From 191b1e791d8a3b0194609f71a7a69d3d15ca864b Mon Sep 17 00:00:00 2001
From: meisam <meisam@noreply.codeberg.org>
Date: Wed, 18 Oct 2023 17:40:03 +0200
Subject: [PATCH 1/4] add shellcheck to ci

---
 .github/workflows/shellcheck.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 .github/workflows/shellcheck.yml

diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
new file mode 100644
index 00000000..17c01531
--- /dev/null
+++ b/.github/workflows/shellcheck.yml
@@ -0,0 +1,20 @@
+---
+name: Shellcheck
+on: [push, pull_request]
+permissions:
+  contents: read
+
+jobs:
+  shellcheck:
+    name: Shellcheck
+    runs-on: ubuntu-latest
+    env:
+      LANG: C.UTF-8
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install shellcheck
+        run: sudo apt update && sudo apt install -y shellcheck && shellcheck --version
+
+      - name: Check shell scripts
+        run: shellcheck -x -P "SCRIPTDIR"/utils --severity=error testssl.sh
\ No newline at end of file

From 0347f2ffeef39c8e35cb8006e064da58c18e2ff1 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 10 Nov 2025 12:05:42 +0100
Subject: [PATCH 2/4] 24.04 Ubuntu's instead of latest

---
 .github/workflows/shellcheck.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 17c01531..e66f0f07 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -7,7 +7,7 @@ permissions:
 jobs:
   shellcheck:
     name: Shellcheck
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     env:
       LANG: C.UTF-8
     steps:
@@ -17,4 +17,4 @@ jobs:
         run: sudo apt update && sudo apt install -y shellcheck && shellcheck --version
 
       - name: Check shell scripts
-        run: shellcheck -x -P "SCRIPTDIR"/utils --severity=error testssl.sh
\ No newline at end of file
+        run: shellcheck -x -P "SCRIPTDIR"/utils --severity=error testssl.sh

From 2fcd01c69396827486e4015b11e763b1f923d129 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 10 Nov 2025 12:15:58 +0100
Subject: [PATCH 3/4] fix FP

---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index e21a83ee..7d73eb71 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -462,7 +462,7 @@ declare TLS_CIPHER_OSSL_NAME=()
 declare TLS_CIPHER_RFC_NAME=()
 declare TLS_CIPHER_SSLVERS=()
 declare TLS_CIPHER_KX=()
-# shellcheck disable=SC2034 . This is a false positive
+# shellcheck disable=SC2034,SC1125        # False positives
 declare TLS_CIPHER_AUTH=()
 declare TLS_CIPHER_ENC=()
 declare TLS_CIPHER_EXPORT=()

From d4cc41405f9fb840a1fb747b7aaf2b96e35b802b Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 10 Nov 2025 12:29:05 +0100
Subject: [PATCH 4/4] Skipping push as it seems expensive and may cause delays

... no bypasses for direct commit for those changes anyway
---
 .github/workflows/shellcheck.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index e66f0f07..6997a486 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -1,6 +1,6 @@
 ---
 name: Shellcheck
-on: [push, pull_request]
+on: [pull_request]
 permissions:
   contents: read