Merge "[CORD-3083] Verify jobs on automation-tools repo Add shellcheck linting"
diff --git a/jjb/lint.yaml b/jjb/lint.yaml
index 754f1fc..566bca2 100644
--- a/jjb/lint.yaml
+++ b/jjb/lint.yaml
@@ -130,3 +130,45 @@
           helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/
 
       - shell: !include-raw-escape: shell/helmlint.sh
+
+
+# run `shellcheck` to validate shell scripts charts
+- job-template:
+    id: verify-shellcheck
+    name: 'verify_{project}_shellcheck'
+    description: |
+      Created by {id} job-template from ci-management/jjb/lint.yaml
+
+    triggers:
+      - cord-infra-gerrit-trigger-patchset:
+          gerrit-server-name: '{gerrit-server-name}'
+          project-regexp: '^{project}$'
+          branch-regexp: '{branch-regexp}'
+          file-include-regexp: '{all-files-regexp}'
+          dependency-jobs: '{dependency-jobs}'
+
+    properties:
+      - cord-infra-properties:
+          build-days-to-keep: '{build-days-to-keep}'
+          artifact-num-to-keep: '{artifact-num-to-keep}'
+
+    wrappers:
+      - lf-infra-wrappers:
+          build-timeout: '{build-timeout}'
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    scm:
+      - lf-infra-gerrit-scm:
+          git-url: '$GIT_URL/$GERRIT_PROJECT'
+          refspec: '$GERRIT_REFSPEC'
+          branch: '$GERRIT_BRANCH'
+          submodule-recursive: 'false'
+          choosing-strategy: gerrit
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    node: '{build-node}'
+    project-type: freestyle
+    concurrent: true
+
+    builders:
+      - shell: !include-raw-escape: shell/shcheck.sh
diff --git a/jjb/shell/ansiblelint.sh b/jjb/shell/ansiblelint.sh
index beb0891..f97d186 100755
--- a/jjb/shell/ansiblelint.sh
+++ b/jjb/shell/ansiblelint.sh
@@ -14,6 +14,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# ansiblelint.sh - check all yaml files that they pass the ansible-lint tool
+
 set +e -u -o pipefail
 fail_ansible=0
 
@@ -24,14 +26,16 @@
 WORKSPACE=${WORKSPACE:-.}
 
 echo "=> Linting Ansible Code with $(ansible-lint --version)"
-for f in $(find "${WORKSPACE}" -type f -name "*.yml" -o -name "*.yaml"); do
-    echo "==> CHECKING: ${f}"
-    ansible-lint -p "${f}"
-    rc=$?
-    if [[ $rc != 0 ]]; then
-        echo "==> LINTING FAIL: ${f}"
-        fail_ansible=1
-    fi
-done
+
+while IFS= read -r -d '' yf
+do
+  echo "==> CHECKING: ${yf}"
+  ansible-lint -p "${yf}"
+  rc=$?
+  if [[ $rc != 0 ]]; then
+    echo "==> LINTING FAIL: ${yf}"
+    fail_ansible=1
+  fi
+done < <(find "${WORKSPACE}" \( -name "*.yml" -o -name "*.yaml" \) -print0)
 
 exit ${fail_ansible}
diff --git a/jjb/shell/helmlint.sh b/jjb/shell/helmlint.sh
index 27cf676..c0ac0f4 100755
--- a/jjb/shell/helmlint.sh
+++ b/jjb/shell/helmlint.sh
@@ -29,8 +29,8 @@
 # when not running under Jenkins, use current dir as workspace
 WORKSPACE=${WORKSPACE:-.}
 
-for chart in $(find "${WORKSPACE}" -name Chart.yaml -print) ; do
-
+while IFS= read -r -d '' chart
+do
   chartdir=$(dirname "${chart}")
 
   # update requirements if it exists. Skip voltha as it has non-clean reqirements
@@ -49,7 +49,7 @@
   if [[ $rc != 0 ]]; then
     fail_lint=1
   fi
-done
+done < <(find "${WORKSPACE}" -name Chart.yaml -print0)
 
 if [[ $fail_lint != 0 ]]; then
   exit 1
diff --git a/jjb/shell/jflint.sh b/jjb/shell/jflint.sh
index 8ece6b7..e7b76f0 100755
--- a/jjb/shell/jflint.sh
+++ b/jjb/shell/jflint.sh
@@ -1,5 +1,19 @@
 #!/usr/bin/env bash
 
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # jflint.sh - lint for Jenkins declarative pipeline jobs
 #
 # curl commands from: https://jenkins.io/doc/book/pipeline/development/#linter
diff --git a/jjb/shell/licensecheck.sh b/jjb/shell/licensecheck.sh
index 42b6b87..e40802a 100755
--- a/jjb/shell/licensecheck.sh
+++ b/jjb/shell/licensecheck.sh
@@ -1,14 +1,21 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
 
 # licensecheck.sh
 # checks for copyright/license headers on files
 # excludes filename extensions where this check isn't pertinent
 
-# this could be rewritten with better form. Currently is a cut/paste from the
-# Jenkins job with minimal changes (BSD/OS X xargs params compat, sort of
-# excluded file extensions).
+set +e -u -o pipefail
+fail_licensecheck=0
 
-find . -name ".git" -prune -o -type f \
+while IFS= read -r -d '' f
+do
+  grep -q "Copyright\|Apache License" "${f}"
+  rc=$?
+  if [[ $rc != 0 ]]; then
+    echo "ERROR: $f does not contain License Header"
+    fail_licensecheck=1
+  fi
+done < <(find . -name ".git" -prune -o -type f \
   -name "*.*" \
   ! -name "*.PNG" \
   ! -name "*.asc" \
@@ -82,6 +89,7 @@
   ! -path "*conf*" \
   ! -path "*git*" \
   ! -path "*swagger*" \
-  -print0 |   \
-  xargs -0 -n1 sh -c 'if ! grep -q "Copyright\|Apache License" $0; then echo "ERROR: $0 does not contain Copyright header"; exit 1; fi;'
+  -print0 )
+
+exit ${fail_licensecheck}
 
diff --git a/jjb/shell/shcheck.sh b/jjb/shell/shcheck.sh
new file mode 100755
index 0000000..2abe89c
--- /dev/null
+++ b/jjb/shell/shcheck.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# shcheck.sh - check shell scripts with shellcheck
+
+set +e -u -o pipefail
+fail_shellcheck=0
+
+# verify that we have shellcheck-lint installed
+command -v shellcheck  >/dev/null 2>&1 || { echo "shellcheck not found, please install it" >&2; exit 1; }
+
+# when not running under Jenkins, use current dir as workspace
+WORKSPACE=${WORKSPACE:-.}
+
+echo "=> Linting shell script with $(shellcheck --version)"
+
+while IFS= read -r -d '' sf
+do
+  echo "==> CHECKING: ${sf}"
+  shellcheck "${sf}"
+  rc=$?
+  if [[ $rc != 0 ]]; then
+    echo "==> LINTING FAIL: ${sf}"
+    fail_shellcheck=1
+  fi
+done < <(find "${WORKSPACE}" \( -name "*.sh" -o -name "*.bash" \) -print0)
+
+exit ${fail_shellcheck}
+
diff --git a/jjb/verify/automation-tools.yaml b/jjb/verify/automation-tools.yaml
new file mode 100644
index 0000000..4a0cb63
--- /dev/null
+++ b/jjb/verify/automation-tools.yaml
@@ -0,0 +1,22 @@
+---
+# verification jobs for 'automation-tools' repo
+
+- project:
+    name: automation-tools
+    project: '{name}'
+
+    jobs:
+      - 'verify-automation-tools-jobs':
+          branch-regexp: '{supported-branches-regexp}'
+
+- job-group:
+    name: 'verify-automation-tools-jobs'
+    jobs:
+      - 'verify-licensed'
+      - 'verify-ansible-lint':
+          dependency-jobs: 'verify_automation-tools_licensed'
+      - 'verify-shellcheck':
+          dependency-jobs: 'verify_automation-tools_ansible-lint'
+      - 'verify-sonarqube':
+          dependency-jobs: 'verify_automation-tools_shellcheck'
+