Add shellchecking of the shell scripts

.github/scripts/cleanup-ec2.sh

@@ -6,6 +6,7 @@ set -eu
 ENV_FILE=".ec2-session.env"
 if [ -f "$ENV_FILE" ]; then
   echo "Loading environment variables from $ENV_FILE..."
+  # shellcheck disable=SC1090
   source "$ENV_FILE"
 else
   echo "Warning: Environment file $ENV_FILE not found."

.github/scripts/launch-ec2.sh

@@ -13,8 +13,10 @@ if ! aws sts get-caller-identity &>/dev/null; then
   exit 1
 fi
 
+# Used by aws CLI
+${AWS_REGION:?Environment variable AWS_REGION must be set}
+
 # Set variables
-AWS_REGION="us-east-2"
 # TODO document that this key needs to be created
 KEY_NAME="dandihub-gh-actions"
 # TODO create if DNE
@@ -35,7 +37,7 @@ echo "# Auto-generated by launch script on $(date)" >> $ENV_FILE
 
 # Run EC2 instance
 echo "Launching EC2 instance..."
-export INSTANCE_ID=$(aws ec2 run-instances \
+INSTANCE_ID=$(aws ec2 run-instances \
   --image-id $AMI_ID \
   --count 1 \
   --instance-type t3.micro \
@@ -45,6 +47,7 @@ export INSTANCE_ID=$(aws ec2 run-instances \
   --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=dandihub-gh-actions}]" \
   --query 'Instances[0].InstanceId' \
   --output text)
+export INSTANCE_ID
 
 if [ -z "$INSTANCE_ID" ]; then
   echo "Error: Failed to launch EC2 instance."
@@ -59,10 +62,11 @@ aws ec2 wait instance-status-ok --instance-ids "$INSTANCE_ID"
 
 # Allocate Elastic IP
 echo "Allocating Elastic IP..."
-export ALLOC_ID=$(aws ec2 allocate-address \
+ALLOC_ID=$(aws ec2 allocate-address \
   --tag-specifications "ResourceType=elastic-ip,Tags=[{Key=Name,Value=dandihub-gh-actions-eip}]" \
   --query 'AllocationId' \
   --output text)
+export ALLOC_ID
 
 if [ -z "$ALLOC_ID" ]; then
   echo "Error: Failed to allocate Elastic IP."
@@ -73,33 +77,33 @@ echo "export ALLOC_ID=$ALLOC_ID" >> $ENV_FILE
 
 # Associate Elastic IP with instance
 echo "Associating Elastic IP with instance..."
-export EIP_ASSOC=$(aws ec2 associate-address \
+EIP_ASSOC=$(aws ec2 associate-address \
   --instance-id "$INSTANCE_ID" \
   --allocation-id "$ALLOC_ID" \
   --query 'AssociationId' \
   --output text)
+export EIP_ASSOC
 
 if [ -z "$EIP_ASSOC" ]; then
   echo "Error: Failed to associate Elastic IP."
   exit 1
 fi
 
 # Get Elastic IP address
-export PUBLIC_IP=$(aws ec2 describe-addresses \
+PUBLIC_IP=$(aws ec2 describe-addresses \
   --allocation-ids "$ALLOC_ID" \
   --query 'Addresses[0].PublicIp' \
   --output text)
+export PUBLIC_IP
 
 echo "Elastic IP Address: $PUBLIC_IP"
 echo "export PUBLIC_IP=$PUBLIC_IP" >> $ENV_FILE
 
 # Upload scripts to EC2 instance
 echo "Uploading scripts to EC2 instance..."
-scp -i "$EC2_SSH_KEY" -o "StrictHostKeyChecking=no" \
+if scp -i "$EC2_SSH_KEY" -o "StrictHostKeyChecking=no" \
   $LOCAL_SCRIPTS_DIR/calculate-directory-stats.py $LOCAL_SCRIPTS_DIR/create-file-index.py \
-  ec2-user@"$PUBLIC_IP":"$REMOTE_SCRIPTS_DIR/"
-
-if [ $? -eq 0 ]; then
+  ec2-user@"$PUBLIC_IP":"$REMOTE_SCRIPTS_DIR/"; then
   echo "Scripts uploaded successfully to $REMOTE_SCRIPTS_DIR on the instance."
 else
   echo "Error: Failed to upload scripts to the instance."

.github/workflows/shellcheck.yml

@@ -0,0 +1,26 @@
+---
+name: Shellcheck
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  shellcheck:
+    name: Check shell scripts
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install dependencies
+        run: |
+          sudo apt update && sudo apt install -y shellcheck
+      - name: shellcheck
+        run: |
+          git grep -l '^#\( *shellcheck \|!\(/bin/\|/usr/bin/env \)\(sh\|bash\|dash\|ksh\)\)' | xargs shellcheck

.pre-commit-config.yaml

@@ -25,3 +25,8 @@ repos:
     hooks:
       - id: flake8
         args: ['--max-line-length=100']
+
+- repo: https://github.com/koalaman/shellcheck-precommit
+  rev: v0.9.0
+  hooks:
+  - id: shellcheck

cleanup.sh

@@ -1,8 +1,9 @@
+#!/bin/bash
+#
 # Derived from Data On EKS under Apache License 2.0.
 # Source: https://github.com/awslabs/data-on-eks/tree/main/ai-ml/jupyterhub
 # See LICENSE file in the root directory of this source code or at http://www.apache.org/licenses/LICENSE-2.0.html.
 
-#!/bin/bash
 set -o errexit
 set -o pipefail
 
@@ -31,7 +32,7 @@ fi
 echo "Initializing ..."
 terraform init -backend-config="$BACKEND_FILE" -var-file="$VARFILE" || echo "\"terraform init\" failed"
 
-terraform workspace select $ENV
+terraform workspace select "$ENV"
 
 targets=(
   "module.eks_data_addons"
@@ -53,7 +54,7 @@ fi
 
 for ns in $terminating_namespaces; do
     echo "Terminating namespace: $ns"
-    kubectl get namespace $ns -o json | sed 's/"kubernetes"//' | kubectl replace --raw "/api/v1/namespaces/$ns/finalize" -f -
+    kubectl get namespace "$ns" -o json | sed 's/"kubernetes"//' | kubectl replace --raw "/api/v1/namespaces/$ns/finalize" -f -
 done
 
 #-------------------------------------------

install.sh

@@ -18,13 +18,12 @@ source ./scripts/ensure-vars.sh
 
 ENV=$1
 
-./scripts/account-enforcer.sh $ENV
+./scripts/account-enforcer.sh "$ENV"
 
 # TODO preface all env vars
 ENV_DIR="envs/$ENV"
 
 VARFILE="$ENV_DIR/terraform.tfvars"
-BACKEND_FILE="$ENV_DIR/backend.tf"
 
 BASE_CONFIG="envs/shared/jupyterhub.yaml"
 ENV_OVERRIDE="$ENV_DIR/jupyterhub-overrides.yaml"
@@ -38,10 +37,9 @@ if [ ! -d "$ENV_DIR" ]; then
   exit 1
 fi
 
-./scripts/merge_config.py $BASE_CONFIG $ENV_OVERRIDE $OUTPUT
+./scripts/merge_config.py $BASE_CONFIG "$ENV_OVERRIDE" "$OUTPUT"
 
-yamllint -d "{extends: default, rules: {line-length: disable, document-start: disable}}" "$OUTPUT"
-if [ $? -ne 0 ]; then
+if ! yamllint -d "{extends: default, rules: {line-length: disable, document-start: disable}}" "$OUTPUT"; then
   echo "Invalid YAML file: $OUTPUT"
   exit 1
 fi
@@ -62,7 +60,7 @@ fi
 # Initialize Terraform with environment-provided backend configuration
 echo "Initializing $ENV..."
 terraform init -reconfigure -backend-config="$ENV_DIR/s3.tfbackend" -var-file="$VARFILE"
-terraform workspace select -or-create $ENV
+terraform workspace select -or-create "$ENV"
 
 # From here forward, we should continue even if there is a failure
 set +e
@@ -96,7 +94,7 @@ else
 fi
 
 # Set kubeconfig to point kubectl to cluster
-$(terraform output -raw configure_kubectl)
+terraform output -raw configure_kubectl
 
 INGRESS_HOSTNAME=$(kubectl get svc/proxy-public -n jupyterhub --output jsonpath="{.status.loadBalancer.ingress[0].hostname}")
 echo "Jupyterhub is running!"

scripts/account-enforcer.sh

@@ -9,7 +9,7 @@ declare -A ENV_TO_PROFILE=(
 
 if [ $# -ne 1 ]; then
   echo "Usage: $0 <environment>"
-  echo "Environments: ${!ENV_TO_PROFILE[@]}"
+  echo "Environments: ${!ENV_TO_PROFILE[*]}"
   exit 1
 fi
 
@@ -18,7 +18,7 @@ CORRECT=${ENV_TO_PROFILE[$ENV]}
 
 if [ -z "$CORRECT" ]; then
   echo "Error: Invalid environment '$ENV'"
-  echo "Valid environments: ${!ENV_TO_PROFILE[@]}"
+  echo "Valid environments: ${!ENV_TO_PROFILE[*]}"
   exit 1
 fi