fix: move shellcheck to compose-workflow validation workflow

owine · claude · owine · commit 76a881751b15 · 2025-12-27T12:12:10.000-06:00
Move shellcheck validation from reusable lint.yml to yamllint.yml: Changes: - Remove shellcheck job from lint.yml (reusable workflow) - Removed shellcheck job definition - Removed from needs arrays in lint-summary and notify jobs - Removed from lint-summary validation logic - Removed from Discord notification description - Removed shellcheck failure section from notifications - Add shellcheck job to yamllint.yml (compose-workflow validation) - New shellcheck job runs on push, PR, and manual dispatch - Validates all scripts in scripts/deployment/ - Reports pass/fail status with actionable error messages - Runs in parallel with yamllint and actionlint Rationale: The reusable lint.yml workflow is called by other repositories (docker-piwine, docker-zendc, etc.) to validate their Docker Compose files. ShellCheck should validate the compose-workflow repository's deployment scripts, not the calling repositories. yamllint.yml is the correct location as it validates the compose-workflow repository itself (workflows, deployment scripts). ✅ Both workflows pass actionlint validation ✅ All deployment scripts pass shellcheck 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -154,70 +154,6 @@ jobs:
       - name: Run actionlint
         uses: raven-actions/actionlint@963d4779ef039e217e5d0e6fd73ce9ab7764e493 # v2.1.0
 
-  shellcheck:
-    name: Shell script validation
-    runs-on: ubuntu-24.04
-    timeout-minutes: 5
-    steps:
-      - name: Checkout compose-workflow repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
-        with:
-          repository: owine/compose-workflow
-          ref: main
-
-      - name: Display version information
-        run: |
-          echo "📋 ShellCheck Validation"
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-          echo "Repository: compose-workflow (deployment scripts)"
-          echo "Runner: ${{ runner.os }} ${{ runner.arch }}"
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-
-      - name: Run shellcheck on deployment scripts
-        run: |
-          echo "🐚 Starting ShellCheck validation for deployment scripts..."
-          echo ""
-
-          # Find and validate all shell scripts
-          SCRIPTS=$(find scripts/deployment -name "*.sh" -type f | sort)
-
-          if [ -z "$SCRIPTS" ]; then
-            echo "⚠️  No shell scripts found in scripts/deployment/"
-            exit 0
-          fi
-
-          echo "📁 Scripts to validate:"
-          # shellcheck disable=SC2001
-          echo "$SCRIPTS" | sed 's/^/  • /'
-          echo ""
-
-          # Run shellcheck on all scripts
-          FAILED=0
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-
-          for script in $SCRIPTS; do
-            echo "🔍 Checking: $script"
-            if shellcheck "$script"; then
-              echo "   ✅ PASSED"
-            else
-              echo "   ❌ FAILED"
-              FAILED=1
-            fi
-            echo ""
-          done
-
-          echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-
-          if [ $FAILED -eq 0 ]; then
-            echo "🎉 ALL SHELL SCRIPTS PASSED VALIDATION"
-            echo "   All deployment scripts follow best practices"
-          else
-            echo "💥 SHELL SCRIPT VALIDATION FAILED"
-            echo "   Fix the issues shown above"
-            echo "   Run locally: shellcheck scripts/deployment/**/*.sh"
-            exit 1
-          fi
-
   lint:
     strategy:
       matrix:
@@ -422,7 +358,7 @@ jobs:
   lint-summary:
     name: Lint Summary
     runs-on: ubuntu-24.04
-    needs: [scanning, actionlint, shellcheck, lint]
+    needs: [scanning, actionlint, lint]
     if: always()
     timeout-minutes: 5
     steps:
@@ -527,26 +463,6 @@ jobs:
 
           echo ""
 
-          # ShellCheck Shell Script Validation Results
-          echo "🐚 SHELL SCRIPT VALIDATION (SHELLCHECK)"
-          echo "───────────────────────────────────────────────────────────────────────────────────"
-          case "${{ needs.shellcheck.result }}" in
-            "success")
-              echo "✅ PASSED - All deployment scripts follow best practices"
-              SHELLCHECK_OK=true
-              ;;
-            "failure")
-              echo "❌ FAILED - Shell script issues detected"
-              SHELLCHECK_OK=false
-              ;;
-            *)
-              echo "❓ UNKNOWN - Unexpected shellcheck result: ${{ needs.shellcheck.result }}"
-              SHELLCHECK_OK=false
-              ;;
-          esac
-
-          echo ""
-
           # Detailed Lint Results with Error Reproduction
           echo "📋 CODE QUALITY VALIDATION - DETAILED RESULTS"
           echo "───────────────────────────────────────────────────────────────────────────────────"
@@ -664,7 +580,7 @@ jobs:
           echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
 
           # Final determination
-          if [[ "$SCANNING_OK" == "true" && "$ACTIONLINT_OK" == "true" && "$SHELLCHECK_OK" == "true" && "$LINT_OK" == "true" ]]; then
+          if [[ "$SCANNING_OK" == "true" && "$ACTIONLINT_OK" == "true" && "$LINT_OK" == "true" ]]; then
             echo "🎉 FINAL STATUS: ALL VALIDATION CHECKS PASSED"
             echo "   Repository is ready for deployment"
             exit 0
@@ -675,7 +591,6 @@ jobs:
             echo "   Failed components:"
             [[ "$SCANNING_OK" != "true" ]] && echo "   • GitGuardian security scanning"
             [[ "$ACTIONLINT_OK" != "true" ]] && echo "   • Workflow validation (actionlint)"
-            [[ "$SHELLCHECK_OK" != "true" ]] && echo "   • Shell script validation (shellcheck)"
             [[ "$LINT_OK" != "true" ]] && echo "   • Code quality validation (see detailed errors above)"
             echo ""
             exit 1
@@ -684,7 +599,7 @@ jobs:
   notify:
     name: Discord Notification
     runs-on: ubuntu-24.04
-    needs: [scanning, actionlint, shellcheck, lint, lint-summary]
+    needs: [scanning, actionlint, lint, lint-summary]
     if: always()
     steps:
       - name: Configure 1Password Service Account
@@ -713,7 +628,6 @@ jobs:
 
             **🔒 Security Scan:** ${{ needs.scanning.result == 'success' && '✅ No secrets detected' || needs.scanning.result == 'skipped' && '⏭️ Skipped (PR/manual)' || '❌ Issues found' }}
             **⚙️ Workflow Validation:** ${{ needs.actionlint.result == 'success' && '✅ All workflows valid' || '❌ Issues detected' }}
-            **🐚 Shell Scripts:** ${{ needs.shellcheck.result == 'success' && '✅ Best practices followed' || '❌ Issues detected' }}
             **📋 Code Quality:** ${{ needs.lint.result == 'success' && '✅ All stacks valid' || '❌ Issues detected' }}
 
             **📂 Validated Stacks:** `${{ join(fromJson(inputs.stacks), '`, `') }}`
@@ -727,13 +641,6 @@ jobs:
             • Fix workflow syntax, shellcheck, or expression errors
             • Test locally: `actionlint .github/workflows/*.yml`' || '' }}
 
-            ${{ needs.shellcheck.result == 'failure' && '
-            **🐚 Shell Script Issues:**
-            • Shell script best practices violations detected
-            • Review the **Shell Script Validation** job for details
-            • Fix quoting, variable usage, or syntax issues
-            • Test locally: `shellcheck scripts/deployment/**/*.sh`' || '' }}
-
             ${{ needs.lint.result == 'failure' && '
             **🚨 Action Required:**
             • Review stack validation errors in workflow logs
diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml
@@ -40,3 +40,51 @@ jobs:
 
       - name: Run actionlint
         uses: raven-actions/actionlint@963d4779ef039e217e5d0e6fd73ce9ab7764e493 # v2.1.0
+
+  shellcheck:
+    runs-on: ubuntu-24.04
+    timeout-minutes: 5
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
+
+      - name: Run shellcheck on deployment scripts
+        id: shellcheck
+        continue-on-error: true
+        run: |
+          echo "🐚 Validating shell scripts..."
+
+          # Find all shell scripts in scripts/deployment
+          SCRIPTS=$(find scripts/deployment -name "*.sh" -type f | sort)
+
+          if [ -z "$SCRIPTS" ]; then
+            echo "⚠️  No shell scripts found in scripts/deployment/"
+            exit 0
+          fi
+
+          echo "📁 Found $(echo "$SCRIPTS" | wc -l) shell script(s):"
+          # shellcheck disable=SC2001
+          echo "$SCRIPTS" | sed 's/^/  • /'
+          echo ""
+
+          # Run shellcheck on all scripts
+          FAILED=0
+          for script in $SCRIPTS; do
+            if ! shellcheck "$script"; then
+              FAILED=1
+            fi
+          done
+
+          exit $FAILED
+
+      - name: Report results
+        if: always()
+        run: |
+          if [ "${{ steps.shellcheck.outcome }}" = "success" ]; then
+            echo "✅ All shell scripts follow best practices"
+          else
+            echo "❌ Shell script issues found"
+            echo "Please fix the issues above"
+            echo "Test locally: shellcheck scripts/deployment/**/*.sh"
+            exit 1
+          fi
