effective file, otherwise docker won't use it.
   # See https://docs.docker.com/build/building/context/#filename-and-location
   # If using podman, this requires v5.0.0 or later.
-  if [ -f "${dir}/Dockerfile.dockerignore" ]; then
+  if [[ -f "${dir}/Dockerfile.dockerignore" ]]; then
     cp "${dir}/Dockerfile.dockerignore" "${dir}/Dockerfile.effective.dockerignore"
   fi
   cp "${dir}/Dockerfile" "${dir}/Dockerfile.effective"
@@ -252,19 +252,19 @@ function _replace-image-latest-by-specific-version() {
   local dockerfile="${dir}/Dockerfile.effective"
   local build_datetime=${BUILD_DATETIME:-$(date -u +'%Y-%m-%dT%H:%M:%S%z')}
 
-  if [ -f "$versions_file" ]; then
+  if [[ -f "$versions_file" ]]; then
     # First, list the entries specific for Docker to take precedence, then the rest but exclude comments
     content=$(grep " docker/" "$versions_file"; grep -v " docker/" "$versions_file" ||: | grep -v "^#")
     echo "$content" | while IFS= read -r line; do
-      [ -z "$line" ] && continue
+      [[ -z "$line" ]] && continue
       line=$(echo "$line" | sed "s/^#\s*//; s/\s*#.*$//" | sed "s;docker/;;")
       name=$(echo "$line" | awk '{print $1}')
       version=$(echo "$line" | awk '{print $2}')
       sed -i "s;\(FROM .*\)${name}:latest;\1${name}:${version};g" "$dockerfile"
     done
   fi
 
-  if [ -f "$dockerfile" ]; then
+  if [[ -f "$dockerfile" ]]; then
     # shellcheck disable=SC2002
     cat "$dockerfile" | \
       sed "s/\(\${yyyy}\|\$yyyy\)/$(date --date="${build_datetime}" -u +"%Y")/g" | \
@@ -314,7 +314,7 @@ function _get-effective-tag() {
 
   local tag=$DOCKER_IMAGE
   version=$(_get-effective-version)
-  if [ ! -z "$version" ]; then
+  if [[ -n "$version" ]]; then
     tag="${tag}:${version}"
   fi
   echo "$tag"
@@ -336,9 +336,9 @@ function _get-git-branch-name() {
 
   local branch_name=$(git rev-parse --abbrev-ref HEAD)
 
-  if [ -n "${GITHUB_HEAD_REF:-}" ]; then
+  if [[ -n "${GITHUB_HEAD_REF:-}" ]]; then
     branch_name=$GITHUB_HEAD_REF
-  elif [ -n "${GITHUB_REF:-}" ]; then
+  elif [[ -n "${GITHUB_REF:-}" ]]; then
     # shellcheck disable=SC2001
     branch_name=$(echo "$GITHUB_REF" | sed "s#refs/heads/##")
   fi

scripts/docker/tests/docker.test.sh

@@ -44,7 +44,7 @@ function main() {
   done
   echo "Total: ${#tests[@]}, Passed: $(( ${#tests[@]} - status )), Failed: $status"
   test-docker-suite-teardown
-  [ $status -gt 0 ] && return 1 || return 0
+  [[ $status -gt 0 ]] && return 1 || return 0
 }
 
 # ==============================================================================

scripts/githooks/check-branch-name.sh

@@ -15,13 +15,13 @@ function check_git_branch_name {
 
 function check_git_branch_name_format {
     BUILD_BRANCH="$1"
-    if [ "$BUILD_BRANCH" != 'main' ] && ! [[ $BUILD_BRANCH =~ (hotfix|task)\/(fdos|dosis|sia|ftrs)-([0-9]{1,5})(_|-)([A-Za-z0-9])([A-Za-z0-9_-]{9,45})$ ]]  ; then
+    if [[ "$BUILD_BRANCH" != 'main' ]] && ! [[ $BUILD_BRANCH =~ (hotfix|task)\/(fdos|dosis|sia|ftrs)-([0-9]{1,5})(_|-)([A-Za-z0-9])([A-Za-z0-9_-]{9,45})$ ]]  ; then
       echo 1
     fi
 }
 
 BRANCH_NAME=${BRANCH_NAME:-$(git rev-parse --abbrev-ref HEAD)}
 check_git_branch_name "$BRANCH_NAME"
 
-[ $? != 0 ] && exit_code=1 ||:
+[[ $? != 0 ]] && exit_code=1 ||:
 exit $exit_code

scripts/githooks/check-markdown-format.sh

@@ -51,7 +51,7 @@ function main() {
       ;;
   esac
 
-  if [ -n "$files" ]; then
+  if [[ -n "$files" ]]; then
     if command -v markdownlint > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
       files="$files" run-markdownlint-natively
     else

scripts/githooks/check-projects-make-pre-commit.sh

@@ -6,7 +6,7 @@ REPO_ROOT="$(git rev-parse --show-toplevel)"
 
 # Function to check if a Makefile has a pre-commit target
 has_pre_commit_target() {
-  if [ -f "$1/Makefile" ]; then
+  if [[ -f "$1/Makefile" ]]; then
     grep -q "^pre-commit:" "$1/Makefile" && return 0
   fi
   return 1
@@ -68,9 +68,9 @@ while read -r makefile; do
 done < "$TEMP_FILE"
 
 # Check if any directories were processed
-if [ $FOUND_DIRECTORIES -eq 0 ]; then
+if [[ $FOUND_DIRECTORIES -eq 0 ]]; then
   echo "No directories with Makefiles and staged changes found"
-elif [ $EXIT_CODE -eq 0 ]; then
+elif [[ $EXIT_CODE -eq 0 ]]; then
   echo "All pre-commit checks passed"
 else
   echo "One or more pre-commit checks failed"

scripts/githooks/scan-secrets.sh

@@ -57,7 +57,7 @@ function get-cmd-to-run() {
       ;;
   esac
   # Include base line file if it exists
-  if [ -f "$dir/scripts/config/.gitleaks-baseline.json" ]; then
+  if [[ -f "$dir/scripts/config/.gitleaks-baseline.json" ]]; then
     cmd="$cmd --baseline-path $dir/scripts/config/.gitleaks-baseline.json"
   fi
   # Include the config file

scripts/shellscript-linter.sh

@@ -21,7 +21,7 @@ function main() {
 
   cd "$(git rev-parse --show-toplevel)"
 
-  [ -z "${file:-}" ] && echo "WARNING: 'file' variable not set, defaulting to itself"
+  [[ -z "${file:-}" ]] && echo "WARNING: 'file' variable not set, defaulting to itself"
   local file=${file:-scripts/shellscript-linter.sh}
   if command -v shellcheck > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
     file="$file" run-shellcheck-natively

scripts/workflow/app-build-deploy.sh

@@ -15,7 +15,7 @@ export_terraform_workspace_name
 
 FULL_SERVICE_NAME="${SERVICE_NAME}"
 
-if [ "${TERRAFORM_WORKSPACE_NAME}" != "default" ]; then
+if [[ "${TERRAFORM_WORKSPACE_NAME}" != "default" ]]; then
   FULL_SERVICE_NAME="${FULL_SERVICE_NAME}-${TERRAFORM_WORKSPACE_NAME}"
 fi
 

scripts/workflow/bootstrapper.sh

@@ -34,12 +34,12 @@ if [[ ! "$ACTION" =~ ^(plan|apply|destroy) ]]; then
     EXPORTS_SET=1
 fi
 
-if [ -z "$AWS_REGION" ] ; then
+if [[ -z "$AWS_REGION" ]] ; then
   echo Set AWS_REGION to name of the AWS region to host the terraform state bucket
   EXPORTS_SET=1
 fi
 
-if [ -z "$PROJECT" ] ; then
+if [[ -z "$PROJECT" ]] ; then
   echo Set PROJECT to identify if account is for dos or cm
   EXPORTS_SET=1
 else
@@ -49,7 +49,7 @@ else
   fi
 fi
 
-if [ -z "$ENVIRONMENT" ] ; then
+if [[ -z "$ENVIRONMENT" ]] ; then
   echo Set ENVIRONMENT to identify if account is for mgmt, dev, test, sandpit, int, ref, non-prod, preprod or prod
   EXPORTS_SET=1
 else
@@ -59,13 +59,13 @@ else
   fi
 fi
 
-if [ $EXPORTS_SET = 1 ] ; then
+if [[ $EXPORTS_SET = 1 ]] ; then
     echo One or more required exports not correctly set
     exit 1
 fi
 
 ENV_TF_VARS_FILE="$ENVIRONMENT/environment.tfvars"
-if ! [ -f "$ENVIRONMENTS_DIR/$ENV_TF_VARS_FILE" ] ; then
+if [[ ! -f "$ENVIRONMENTS_DIR/$ENV_TF_VARS_FILE" ]] ; then
   echo "No environment variables defined for $ENVIRONMENT environment"
   exit 1
 fi
@@ -150,22 +150,22 @@ function github_runner_stack {
   cd "$STACK_DIR" || exit
   # if no stack tfvars create temporary one
   TEMP_STACK_TF_VARS_FILE=0
-  if [ ! -f "$ROOT_DIR/$INFRASTRUCTURE_DIR/$STACK_TF_VARS_FILE" ] ; then
+  if [[ ! -f "$ROOT_DIR/$INFRASTRUCTURE_DIR/$STACK_TF_VARS_FILE" ]] ; then
     touch "$ROOT_DIR/$INFRASTRUCTURE_DIR/$STACK_TF_VARS_FILE"
     TEMP_STACK_TF_VARS_FILE=1
   fi
 
   # init terraform
   terraform-initialise
 
-  if [ -n "$ACTION" ] && [ "$ACTION" = 'plan' ] ; then
+  if [[ -n "$ACTION" && "$ACTION" = 'plan' ]] ; then
     terraform plan \
     -var-file "$ROOT_DIR"/"$INFRASTRUCTURE_DIR"/$COMMON_TF_VARS_FILE \
     -var-file "$ROOT_DIR"/"$INFRASTRUCTURE_DIR"/$STACK_TF_VARS_FILE \
     -var-file "$ENVIRONMENTS_DIR/$ENV_TF_VARS_FILE"
   fi
 
-  if [ -n "$ACTION" ] && [ "$ACTION" = 'apply' ] ; then
+  if [[ -n "$ACTION" && "$ACTION" = 'apply' ]] ; then
     terraform apply -auto-approve \
     -var-file "$ROOT_DIR"/"$INFRASTRUCTURE_DIR"/$COMMON_TF_VARS_FILE \
     -var-file "$ROOT_DIR"/"$INFRASTRUCTURE_DIR"/$STACK_TF_VARS_FILE \
@@ -209,27 +209,27 @@ fi
 cd "$STACK_DIR" || exit
 # if no stack tfvars create temporary one
 TEMP_STACK_TF_VARS_FILE=0
-if [ ! -f "$ROOT_DIR/$INFRASTRUCTURE_DIR/$STACK_TF_VARS_FILE" ] ; then
+if [[ ! -f "$ROOT_DIR/$INFRASTRUCTURE_DIR/$STACK_TF_VARS_FILE" ]] ; then
   touch "$ROOT_DIR/$INFRASTRUCTURE_DIR/$STACK_TF_VARS_FILE"
   TEMP_STACK_TF_VARS_FILE=1
 fi
 
 # init terraform
 terraform-initialise
 
-if [ -n "$ACTION" ] && [ "$ACTION" = 'plan' ] ; then
+if [[ -n "$ACTION" && "$ACTION" = 'plan' ]] ; then
   terraform plan \
   -var-file "$ROOT_DIR"/"$INFRASTRUCTURE_DIR"/$COMMON_TF_VARS_FILE \
   -var-file "$ROOT_DIR"/"$INFRASTRUCTURE_DIR"/$STACK_TF_VARS_FILE \
   -var-file "$ENVIRONMENTS_DIR/$ENV_TF_VARS_FILE"
 fi
-if [ -n "$ACTION" ] && [ "$ACTION" = 'apply' ] ; then
+if [[ -n "$ACTION" && "$ACTION" = 'apply' ]] ; then
   terraform apply -auto-approve \
   -var-file "$ROOT_DIR"/"$INFRASTRUCTURE_DIR"/$COMMON_TF_VARS_FILE \
   -var-file "$ROOT_DIR"/"$INFRASTRUCTURE_DIR"/$STACK_TF_VARS_FILE \
   -var-file "$ENVIRONMENTS_DIR/$ENV_TF_VARS_FILE"
 fi
-if [ -n "$ACTION" ] && [ "$ACTION" = 'destroy' ] ; then
+if [[ -n "$ACTION" && "$ACTION" = 'destroy' ]] ; then
   terraform destroy -auto-approve \
   -var-file "$ROOT_DIR"/"$INFRASTRUCTURE_DIR"/$COMMON_TF_VARS_FILE \
   -var-file "$ROOT_DIR"/"$INFRASTRUCTURE_DIR"/$STACK_TF_VARS_FILE \