fix(shell): quote variables for SC2086/SC2248/SC2046#459
Merged
kojiromike merged 1 commit intoopenemr:masterfrom Apr 20, 2026
Merged
fix(shell): quote variables for SC2086/SC2248/SC2046#459kojiromike merged 1 commit intoopenemr:masterfrom
kojiromike merged 1 commit intoopenemr:masterfrom
Conversation
Collaborator
|
@bradymiller I don't think this is exceptional and I've spot-checked it (and tested things on the commandline until I got what it was trying to get across) but it touches every script we own. Is there anything you want to peek at it before we let it through? |
bradymiller
reviewed
Jul 2, 2025
|
|
||
| #run auto_configure | ||
| php auto_configure.php -c auto_configure.ini -f ${CONFIGURATION} || return 1 | ||
| php auto_configure.php -c auto_configure.ini -f "${CONFIGURATION}" || return 1 |
Member
There was a problem hiding this comment.
Will this require this change (both for 7.0.3 and 7.0.4) if not already there:
openemr-devops/docker/openemr/flex-edge/auto_configure.php
Lines 27 to 48 in 8f3eca7
kojiromike
changed the title
Member
Author
|
bah, there was a bug in my git ls-files and this didn't actually catch all the shellcheck issues. There are still a ton in the xbackup scripts. |
Collaborator
|
Those might not be worth fighting. I need to migrate away from the current MySQL image with Percona's XtraBackup stuff to something with MariaDB. |
Collaborator
|
@kojiromike I've migrated off the xbackup stuff, which was blocking you, but this pull is aging -- should we close or can we move on it? |
Member
Author
|
I'll move on it soon. |
kojiromike
force-pushed
the
sc2086
branch
7 times, most recently
from
d2d3ae4 to
f159535
Compare
Collaborator
|
Looks okay, but a lot of the constructs aren't ones I use regularly. Which, I suppose, is the point of the commit. |
Member
|
note there is a plan for 7.0.5: |
Member
Author
ack, I've moved this back to draft until I can manage 7.0.5. I'm a bit stuck on this change because:
|
Member
|
7.0.5 is Jake's new docker updates (needs more testing, which why becoming 8.0.1 instead of 8.0.0). I think all his work passed shellcheck so hopefully won't require much (all new production dockers from 8.0.1 on will be based on it; ie. will be the future production dockers). Ideal times for this PR would be:
|
Add quoting across docker entrypoints, AMI/backup scripts, env-installer, env-migrator, monitor-installer, and fsupgrade scripts. Where word-splitting is intentional (CONFIGURATION -f flags in openemr.sh, EMAIL -m arg in ssl.sh), add targeted # shellcheck disable=SC2086 with a reason. While in the fsupgrade scripts, collapse the redundant "if [ ! -d X ]; then mkdir -p X; fi" guards (mkdir -p is idempotent) and consolidate the 13 sequential mkdir -p calls into a single multi-arg call. Re-sync 7.0.4 upgrade scripts into 8.0.0 so the CI content-hash dedup keeps collapsing byte-identical files. Assisted-by: Claude Code
kojiromike
changed the title
1 task
kojiromike
added a commit
to kojiromike/openemr-devops
that referenced
this pull request
Apr 20, 2026
…anup Follow-up to openemr#459. Related shell-style cleanups across the same files: 1. Whole-word quoting. "${dir}"/documents/era becomes "${dir}/documents/era" — one path, one quoted string. Where the trailing element must stay unquoted (globs, brace expansion), the quote is scoped up to that point (e.g. "${dir}/path"/*). 2. Combine consecutive identical commands into one multi-arg call (collapsed two rm -f in ssl.sh, the smarty rm -fr pairs in fsupgrade-{1..9}.sh, and the prometheus + grafana mkdir -p calls in monitor-installer). 3. Group redirects to the same file. Resolves SC2129 in openemr.sh: seven echo X >> auto_configure.ini lines (plus a redundant touch) become one brace group, and the two echo X >> php.ini opcache-jit lines are wrapped in { ...; } >> file. 4. grep cleanup. - monitor-installer: grep -F for literal url / smtp/to / port match. - devtoolsLibrary.source and flex/utilities/devtools: drop -E where BRE suffices (^ALTER, bracket expressions). - flex/utilities/devtools: replace `echo "$2" | grep -q '[^...]'` with POSIX `case $2 in *[!...]*) ...` — one shell, no subprocess. 7.0.4 and 8.0.0 mirrors stay byte-identical so the CI shellcheck content-hash dedup keeps collapsing them. fsupgrade-8.sh's pre-existing header-comment divergence between 7.0.4 and 8.0.0 is left untouched. No behavior change. shellcheck --include=SC2086,SC2248,SC2046,SC2129 is clean on every touched file. Assisted-by: Claude Code
kojiromike
added a commit
that referenced
this pull request
Apr 20, 2026
…anup (#643) #### Short description of what this resolves: Style follow-up to #459. Related shell-style cleanups applied across the touched files: 1. **Whole-word quoting.** `"${dir}"/documents/era` becomes `"${dir}/documents/era"` — one path, one quoted string. Where the trailing element must stay unquoted (globs, brace expansion), the quote is scoped up to that point (e.g. `"${dir}/path"/*`). 2. **Combine consecutive identical commands** into one multi-arg call (collapsed two `rm -f` in `ssl.sh`, the smarty `rm -fr` pairs in `fsupgrade-{1..9}.sh`, and the prometheus + grafana `mkdir -p` calls in `monitor-installer`). 3. **Group redirects to the same file.** Resolves SC2129 in `openemr.sh`: seven `echo X >> auto_configure.ini` lines (plus a redundant `touch`) become one `{ ...; } > file` brace group, and the two `echo X >> php.ini` opcache-jit lines are wrapped in `{ ...; } >> file`. 4. **`grep` cleanup.** - `monitor-installer`: `grep -F` for literal `url` / `smtp`/`to` / port-number matches. - `devtoolsLibrary.source` and `flex/utilities/devtools`: drop `-E` where BRE suffices (`^ALTER`, bracket expressions). - `flex/utilities/devtools`: replace `echo "$2" | grep -q '[^...]'` identifier validation with POSIX `case $2 in *[!...]*) ...` — one shell, no subprocess. 7.0.4 and 8.0.0 mirrors stay byte-identical so the CI shellcheck content-hash dedup keeps collapsing them. `fsupgrade-8.sh`'s pre-existing header-comment divergence between 7.0.4 and 8.0.0 is left untouched. No behavior change. #### Changes proposed in this pull request: - `docker/openemr/{7.0.4,8.0.0}/openemr.sh` — whole-word quote `"${PHP_VERSION_ABBR}"`-suffixed paths and `fsupgrade-"${c}".sh`; `{ ...; } > auto_configure.ini` brace group; `{ ...; } >> php.ini` brace group. - `docker/openemr/{7.0.4,8.0.0}/ssl.sh` — whole-word quote `${DOMAIN}` paths; combine `rm -f` pairs. - `docker/openemr/{7.0.4,8.0.0}/upgrade/fsupgrade-{1..9}.sh` — whole-word quote the `mkdir -p` block, the era/edi/letter_templates/procedure_results migration blocks in fsupgrade-1, and the smarty paths; combine the two smarty `rm -fr` lines. - `docker/openemr/{7.0.4,8.0.0,8.1.0,8.1.1,binary}/utilities/devtoolsLibrary.source` — drop `-E` from `grep '^ALTER'`. - `docker/openemr/flex/utilities/devtools` — replace two `grep`-pipeline identifier validators with POSIX `case` statements. - `utilities/openemr-monitor/monitor-installer` — whole-word quote `${installDir}` paths; collapse mkdirs into one call and drop the redundant `[[ ! -d ]]` guard; `grep -F` for the three literal matches. - `utilities/openemr-env-installer/openemr-env-installer` — whole-word quote `${brew_installer}` paths. `shellcheck --include=SC2086,SC2248,SC2046,SC2129` is clean on every touched file. Out-of-scope follow-ups filed during review: #644, #645, #646, #647, #648. #### AI disclosure: - [x] Yes, I used AI to help with this PR
1 task
kojiromike
added a commit
that referenced
this pull request
Apr 20, 2026
…0/SC2001) (#649) #### Short description of what this resolves: First slice of ShellCheck cleanup (follow-up to #459, #643). Pure mechanical fixes — 11 warnings cleared across four files, no judgment calls. - **ami-build.sh** — SC2249 (getopts `\?)` → `*)`), SC2164 ×3 (`cd … || exit`), SC1010 (quote `echo "ami-build.sh: done"` so shellcheck stops parsing the bare `done` as a loop terminator). - **ami-configure.sh** — SC2001: `echo "${DVOL}" | sed s/-//` → `${DVOL/-/}`. Same first-only replacement, no subshell, no sed. - **restore.sh** — SC2249 ×2. The first is the getopts case (cosmetic). The second is a real, quiet bug: the `\?)` branch in `case ${RECOVERYMODE} in` matches the literal string `\?`, not unknown values — so anything besides `local` or `import` silently falls through the whole `case` with `BUCKET` unset, and the next line's `aws s3 cp "s3://${BUCKET}/…"` would try to pull from `s3:///Backup/passphrase.txt`. `*)` actually catches unknown values and exits, which is plainly what the author intended. - **install.sh** — SC2335 ×2: `! a == b` → `a != b`. #### Changes proposed in this pull request: - `packages/standard/ami/ami-build.sh` - `packages/standard/ami/ami-configure.sh` - `packages/standard/scripts/restore.sh` - `utilities/mariadb-backup-manager/install.sh` Remaining ShellCheck warnings in these files (SC1091, SC2154, SC2312) are in later slices. #### AI disclosure: - [x] Yes, I used AI to help with this PR
1 task
kojiromike
added a commit
that referenced
this pull request
Apr 21, 2026
#654) #### Short description of what this resolves: Next slice of ShellCheck cleanup (follow-up to #459, #643, #649, #652). Clears all 18 SC2044 warnings across the `fsupgrade-{2..8}.sh` family, and brings the family's outer-loop structure into line with what #652 landed on `fsupgrade-1.sh`. Every file has two loops of the form: ```sh for dir in $(find /var/www/localhost/htdocs/openemr/sites/* -maxdepth 0 -type d ); do ``` Word-splitting the output of `find` is fragile — any whitespace or glob characters in a site directory name breaks the loop. Replace with a POSIX directory-glob: ```sh for dir in /var/www/localhost/htdocs/openemr/sites/*/; do dir="${dir%/}" sitename=${dir##*/} ...existing body unchanged... done ``` - Trailing `/` on the glob restricts matches to directories (same as `-type d`). - `dir="${dir%/}"` strips the trailing slash so `${dir}` inside the loop body behaves exactly as before — no follow-up changes needed. - `${dir##*/}` replaces `$(basename "${dir}")` — no subshell, same result. No `[ -d "${dir}" ] || continue` guard: the trailing-slash glob only expands to directories, so the guard is dead weight. (Matches the convention #652 landed on `fsupgrade-1.sh`.) Same fix applied to the `dirdata` loop in each file. Loop bodies are otherwise untouched. #### Changes proposed in this pull request: - `docker/openemr/7.0.4/upgrade/fsupgrade-{2,3,4,5,6,7,8}.sh` - `docker/openemr/8.0.0/upgrade/fsupgrade-{8,9}.sh` SC2044 in `fsupgrade-1.sh` was already handled by #652. `shellcheck --check-sourced --external-sources` is clean on all nine files. #### AI disclosure: - [x] Yes, I used AI to help with this PR
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Short description of what this resolves:
Fix shellcheck SC2086, SC2248, and SC2046 (variable-quoting) findings across the shell files checked in CI. This is the first of several focused PRs chipping away at the full shellcheck backlog — remaining codes (SC2044 find-loops, SC2154 unset vars, SC2310/SC2312 set -e behavior, etc.) are queued for follow-up PRs.
After this PR,
shellcheck --include=SC2086,SC2248,SC2046is clean on every file the CI workflow scans.Changes proposed in this pull request:
docker/openemr/{7.0.4,8.0.0}/{openemr,ssl}.sh, thefsupgrade-*.shscripts,packages/standard/{ami,scripts}/*.sh, and the threeutilities/installer/migrator/monitor scripts.# shellcheck disable=SC2086with a reason comment:openemr.sh:CONFIGURATIONintentionally splits into multiple-fflags (see fix(docker): auto_configure.php inconsistency between flex and other versions #539).ssl.sh:EMAILintentionally splits to pass-m addressas separate args.fsupgrade-*.shscripts, remove redundantif [ ! -d X ]; then mkdir -p X; figuards (mkdir -pis already idempotent) and collapse the 13 sequentialmkdir -pcalls into a single multi-argmkdir -p.docker/openemr/8.0.0/upgrade/fsupgrade-{1..7}.shfrom the updated7.0.4/copies so the CI content-hash dedup still collapses byte-identical files.CI's shellcheck workflow remains failing — those failures are all from SC codes queued for follow-up PRs, not from any fix in this change.
AI disclosure: