shellcheck as CI Gate

shellcheck catches shell script bugs.

Usage

shellcheck is the standard linter for shell scripts. Bash and other shells have many subtleties; shellcheck catches the common bugs and recommends idioms. Used as a CI gate, it produces consistently better shell scripts.

What basic usage looks like:

• shellcheck script.sh reports issues.: The basic invocation. shellcheck analyzes the script; produces a list of findings; each finding has location, severity, and explanation.
• Catches quoting bugs.: Variable expansion without quotes is a classic shell bug. shellcheck flags unquoted variables; the team's scripts are protected.
• Missing semicolons.: Some shell constructs require specific syntax. shellcheck catches the missing pieces; the script's actual behavior matches intent.
• Undeclared vars.: Using variables without declaring them. shellcheck flags this; typos and forgotten variables are caught.
• Recommends idioms.: Beyond strict bugs, shellcheck recommends modern shell idioms. The team's scripts become cleaner; the code is more maintainable.

Basic usage is fast. Most issues are caught immediately; the team's iteration is supported.

CI integration

The discipline is running shellcheck in CI. Every PR that touches shell scripts triggers shellcheck; findings block merge; the team's discipline is enforced.

• Run on every PR that touches shell scripts.: The CI pipeline runs shellcheck on changed shell scripts. The check is automatic; no engineer has to remember; the discipline is consistent.
• Failures block merge.: shellcheck failures block the PR's merge. The team's discipline is enforced by the merge gate; bad shell scripts do not reach the trunk.
• Severity tiers.: shellcheck has severity levels. Critical and error level block merge; warnings produce comments; informational findings are visible but non-blocking.
• Suppress in code.: Specific findings can be suppressed inline. The suppression is explicit; the team accepts the finding; the discipline records the acceptance.
• Document the configuration.: The team's shellcheck configuration is documented. New scripts inherit the configuration; the discipline is consistent across the codebase.

The CI integration is what makes shellcheck operationally valuable. Without the gate, the linter is advisory.

Editor

Beyond CI, editor integration produces immediate feedback. Engineers see findings as they type; the iteration is fast; the bugs are caught at the source.

• VSCode and others have shellcheck plugins.: Most modern editors support shellcheck. VSCode, Vim, Emacs, others all have plugins; the integration is bounded effort.
• Catches issues as you type.: The editor underlines findings in real time. Engineers see them immediately; fix them as they go; the discipline is built into the editor.
• Faster than CI.: Editor feedback is immediate. CI feedback is minutes after PR push. The editor integration produces faster fix cycles.
• Reduces CI failures.: When engineers fix in the editor, fewer issues reach CI. The team's CI is greener; the iteration is smoother.
• Document the editor setup.: The team's editor recommendations include shellcheck. New engineers get the productive setup; the discipline is consistent.

shellcheck as CI gate is one of those engineering disciplines that compounds across many shell scripts and many years. Nova AI Ops integrates with development tooling, surfaces script-related patterns, and supports the team's discipline.