add shellcheck action to lint bash scripts

[doc-sheet]

Hello.
I would like to add shellcheck linter for install scripts.

To avoid messing with #3673 podman PR (and to not edit all scripts at once) this action only checks install/_lib.sh

I'm willing to slowly add all other *.sh scripts too.

Some trade-offs I made:

1. checks restricted to install/_lib.sh but action runs on any **.sh change.
2. SC1090 and SC1091 disabled because I don't have full context on how env-sources are used
3. ensure_file_from_example() excluded as kinda false-positive, pure bash solution won't be more readable I suppose
4. direct shellcheck run is used because tool is preinstalled and it's output could easily be converted to action annotations

Warnings from unmodified lib.sh are available in this PR

Legal Boilerplate

Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.

[aminvakil]

Thank you for providing this PR.

Honestly I'm not a fan of shellcheck on big projects myself, running shellcheck locally on self-hosted shows many errors and warnings which many are not a big deal.

I'd suggest running shellcheck locally and fix any issue which you may see and provide a PR for them, but I do not see a benefit of adding shellcheck in case we want to ignore it everywhere.

[aminvakil]

What is the necessity of piping output of shellcheck to jq?

[doc-sheet]

just to replace some keys like column and values like info and style with github action command.
col and notice in this case.

And to format shellcheck's json as one-line command like ::error file=file.sh,col=123::message

[doc-sheet]

And the trick with grep is just to negate exit code :)

[doc-sheet]

in case want to ignore it everywhere

My point is to fix warnings first (which I plan to do anyway iteratively) and then don't ignore it anymore. I just don't want to break other people PRs with minor changes of quotes and exports here and there.

I just hope code without warnings would help with adding new features and refactoring.

[aldy505]

@doc-sheet Just to let you know: i'd love to get this merged since this will bring quality improvement. But I'm currently working on other things (as you can see on Discord -- it's a chaos lol). What's blocking this PR is the CI not passing, if you were to be able to get that right, we can merge immediately.

[doc-sheet]

Hi. At the time of creating PR I checked and this test was failling before too. Looks like there were some changes in python sdk.
I'll look into it.

And tbh I don't know what discord server you mention :)

[doc-sheet]

Tests pass after rebase.

Fixed by #3714

[aldy505]

And tbh I don't know what discord server you mention :)

https://discord.gg/sentry this should be it

[doc-sheet]

Thank you, didn't know it exists.

[aldy505]

@aminvakil wanna take another look?

[aminvakil]

@doc-sheet Could you please break something, and revert it, so we can see the failure in this PR?