Add shellcheck to validate bash

[ericcurtin]

Help to avoid bugs

Summary by Sourcery

Centralize apt package installation into a dedicated script and integrate shellcheck validation into the Makefile and Docker build

New Features:

• Add apt-install.sh script for centralized package installation
• Add Makefile validate target to run shellcheck on shell scripts

Enhancements:

• Update Dockerfile to use apt-install.sh for installing ca-certificates and Vulkan packages

[sourcery-ai]

Reviewer's Guide

This PR introduces a dedicated bash installer script for managing ca-certificates and Vulkan libraries based on LLAMA_SERVER_VARIANT, integrates it into the Dockerfile to streamline image setup, and adds a Makefile target to run shellcheck on all shell scripts to catch issues early.

Class diagram for the new apt-install.sh script

classDiagram
    class apt-install.sh {
        +main(args)
        -set -eux -o pipefail
        -apt-get update
        -packages: array
        -conditional libvulkan1 addition
        -apt-get install
        -rm -rf /var/lib/apt/lists/*
    }

Loading

File-Level Changes

Change	Details	Files
Modularize apt installation into a reusable script	Add scripts/apt-install.sh with strict error flags and variant-based package logic Copy and execute apt-install.sh in Dockerfile before existing apt commands Cleanup apt lists after installation	scripts/apt-install.sh Dockerfile
Enforce shellcheck validation via Makefile	Add a validate target invoking shellcheck on all .sh files Include validate in .PHONY directive	Makefile

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gemini-code-assist]

Summary of Changes

Hello @ericcurtin, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on improving the robustness and maintainability of the project's scripting and build processes. It introduces static analysis for bash scripts using shellcheck to catch potential issues early, and refactors Dockerfile package installations into a separate script for cleaner, more organized build steps. These changes collectively aim to reduce bugs and streamline development workflows.

Highlights

• Shell Script Validation: Integrated shellcheck into the project's Makefile to automatically validate bash scripts, helping to prevent common errors and improve script reliability.
• Dockerfile Refactoring: Extracted apt-get package installation logic from the Dockerfile into a dedicated shell script (scripts/apt-install.sh), enhancing modularity and maintainability of the Docker build process.
• New Makefile Target: Added a new validate target to the Makefile which executes shellcheck across all shell scripts in the project.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[Copilot]

Pull Request Overview

This PR adds shellcheck validation to improve bash script quality and introduces a new apt installation script. The changes focus on adding linting validation and modernizing the package installation process in the Docker build.

• Adds shellcheck validation target to the Makefile for bash script linting
• Introduces a new bash script for apt package installation with conditional Vulkan support
• Updates Dockerfile to use the new apt installation script

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
scripts/apt-install.sh	New bash script for installing apt packages with conditional Vulkan support
Makefile	Adds shellcheck validation target to lint bash scripts
Dockerfile	Integrates the new apt installation script into the build process

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[ericcurtin]

Trying to avoid things like:

#169

happening again

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• The Dockerfile contains a redundant apt-get update/install for ca-certificates/vulkan after calling apt-install.sh; consolidate these into one step to avoid duplicate layers and reduce image size.
• Consider integrating the new validate (shellcheck) target into your CI pipeline or default Make workflow so Bash linting runs automatically rather than as a manual step.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The Dockerfile contains a redundant apt-get update/install for ca-certificates/vulkan after calling apt-install.sh; consolidate these into one step to avoid duplicate layers and reduce image size.
- Consider integrating the new validate (shellcheck) target into your CI pipeline or default Make workflow so Bash linting runs automatically rather than as a manual step.

## Individual Comments

### Comment 1
<location> `Dockerfile:43-46` </location>
<code_context>
 # Create non-root user
 RUN groupadd --system modelrunner && useradd --system --gid modelrunner --create-home --home-dir /home/modelrunner modelrunner

+COPY scripts/apt-install.sh apt-install.sh
+
+# Install ca-certificates for HTTPS and vulkan
+RUN ./apt-install.sh
+
 # Install ca-certificates for HTTPS and vulkan
</code_context>

<issue_to_address>
**suggestion:** Consider removing duplicate package installation logic.

The Dockerfile repeats apt-get update and installs ca-certificates after these are already handled in apt-install.sh. Removing the duplicate steps will simplify the build process.
</issue_to_address>

### Comment 2
<location> `Makefile:37-38` </location>
<code_context>
 test:
 	go test -v ./...

+validate:
+	shellcheck */*.sh
+
 # Build Docker image
</code_context>

<issue_to_address>
**suggestion:** Shellcheck invocation may miss scripts in nested directories.

Consider replacing the current pattern with a recursive find command to ensure shellcheck validates scripts in all subdirectories.

```suggestion
validate:
	find . -type f -name "*.sh" -print0 | xargs -0 shellcheck
```
</issue_to_address>

### Comment 3
<location> `scripts/apt-install.sh:8-10` </location>
<code_context>
+
+  apt-get update
+  local packages=("ca-certificates")
+  if [ "${LLAMA_SERVER_VARIANT}" = "generic" ] || [ "${LLAMA_SERVER_VARIANT}" = "cpu" ]; then
+      packages+=("libvulkan1")
+  fi
+
</code_context>

<issue_to_address>
**suggestion:** LLAMA_SERVER_VARIANT may be unset, leading to unexpected behavior.

Consider explicitly handling or documenting the case when LLAMA_SERVER_VARIANT is unset to clarify expected behavior.

```suggestion
  # If LLAMA_SERVER_VARIANT is unset, default behavior is to not add libvulkan1.
  if [ -n "${LLAMA_SERVER_VARIANT:-}" ] && { [ "${LLAMA_SERVER_VARIANT}" = "generic" ] || [ "${LLAMA_SERVER_VARIANT}" = "cpu" ]; }; then
      packages+=("libvulkan1")
  fi
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request introduces shellcheck to validate bash scripts, which is a great addition for maintaining script quality. A new validate target is added to the Makefile, and the package installation logic in the Dockerfile is refactored into a separate script. My review includes suggestions to improve this refactoring by removing redundant code and applying Docker best practices, as well as making the new validate target more robust.

[Copilot]

Pull Request Overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Pull Request Overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}