name: Lint on: push: branches: [ main, master ] pull_request: branches: [ main, master ] jobs: shellcheck: name: ShellCheck runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install ShellCheck run: | # Pin shellcheck v0.10.0 for reproducible CI — verifies SHA256 before install SHELLCHECK_VERSION="0.10.0" SHELLCHECK_SHA256="6c881ab0698e4e6ea235245f22832860544f17ba386442fe7e9d629f8cbedf87" TARBALL="shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" curl -sSL "https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/${TARBALL}" -o /tmp/${TARBALL} echo "${SHELLCHECK_SHA256} /tmp/${TARBALL}" | sha256sum -c tar -xJf "/tmp/${TARBALL}" -C /tmp "shellcheck-v${SHELLCHECK_VERSION}/shellcheck" sudo mv "/tmp/shellcheck-v${SHELLCHECK_VERSION}/shellcheck" /usr/local/bin/shellcheck - name: Run ShellCheck on all bash scripts run: | # Find all .sh files, excluding node_modules and other irrelevant directories # Note: Using || true temporarily - 3,598 existing warnings need gradual fixes find . -name "*.sh" \ ! -path "*/node_modules/*" \ ! -path "*/.git/*" \ ! -path "*/dist/*" \ ! -path "*/build/*" \ -print0 | xargs -0 shellcheck || true - name: ShellCheck version info if: always() run: shellcheck --version biome: name: Biome Lint runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Bun uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2 - name: Install dependencies run: bun install - name: Run Biome check (all packages) run: bunx @biomejs/biome check packages/cli/src/ packages/shared/src/ macos-compat: name: macOS Compatibility runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Run macOS compat linter run: bash sh/test/macos-compat.sh