Over a million developers have joined DZone.

Challenge Your Shell Scripts Using ShellCheck

DZone's Guide to

Challenge Your Shell Scripts Using ShellCheck

It's exactly what it sounds like: a tool to check if you're actually a shell script master.

· DevOps Zone
Free Resource

How to Set Up Continuous Integration Pipelines with Drone on Ubuntu 16.04. Get the DigitalOcean detailed tutorial.

Bash scripting is a must-have skill for DevOps. I used to be very very confident at bash. But when I first tried ShellCheck, I realized that I'm just too proud and arrogant.

ShellCheck is a powerful code analysis tool for bash scripts. Like Pylint for Python or Rubocop for Ruby. Give it a try! You'll get surprised.


Permanent link: http://dennyzhang.com/shellcheck

ShellCheck helps to identify a lot of potential issues in your bash scripts. For example, here is one common mistake which ShellCheck caught for me. Most original code will work. However if we feed $dir with a value like "Denny Documents", it hurts. Sometime the bad code may incur very severe damage!

# Before:
rm -rf $dir

# After:
rm -rf "$dir"

More Bad Code Examples


ShellCheck is very easy to install and use. It is built and packaged using Cabal. We can install by apt-get/yum. Or use cabal-install directly like below.

# Install ShellCheck
sudo apt-get install -y cabal-install
sudo cabal update
sudo cabal install shellcheck
ln -s /root/.cabal/bin/shellcheck /usr/sbin/shellcheck

# Example: Run check for bash scripts
sudo shellcheck my_script.sh

By default, ShellCheck enforces hundreds of rules. Each rule has a dedicated wiki page, which explains the purpose and improvement suggestion clearly. For example, wiki for Rule SC1000: https://github...shellcheck/wiki/SC1000. I'm sure you can easily guess the wiki link of other rules.

Skip some ShellCheck rules which don't fit your projects. For your reference, here are the rules I used to skip.

# Run test excluding certain rules
sudo shellcheck -e $EXCLUDE_CODE_LIST $file

# Run test against all scripts under a folder
find . -name "*.sh" | xargs sudo \
    shellcheck -e $EXCLUDE_CODE_LIST $file

Enforce Daily Bash Code Check by Jenkins. Enforcing code quality checks in your daily CI definitely helps.


More Reading: Avoid Blind Wait In DevOps Code

We did the research and have the tutorials on how to install the top CI/CD tools. See how Jenkins, Gitlab CI, Buildbot, Drone and Concourse compare.

devops ,bash ,jenkins ,quality code

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}