[plan] Address static analysis findings from actionlint/shellcheck #7896
Description
Overview
This tracking issue addresses the 114 code quality findings from the comprehensive static analysis scan performed on 2025-12-27. All findings are shellcheck rules detected by actionlint that improve shell script reliability and error handling.
Source: Discussion #7889
Scan Summary
- Total Findings: 114 code quality issues
- Workflows Affected: 41 out of 128 compiled workflows
- Security Status: ✅ No security vulnerabilities detected (zizmor/poutine clean)
- All Issues: Shell scripting best practices from actionlint/shellcheck
Findings Breakdown
| Issue Type | Severity | Count | Impact |
|---|---|---|---|
| SC2155 | Warning |
31 | Masks return values - can hide errors |
| SC2012 | Info | 72 | Using ls instead of find - filename handling |
| SC2086 | Info | 10 | Missing quotes - globbing/splitting risk |
| SC2129 | Info | 1 | Inefficient redirection pattern |
Planned Sub-Issues
- Fix SC2155 warnings (31 occurrences) - Priority 1: Warning level, can hide errors
- Fix SC2012 info issues (72 occurrences) - Priority 2: Robustness improvement
- Fix SC2086 quoting issues (10 occurrences) - Priority 3: Safety improvement
- Add actionlint pre-commit hook - Process improvement to prevent recurrence
- Update workflow authoring guidelines - Documentation to avoid these patterns
Success Criteria
- All 114 shellcheck issues resolved
- actionlint runs clean on all workflows
- Pre-commit hook prevents new shellcheck violations
- Guidelines updated to prevent future occurrences
Timeline
- Phase 1 (Week 1): Fix SC2155 warnings (highest priority)
- Phase 2 (Week 2): Fix SC2012 info issues (most common)
- Phase 3 (Week 3): Fix remaining issues and add preventive measures
Tracking issue for static analysis findings from discussion #7889
AI generated by Plan Command for discussion #7889