From 38c696ce51c15f5900e293ecd6d2400164d61fe8 Mon Sep 17 00:00:00 2001 From: Omri Caspi Date: Wed, 17 Dec 2025 12:00:56 +0200 Subject: [PATCH] chore: add shellcheck validation for AI-generated hooks --- .dagger/src/operator_flows/main.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.dagger/src/operator_flows/main.py b/.dagger/src/operator_flows/main.py index b20b2656c..13226ef92 100644 --- a/.dagger/src/operator_flows/main.py +++ b/.dagger/src/operator_flows/main.py @@ -596,6 +596,7 @@ async def _get_hook_env_vars(self, test_artifacts: dagger.Directory) -> Dict[str hooks_container = ( dag.container() .from_("alpine:latest") + .with_exec(["apk", "add", "--no-cache", "shellcheck", "bash"]) .with_directory("/test_artifacts", test_artifacts) .with_exec(["tree", "/test_artifacts"]) .with_exec(["sh", "-c", """ @@ -605,15 +606,24 @@ async def _get_hook_env_vars(self, test_artifacts: dagger.Directory) -> Dict[str if [ -d "$hook_dir" ]; then # Extract hook name from directory name (remove "hook_" prefix) hook_name=$(basename "$hook_dir" | sed 's/^hook_//') - + # Check if hook.sh exists if [ -f "$hook_dir/hook.sh" ]; then echo "Found hook: $hook_name -> $hook_dir/hook.sh" + + # Validate hook script with shellcheck (only fail on errors, not warnings/style) + echo "Validating $hook_dir/hook.sh with shellcheck..." + if ! shellcheck --severity=error "$hook_dir/hook.sh"; then + echo "ERROR: shellcheck validation failed for $hook_dir/hook.sh" + exit 1 + fi + echo "shellcheck validation passed for $hook_dir/hook.sh" + hook_env_vars="$hook_env_vars\\n$hook_name=$hook_dir/hook.sh" fi fi done - + # Save hook environment variables to a file echo -e "$hook_env_vars" > /hooks_env_vars.txt """])