Merge pull request #782 from srvrco/update-actions-node16

Fix shellcheck errors

.github/workflows/run-tests-pebble.yml

@@ -15,7 +15,7 @@ jobs:
   test-alpine:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Alpine
@@ -23,7 +23,7 @@ jobs:
   test-bash-4-0:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Alpine using Bash 4.0
@@ -31,7 +31,7 @@ jobs:
   test-bash-4-2:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Alpine using Bash 4.2
@@ -39,7 +39,7 @@ jobs:
   test-bash-5-0:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Alpine using Bash 5
@@ -47,7 +47,7 @@ jobs:
   test-centos6:
       runs-on: ubuntu-latest
       steps:
-        - uses: actions/checkout@v1
+        - uses: actions/checkout@v3
         - name: Build the docker-compose stack
           run: docker-compose up -d --build
         - name: Run test suite on CentOS6
@@ -55,7 +55,7 @@ jobs:
   test-centos7:
       runs-on: ubuntu-latest
       steps:
-        - uses: actions/checkout@v1
+        - uses: actions/checkout@v3
         - name: Build the docker-compose stack
           run: docker-compose up -d --build
         - name: Run test suite on CentOS7
@@ -63,7 +63,7 @@ jobs:
   test-centos8:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on CentOS8
@@ -71,7 +71,7 @@ jobs:
   test-debian:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Debian
@@ -79,7 +79,7 @@ jobs:
   test-rockylinux8:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on RockyLinux8
@@ -87,7 +87,7 @@ jobs:
   test-ubuntu:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Ubuntu
@@ -95,7 +95,7 @@ jobs:
   test-ubuntu14:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Ubuntu14
@@ -103,7 +103,7 @@ jobs:
   test-ubuntu16:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Ubuntu16
@@ -111,7 +111,7 @@ jobs:
   test-ubuntu18:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Ubuntu18

.github/workflows/run-tests-staging-acmedns.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     if: always()
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Ubuntu against Staging using acmedns

.github/workflows/run-tests-staging-duckdns.yml

@@ -9,7 +9,7 @@ jobs:
   test-centos7-duckdns:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on CentOS7 against Staging using DuckDNS
@@ -19,7 +19,7 @@ jobs:
     if: always()
     needs: test-centos7-duckdns
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Ubuntu against Staging using DuckDNS

.github/workflows/run-tests-staging-dynu.yml

@@ -9,7 +9,7 @@ jobs:
   test-centos7-dynu:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on CentOS7 against Staging using Dynu
@@ -19,7 +19,7 @@ jobs:
     if: always()
     needs: test-centos7-dynu
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Build the docker-compose stack
         run: docker-compose up -d --build
       - name: Run test suite on Ubuntu against Staging using Dynu

.github/workflows/shellcheck.yml

@@ -15,7 +15,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Lint check
         uses: azohra/shell-linter@latest
         with:

getssl

@@ -1560,20 +1560,20 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
   fi
 
   if [[ -n "$HAS_DIG_OR_DRILL" ]]; then
-    if [[ -n "$gad_s" ]]; then
-      gad_s="@$gad_s"
+    if [[ -n "${gad_s}" ]]; then
+      gad_s="@${gad_s}"
     fi
 
     # Two options here; either dig CNAME will return the CNAME and the NS or just the CNAME
-    debug "Using $HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS CNAME $gad_d $gad_s"
+    debug "Using $HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} CNAME ${gad_d}"
     # shellcheck disable=SC2086
-    res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS CNAME "$gad_d" $gad_s| grep "^$gad_d")
+    res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} CNAME "${gad_d}"| grep "^${gad_d}")
     cname=$(echo "$res"| awk '$4 ~ "CNAME" {print $5}' |sed 's/\.$//g')
 
     if [[ $_TEST_SKIP_CNAME_CALL == 0 ]]; then
       debug Checking if CNAME result contains NS records
       # shellcheck disable=SC2086
-      res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS CNAME "$gad_d" $gad_s| grep -E "IN\W(NS|SOA)\W")
+      res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} CNAME "${gad_d}"| grep -E "IN\W(NS|SOA)\W")
     else
       res=
     fi
@@ -1589,19 +1589,19 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
     if [[ -z "$res" ]] && [[ $_TEST_SKIP_SOA_CALL == 0 ]]; then
       # shellcheck disable=SC2086
       if [[ "$HAS_DIG_OR_DRILL" == "drill" ]]; then
-        debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS -T SOA $gad_d $gad_s" to find primary nameserver
-        res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS -T SOA "$gad_d" $gad_s 2>/dev/null | grep "IN\WNS\W")
+        debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS -T ${gad_s} SOA ${gad_d}" to find primary nameserver
+        res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS -T ${gad_s} SOA "${gad_d}" 2>/dev/null | grep "IN\WNS\W")
       else
-        debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS SOA +trace +nocomments $gad_d $gad_s" to find primary nameserver
-        res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS SOA +trace +nocomments "$gad_d" $gad_s 2>/dev/null | grep "IN\WNS\W")
+        debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} SOA +trace +nocomments ${gad_d}" to find primary nameserver
+        res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} SOA +trace +nocomments "${gad_d}" 2>/dev/null | grep "IN\WNS\W")
       fi
     fi
 
     # Query for NS records
     if [[ -z "$res" ]]; then
-      debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS NS $gad_d $gad_s" to find primary nameserver
+      debug Using "$HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} NS ${gad_d}" to find primary nameserver
       # shellcheck disable=SC2086
-      res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS NS "$gad_d" $gad_s | grep -E "IN\W(NS|SOA)\W")
+      res=$($HAS_DIG_OR_DRILL $DNS_CHECK_OPTIONS ${gad_s} NS "${gad_d}"| grep -E "IN\W(NS|SOA)\W")
     fi
 
     if [[ -n "$res" ]]; then
@@ -1639,12 +1639,12 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
 
   if [[ "$HAS_HOST" == "true" ]]; then
     gad_d="$orig_gad_d"
-    debug Using "host -t NS" to find primary name server for "$gad_d"
+    debug Using "host -t NS" to find primary name server for "${gad_d}"
     # shellcheck disable=SC2086
-    if [[ -z "$gad_s" ]]; then
-      res=$(host $DNS_CHECK_OPTIONS -t NS "$gad_d"| grep "name server")
+    if [[ -z "${gad_s}" ]]; then
+      res=$(host $DNS_CHECK_OPTIONS -t NS "${gad_d}"| grep "name server")
     else
-      res=$(host $DNS_CHECK_OPTIONS -t NS "$gad_d" $gad_s| grep "name server")
+      res=$(host $DNS_CHECK_OPTIONS -t NS "${gad_d}" ${gad_s}| grep "name server")
     fi
     if [[ -n "$res" ]]; then
       all_auth_dns_servers=$(echo "$res" | awk '{print $4}' | sed 's/\.$//g'|tr '\n' ' ')
@@ -1665,17 +1665,17 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
 
   if [[ "$HAS_NSLOOKUP" == "true" ]]; then
     gad_d="$orig_gad_d"
-    debug Using "nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns $gad_d $gad_s" to find primary name server
+    debug Using "nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns ${gad_d} ${gad_s}" to find primary name server
     # shellcheck disable=SC2086
-    res=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "$gad_d" ${gad_s})
+    res=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "${gad_d}" ${gad_s})
 
     # check for CNAME (assumes gad_d is _acme-challenge.{host})
     if [[ "$(grep -c "NXDOMAIN"<<<"$res")" -gt 0 ]]; then
-      debug "Cannot find nameserver record for $gad_d, using parent domain ${gad_d#*.}"
+      debug "Cannot find nameserver record for ${gad_d}, using parent domain ${gad_d#*.}"
       gad_d="${gad_d#*.}"
-      debug "nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns $gad_d ${gad_s}"
+      debug "nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns ${gad_d} ${gad_s}"
       # shellcheck disable=SC2086
-      res=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "$gad_d" ${gad_s})
+      res=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "${gad_d}" ${gad_s})
     fi
 
     if [[ "$(echo "$res" | grep -c "Non-authoritative")" -gt 0 ]]; then
@@ -1684,14 +1684,14 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
 
       gad_s=$(echo "$res" | awk '$2 ~ "nameserver" {print $4; exit }' |sed 's/\.$//g')
       # If the previous line fails to find the nameserver, use the original
-      if [[ -z "$gad_s" ]]; then
+      if [[ -z "${gad_s}" ]]; then
         gad_s="$orig_gad_s"
       fi
 
       if [[ "$(echo "$res" | grep -c "canonical name")" -gt 0 ]]; then
-        debug "$gad_d" appears to be a CNAME
+        debug "${gad_d}" appears to be a CNAME
         gad_d=$(echo "$res" | awk ' $2 ~ "canonical" {print $5; exit }' |sed 's/\.$//g')
-        debug "Using $gad_d instead"
+        debug "Using ${gad_d} instead"
       elif [[ "$(echo "$res" | grep -c "an't find")" -gt 0 ]]; then
         # if domain name doesn't exist, then find auth servers for next level up
         debug "Couldn't find NS or SOA for domain name, using nslookup $DNS_CHECK_OPTIONS -debug ${gad_d#*.} ${orig_gad_s}"
@@ -1700,28 +1700,28 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
         gad_s=$(echo "$res" | awk '$1 ~ "origin" {print $3; exit }')
         gad_d=$(echo "$res" | awk '$1 ~ "->" {print $2; exit}')
         # handle scenario where awk returns nothing
-        if [[ -z "$gad_d" ]]; then
+        if [[ -z "${gad_d}" ]]; then
           gad_d="${orig_gad_d}"
         fi
       fi
 
-      debug "Using nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns $gad_d ${gad_s}"
+      debug "Using nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns ${gad_d} ${gad_s}"
       # shellcheck disable=SC2086
-      res=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "$gad_d" ${gad_s})
+      res=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "${gad_d}" ${gad_s})
     fi
 
     if [[ "$(echo "$res" | grep -c "an't find")" -gt 0 ]]; then
       gad_s=$(echo "$res" | awk ' $1 ~ "origin" {print $3; exit }')
       gad_d=$(echo "$res"| awk '$1 ~ "->" {print $2; exit}')
       # handle scenario where awk returns nothing
-      if [[ -z "$gad_d" ]]; then
+      if [[ -z "${gad_d}" ]]; then
         gad_d="$orig_gad_d"
       fi
     fi
 
     # shellcheck disable=SC2086
     # not quoting gad_s fixes the nslookup: couldn't get address for '': not found warning (#332)
-    all_auth_dns_servers=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "$gad_d" $gad_s \
+    all_auth_dns_servers=$(nslookup $DNS_CHECK_OPTIONS -debug -type=soa -type=ns "${gad_d}" ${gad_s} \
                           | awk '$1 ~ "nameserver" {print $3}' \
                           | sed 's/\.$//g'| tr '\n' ' ')
 
@@ -1872,6 +1872,7 @@ get_eab_json() { # calculate json block for external account bindings, v2 only
     # single param, assume file path and read into array
     debug "Using EAB FILE ${EAB_PARAMS[0]}"
     [[ -s "${EAB_PARAMS[0]}" ]] || error_exit "missing path ${EAB_PARAMS[0]} for eab file"
+    # shellcheck disable=SC2207
     EAB_PARAMS=( $(cat "${EAB_PARAMS[0]}") )
   fi
   if [ ${#EAB_PARAMS[@]} -eq 2 ]; then

test/u1-test-get_auth_dns-dig.bats

@@ -53,21 +53,21 @@ teardown() {
     # Disable CNAME check
     _TEST_SKIP_CNAME_CALL=1
 
-    PUBLIC_DNS_SERVER=ns1.duckdns.org
+    PUBLIC_DNS_SERVER=ns1.afraid.org
     CHECK_PUBLIC_DNS_SERVER=false
     CHECK_ALL_AUTH_DNS=false
 
-    run get_auth_dns ubuntu-getssl.duckdns.org
+    run get_auth_dns ubuntu-getssl.ignorelist.com
 
     # Assert that we've found the primary_ns server
-    assert_output --regexp 'set primary_ns = ns[1-9]+\.duckdns\.org'
+    assert_output --regexp 'set primary_ns = ns[1-3]+\.afraid\.org'
     # Assert that we had to use dig NS
     assert_line --regexp 'Using dig.* NS'
 
     # Check all Authoritive DNS servers are returned if requested
     CHECK_ALL_AUTH_DNS=true
-    run get_auth_dns ubuntu-getssl.duckdns.org
-    assert_output --regexp 'set primary_ns = (ns[1-9]+\.duckdns\.org )+'
+    run get_auth_dns ubuntu-getssl.ignorelist.com
+    assert_output --regexp 'set primary_ns = (ns[1-3]+\.afraid\.org ?)+'
 }
 
 

test/u2-test-get_auth_dns-drill.bats

@@ -59,21 +59,21 @@ teardown() {
     _TEST_SKIP_CNAME_CALL=1
     _TEST_SKIP_SOA_CALL=1
 
-    PUBLIC_DNS_SERVER=ns1.duckdns.org
+    PUBLIC_DNS_SERVER=ns1.afraid.org
     CHECK_PUBLIC_DNS_SERVER=false
     CHECK_ALL_AUTH_DNS=false
 
-    run get_auth_dns ubuntu-getssl.duckdns.org
+    run get_auth_dns ubuntu-getssl.ignorelist.com
 
     # Assert that we've found the primary_ns server
-    assert_output --regexp 'set primary_ns = ns[1-9]+\.duckdns\.org'
+    assert_output --regexp 'set primary_ns = ns[1-3]+\.afraid\.org'
     # Assert that we had to use drill NS
     assert_line --regexp 'Using drill.* NS'
 
     # Check all Authoritive DNS servers are returned if requested
     CHECK_ALL_AUTH_DNS=true
-    run get_auth_dns ubuntu-getssl.duckdns.org
-    assert_output --regexp 'set primary_ns = (ns[1-9]+\.duckdns\.org )+'
+    run get_auth_dns ubuntu-getssl.ignorelist.com
+    assert_output --regexp 'set primary_ns = (ns[1-3]+\.afraid\.org ?)+'
 }
 
 

test/u7-test-get_auth_dns-nslookup.bats

@@ -65,17 +65,17 @@ teardown() {
     CHECK_PUBLIC_DNS_SERVER=false
     CHECK_ALL_AUTH_DNS=false
 
-    run get_auth_dns ubuntu-getssl.duckdns.org
+    run get_auth_dns ubuntu-getssl.ignorelist.com
 
     # Assert that we've found the primary_ns server
-    #assert_output --regexp 'set primary_ns = ns[1-9]+\.duckdns\.org'
+    #assert_output --regexp 'set primary_ns = ns[1-3]+\.afraid\.org'
     # Assert that we had to use dig NS
     #assert_line --regexp 'Using nslookup.* NS'
 
     # Check all Authoritive DNS servers are returned if requested
     CHECK_ALL_AUTH_DNS=true
-    run get_auth_dns _acme-challenge.ubuntu-getssl.duckdns.org
-    assert_output --regexp 'set primary_ns=(ns[1-9]+\.duckdns\.org )+'
+    run get_auth_dns _acme-challenge.ubuntu-getssl.ignorelist.com
+    assert_output --regexp 'set primary_ns=(ns[1-3]+\.afraid\.org )+'
 }
 
 
@@ -92,10 +92,10 @@ teardown() {
     CHECK_PUBLIC_DNS_SERVER=false
     CHECK_ALL_AUTH_DNS=false
 
-    run get_auth_dns _acme-challenge.ubuntu-getssl.duckdns.org
+    run get_auth_dns _acme-challenge.ubuntu-getssl.ignorelist.com
 
     # Assert that we've found the primary_ns server
-    assert_output --regexp 'set primary_ns=ns[1-9]+\.duckdns\.org'
+    assert_output --regexp 'set primary_ns=ns[1-3]+\.afraid\.org'
 
     # Assert that we had to use nslookup NS
     assert_line --regexp 'Using nslookup.*-type=soa'
@@ -103,13 +103,13 @@ teardown() {
 
     # Check all Authoritive DNS servers are returned if requested
     CHECK_ALL_AUTH_DNS=true
-    run get_auth_dns _acme-challenge.ubuntu-getssl.duckdns.org
-    assert_output --regexp 'set primary_ns=(ns[1-9]+\.duckdns\.org )+'
+    run get_auth_dns _acme-challenge.ubuntu-getssl.ignorelist.com
+    assert_output --regexp 'set primary_ns=(ns[1-3]+\.afraid\.org )+'
 
     # Check that we also check the public DNS server if requested
     CHECK_PUBLIC_DNS_SERVER=true
-    run get_auth_dns _acme-challenge.ubuntu-getssl.duckdns.org
-    assert_output --regexp 'set primary_ns=(ns[1-9]+\.duckdns\.org )+ 1\.0\.0\.1'
+    run get_auth_dns _acme-challenge.ubuntu-getssl.ignorelist.com
+    assert_output --regexp 'set primary_ns=(ns[1-3]+\.afraid\.org )+ 1\.0\.0\.1'
 }