Add mcoplib mcoplib build script lint#52
Conversation
There was a problem hiding this comment.
Code Review
This pull request introduces a new Python script, tools/build_script_lint.py, designed to lint shell scripts for common deployment issues such as CRLF line endings, missing fail-fast mode, and missing required tokens. The reviewer provided valuable feedback to improve the script's robustness: deduplicating matched files by collecting glob results into a set, using regular expressions to check for fail-fast configurations more accurately (avoiding false positives on variations like set -ex), and validating that the target root directory exists to prevent silent failures in CI/CD pipelines.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| for pattern in GLOBS: | ||
| for path in sorted(root.glob(pattern)): | ||
| if not path.is_file(): | ||
| continue | ||
| text = path.read_text(encoding="utf-8", errors="replace") | ||
| rel = path.relative_to(root).as_posix() |
There was a problem hiding this comment.
The current implementation of GLOBS contains both *.sh and **/*.sh. Because **/*.sh matches files in the root directory as well as subdirectories, any .sh files in the root directory will be matched by both patterns. This leads to duplicate processing of the same files and duplicate findings in the final report.
To prevent duplicate processing, we should collect all matched paths into a set before iterating over them.
paths = set()
for pattern in GLOBS:
paths.update(root.glob(pattern))
for path in sorted(paths):
if not path.is_file():
continue
text = path.read_text(encoding="utf-8", errors="replace")
rel = path.relative_to(root).as_posix()| import argparse | ||
| import json | ||
| from pathlib import Path |
| if "set -e" not in text and path.suffix in (".sh", ""): | ||
| findings.append({"path": rel, "severity": "warning", "message": "shell script does not enable fail-fast mode"}) |
There was a problem hiding this comment.
Checking for the literal substring "set -e" will produce false positives (warnings) for shell scripts that enable fail-fast mode using other standard and valid syntax, such as set -ex, set -eu, set -eux, or set -o errexit.
Using a regular expression to match these common fail-fast patterns will make the check much more robust and prevent false warnings.
| if "set -e" not in text and path.suffix in (".sh", ""): | |
| findings.append({"path": rel, "severity": "warning", "message": "shell script does not enable fail-fast mode"}) | |
| if not re.search(r"set\s+-(?:[a-z]*e[a-z]*|o\s+errexit)\b", text) and path.suffix in (".sh", ""): | |
| findings.append({"path": rel, "severity": "warning", "message": "shell script does not enable fail-fast mode"}) |
| if args.self_test: | ||
| self_test() | ||
| return 0 | ||
| print(json.dumps(lint(Path(args.root)), ensure_ascii=False, indent=2)) | ||
| return 0 |
There was a problem hiding this comment.
If the directory specified by --root does not exist or is not a directory, pathlib.Path.glob will silently return an empty generator, resulting in 0 findings. This can lead to silent failures in CI/CD pipelines if there is a typo in the path.
Adding validation to ensure the root path exists and is a directory prevents this issue.
| if args.self_test: | |
| self_test() | |
| return 0 | |
| print(json.dumps(lint(Path(args.root)), ensure_ascii=False, indent=2)) | |
| return 0 | |
| if args.self_test: | |
| self_test() | |
| return 0 | |
| root_path = Path(args.root) | |
| if not root_path.is_dir(): | |
| parser.error(f"Root path '{args.root}' does not exist or is not a directory.") | |
| print(json.dumps(lint(root_path), ensure_ascii=False, indent=2)) | |
| return 0 |
Summary
Validation
Review notes