NemoClaw/.shellcheckrc
Carlos Villela b6f45a6b8f
fix(install): prevent nvm/login shell from resetting PATH in subshells (#651)
* fix(install): prevent nvm/login shell from resetting PATH in subshells

Two issues caused install_nemoclaw() subshells to lose the caller's
PATH, making install-preflight tests fail on macOS while passing in CI:

1. `bash -lc` sourced /etc/profile which runs path_helper on macOS,
   resetting PATH to system defaults and hiding the caller's binaries.
   Fix: replace `bash -lc` with `bash -c` — the parent shell already
   has the correct PATH, so a login shell is unnecessary.

2. `ensure_nvm_loaded()` unconditionally sourced nvm.sh, which also
   resets PATH. Fix: skip sourcing when node is already on PATH.

Also export `info` and `warn` helpers via `declare -f` so
pre_extract_openclaw can use them in the subshell.

Additionally:
- Fix SC2206 shellcheck warning in version_gte() by using `read -ra`
  instead of unquoted word splitting into arrays.
- Add .shellcheckrc to suppress SC2059 (printf format string with color
  vars) and SC1091 (dynamically sourced files) across the project.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(ci): drop stray '.' arg from pyright pre-push hook

Passing '.' to pyright overrides the include/exclude paths in
pyproject.toml, causing it to scan .venv and test files. Without the
argument, pyright respects the configured include paths.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: apply shfmt formatting to shell scripts

Auto-formatted by shfmt via pre-commit hooks after merging
upstream/main.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(ci): exclude test files from pyright strict type-checking

The test_endpoint_validation.py file imports pytest which is only
available as a dev dependency. Pyright in strict mode cannot resolve it,
breaking the pre-push hook. Exclude test files from pyright's include
paths since they have their own type discipline via pytest.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(ci): drop stray '.' arg from pyright in blueprint Makefile

Same issue as the pre-commit hook fix — passing '.' to pyright
overrides the include/exclude paths in pyproject.toml, causing it to
scan .venv and site-packages (17k+ errors in CI).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore: apply shfmt formatting to brev-setup.sh

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(security): pin apt and pip package versions in Dockerfile

Addresses hadolint DL3008, DL3013, DL3042, and DL3059: pin all apt
packages to exact versions, pin pyyaml, add --no-cache-dir, and
consolidate consecutive RUN instructions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: remove hadolint ignore and quote pyyaml version pin

Remove stale DL3008 suppression (versions are pinned) and add quotes
around the pyyaml version specifier for consistency with upstream.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: document -h short alias in usage output

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 09:10:07 -07:00

9 lines
420 B
Text

# SC2059: Don't use variables in the printf format string.
# Our info/warn/ok/error helpers and banner intentionally embed ANSI color
# variables in printf format strings. This is safe because the variables
# contain only escape sequences, never user input.
#
# SC1091: Not following sourced file.
# We dynamically source nvm.sh and runtime.sh at paths that shellcheck
# cannot resolve statically.
disable=SC2059,SC1091