Background
PR #21127 added actionlint, zizmor, and shellcheck to the lint job. actionlint also runs shellcheck internally on run: blocks inside workflow YAML files. The repo's QA workflows have many pre-existing shellcheck warnings, so the integration was disabled in that PR to unblock landing. This issue tracks the follow-up cleanup.
What to do
- Fix all
warning-level shellcheck findings in the workflow inline scripts listed below.
- Remove the
-shellcheck '' flag from the actionlint step in .github/workflows/lint.yml to re-enable inline script checking.
info and style findings (e.g. SC2086 quoting style, SC2129 redirect grouping) do not need to be fixed — they are purely stylistic and would need a separate decision.
Warning-level findings to fix
These are real bugs that can cause incorrect behavior:
| File |
Line |
Code |
Issue |
ci-cd-main-branch-docker-images.yml |
37 |
SC2046 |
Unquoted $(...) in rm -rf — can glob/split |
ci-cd-main-branch-docker-images.yml |
37 |
SC2115 |
Missing ${var:?} guard on path used in rm -rf |
ci-cd-main-branch-docker-images.yml |
55 |
SC2155 |
local x=$(cmd) masks command exit code |
ci-cd-main-branch-docker-images.yml |
113 |
SC2046 |
Unquoted $(...) |
ci-cd-main-branch-docker-images.yml |
148 |
SC2089/SC2090 |
Quoted string stored in variable then re-expanded — use array |
ci-cd-main-branch-docker-images.yml |
148 |
SC1083 |
Literal { / } — likely missing ; or newline |
docker-image-remove.yml |
33 |
SC1083 |
Literal { / } in expression |
qa-clean-exit-block-downloading.yml |
82 |
SC2046 |
Unquoted $(...) |
qa-clean-exit-snapshot-downloading.yml |
95 |
SC2046 |
Unquoted $(...) |
qa-constrained-tip-tracking.yml |
141 |
SC2046 |
Unquoted $(...) |
qa-rpc-integration-tests-clients.yml |
43 |
SC2034 |
Loop variable i assigned but never read |
qa-rpc-integration-tests-gnosis.yml |
153 |
SC2046 |
Unquoted $(...) |
qa-rpc-integration-tests-latest.yml |
233 |
SC2046 |
Unquoted $(...) |
qa-rpc-integration-tests-polygon.yml |
93 |
SC2034 |
Loop variable i assigned but never read |
qa-rpc-integration-tests-polygon.yml |
175 |
SC2046 |
Unquoted $(...) |
qa-rpc-integration-tests-remote.yml |
129 |
SC2034 |
Loop variable i unused |
qa-rpc-integration-tests-remote.yml |
250 |
SC2046 |
Unquoted $(...) |
qa-rpc-integration-tests.yml |
154 |
SC2046 |
Unquoted $(...) |
qa-rpc-performance-comparison-tests.yml |
209 |
SC2034 |
Loop variable i unused |
qa-rpc-performance-comparison-tests.yml |
242 |
SC2188 |
Redirection without a command |
qa-rpc-performance-tests.yml |
207 |
SC2034 |
Loop variable i unused |
qa-snap-download.yml |
84 |
SC2046 |
Unquoted $(...) |
qa-stage-exec.yml |
107 |
SC2046 |
Unquoted $(...) |
qa-sync-from-scratch-minimal-node.yml |
87 |
SC2046 |
Unquoted $(...) |
qa-sync-from-scratch.yml |
112, 193 |
SC2046 |
Unquoted $(...) |
qa-sync-with-externalcl.yml |
104 |
SC2046 |
Unquoted $(...) |
qa-tip-tracking-gnosis.yml |
144 |
SC2046 |
Unquoted $(...) |
qa-tip-tracking.yml |
144 |
SC2046 |
Unquoted $(...) |
qa-txpool-performance-test.yml |
252, 264 |
SC2046 |
Unquoted $(...) (6 instances) |
release.yml |
226, 257, 387 |
SC2046 |
Unquoted $(...) (7 instances) |
test-hive-eest.yml |
72, 240 |
SC2046 |
Unquoted $(...) (5 instances) |
Re-enabling
Once fixed, remove the -shellcheck '' flag from the actionlint step in .github/workflows/lint.yml:
# Before (disabled):
run: actionlint -shellcheck '' --ignore '"workspace" is not defined in object type'
# After (re-enabled):
run: actionlint --ignore '"workspace" is not defined in object type'
Background
PR #21127 added actionlint, zizmor, and shellcheck to the lint job. actionlint also runs shellcheck internally on
run:blocks inside workflow YAML files. The repo's QA workflows have many pre-existing shellcheck warnings, so the integration was disabled in that PR to unblock landing. This issue tracks the follow-up cleanup.What to do
warning-level shellcheck findings in the workflow inline scripts listed below.-shellcheck ''flag from theactionlintstep in.github/workflows/lint.ymlto re-enable inline script checking.infoandstylefindings (e.g. SC2086 quoting style, SC2129 redirect grouping) do not need to be fixed — they are purely stylistic and would need a separate decision.Warning-level findings to fix
These are real bugs that can cause incorrect behavior:
ci-cd-main-branch-docker-images.yml$(...)inrm -rf— can glob/splitci-cd-main-branch-docker-images.yml${var:?}guard on path used inrm -rfci-cd-main-branch-docker-images.ymllocal x=$(cmd)masks command exit codeci-cd-main-branch-docker-images.yml$(...)ci-cd-main-branch-docker-images.ymlci-cd-main-branch-docker-images.yml{/}— likely missing;or newlinedocker-image-remove.yml{/}in expressionqa-clean-exit-block-downloading.yml$(...)qa-clean-exit-snapshot-downloading.yml$(...)qa-constrained-tip-tracking.yml$(...)qa-rpc-integration-tests-clients.ymliassigned but never readqa-rpc-integration-tests-gnosis.yml$(...)qa-rpc-integration-tests-latest.yml$(...)qa-rpc-integration-tests-polygon.ymliassigned but never readqa-rpc-integration-tests-polygon.yml$(...)qa-rpc-integration-tests-remote.ymliunusedqa-rpc-integration-tests-remote.yml$(...)qa-rpc-integration-tests.yml$(...)qa-rpc-performance-comparison-tests.ymliunusedqa-rpc-performance-comparison-tests.ymlqa-rpc-performance-tests.ymliunusedqa-snap-download.yml$(...)qa-stage-exec.yml$(...)qa-sync-from-scratch-minimal-node.yml$(...)qa-sync-from-scratch.yml$(...)qa-sync-with-externalcl.yml$(...)qa-tip-tracking-gnosis.yml$(...)qa-tip-tracking.yml$(...)qa-txpool-performance-test.yml$(...)(6 instances)release.yml$(...)(7 instances)test-hive-eest.yml$(...)(5 instances)Re-enabling
Once fixed, remove the
-shellcheck ''flag from theactionlintstep in.github/workflows/lint.yml: