From 10139b4e3c345250dbfc0236475e116a5b76a54d Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Tue, 8 Feb 2022 17:34:10 +0000
Subject: [PATCH] ci: validate actions and fix actionlint warnings

some actions like Coverity and CFLite aren't run on every PR so to make
sure they are more or less fine when they are changed it makes sense to
at least check them with superlinter/actionlint: https://github.com/rhysd/actionlint

The following warnings were fixed along the way:
```
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2086:info:6:14: Double quote to prevent globbing and word splitting [shellcheck]
   |
55 |       run: |
   |       ^~~~
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2046:warning:6:40: Quote this to prevent word splitting [shellcheck]
   |
55 |       run: |
   |       ^~~~
.github/workflows/mkosi.yml:55:7: shellcheck reported issue in this script: SC2006:style:6:40: Use $(...) notation instead of legacy backticked `...` [shellcheck]
   |
55 |       run: |
   |       ^~~~
```
```
.github/workflows/coverity.yml:31:9: shellcheck reported issue in this script: SC2086:info:1:93: Double quote to prevent globbing and word splitting [shellcheck]
   |
31 |         run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
   |         ^~~~
```
---
 .github/workflows/coverity.yml | 2 +-
 .github/workflows/linter.yml   | 1 +
 .github/workflows/mkosi.yml    | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index a164d16fbf..46b2863080 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -28,7 +28,7 @@ jobs:
         uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
       # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
       - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable
-        run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
+        run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> "$GITHUB_ENV"
       - name: Install Coverity tools
         run: tools/get-coverity.sh
       # Reuse the setup phase of the unit test script to avoid code duplication
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 4d72a9829f..14b3343796 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -44,3 +44,4 @@ jobs:
           MULTI_STATUS: true
           VALIDATE_ALL_CODEBASE: false
           VALIDATE_BASH: true
+          VALIDATE_GITHUB_ACTIONS: true
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 966e364f71..daf009a3b1 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -58,7 +58,7 @@ jobs:
         sudo apt build-dep systemd
         meson build
         ninja -C build
-        sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn`
+        sudo ln -svf "$PWD/build/systemd-nspawn" "$(which systemd-nspawn)"
         systemd-nspawn --version
 
     - name: Build ${{ matrix.distro }}
-- 
2.25.1