commit 60265fe0e98386814a5d43f20aceb2211ee8b1d6
author Eric Ball <eball@linuxfoundation.org> Tue May 26 17:14:49 2026 -0700
committer Eric Ball <eball@linuxfoundation.org> Tue May 26 17:14:49 2026 -0700
tree 9817c73abda7ef04c00853b4761171de56b7c23e
parent fa4458ecc575146a902dc141e00aaa63d4df22b9

Add helm-lint, shellcheck, and tag-check actions

These are the remaining verification jobs on our main list, outside
of sanity tests.
Since none of these have any overlap in their implementation (that is,
no two jobs use the exact same combination of actions), no new shared
workflows are being added.

Signed-off-by: Eric Ball <eball@linuxfoundation.org>
Change-Id: I912f0d5a8c1baed84657bccfadbf9c7caecbcdc2

.github/actions/shellcheck-action/action.yaml

diff --git a/.github/actions/shellcheck-action/action.yaml b/.github/actions/shellcheck-action/action.yaml
new file mode 100644
index 0000000..e3004c0
--- /dev/null
+++ b/.github/actions/shellcheck-action/action.yaml
@@ -0,0 +1,85 @@
+---
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2026 The Linux Foundation
+
+name: ShellCheck Lint
+description: "Lint shell scripts with ShellCheck"
+
+inputs:
+  path:
+    description: "Path to search for shell scripts"
+    required: false
+    default: "."
+  severity:
+    description: "Minimum severity level (error, warning, info, style)"
+    required: false
+    default: "style"
+  exclude:
+    description: "Comma-separated list of ShellCheck codes to exclude (e.g., SC1090,SC2034)"
+    required: false
+    default: ""
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install ShellCheck
+      shell: bash
+      run: |
+        if ! command -v shellcheck &> /dev/null; then
+          echo "Installing ShellCheck..."
+          sudo apt-get update
+          sudo apt-get install -y shellcheck
+        fi
+        echo "ShellCheck version:"
+        shellcheck --version
+
+    - name: Run ShellCheck
+      shell: bash
+      run: |
+        set +e
+        fail_shellcheck=0
+        files_checked=0
+
+        echo "=> Linting shell scripts with ShellCheck"
+        echo "   Path: ${{ inputs.path }}"
+        echo "   Severity: ${{ inputs.severity }}"
+
+        # Build exclude argument if provided
+        exclude_arg=""
+        if [[ -n "${{ inputs.exclude }}" ]]; then
+          exclude_arg="--exclude=${{ inputs.exclude }}"
+          echo "   Excluding: ${{ inputs.exclude }}"
+        fi
+
+        # Find and check all shell scripts
+        while IFS= read -r -d '' script; do
+          echo ""
+          echo "==> CHECKING: ${script}"
+          files_checked=$((files_checked + 1))
+
+          if [[ -n "${exclude_arg}" ]]; then
+            shellcheck --severity="${{ inputs.severity }}" "${exclude_arg}" "${script}"
+          else
+            shellcheck --severity="${{ inputs.severity }}" "${script}"
+          fi
+
+          rc=$?
+          if [[ $rc -ne 0 ]]; then
+            echo "==> FAILED: ${script}"
+            fail_shellcheck=1
+          else
+            echo "==> PASSED: ${script}"
+          fi
+        done < <(find "${{ inputs.path }}" \( -name "*.sh" -o -name "*.bash" \) -type f -print0)
+
+        echo ""
+        echo "=> Summary: ${files_checked} file(s) checked"
+
+        if [[ ${files_checked} -eq 0 ]]; then
+          echo "=> No shell scripts found"
+        elif [[ ${fail_shellcheck} -eq 0 ]]; then
+          echo "=> All checks passed"
+        else
+          echo "=> Some checks failed"
+          exit 1
+        fi