From f184bb34e61ca7bb84634518f53ad596bea1f0b1 Mon Sep 17 00:00:00 2001
From: Otto Sabart <seberm@seberm.com>
Date: Tue, 16 Aug 2022 21:00:00 +0200
Subject: [PATCH] shellcheck: fix lint of scripts in tests

---
 examples/deploy-container-minimal.sh |  9 ++++----
 examples/deploy-container.sh         |  2 +-
 examples/deploy-krops.sh             | 12 +++++-----
 examples/deploy-qemu-vm.sh           |  4 ++--
 examples/qemu-vm/run-vm.sh           | 18 ++++++++-------
 examples/start-bash-session.sh       |  2 ++
 test/ci/build-to-cachix.sh           | 20 ++++++++--------
 test/ci/build.sh                     |  1 +
 test/lib/copy-src.sh                 | 13 +++++++----
 test/lib/create-git-repo.sh          |  4 +++-
 test/lib/make-container.sh           | 10 ++++----
 test/lib/make-test-vm.nix            |  4 ++--
 test/nixos-search/ci-test.sh         |  8 ++++---
 test/run-tests.sh                    | 34 +++++++++++++++++-----------
 14 files changed, 82 insertions(+), 59 deletions(-)

diff --git a/examples/deploy-container-minimal.sh b/examples/deploy-container-minimal.sh
index 99b67e8..d2414fb 100755
--- a/examples/deploy-container-minimal.sh
+++ b/examples/deploy-container-minimal.sh
@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -euo pipefail
 
 if [[ ! -v NIX_BITCOIN_EXAMPLES_DIR ]]; then
     echo "Running script in nix shell env..."
@@ -9,16 +10,16 @@ else
 fi
 
 tmpDir=$(mktemp -d /tmp/nix-bitcoin-minimal-container.XXX)
-trap "rm -rf $tmpDir" EXIT
+trap 'rm -rf $tmpDir' EXIT
 
 # Modify importable-configuration.nix to use the local <nix-bitcoin>
 # source instead of fetchTarball
 <importable-configuration.nix sed '
   s|nix-bitcoin = .*|nix-bitcoin = toString <nix-bitcoin>;|;
   s|system.extraDependencies = .*||
-' > $tmpDir/importable-configuration.nix
+' > "$tmpDir/importable-configuration.nix"
 
-cat > $tmpDir/configuration.nix <<EOF
+cat > "$tmpDir/configuration.nix" <<EOF
   {
     imports = [ $tmpDir/importable-configuration.nix ];
     users.users.main = {
@@ -30,4 +31,4 @@ cat > $tmpDir/configuration.nix <<EOF
   }
 EOF
 
-"${BASH_SOURCE[0]%/*}/deploy-container.sh" $tmpDir/configuration.nix "$@"
+"${BASH_SOURCE[0]%/*}/deploy-container.sh" "$tmpDir/configuration.nix" "$@"
diff --git a/examples/deploy-container.sh b/examples/deploy-container.sh
index 2127bf1..2335dca 100755
--- a/examples/deploy-container.sh
+++ b/examples/deploy-container.sh
@@ -75,7 +75,7 @@ fi
 # Build container.
 # Learn more: https://github.com/erikarvstedt/extra-container
 #
-read -d '' src <<EOF || true
+read -rd '' src <<EOF || true
 { pkgs, lib, ... }: {
   containers.demo-node = {
     extra.addressPrefix = "10.250.0";
diff --git a/examples/deploy-krops.sh b/examples/deploy-krops.sh
index 5b31add..2f9bddb 100755
--- a/examples/deploy-krops.sh
+++ b/examples/deploy-krops.sh
@@ -24,7 +24,7 @@ source qemu-vm/run-vm.sh
 
 echo "Building the target VM"
 # Build the initial VM to which the nix-bitcoin node is deployed via krops
-nix-build --out-link $tmpDir/vm - <<'EOF'
+nix-build --out-link "$tmpDir/vm" - <<'EOF'
 (import <nixpkgs/nixos> {
   configuration = { config, lib, ... }: {
     imports = [ <qemu-vm/vm-config.nix>  ];
@@ -43,11 +43,11 @@ vmNumCPUs=4
 vmMemoryMiB=2048
 sshPort=60734
 # Start the VM in the background
-runVM $tmpDir/vm $vmNumCPUs $vmMemoryMiB $sshPort
+runVM "$tmpDir/vm" "$vmNumCPUs" "$vmMemoryMiB" "$sshPort"
 
 # Build the krops deploy script
 export sshPort
-nix-build --out-link $tmpDir/krops-deploy - <<'EOF'
+nix-build --out-link "$tmpDir/krops-deploy" - <<'EOF'
 let
   krops = (import <nix-bitcoin> {}).krops;
 
@@ -85,7 +85,7 @@ EOF
 
 echo "Building the nix-bitcoin node"
 # Pre-build the nix-bitcoin node outside of the VM to save some time
-nix-build --out-link $tmpDir/store-paths -E '
+nix-build --out-link "$tmpDir/store-paths" -E '
 let
   system = (import <nixpkgs/nixos> { configuration = <krops-vm-configuration.nix>; }).system;
   pkgsUnstable = (import <nix-bitcoin/pkgs/nixpkgs-pinned.nix>).nixpkgs-unstable;
@@ -98,7 +98,7 @@ vmWaitForSSH
 
 # Add the store paths that include the nix-bitcoin node
 # to the nix store db in the VM
-c "nix-store --load-db < $(realpath $tmpDir/store-paths)/registration"
+c "nix-store --load-db < $(realpath "$tmpDir/store-paths")/registration"
 
 echo
 echo "Generate secrets"
@@ -106,7 +106,7 @@ nix-shell --run generate-secrets
 
 echo
 echo "Deploy with krops"
-$tmpDir/krops-deploy
+"$tmpDir/krops-deploy"
 
 echo
 echo "Bitcoind service:"
diff --git a/examples/deploy-qemu-vm.sh b/examples/deploy-qemu-vm.sh
index 53c971c..955a8e7 100755
--- a/examples/deploy-qemu-vm.sh
+++ b/examples/deploy-qemu-vm.sh
@@ -22,7 +22,7 @@ fi
 source qemu-vm/run-vm.sh
 
 echo "Building VM"
-nix-build --out-link $tmpDir/vm - <<'EOF'
+nix-build --out-link "$tmpDir/vm" - <<'EOF'
 (import <nixpkgs/nixos> {
   configuration = {
     imports = [
@@ -37,7 +37,7 @@ EOF
 vmNumCPUs=4
 vmMemoryMiB=2048
 sshPort=60734
-runVM $tmpDir/vm $vmNumCPUs $vmMemoryMiB $sshPort
+runVM "$tmpDir/vm" "$vmNumCPUs" "$vmMemoryMiB" "$sshPort"
 
 vmWaitForSSH
 printf "Waiting until services are ready"
diff --git a/examples/qemu-vm/run-vm.sh b/examples/qemu-vm/run-vm.sh
index 0181796..51b7133 100644
--- a/examples/qemu-vm/run-vm.sh
+++ b/examples/qemu-vm/run-vm.sh
@@ -1,22 +1,23 @@
 qemuDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
 
+# shellcheck disable=SC1091
 source "$qemuDir/wait-until.sh"
 
 tmpDir=/tmp/nix-bitcoin-qemu-vm
-mkdir -p $tmpDir
+mkdir -p "$tmpDir"
 
 # Cleanup on exit
 cleanup() {
     set +eu
     if [[ $qemuPID ]]; then
-        kill -9 $qemuPID
+        kill -9 "$qemuPID"
     fi
-    rm -rf $tmpDir
+    rm -rf "$tmpDir"
 }
 trap "cleanup" EXIT
 
 identityFile=$qemuDir/id-vm
-chmod 0600 $identityFile
+chmod 0600 "$identityFile"
 
 runVM() {
     vm=$1
@@ -24,9 +25,10 @@ runVM() {
     vmMemoryMiB=$3
     sshPort=$4
 
-    export NIX_DISK_IMAGE=$tmpDir/img
-    export QEMU_NET_OPTS=hostfwd=tcp::$sshPort-:22
-    </dev/null $vm/bin/run-*-vm -m $vmMemoryMiB -smp $vmNumCPUs &>/dev/null &
+    export NIX_DISK_IMAGE="$tmpDir/img"
+    export QEMU_NET_OPTS="hostfwd=tcp::${sshPort}-:22"
+    # shellcheck disable=SC2211
+    </dev/null "$vm"/bin/run-*-vm -m "$vmMemoryMiB" -smp "$vmNumCPUs" &>/dev/null &
     qemuPID=$!
 }
 
@@ -39,7 +41,7 @@ vmWaitForSSH() {
 
 # Run command in VM
 c() {
-    ssh -p $sshPort -i $identityFile -o ConnectTimeout=1 \
+    ssh -p "$sshPort" -i "$identityFile" -o ConnectTimeout=1 \
         -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR \
         -o ControlMaster=auto -o ControlPath=$tmpDir/ssh-connection -o ControlPersist=60 \
         root@127.0.0.1 "$@"
diff --git a/examples/start-bash-session.sh b/examples/start-bash-session.sh
index a91d91f..599e635 100644
--- a/examples/start-bash-session.sh
+++ b/examples/start-bash-session.sh
@@ -11,6 +11,8 @@ c systemctl status bitcoind
 
 # BASH_ENVIRONMENT contains definitions of read-only variables like 'BASHOPTS' that
 # cause warnings on evaluation. Suppress these warnings while sourcing.
+#
+# shellcheck disable=SC2016
 BASH_ENVIRONMENT=<(declare -p; declare -pf) \
 USAGE_INFO="$USAGE_INFO" \
   bash --rcfile <(echo '
diff --git a/test/ci/build-to-cachix.sh b/test/ci/build-to-cachix.sh
index 0fbbd5a..88bfe6e 100755
--- a/test/ci/build-to-cachix.sh
+++ b/test/ci/build-to-cachix.sh
@@ -6,21 +6,21 @@
 
 set -euo pipefail
 
-CACHIX_SIGNING_KEY=${CACHIX_SIGNING_KEY:-}
+CACHIX_SIGNING_KEY="${CACHIX_SIGNING_KEY:-}"
 cachixCache=nix-bitcoin
 
 trap 'echo Error at line $LINENO' ERR
 
 tmpDir=$(mktemp -d -p /tmp)
-trap "rm -rf $tmpDir" EXIT
+trap 'rm -rf $tmpDir' EXIT
 
 ## Instantiate
 
-time nix-instantiate "$@" --add-root $tmpDir/drv --indirect > /dev/null
-printf "instantiated "; realpath $tmpDir/drv
+time nix-instantiate "$@" --add-root "$tmpDir/drv" --indirect > /dev/null
+printf "instantiated "; realpath "$tmpDir/drv"
 
-outPath=$(nix-store --query $tmpDir/drv)
-if nix path-info --store https://$cachixCache.cachix.org $outPath &>/dev/null; then
+outPath=$(nix-store --query "$tmpDir/drv")
+if nix path-info --store "https://${cachixCache}.cachix.org" "$outPath" &>/dev/null; then
     echo "$outPath has already been built successfully."
     exit 0
 fi
@@ -28,7 +28,7 @@ fi
 ## Build
 
 if [[ -v CIRRUS_CI ]]; then
-    cachix use $cachixCache
+    cachix use "$cachixCache"
 fi
 
 if [[ $CACHIX_SIGNING_KEY ]]; then
@@ -38,10 +38,10 @@ else
     buildCmd=nix-build
 fi
 
-$buildCmd --out-link $tmpDir/result $tmpDir/drv >/dev/null
+$buildCmd --out-link "$tmpDir/result" "$tmpDir/drv" >/dev/null
 
 if [[ $CACHIX_SIGNING_KEY ]]; then
-    cachix push $cachixCache $outPath
+    cachix push "$cachixCache" "$outPath"
 fi
 
-echo $outPath
+echo "$outPath"
diff --git a/test/ci/build.sh b/test/ci/build.sh
index 3d48523..af80ffe 100755
--- a/test/ci/build.sh
+++ b/test/ci/build.sh
@@ -16,4 +16,5 @@ if [[ -v CIRRUS_CI ]]; then
     chmod o+rw /dev/kvm
 fi
 
+# shellcheck disable=SC2154
 "${BASH_SOURCE[0]%/*}/../run-tests.sh" --ci --scenario "$scenario"
diff --git a/test/lib/copy-src.sh b/test/lib/copy-src.sh
index 39e6995..e19134c 100644
--- a/test/lib/copy-src.sh
+++ b/test/lib/copy-src.sh
@@ -4,15 +4,18 @@
 tmp=$(mktemp -d '/tmp/nix-bitcoin-src.XXXXX')
 
 # Move source cache if it exists (atomic)
-mv /tmp/nix-bitcoin-src $tmp/src 2>/dev/null || true
+mv /tmp/nix-bitcoin-src "$tmp/src" 2>/dev/null || true
 
 atExit() {
     # Set the current src as the source cache (atomic)
-    mv -T $tmp/src /tmp/nix-bitcoin-src 2>/dev/null || true
-    rm -rf $tmp
+    mv -T "$tmp/src" /tmp/nix-bitcoin-src 2>/dev/null || true
+    rm -rf "$tmp"
 }
 trap "atExit" EXIT
 
-rsync -a --delete --exclude='.git*' "$scriptDir/../" $tmp/src
+# shellcheck disable=SC2154
+rsync -a --delete --exclude='.git*' "$scriptDir/../" "$tmp/src"
 echo "Copied src"
-_nixBitcoinInCopiedSrc=1 $tmp/src/test/run-tests.sh "${args[@]}"
+
+# shellcheck disable=SC2154
+_nixBitcoinInCopiedSrc=1 "$tmp/src/test/run-tests.sh" "${args[@]}"
diff --git a/test/lib/create-git-repo.sh b/test/lib/create-git-repo.sh
index 4f635c5..110dfdf 100644
--- a/test/lib/create-git-repo.sh
+++ b/test/lib/create-git-repo.sh
@@ -1,13 +1,15 @@
 # Create and maintain a minimal git repo at the root of the copied src
 (
+  # shellcheck disable=SC2154,SC2164
   cd "$scriptDir/.."
   amend=--amend
+
   if [[ ! -e .git ]]; then
     git init
     amend=
   fi
   git add .
   if ! git diff --quiet --cached; then
-    git commit -a $amend -m -
+    git commit -a "$amend" -m -
   fi
 ) >/dev/null
diff --git a/test/lib/make-container.sh b/test/lib/make-container.sh
index 89944b5..19d009f 100755
--- a/test/lib/make-container.sh
+++ b/test/lib/make-container.sh
@@ -57,6 +57,8 @@ if [[ $EUID != 0 ]]; then
     # NixOS containers require root permissions.
     # By using sudo here and not at the user's call-site extra-container can detect if it is running
     # inside an existing shell session (by checking an internal environment variable).
+    #
+    # shellcheck disable=SC2154
     exec sudo scenario="$scenario" scriptDir="$scriptDir" NIX_PATH="$NIX_PATH" PATH="$PATH" \
          scenarioOverridesFile="${scenarioOverridesFile:-}" "$scriptDir/lib/make-container.sh" "$@"
 fi
@@ -64,7 +66,7 @@ fi
 export containerName=nb-test
 containerCommand=shell
 
-while [[ $# > 0 ]]; do
+while [[ $# -gt 0 ]]; do
     case $1 in
         --command|-c)
             shift
@@ -77,14 +79,14 @@ while [[ $# > 0 ]]; do
 done
 
 containerBin=$(type -P extra-container) || true
-if [[ ! ($containerBin && $(realpath $containerBin) == *extra-container-0.10*) ]]; then
+if [[ ! ($containerBin && $(realpath "$containerBin") == *extra-container-0.10*) ]]; then
     echo "Building extra-container. Skip this step by adding extra-container 0.10 to PATH."
     nix-build --out-link /tmp/extra-container "$scriptDir"/../pkgs \
       -A pinned.extra-container >/dev/null
     export PATH="/tmp/extra-container/bin${PATH:+:}$PATH"
 fi
 
-read -d '' src <<EOF || true
+read -rd '' src <<EOF || true
 ((import "$scriptDir/tests.nix" {}).getTest "$scenario").container
 EOF
-exec extra-container $containerCommand -E "$src" "$@"
+exec extra-container "$containerCommand" -E "$src" "$@"
diff --git a/test/lib/make-test-vm.nix b/test/lib/make-test-vm.nix
index 7ddce50..d494116 100644
--- a/test/lib/make-test-vm.nix
+++ b/test/lib/make-test-vm.nix
@@ -16,9 +16,9 @@ let
   fixedTest = test.overrideAttrs (_: {
     # See `runTests` in nixpkgs/nixos/lib/testing-python.nix for the original definition of `buildCommand`
     buildCommand = ''
-      mkdir $out
+      mkdir "$out"
       LOGFILE=$out/output.xml tests='exec(os.environ["testScript"])' ${test.driver}/bin/nixos-test-driver
-      ln -s ${test.driver} $out/driver
+      ln -s ${test.driver} "$out/driver"
     '';
   });
 in
diff --git a/test/nixos-search/ci-test.sh b/test/nixos-search/ci-test.sh
index 1cd0c72..db483d9 100755
--- a/test/nixos-search/ci-test.sh
+++ b/test/nixos-search/ci-test.sh
@@ -6,15 +6,17 @@ cd "${BASH_SOURCE[0]%/*}"
 # Use cachix to cache the `flake-info` build
 cachixCache=nix-bitcoin
 
-nix run .#cachix -- use $cachixCache
+nix run .#cachix -- use "$cachixCache"
 
 # We're running in a basic, unprivileged container that doesn't support sandboxing.
 # Sandboxing is unnneeded because we're only building the 3rd-party `flake-info` tool.
 echo "sandbox = false" >> /etc/nix/nix.conf
-export PATH=$(nix shell -L .#flake-info .#cachix -c sh -c 'echo $PATH')
+
+# shellcheck disable=SC2016
+PATH=$(nix shell -L .#flake-info .#cachix -c sh -c 'echo $PATH')
 
 if [[ ${CACHIX_SIGNING_KEY:-} ]]; then
-    cachix push $cachixCache $(type -P flake-info);
+    cachix push "$cachixCache" "$(type -P flake-info)";
 fi
 
 echo "Running flake-info (nixos-search)"
diff --git a/test/run-tests.sh b/test/run-tests.sh
index 0d8ceae..54f25a9 100755
--- a/test/run-tests.sh
+++ b/test/run-tests.sh
@@ -109,14 +109,18 @@ numCPUs=${numCPUs:-$(nproc)}
 # Min. 800 MiB needed to avoid 'out of memory' errors
 memoryMiB=${memoryMiB:-2048}
 
-export NIX_PATH=nixpkgs=$(nix eval --raw -f "$scriptDir/../pkgs/nixpkgs-pinned.nix" nixpkgs):nix-bitcoin=$(realpath "$scriptDir/..")
+NIX_PATH=nixpkgs=$(nix eval --raw -f "$scriptDir/../pkgs/nixpkgs-pinned.nix" nixpkgs):nix-bitcoin=$(realpath "$scriptDir/..")
+export NIX_PATH
 
 runAtExit=
 trap 'eval "$runAtExit"' EXIT
 
 # Support explicit scenario definitions
 if [[ $scenario = *' '* ]]; then
-    export scenarioOverridesFile=$(mktemp ${XDG_RUNTIME_DIR:-/tmp}/nb-scenario.XXX)
+    scenarioOverridesFile=$(mktemp "${XDG_RUNTIME_DIR:-/tmp}/nb-scenario.XXX")
+    export scenarioOverridesFile
+
+    # shellcheck disable=SC2016
     runAtExit+='rm -f "$scenarioOverridesFile";'
     echo "{ scenarios, pkgs, lib }: with lib; { tmp = $scenario; }" > "$scenarioOverridesFile"
     scenario=tmp
@@ -125,10 +129,11 @@ fi
 # Run the test. No temporary files are left on the host system.
 run() {
     # TMPDIR is also used by the test driver for VM tmp files
-    export TMPDIR=$(mktemp -d /tmp/nix-bitcoin-test.XXX)
-    runAtExit+="rm -rf $TMPDIR;"
+    TMPDIR=$(mktemp -d /tmp/nix-bitcoin-test.XXX)
+    export TMPDIR
+    runAtExit+="rm -rf ${TMPDIR};"
 
-    nix-build --out-link $TMPDIR/driver -E "((import \"$scriptDir/tests.nix\" {}).getTest \"$scenario\").vm" -A driver
+    nix-build --out-link "$TMPDIR/driver" -E "((import \"$scriptDir/tests.nix\" {}).getTest \"$scenario\").vm" -A driver
 
     # Variable 'tests' contains the Python code that is executed by the driver on startup
     if [[ $1 == --interactive ]]; then
@@ -150,14 +155,14 @@ run() {
 
     echo "VM stats: CPUs: $numCPUs, memory: $memoryMiB MiB"
     [[ $NB_TEST_ENABLE_NETWORK ]] || QEMU_NET_OPTS='restrict=on'
-    cd $TMPDIR # The VM creates a VDE control socket in $PWD
+    cd "$TMPDIR" # The VM creates a VDE control socket in $PWD
     env -i \
         NIX_PATH="$NIX_PATH" \
         TMPDIR="$TMPDIR" \
         USE_TMPDIR=1 \
         QEMU_OPTS="-smp $numCPUs -m $memoryMiB -nographic $QEMU_OPTS"  \
         QEMU_NET_OPTS="$QEMU_NET_OPTS" \
-        $TMPDIR/driver/bin/nixos-test-driver <(echo "$tests")
+        "$TMPDIR/driver/bin/nixos-test-driver" <(echo "$tests")
 }
 
 debug() {
@@ -179,18 +184,20 @@ container() {
 
 # Run a regular NixOS VM
 vm() {
-    export TMPDIR=$(mktemp -d /tmp/nix-bitcoin-vm.XXX)
+    TMPDIR=$(mktemp -d /tmp/nix-bitcoin-vm.XXX)
+    export TMPDIR
     runAtExit+="rm -rf $TMPDIR;"
 
-    nix-build --out-link $TMPDIR/vm -E "((import \"$scriptDir/tests.nix\" {}).getTest \"$scenario\").vmWithoutTests"
+    nix-build --out-link "$TMPDIR/vm" -E "((import \"$scriptDir/tests.nix\" {}).getTest \"$scenario\").vmWithoutTests"
 
     echo "VM stats: CPUs: $numCPUs, memory: $memoryMiB MiB"
     [[ $NB_TEST_ENABLE_NETWORK ]] || export QEMU_NET_OPTS="restrict=on,$QEMU_NET_OPTS"
 
+    # shellcheck disable=SC2211
     USE_TMPDIR=1 \
     NIX_DISK_IMAGE=$TMPDIR/img.qcow2 \
     QEMU_OPTS="-smp $numCPUs -m $memoryMiB -nographic $QEMU_OPTS"  \
-      $TMPDIR/vm/bin/run-*-vm
+      "$TMPDIR"/vm/bin/run-*-vm
 }
 
 doBuild() {
@@ -223,6 +230,7 @@ vmTestNixExpr() {
         memTotalKiB=$(awk '/MemTotal/ { print $2 }' /proc/meminfo)
         memAvailableKiB=$(awk '/MemAvailable/ { print $2 }' /proc/meminfo)
         # Round down to nearest multiple of 50 MiB for improved test build caching
+        # shellcheck disable=SC2017
         ((memAvailableMiB = memAvailableKiB / (1024 * 50) * 50))
         ((memAvailableMiB < memoryMiB)) && memoryMiB=$memAvailableMiB
         >&2 echo "VM stats: CPUs: $numCPUs, memory: $memoryMiB MiB"
@@ -276,10 +284,10 @@ nixosSearch() {
 
     if [[ $outLinkPrefix ]]; then
         # Add gcroots for flake-info
-        nix build $scriptDir/nixos-search#flake-info -o "$outLinkPrefix-flake-info"
+        nix build "$scriptDir/nixos-search#flake-info" -o "$outLinkPrefix-flake-info"
     fi
     echo "Running flake-info (nixos-search)"
-    nix run $scriptDir/nixos-search#flake-info -- flake "$scriptDir/.."
+    nix run "$scriptDir/nixos-search#flake-info" -- flake "$scriptDir/.."
 }
 
 # A basic subset of tests to keep the total runtime within
@@ -330,7 +338,7 @@ build() {
     buildTest "$@"
 }
 
-if [[ $# > 0 && $1 != -* ]]; then
+if [[ $# -gt 0 && $1 != -* ]]; then
     # An explicit command was provided
     command=$1
     shift