From 196c5d369682450535d8acd5d5235484c83b87ca Mon Sep 17 00:00:00 2001
From: Christian Clauss <cclauss@me.com>
Date: Wed, 8 Apr 2026 10:13:36 +0200
Subject: [PATCH 1/3] .github: Run shellcheck in GitHub Actions CI

.github: Run shellcheck in GitHub Actions CI
---
 .github/workflows/test_scripts.yml | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/test_scripts.yml b/.github/workflows/test_scripts.yml
index 82b15455ec9f5..1da0c6e4244a7 100644
--- a/.github/workflows/test_scripts.yml
+++ b/.github/workflows/test_scripts.yml
@@ -13,13 +13,14 @@ jobs:
       fail-fast: false  # don't cancel if a job from the matrix fails
       matrix:
         config: [
+            astyle-cleanliness,
             check_autotest_options,
+            logger_metadata,
             param_parse,
+            param-file-validation,
             python-cleanliness,
-            astyle-cleanliness,
+            shellcheck,
             validate_board_list,
-            logger_metadata,
-            param-file-validation,
           ]
     steps:
       # git checkout the PR
@@ -28,8 +29,8 @@ jobs:
           submodules: 'recursive'
       - uses: actions/setup-python@v6
         with:
-          python-version: '3.12'
-          cache: 'pip' # caching pip dependencies
+          python-version: 3.x
+          cache: pip  # caching pip dependencies
           pip-install: flake8 lxml pexpect
 
       - name: Install astyle
@@ -38,6 +39,13 @@ jobs:
           sudo apt-get update
           sudo apt-get install -y astyle
 
+      - name: Install shellcheck
+        if: matrix.config == 'shellcheck'
+        shell: bash
+        run: |
+          sudo apt-get update
+          sudo apt-get install --yes shellcheck
+
       - name: test ${{matrix.config}}
         env:
           CI_BUILD_TARGET: ${{matrix.config}}

From 1f8a78f98b58a8860aa79a6dbe8ea36406c9bc74 Mon Sep 17 00:00:00 2001
From: Christian Clauss <cclauss@me.com>
Date: Wed, 8 Apr 2026 10:15:56 +0200
Subject: [PATCH 2/3] .shellcheckrc: Run shellcheck in GitHub Actions CI

---
 .shellcheckrc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 .shellcheckrc

diff --git a/.shellcheckrc b/.shellcheckrc
new file mode 100644
index 0000000000000..22a31160d905d
--- /dev/null
+++ b/.shellcheckrc
@@ -0,0 +1,14 @@
+# https://www.shellcheck.net -- 'shellcheck --help'
+# https://github.com/koalaman/shellcheck
+# 'find . -type f -name "*.sh" -exec shellcheck --severity=error {} +'
+
+# Minimum severity of errors to consider (error, warning, info, style)
+severity=error
+
+# To improve our code quality, comment out one for the following and create a pull request:
+disable=SC1087  # 2 instances
+disable=SC2068  # 4 instances
+disable=SC2071  # 2 instances
+disable=SC2145  # 1 instance
+disable=SC2148  # 3 instances
+disable=SC2173  # 1 instance

From f7090c3da56e411cbfa078cb39f77d5524187cd0 Mon Sep 17 00:00:00 2001
From: Christian Clauss <cclauss@me.com>
Date: Wed, 8 Apr 2026 10:27:09 +0200
Subject: [PATCH 3/3] Tools: Run shellcheck in GitHub Actions CI

---
 Tools/scripts/build_ci.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Tools/scripts/build_ci.sh b/Tools/scripts/build_ci.sh
index 376005fdccbe1..1764c2edb38b0 100755
--- a/Tools/scripts/build_ci.sh
+++ b/Tools/scripts/build_ci.sh
@@ -524,6 +524,14 @@ for t in $CI_BUILD_TARGET; do
         continue
     fi
 
+    if [ "$t" == "shellcheck" ]; then
+        echo "Running shellcheck on scripts"
+
+        # Ignore scripts in the modules directory
+        find . -path ./modules -prune -o -type f -name '*.sh' -exec shellcheck --severity=error '{}' +
+        continue
+    fi
+
     if [ "$t" == "param-file-validation" ]; then
         echo "Testing param check script"
         ./Tools/scripts/param_check_unittests.py