Support for GitHub Actions expression syntax (${{ ... }}) in ShellCheck linting

[DMGiulioRomano]

Hi!

First of all, thanks for the extension — it’s super useful for highlighting and linting shell scripts in GitHub Actions workflows.

I noticed an issue when using ShellCheck inside .github/workflows/*.yaml scripts, for example with this snippet:

if [[ "${{ github.ref }}" == "refs/tags/v"* ]]; then
    echo "This is a tag starting with v"
fi

• ShellCheck (SC2193) reports:

  The arguments to this comparison can never be equal. Make sure your syntax is correct.

• The problem is that ShellCheck does not recognize GitHub Actions expressions like ${{ github.ref }}, and treats them as literal strings. This produces a false positive.

Suggestion:

It would be great if the extension could detect GitHub Actions expressions and either:

1. Ignore them in static analysis, or
2. Evaluate them in a GitHub Actions context for linting purposes.

This would prevent false positives like SC2193 when using GitHub-specific syntax in shell scripts inside workflows.

Thanks a lot for considering this improvement!

[marcovr]

Yes this is something I have experienced as well. Unfortunately there's no easy way to properly fix this behaviour :-(

Because if i simply treat GitHub Actions expressions as a variable, then something like this will trigger SC2016:

mv '${{ inputs.myFile }}' someFolder

And that is in my opinion an even worse false positive.

---

Concerning your suggestions:

1. Ignore them in static analysis

This might be a potential way to solve it. While I can't really ignore them completely I might be able to simply ignore SC2050 on all lines with GitHub Actions expressions. That could lead to some false negatives, but shouldn't be too bad. I'll think about it.

2. Evaluate them in a GitHub Actions context for linting purposes.

I don't really see how that can work. These expressions are arbitrarily complex and can return any kind of value.

---

But in the meantime: there are several workarounds you can use!

Workarounds

Suppress the warning

# shellcheck disable=SC2050 # we're comparing against a replaced value
if [[ "${{ runner.debug }}" == "1" ]]; then
    echo "we are in debug mode"
fi

Assign to a variable

debug=${{ runner.debug }}
if [[ "$debug" == "1" ]]; then
    echo "we are in debug mode"
fi

Use env vars

- name: Some task
  shell: bash
  env:
    DEBUG: ${{ runner.debug }}
  run: |
    if [[ "$DEBUG" == "1" ]]; then
        echo "we are in debug mode"
    fi