Problem
find_shell_scripts() in src/linters/shellcheck.rs currently hard-codes only two exclusions:
"-not", "-path", "*/.git/*",
"-not", "-path", "*/.terraform/*",
Any directory that contains vendored or generated shell scripts (e.g. .tmp/, target/, a local Cargo registry cache) will be scanned even if it is listed in .gitignore. This breaks linter all in projects that temporarily materialise external shell scripts inside the workspace.
Concrete example
In torrust/torrust-tracker, a cold-run benchmark script uses an isolated CARGO_HOME placed under .tmp/workflow-benchmarks/ to approximate a shared-runner first run. After the run, .tmp/ contains vendored .sh files from crates such as zerocopy and sqlx. Those files contain shellcheck errors that are not ours to fix, so linter shellcheck (and therefore linter all) exits non-zero.
.tmp/ is already listed in .gitignore, but the linter does not consult .gitignore.
Proposed solution
Add support for a project-level exclusion file — .linterignore or a [shellcheck] section in a linter.toml — that lists additional path patterns to pass as -not -path arguments to the internal find call.
A minimal approach that would unblock the immediate use case:
- If a
.linterignore file exists in the working directory, read it (one glob pattern per line, # comments stripped).
- For each pattern, append
-not -path "<pattern>" to the find invocations in both find_shell_scripts() for .sh and .bash files.
- Apply the same exclusion list to other linters that also call
find internally (e.g. markdownlint, cspell) if they have the same problem.
A longer-term alternative is to respect .gitignore directly (e.g. via git ls-files --others --exclude-standard to discover untracked scripts, or by using the ignore crate).
Acceptance criteria
Context
- Affects:
src/linters/shellcheck.rs → find_shell_scripts()
- Related repo:
torrust/torrust-tracker (issue #1841 — workflow performance baseline analysis)
- Discovered while running cold-run benchmark scripts that write an isolated
CARGO_HOME under .tmp/
Problem
find_shell_scripts()insrc/linters/shellcheck.rscurrently hard-codes only two exclusions:Any directory that contains vendored or generated shell scripts (e.g.
.tmp/,target/, a local Cargo registry cache) will be scanned even if it is listed in.gitignore. This breakslinter allin projects that temporarily materialise external shell scripts inside the workspace.Concrete example
In
torrust/torrust-tracker, a cold-run benchmark script uses an isolatedCARGO_HOMEplaced under.tmp/workflow-benchmarks/to approximate a shared-runner first run. After the run,.tmp/contains vendored.shfiles from crates such aszerocopyandsqlx. Those files contain shellcheck errors that are not ours to fix, solinter shellcheck(and thereforelinter all) exits non-zero..tmp/is already listed in.gitignore, but the linter does not consult.gitignore.Proposed solution
Add support for a project-level exclusion file —
.linterignoreor a[shellcheck]section in alinter.toml— that lists additional path patterns to pass as-not -patharguments to the internalfindcall.A minimal approach that would unblock the immediate use case:
.linterignorefile exists in the working directory, read it (one glob pattern per line,#comments stripped).-not -path "<pattern>"to thefindinvocations in bothfind_shell_scripts()for.shand.bashfiles.findinternally (e.g. markdownlint, cspell) if they have the same problem.A longer-term alternative is to respect
.gitignoredirectly (e.g. viagit ls-files --others --exclude-standardto discover untracked scripts, or by using theignorecrate).Acceptance criteria
linter allpasses intorrust/torrust-trackerwith.tmp/in the exclusion list.Context
src/linters/shellcheck.rs→find_shell_scripts()torrust/torrust-tracker(issue #1841 — workflow performance baseline analysis)CARGO_HOMEunder.tmp/