Output of shellcheck is empty
Opened this issue · 8 comments
which versions are you using
SonarQube: serverVersion=8.5.1.38104
shellcheck-plugin: sonar-shellcheck-plugin-2.3.0.jar
sonar-scanner-cli (docker-image)=4.50
what are you trying to achieve
checking a shell file and make the results visible in sonarqube server project
what have you tried so far to achieve this
running the sonar-scanner-cli traces the following output
sonarscanner_1 | 12:57:16.871 DEBUG: Executing command: [shellcheck, -x, -f, json, /usr/src/<file.sh>]
sonarscanner_1 | 12:57:18.197 DEBUG: Output from shellcheck:
sonarscanner_1 | 12:57:18.200 INFO: Sensor ShellCheck Sensor [shellcheck] (done) | time=1331ms
and i dont see any infos in the project view in sonar server
running shellcheck -f json <file.sh> traces lots of warns, errors
thx a lot
Hello,
Thanks for reporting the issue. You are lucky, I was going to release a new version of the plugin so if it is confirmed I'll embed the fix for this issue in the next release.
Anyway, I have not tried yet the sonar scanner image, I'll try that. However, some of my integration tests run against SQ 8.5 with the scanner 4.5.0.2216 and they pass, so that's strange. I can see 2 possibilities:
- You run a version of Shellcheck that I did not test (my integration tests use the latest version available for the OS of the SQ container; with SQ 8.5 this is 0.7.0, which is not the latest version but almost). So @d3vopz-net can you give the version of Shellcheck you are using, please?
- I run Shellcheck with the
-xoption. By experience I know that using-xleads to getting far less issues than running Shellcheck without it. However I use this flag because again by experience running shellcheck without-xagainst numerous scripts without knowing how they fit all together leads to many false positive errors. So @d3vopz-net can you try to run manually shellcheck with this option and tell me if you think that some issues are really missing?
At the moment, the fix I can see would be to add a plugin parameter to enable or disable the -x option: you would run Shellcheck without -x and then consider using the project exclusion settings (Project General Settings > Analysis Scope) to exclude the Shell scripts that would cause the plugin to report too many errors.
Hi sbaudoin
Im using the latest docker container
https://hub.docker.com/r/sonarsource/sonar-scanner-cli
its source is
https://github.com/SonarSource/sonar-scanner-cli-docker
In the Dockerfile shellcheck is installed
apk add --no-cache git python3 bash shellcheck
If i run the current image with
docker run -it sonarsource/sonar-scanner-cli /bin/bash
and la voila
shellcheck --version
ShellCheck - shell script analysis tool
version: 0.7.0
license: GNU General Public License, version 3
website: https://www.shellcheck.net
thx a lot
Thanks for the details. What happens if you run manually shellcheck on the files of your project with the -x option?
I'm also interested in an archive containing some scripts so that I can reproduce and study this issue, please.
Hi,
I don't want to create duplicate, but I have exactly the same issue.
During sonar scanner analysis output from one file is empty, while executing shellcheck on this file returns plenty of errors.
Whats strange I have a lot of *.sh files to scan(100+), and only this one shows empty result, not to mistake with "[]" result.
some output
13:44:29.490 DEBUG: Analyzing file: <always_the_same_file>
13:44:29.490 DEBUG: Executing command: [shellcheck, -x, -f, json, <always_the_same_file>]
13:44:30.779 DEBUG: Output from shellcheck:
13:44:30.782 DEBUG: '<always_the_same_file>' generated metadata with charset 'UTF-8'
13:44:30.792 DEBUG: Analyzing file:
13:44:30.792 DEBUG: Executing command: [shellcheck, -x, -f, json, ]
13:44:31.059 DEBUG: Output from shellcheck:
13:44:31.059 DEBUG: []
13:44:31.059 DEBUG: Count lines in
13:44:31.059 DEBUG: '' generated metadata with charset 'UTF-8'
13:44:31.063 DEBUG: Analyzing file:
13:44:31.063 DEBUG: Executing command: [shellcheck, -x, -f, json, ]
13:44:31.265 DEBUG: Output from shellcheck:
13:44:31.265 DEBUG: [{some output here}]
13:44:31.266 DEBUG: '' generated metadata with charset 'UTF-8'
13:44:31.266 DEBUG: Issue SC1090 saved for
13:44:31.266 DEBUG: Count lines in
while /opt/shellcheck-v0.7.1/shellcheck-v0.7.1/shellcheck -x -f json <always_the_same_file> produces proper output
which versions are you using
SonarQube: serverVersion: 7.9.4.35981
sonar-scanner-cli: 4.3.0.2102
shellcheck-plugin: v2.4.0
shellcheck: v0.7.1 and v0.7.2 (tested on both, had same results)
what are you trying to achieve
I want to scan all the *.sh files
what have you tried so far to achieve this
Tried different version of shellcheck v0.7.2 with the same result.
@1Fabian1 if that's not too late, is it possible to get the file in question, please? If that's always the same file that gets ignored, it certainly contains a "problem". I would need it to reproduce the issue, because so far I cannot understand what's wrong.
Hi @sbaudoin
Unfortunately I cannot share mentioned file with You. As I couldn't affect anything I left it as it was (file wasn't scanned), I checked how does it behave now and I have issues from this file on sonarqube gui, so it looks like it works. I changed few things since last time but I can't remind myself what it was, for sure shellcheck have the same version.
Regards,
Fabian
Hello,
So should we close this issue?