name: Lint On Scripts
#
# Run ShellCheck on all scripts and generates report as build artefact
#

on:
  workflow_dispatch:
  pull_request:
    types: [opened, reopened, edited, synchronize]

permissions:
  contents: read

jobs:

  Shellcheck:

    name: Shell script analysis
    runs-on: ubuntu-latest
    if: ${{ github.repository_owner == 'Armbian' }}
    steps:

       - name: Checkout repository
         uses: actions/checkout@v4
         with:
           fetch-depth: 2

       - name: Get changed files
         id: changed-files
         uses: tj-actions/changed-files@v39

       - name: List all changed files
         run: |

           # use framework internal mechanism for checking `lib` and `extensions` code  only one file is passed,
           # and source's are followed, thus the whole project is "understood" by shellcheck.
           # For example, when checking individual files, one variable might be thought "unused" because it
           # is only used in another file, which does not happen when done properly.

           bash lib/tools/shellcheck.sh

           ret=0

           for file in ${{ steps.changed-files.outputs.all_changed_files }}; do

               if [[ ! "${file}" =~ lib/|extensions/|.py|.service|.rules|.network|.netdev ]]; then
                   if grep -qE "^#\!/.*bash" $file; then

                       shellcheck --severity=error $file || ret=$?

                   fi
               fi

           done

           exit $ret