Update scripts & shellcheck validation

.github/workflows/validate.yml

@@ -10,14 +10,17 @@ env:
   JAVA_VERSION: '21'
   JAVA_DISTRO: 'oracle'
   HELIDON_PIPELINES: 'true'
-  MAVEN_HTTP_ARGS: '-Dmaven.wagon.httpconnectionManager.ttlSeconds=60 -Dmaven.wagon.http.retryHandler.count=3'
+  MAVEN_ARGS: |
+    -B -fae -e
+    -Dmaven.wagon.httpconnectionManager.ttlSeconds=60
+    -Dmaven.wagon.http.retryHandler.count=3
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
-  primebuild:
+  prime-build:
     timeout-minutes: 30
     runs-on: ubuntu-20.04
     steps:
@@ -34,15 +37,15 @@ jobs:
         run: |
           mkdir -p ~/.m2/repository/io/helidon/
           echo "empty file" > ~/.m2/repository/io/helidon/empty.txt
-          etc/scripts/primebuild.sh
+          etc/scripts/prime-build.sh
       - name: Upload Maven Artifacts
         uses: actions/upload-artifact@v4
         with:
           name: io-helidon-maven-artifacts
           path: ~/.m2/repository/io/helidon
           retention-days: 1
   copyright:
-    needs: primebuild
+    needs: prime-build
     timeout-minutes: 10
     runs-on: ubuntu-20.04
     steps:
@@ -58,7 +61,7 @@ jobs:
       - name: Copyright
         run: etc/scripts/copyright.sh
   checkstyle:
-    needs: primebuild
+    needs: prime-build
     timeout-minutes: 10
     runs-on: ubuntu-20.04
     steps:
@@ -76,8 +79,17 @@ jobs:
           cache: maven
       - name: Checkstyle
         run: etc/scripts/checkstyle.sh
+  shellcheck:
+    timeout-minutes: 5
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+      - name: ShellCheck
+        run: etc/scripts/shellcheck.sh
   spotbugs:
-    needs: primebuild
+    needs: prime-build
     timeout-minutes: 10
     runs-on: ubuntu-20.04
     steps:
@@ -96,7 +108,7 @@ jobs:
       - name: Spotbugs
         run: etc/scripts/spotbugs.sh
   build:
-    needs: primebuild
+    needs: prime-build
     timeout-minutes: 20
     strategy:
       matrix:
@@ -119,4 +131,3 @@ jobs:
           cache: maven
       - name: Maven build
         run: etc/scripts/build.sh
-

etc/scripts/RELEASE.md

@@ -2,7 +2,7 @@
 # Releasing Helidon Examples
 
 These are the steps for doing a release of Helidon Examples. These steps
-will use release 4.0.0 in examples. Of course you are not releasing
+will use release 4.0.0 in examples. Of course, you are not releasing
 4.0.0, so make sure to change that release number to your release
 number when copy/pasting.
 
@@ -18,7 +18,7 @@ creates a release tag and updates the corresponding helidon-X.X branch.
 Here is the overall procedure:
 
 1. Create a local release branch from the corresponding dev branch.
-2. Update the version of Helidon consumed by the examples. Typically this will be
+2. Update the version of Helidon consumed by the examples. Typically, this will be
    needed as the dev branch poms reference a snapshot version of Helidon.
 3. Push release branch to upstream, release workflow runs
 4. Verify tag and branch update performed by workflow by pulling the branch and tag and 
@@ -42,7 +42,7 @@ export VERSION="4.0.0"
 
 2. Update Helidon version used by examples. This should be a released version of Helidon
    ```shell
-   etc/scripts/updatehelidonversion.sh ${VERSION}
+   etc/scripts/update-version.sh ${VERSION}
    ```
 3. Commit and Push local release branch to upstream to trigger release workflow. 
    ```shell
@@ -60,8 +60,8 @@ export VERSION="4.0.0"
    git rebase origin/helidon-4.x
    git log # Make sure it is what it should be
    mvn clean install
-   # Checkout and veriy tag
-   git checkout tags/${VERISON}
+   # Checkout and verify tag
+   git checkout tags/${VERSION}
    git log # Make sure it is what it should be
    mvn clean install
    ```

etc/scripts/build.sh

@@ -1,4 +1,4 @@
-#!/bin/bash -e
+#!/bin/bash
 #
 # Copyright (c) 2022, 2024 Oracle and/or its affiliates.
 #
@@ -15,25 +15,37 @@
 # limitations under the License.
 #
 
-# Path to this script
-[ -h "${0}" ] && readonly SCRIPT_PATH="$(readlink "${0}")" || readonly SCRIPT_PATH="${0}"
+set -o pipefail || true  # trace ERR through pipes
+set -o errtrace || true # trace ERR through commands and functions
+set -o errexit || true  # exit the script if any statement returns a non-true return value
 
-# Load pipeline environment setup and define WS_DIR
-. $(dirname -- "${SCRIPT_PATH}")/includes/pipeline-env.sh "${SCRIPT_PATH}" '../..'
+on_error(){
+    CODE="${?}" && \
+    set +x && \
+    printf "[ERROR] Error(code=%s) occurred at %s:%s command: %s\n" \
+        "${CODE}" "${BASH_SOURCE[0]}" "${LINENO}" "${BASH_COMMAND}"
+}
+trap on_error ERR
 
-# Setup error handling using default settings (defined in includes/error_handlers.sh)
-error_trap_setup
+# Path to this script
+if [ -h "${0}" ] ; then
+    SCRIPT_PATH="$(readlink "${0}")"
+else
+    # shellcheck disable=SC155
+    SCRIPT_PATH="${0}"
+fi
+readonly SCRIPT_PATH
 
-readonly SCRIPT_DIR=$(dirname ${SCRIPT_PATH})
+# Path to the root of the workspace
+# shellcheck disable=SC2046
+WS_DIR=$(cd $(dirname -- "${SCRIPT_PATH}") ; cd ../.. ; pwd -P)
+readonly WS_DIR
 
+# shellcheck disable=SC2086
 mvn ${MAVEN_ARGS} --version
 
-# Do priming build to populate local maven cache with Helidon SNAPSHOT artifacts
-# Handled by workflow
-#${SCRIPT_DIR}/primebuild.sh
-
-# Build this repository
-echo "Build..."
-mvn ${MAVEN_ARGS} -f ${WS_DIR}/pom.xml \
-    clean install -e \
-    -Dmaven.test.failure.ignore=true
+# shellcheck disable=SC2086
+mvn ${MAVEN_ARGS} \
+    -f "${WS_DIR}"/pom.xml \
+    -Dmaven.test.failure.ignore=true \
+    clean install

etc/scripts/checkstyle.sh

@@ -1,6 +1,6 @@
-#!/bin/bash -e
+#!/bin/bash
 #
-# Copyright (c) 2018, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,26 +15,49 @@
 # limitations under the License.
 #
 
+set -o pipefail || true  # trace ERR through pipes
+set -o errtrace || true # trace ERR through commands and functions
+set -o errexit || true  # exit the script if any statement returns a non-true return value
+
+on_error(){
+    CODE="${?}" && \
+    set +x && \
+    printf "[ERROR] Error(code=%s) occurred at %s:%s command: %s\n" \
+        "${CODE}" "${BASH_SOURCE[0]}" "${LINENO}" "${BASH_COMMAND}"
+}
+trap on_error ERR
+
 # Path to this script
-[ -h "${0}" ] && readonly SCRIPT_PATH="$(readlink "${0}")" || readonly SCRIPT_PATH="${0}"
+if [ -h "${0}" ] ; then
+    SCRIPT_PATH="$(readlink "${0}")"
+else
+    # shellcheck disable=SC155
+    SCRIPT_PATH="${0}"
+fi
+readonly SCRIPT_PATH
 
-# Load pipeline environment setup and define WS_DIR
-. $(dirname -- "${SCRIPT_PATH}")/includes/pipeline-env.sh "${SCRIPT_PATH}" '../..'
+# Path to the root of the workspace
+# shellcheck disable=SC2046
+WS_DIR=$(cd $(dirname -- "${SCRIPT_PATH}") ; cd ../.. ; pwd -P)
+readonly WS_DIR
 
-# Setup error handling using default settings (defined in includes/error_handlers.sh)
-error_trap_setup
+LOG_FILE=$(mktemp -t XXXcheckstyle-log)
+readonly LOG_FILE
 
-readonly LOG_FILE=$(mktemp -t XXXcheckstyle-log)
+RESULT_FILE=$(mktemp -t XXXcheckstyle-result)
+readonly  RESULT_FILE
 
-readonly RESULT_FILE=$(mktemp -t XXXcheckstyle-result)
+die(){ echo "${1}" ; exit 1 ;}
 
-die() { echo "${1}" ; exit 1 ;}
+# Remove cache
+rm -f "${WS_DIR}"/target/checkstyle-*
 
+# shellcheck disable=SC2086
 mvn ${MAVEN_ARGS} checkstyle:checkstyle-aggregate \
-    -f ${WS_DIR}/pom.xml \
+    -f "${WS_DIR}"/pom.xml \
     -Dcheckstyle.output.format="plain" \
     -Dcheckstyle.output.file="${RESULT_FILE}" \
-     > ${LOG_FILE} 2>&1 || (cat ${LOG_FILE} ; exit 1)
+    > ${LOG_FILE} 2>&1 || (cat ${LOG_FILE} ; exit 1)
 
-grep "^\[ERROR\]" ${RESULT_FILE} \
+grep "^\[ERROR\]" "${RESULT_FILE}" \
     && die "CHECKSTYLE ERROR" || echo "CHECKSTYLE OK"

etc/scripts/copyright.sh

@@ -1,6 +1,6 @@
-#!/bin/bash -e
+#!/bin/bash
 #
-# Copyright (c) 2018, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -15,29 +15,47 @@
 # limitations under the License.
 #
 
-# Path to this script
-[ -h "${0}" ] && readonly SCRIPT_PATH="$(readlink "${0}")" || readonly SCRIPT_PATH="${0}"
+set -o pipefail || true  # trace ERR through pipes
+set -o errtrace || true # trace ERR through commands and functions
+set -o errexit || true  # exit the script if any statement returns a non-true return value
+
+on_error(){
+    CODE="${?}" && \
+    set +x && \
+    printf "[ERROR] Error(code=%s) occurred at %s:%s command: %s\n" \
+        "${CODE}" "${BASH_SOURCE[0]}" "${LINENO}" "${BASH_COMMAND}"
+}
+trap on_error ERR
 
-# Load pipeline environment setup and define WS_DIR
-. $(dirname -- "${SCRIPT_PATH}")/includes/pipeline-env.sh "${SCRIPT_PATH}" '../..'
+# Path to this script
+if [ -h "${0}" ] ; then
+    SCRIPT_PATH="$(readlink "${0}")"
+else
+    SCRIPT_PATH="${0}"
+fi
+readonly SCRIPT_PATH
 
-# Setup error handling using default settings (defined in includes/error_handlers.sh)
-error_trap_setup
+# Path to the root of the workspace
+# shellcheck disable=SC2046
+WS_DIR=$(cd $(dirname -- "${SCRIPT_PATH}") ; cd ../.. ; pwd -P)
+readonly WS_DIR
 
-readonly LOG_FILE=$(mktemp -t XXXcopyright-log)
+LOG_FILE=$(mktemp -t XXXcopyright-log)
+readonly LOG_FILE
 
-readonly RESULT_FILE=$(mktemp -t XXXcopyright-result)
+RESULT_FILE=$(mktemp -t XXXcopyright-result)
+readonly RESULT_FILE
 
 die() { echo "${1}" ; exit 1 ;}
 
+# shellcheck disable=SC2086
 mvn ${MAVEN_ARGS} \
-        -f ${WS_DIR}/pom.xml \
-        -Dhelidon.enforcer.output.file="${RESULT_FILE}" \
-        -Dhelidon.enforcer.rules=copyright \
-        -Dhelidon.enforcer.failOnError=false \
-        -Pcopyright \
-        -N \
-        validate > ${LOG_FILE} 2>&1 || (cat ${LOG_FILE} ; exit 1)
-
-grep "^\[ERROR\]" ${RESULT_FILE} \
+    -N -f ${WS_DIR}/pom.xml \
+    -Dhelidon.enforcer.output.file="${RESULT_FILE}" \
+    -Dhelidon.enforcer.rules=copyright \
+    -Dhelidon.enforcer.failOnError=false \
+    -Pcopyright \
+    validate > ${LOG_FILE} 2>&1 || (cat ${LOG_FILE} ; exit 1)
+
+grep "^\[ERROR\]" "${RESULT_FILE}" \
     && die "COPYRIGHT ERROR" || echo "COPYRIGHT OK"

etc/scripts/owasp-dependency-check.sh → etc/scripts/dependency-check.sh

@@ -48,11 +48,12 @@ die() { cat "${RESULT_FILE}" ; echo "Dependency report in ${WS_DIR}/target" ; ec
 # Setting NVD_API_KEY is not required but improves behavior of NVD API throttling
 
 # shellcheck disable=SC2086
-mvn ${MAVEN_ARGS} -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN org.owasp:dependency-check-maven:aggregate \
-        -f "${WS_DIR}"/pom.xml \
-        -Dtop.parent.basedir="${WS_DIR}" \
-        -Dnvd-api-key="${NVD_API_KEY}" \
-        > "${RESULT_FILE}" || die "Error running the Maven command"
+mvn ${MAVEN_ARGS} \
+  -f "${WS_DIR}"/pom.xml \
+  -Dorg.slf4j.simpleLogger.defaultLogLevel=WARN org.owasp:dependency-check-maven:aggregate \
+  -Dtop.parent.basedir="${WS_DIR}" \
+  -Dnvd-api-key="${NVD_API_KEY}" \
+  > "${RESULT_FILE}" || die "Error running the Maven command"
 
 grep -i "One or more dependencies were identified with known vulnerabilities" "${RESULT_FILE}" \
     && die "CVE SCAN ERROR" || echo "CVE SCAN OK"