added shellcheck workflow

2025-12-29 16:14:59 +00:00 · 2025-07-15 19:29:20 +01:00
parent a6721ad15f 15af0cb9cd
commit e751eb5e66
4 changed files with 44 additions and 7 deletions
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,30 @@
+name: Shell Script Linter
+
+on:
+  push:
+    branches: [ "main", "test" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  shellcheck:
+    name: Shellcheck
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install ShellCheck
+        run: sudo apt-get update && sudo apt-get install -y shellcheck
+      - name: Run Shellcheck (Show All Issues & Fail on Errors)
+        run: |
+          set -o pipefail
+
+          echo "--- Checking for all warnings and style issues ---"
+          shellcheck -f gcc ./du_setup.sh | while IFS= read -r line; do
+            file=$(echo "$line" | cut -d: -f1)
+            line_no=$(echo "$line" | cut -d: -f2)
+            message=$(echo "$line" | cut -d: -f4-)
+            echo "::warning file=$file,line=$line_no::$message"
+          done || true
+
+          echo "--- Checking for critical errors ---"
+          shellcheck --severity=error ./du_setup.sh
--- a/README.md
+++ b/README.md
@@ -1,6 +1,12 @@
 # Debian & Ubuntu Server Setup & Hardening Script

-**Version:** v0.59
+[![Shell Script Linter](https://github.com/buildplan/du_setup/actions/workflows/lint.yml/badge.svg)](https://github.com/buildplan/du_setup/actions/workflows/lint.yml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Compatibility](https://img.shields.io/badge/Compatibility-Debian%2012%20%7C%20Ubuntu%2022.04%20%2F%2024.04-orange)](https://www.debian.org/)
+[![Shell](https://img.shields.io/badge/Shell-Bash%204.4%2B-green)](https://www.gnu.org/software/bash/)
+[![Type](https://img.shields.io/badge/Type-Setup%20%26%20Hardening-blue)](https://github.com/buildplan/du_setup)
+
+**Version:** v0.60

 **Last Updated:** 2025-07-15

@@ -76,12 +82,12 @@ sha256sum du_setup.sh

 Compare the output hash to the one below. They must match exactly.

-`9f0430e9d930fbdbd0bb5f148a6db1baa0290c14c697e1d56006630f0c3c19ae`
+`882b87ef9b3f21ed2df0b76c395aa9ed8864f8e1dad3b4bee627c9c9e7f301b0`

 Or echo the hash to check, it should output: `du_setup.sh: OK`

 ```
-echo 9f0430e9d930fbdbd0bb5f148a6db1baa0290c14c697e1d56006630f0c3c19ae du_setup.sh | sha256sum --check -
+echo 882b87ef9b3f21ed2df0b76c395aa9ed8864f8e1dad3b4bee627c9c9e7f301b0 du_setup.sh | sha256sum --check -
 ```

 ### 3\. Run the Script
--- a/du_setup.sh
+++ b/du_setup.sh
@@ -1,8 +1,9 @@
 #!/bin/bash

 # Debian 12 and Ubuntu Server Hardening Interactive Script
-# Version: 0.59 | 2025-07-15
+# Version: 0.60 | 2025-07-15
 # Changelog:
+# - v0.60: CI for shellcheck
 # - v0.59: Add a new optional function that applies a set of recommended sysctl security settings to harden the kernel.
 #          Script can now check for update and can run self-update.
 # - v0.58: improved fail2ban to parse ufw logs
@@ -120,7 +121,7 @@ print_header() {
    echo -e "${CYAN}╔═════════════════════════════════════════════════════════════════╗${NC}"
    echo -e "${CYAN}║                                                                 ║${NC}"
    echo -e "${CYAN}║       DEBIAN/UBUNTU SERVER SETUP AND HARDENING SCRIPT           ║${NC}"
-    echo -e "${CYAN}║                      v0.59 | 2025-07-15                         ║${NC}"
+    echo -e "${CYAN}║                      v0.60 | 2025-07-15                         ║${NC}"
    echo -e "${CYAN}║                                                                 ║${NC}"
    echo -e "${CYAN}╚═════════════════════════════════════════════════════════════════╝${NC}"
    echo
@@ -864,7 +865,7 @@ rollback_ssh_changes() {
        SSH_SERVICE="ssh.socket"
        print_info "Detected SSH socket activation: using ssh.socket."
        log "Rollback: Using ssh.socket for SSH service."
-    elif ! systemctl list-units --full -all --no-pager | grep -E "[[:space:]]$SSH_SERVICE[[:space:]]" >/dev/null 2>&1; then
+    elif ! systemctl list-units --full -all --no-pager | grep -E "[[:space:]]${SSH_SERVICE}[[:space:]]" >/dev/null 2>&1; then
        SSH_SERVICE="ssh.service" # Fallback for Ubuntu
        print_warning "SSH service $SSH_SERVICE not found, falling back to ssh.service."
        log "Rollback warning: Using fallback SSH service ssh.service."
--- a/du_setup.sh.sha256
+++ b/du_setup.sh.sha256
@@ -1 +1 @@
-9f0430e9d930fbdbd0bb5f148a6db1baa0290c14c697e1d56006630f0c3c19ae  du_setup.sh
+882b87ef9b3f21ed2df0b76c395aa9ed8864f8e1dad3b4bee627c9c9e7f301b0  du_setup.sh