From 99353def1ceffe001dcf5e3c8aa9702be3c3d1eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kasper=20Sj=C3=B8rslev?= Date: Fri, 13 Mar 2026 09:40:56 +0000 Subject: [PATCH 1/7] Add install script ShellCheck to CI/CD --- .github/workflows/install-script-check.yml | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/workflows/install-script-check.yml diff --git a/.github/workflows/install-script-check.yml b/.github/workflows/install-script-check.yml new file mode 100644 index 00000000000..159be5ce595 --- /dev/null +++ b/.github/workflows/install-script-check.yml @@ -0,0 +1,23 @@ +name: Check install script + +on: + pull_request: + paths: + - 'scripts/install.sh' + +jobs: + shellcheck: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Run ShellCheck on install script + uses: ludeeus/action-shellcheck@2.0.0 + env: + SHELLCHECK_OPTS: --shell=dash + with: + ignore_paths: | + * + additional_files: script/install.sh From 5c9bf1044cd32180151e9d299d58d01ea0dfdaeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kasper=20Sj=C3=B8rslev?= Date: Fri, 13 Mar 2026 09:42:45 +0000 Subject: [PATCH 2/7] Add missing double quotes to install script --- scripts/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install.sh b/scripts/install.sh index 8174693f932..8ef375cf7f7 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -73,7 +73,7 @@ downloadBinary() { fi printf "Downloading binary: %s\n" "$BINARY_URL" - curl --location ${CURL_PROGRESS} "${BINARY_URL}" --output rill_${PLATFORM}.zip + curl --location "${CURL_PROGRESS}" "${BINARY_URL}" --output rill_${PLATFORM}.zip printf "\nDownloading checksum: %s\n" "$CHECKSUM_URL" curl --location ${CURL_PROGRESS} "${CHECKSUM_URL}" --output checksums.txt From 40b7a631b0910f814ca8cbed53f3643787a10b8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kasper=20Sj=C3=B8rslev?= Date: Fri, 13 Mar 2026 09:46:41 +0000 Subject: [PATCH 3/7] Fix typo in script path --- .github/workflows/install-script-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/install-script-check.yml b/.github/workflows/install-script-check.yml index 159be5ce595..f6e8f6eb0c7 100644 --- a/.github/workflows/install-script-check.yml +++ b/.github/workflows/install-script-check.yml @@ -20,4 +20,4 @@ jobs: with: ignore_paths: | * - additional_files: script/install.sh + additional_files: scripts/install.sh From e2428cda2fc723297a2eb56bf414cffd34dff4eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kasper=20Sj=C3=B8rslev?= Date: Fri, 13 Mar 2026 10:06:15 +0000 Subject: [PATCH 4/7] Change to install and use ShellCheck directly --- .github/workflows/install-script-check.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/install-script-check.yml b/.github/workflows/install-script-check.yml index f6e8f6eb0c7..00a3bcc319f 100644 --- a/.github/workflows/install-script-check.yml +++ b/.github/workflows/install-script-check.yml @@ -13,11 +13,9 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Install ShellCheck + run: sudo apt-get update && sudo apt-get install -y shellcheck + - name: Run ShellCheck on install script - uses: ludeeus/action-shellcheck@2.0.0 - env: - SHELLCHECK_OPTS: --shell=dash - with: - ignore_paths: | - * - additional_files: scripts/install.sh + run: | + shellcheck --shell=dash scripts/install.sh \ No newline at end of file From 3c4b04f14ea81a406a40da86e0e8089f2a22f07d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kasper=20Sj=C3=B8rslev?= Date: Fri, 13 Mar 2026 10:07:49 +0000 Subject: [PATCH 5/7] Add missing double quotes to install script --- scripts/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install.sh b/scripts/install.sh index 8ef375cf7f7..5cb27a11708 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -76,7 +76,7 @@ downloadBinary() { curl --location "${CURL_PROGRESS}" "${BINARY_URL}" --output rill_${PLATFORM}.zip printf "\nDownloading checksum: %s\n" "$CHECKSUM_URL" - curl --location ${CURL_PROGRESS} "${CHECKSUM_URL}" --output checksums.txt + curl --location "${CURL_PROGRESS}" "${CHECKSUM_URL}" --output checksums.txt printf "\nVerifying the SHA256 checksum of the downloaded binary:\n" ${sha256_verify} checksums.txt From ac8a8985be84acdcf4a7e766ae866d5d5d16632c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kasper=20Sj=C3=B8rslev?= Date: Fri, 13 Mar 2026 10:08:32 +0000 Subject: [PATCH 6/7] Fix format --- .github/workflows/install-script-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/install-script-check.yml b/.github/workflows/install-script-check.yml index 00a3bcc319f..06409d8facf 100644 --- a/.github/workflows/install-script-check.yml +++ b/.github/workflows/install-script-check.yml @@ -18,4 +18,4 @@ jobs: - name: Run ShellCheck on install script run: | - shellcheck --shell=dash scripts/install.sh \ No newline at end of file + shellcheck --shell=dash scripts/install.sh From 40caed30a3d6d6b5dbf7c9ca958037da8c6ba62a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kasper=20Sj=C3=B8rslev?= Date: Fri, 13 Mar 2026 10:45:53 +0000 Subject: [PATCH 7/7] Remove unsafe variable expansion --- scripts/install.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/install.sh b/scripts/install.sh index 5cb27a11708..2ae400d2d43 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -67,16 +67,16 @@ downloadBinary() { CHECKSUM_URL="https://${CDN}/rill/${VERSION}/checksums.txt" if [ "$NON_INTERACTIVE" = "true" ]; then - CURL_PROGRESS="--silent --show-error" + set -- "--silent" "--show-error" else - CURL_PROGRESS="--progress-bar" + set -- "--progress-bar" fi printf "Downloading binary: %s\n" "$BINARY_URL" - curl --location "${CURL_PROGRESS}" "${BINARY_URL}" --output rill_${PLATFORM}.zip + curl --location "$@" "${BINARY_URL}" --output rill_${PLATFORM}.zip printf "\nDownloading checksum: %s\n" "$CHECKSUM_URL" - curl --location "${CURL_PROGRESS}" "${CHECKSUM_URL}" --output checksums.txt + curl --location "$@" "${CHECKSUM_URL}" --output checksums.txt printf "\nVerifying the SHA256 checksum of the downloaded binary:\n" ${sha256_verify} checksums.txt