From ea84c1b14eb2747f621edec4280b67d193284db3 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Sat, 13 Dec 2025 13:24:58 +0100
Subject: [PATCH] Add ShellCheck and Ruff code sniffers to CI and release
 workflows

- Introduce dedicated ShellCheck workflow for Bash scripts
- Add Ruff as Python code sniffer for src/ and tests/
- Integrate both sniffers into main CI pipeline
- Require successful sniffer runs before marking a release as stable
- Ensure consistent code quality checks across CI and release workflows

https://chatgpt.com/share/693d5b26-293c-800f-999d-48b2950b9417
---
 .github/workflows/ci.yml                     |  6 +++++
 .github/workflows/codesniffer-ruff.yml       | 24 ++++++++++++++++++++
 .github/workflows/codesniffer-shellcheck.yml | 15 ++++++++++++
 .github/workflows/mark-stable.yml            |  8 +++++++
 4 files changed, 53 insertions(+)
 create mode 100644 .github/workflows/codesniffer-ruff.yml
 create mode 100644 .github/workflows/codesniffer-shellcheck.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4ad2598..681f171 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -27,3 +27,9 @@ jobs:
 
   test-virgin-root:
     uses: ./.github/workflows/test-virgin-root.yml
+
+  codesniffer-shellcheck:
+    uses: ./.github/workflows/codesniffer-shellcheck.yml
+
+  codesniffer-ruff:
+    uses: ./.github/workflows/codesniffer-ruff.yml
diff --git a/.github/workflows/codesniffer-ruff.yml b/.github/workflows/codesniffer-ruff.yml
new file mode 100644
index 0000000..63d1284
--- /dev/null
+++ b/.github/workflows/codesniffer-ruff.yml
@@ -0,0 +1,24 @@
+name: Ruff (Python code sniffer)
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  codesniffer-ruff:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install ruff
+        run: pip install ruff
+
+      - name: Run ruff
+        run: |
+          ruff check src tests
diff --git a/.github/workflows/codesniffer-shellcheck.yml b/.github/workflows/codesniffer-shellcheck.yml
new file mode 100644
index 0000000..113ff41
--- /dev/null
+++ b/.github/workflows/codesniffer-shellcheck.yml
@@ -0,0 +1,15 @@
+name: ShellCheck
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  codesniffer-shellcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install ShellCheck
+        run: sudo apt-get update && sudo apt-get install -y shellcheck
+      - name: Run ShellCheck
+        run: shellcheck -x $(find scripts -type f -name '*.sh' -print)
diff --git a/.github/workflows/mark-stable.yml b/.github/workflows/mark-stable.yml
index 72a13c1..a9c9a77 100644
--- a/.github/workflows/mark-stable.yml
+++ b/.github/workflows/mark-stable.yml
@@ -29,8 +29,16 @@ jobs:
   test-virgin-root:
     uses: ./.github/workflows/test-virgin-root.yml
 
+  codesniffer-shellcheck:
+    uses: ./.github/workflows/codesniffer-shellcheck.yml
+
+  codesniffer-ruff:
+    uses: ./.github/workflows/codesniffer-ruff.yml
+
   mark-stable:
     needs:
+      - codesniffer-shellcheck
+      - codesniffer-ruff
       - test-unit
       - test-integration
       - test-env-nix