Shellcheck Configuration

1---2name: shellcheck-configuration3description: Master ShellCheck static analysis configuration and usage for shell script quality. Use when setting up linting infrastructure, fixing code issues, or ensuring script portability.4---5 6# ShellCheck Configuration and Static Analysis7 8Comprehensive guidance for configuring and using ShellCheck to improve shell script quality, catch common pitfalls, and enforce best practices through static code analysis.9 10## When to Use This Skill11 12- Setting up linting for shell scripts in CI/CD pipelines13- Analyzing existing shell scripts for issues14- Understanding ShellCheck error codes and warnings15- Configuring ShellCheck for specific project requirements16- Integrating ShellCheck into development workflows17- Suppressing false positives and configuring rule sets18- Enforcing consistent code quality standards19- Migrating scripts to meet quality gates20 21## ShellCheck Fundamentals22 23### What is ShellCheck?24 25ShellCheck is a static analysis tool that analyzes shell scripts and detects problematic patterns. It supports:26 27- Bash, sh, dash, ksh, and other POSIX shells28- Over 100 different warnings and errors29- Configuration for target shell and flags30- Integration with editors and CI/CD systems31 32### Installation33 34```bash35# macOS with Homebrew36brew install shellcheck37 38# Ubuntu/Debian39apt-get install shellcheck40 41# From source42git clone https://github.com/koalaman/shellcheck.git43cd shellcheck44make build45make install46 47# Verify installation48shellcheck --version49```50 51## Configuration Files52 53### .shellcheckrc (Project Level)54 55Create `.shellcheckrc` in your project root:56 57```58# Specify target shell59shell=bash60 61# Enable optional checks62enable=avoid-nullary-conditions63enable=require-variable-braces64 65# Disable specific warnings66disable=SC109167disable=SC208668```69 70### Environment Variables71 72```bash73# Set default shell target74export SHELLCHECK_SHELL=bash75 76# Enable strict mode77export SHELLCHECK_STRICT=true78 79# Specify configuration file location80export SHELLCHECK_CONFIG=~/.shellcheckrc81```82 83## Common ShellCheck Error Codes84 85### SC1000-1099: Parser Errors86 87```bash88# SC1004: Backslash continuation not followed by newline89echo hello\90world  # Error - needs line continuation91 92# SC1008: Invalid data for operator `=='93if [[ $var =  "value" ]]; then  # Space before ==94    true95fi96```97 98### SC2000-2099: Shell Issues99 100```bash101# SC2009: Consider using pgrep or pidof instead of grep|grep102ps aux | grep -v grep | grep myprocess  # Use pgrep instead103 104# SC2012: Use `ls` only for viewing. Use `find` for reliable output105for file in $(ls -la)  # Better: use find or globbing106 107# SC2015: Avoid using && and || instead of if-then-else108[[ -f "$file" ]] && echo "found" || echo "not found"  # Less clear109 110# SC2016: Expressions don't expand in single quotes111echo '$VAR'  # Literal $VAR, not variable expansion112 113# SC2026: This word is non-standard. Set POSIXLY_CORRECT114# when using with scripts for other shells115```116 117### SC2100-2199: Quoting Issues118 119```bash120# SC2086: Double quote to prevent globbing and word splitting121for i in $list; do  # Should be: for i in $list or for i in "$list"122    echo "$i"123done124 125# SC2115: Literal tilde in path not expanded. Use $HOME instead126~/.bashrc  # In strings, use "$HOME/.bashrc"127 128# SC2181: Check exit code directly with `if`, not indirectly in a list129some_command130if [ $? -eq 0 ]; then  # Better: if some_command; then131 132# SC2206: Quote to prevent word splitting or set IFS133array=( $items )  # Should use: array=( $items )134```135 136### SC3000-3999: POSIX Compliance Issues137 138```bash139# SC3010: In POSIX sh, use 'case' instead of 'cond && foo'140[[ $var == "value" ]] && do_something  # Not POSIX141 142# SC3043: In POSIX sh, use 'local' is undefined143function my_func() {144    local var=value  # Not POSIX in some shells145}146```147 148## Practical Configuration Examples149 150### Minimal Configuration (Strict POSIX)151 152```bash153#!/bin/bash154# Configure for maximum portability155 156shellcheck \157  --shell=sh \158  --external-sources \159  --check-sourced \160  script.sh161```162 163### Development Configuration (Bash with Relaxed Rules)164 165```bash166#!/bin/bash167# Configure for Bash development168 169shellcheck \170  --shell=bash \171  --exclude=SC1091,SC2119 \172  --enable=all \173  script.sh174```175 176### CI/CD Integration Configuration177 178```bash179#!/bin/bash180set -Eeuo pipefail181 182# Analyze all shell scripts and fail on issues183find . -type f -name "*.sh" | while read -r script; do184    echo "Checking: $script"185    shellcheck \186        --shell=bash \187        --format=gcc \188        --exclude=SC1091 \189        "$script" || exit 1190done191```192 193### .shellcheckrc for Project194 195```196# Shell dialect to analyze against197shell=bash198 199# Enable optional checks200enable=avoid-nullary-conditions,require-variable-braces,check-unassigned-uppercase201 202# Disable specific warnings203# SC1091: Not following sourced files (many false positives)204disable=SC1091205 206# SC2119: Use function_name instead of function_name -- (arguments)207disable=SC2119208 209# External files to source for context210external-sources=true211```212 213## Integration Patterns214 215### Pre-commit Hook Configuration216 217```bash218#!/bin/bash219# .git/hooks/pre-commit220 221#!/bin/bash222set -e223 224# Find all shell scripts changed in this commit225git diff --cached --name-only | grep '\.sh$' | while read -r script; do226    echo "Linting: $script"227 228    if ! shellcheck "$script"; then229        echo "ShellCheck failed on $script"230        exit 1231    fi232done233```234 235### GitHub Actions Workflow236 237```yaml238name: ShellCheck239 240on: [push, pull_request]241 242jobs:243  shellcheck:244    runs-on: ubuntu-latest245 246    steps:247      - uses: actions/checkout@v3248 249      - name: Run ShellCheck250        run: |251          sudo apt-get install shellcheck252          find . -type f -name "*.sh" -exec shellcheck {} \;253```254 255### GitLab CI Pipeline256 257```yaml258shellcheck:259  stage: lint260  image: koalaman/shellcheck-alpine261  script:262    - find . -type f -name "*.sh" -exec shellcheck {} \;263  allow_failure: false264```265 266## Handling ShellCheck Violations267 268### Suppressing Specific Warnings269 270```bash271#!/bin/bash272 273# Disable warning for entire line274# shellcheck disable=SC2086275for file in $(ls -la); do276    echo "$file"277done278 279# Disable for entire script280# shellcheck disable=SC1091,SC2119281 282# Disable multiple warnings (format varies)283command_that_fails() {284    # shellcheck disable=SC2015285    [ -f "$1" ] && echo "found" || echo "not found"286}287 288# Disable specific check for source directive289# shellcheck source=./helper.sh290source helper.sh291```292 293### Common Violations and Fixes294 295#### SC2086: Double quote to prevent word splitting296 297```bash298# Problem299for i in $list; do done300 301# Solution302for i in $list; do done  # If $list is already quoted, or303for i in "${list[@]}"; do done  # If list is an array304```305 306#### SC2181: Check exit code directly307 308```bash309# Problem310some_command311if [ $? -eq 0 ]; then312    echo "success"313fi314 315# Solution316if some_command; then317    echo "success"318fi319```320 321#### SC2015: Use if-then instead of && ||322 323```bash324# Problem325[ -f "$file" ] && echo "exists" || echo "not found"326 327# Solution - clearer intent328if [ -f "$file" ]; then329    echo "exists"330else331    echo "not found"332fi333```334 335#### SC2016: Expressions don't expand in single quotes336 337```bash338# Problem339echo 'Variable value: $VAR'340 341# Solution342echo "Variable value: $VAR"343```344 345#### SC2009: Use pgrep instead of grep346 347```bash348# Problem349ps aux | grep -v grep | grep myprocess350 351# Solution352pgrep -f myprocess353```354 355## Performance Optimization356 357### Checking Multiple Files358 359```bash360#!/bin/bash361 362# Sequential checking363for script in *.sh; do364    shellcheck "$script"365done366 367# Parallel checking (faster)368find . -name "*.sh" -print0 | \369    xargs -0 -P 4 -n 1 shellcheck370```371 372### Caching Results373 374```bash375#!/bin/bash376 377CACHE_DIR=".shellcheck_cache"378mkdir -p "$CACHE_DIR"379 380check_script() {381    local script="$1"382    local hash383    local cache_file384 385    hash=$(sha256sum "$script" | cut -d' ' -f1)386    cache_file="$CACHE_DIR/$hash"387 388    if [[ ! -f "$cache_file" ]]; then389        if shellcheck "$script" > "$cache_file" 2>&1; then390            touch "$cache_file.ok"391        else392            return 1393        fi394    fi395 396    [[ -f "$cache_file.ok" ]]397}398 399find . -name "*.sh" | while read -r script; do400    check_script "$script" || exit 1401done402```403 404## Output Formats405 406### Default Format407 408```bash409shellcheck script.sh410 411# Output:412# script.sh:1:3: warning: foo is referenced but not assigned. [SC2154]413```414 415### GCC Format (for CI/CD)416 417```bash418shellcheck --format=gcc script.sh419 420# Output:421# script.sh:1:3: warning: foo is referenced but not assigned.422```423 424### JSON Format (for parsing)425 426```bash427shellcheck --format=json script.sh428 429# Output:430# [{"file": "script.sh", "line": 1, "column": 3, "level": "warning", "code": 2154, "message": "..."}]431```432 433### Quiet Format434 435```bash436shellcheck --format=quiet script.sh437 438# Returns non-zero if issues found, no output otherwise439```440 441## Best Practices442 4431. **Run ShellCheck in CI/CD** - Catch issues before merging4442. **Configure for your target shell** - Don't analyze bash as sh4453. **Document exclusions** - Explain why violations are suppressed4464. **Address violations** - Don't just disable warnings4475. **Enable strict mode** - Use `--enable=all` with careful exclusions4486. **Update regularly** - Keep ShellCheck current for new checks4497. **Use pre-commit hooks** - Catch issues locally before pushing4508. **Integrate with editors** - Get real-time feedback during development