Reference Files
Deep-dive guides for specific topics:
- patterns-and-conventions.md - Defensive programming patterns, strict mode, and code style
- safety-and-security.md - Security patterns, input validation, and hardening
- portability-and-compatibility.md - Cross-platform compatibility and Bash version features
- documentation-and-ci-cd.md - Documentation standards and CI/CD integration
- performance-and-optimization.md - Optimization techniques and profiling
- advanced-techniques.md - Advanced patterns, dependencies, and common pitfalls
- tools-and-frameworks.md - Essential tools, testing frameworks, and external resources
Bash Scripting
Master guide for defensive Bash scripting following production-grade best practices. This skill provides comprehensive patterns, standards, and techniques for writing safe, portable, and maintainable shell scripts for automation, CI/CD pipelines, and system utilities.
Use this skill when writing new bash scripts or improving existing ones to follow defensive programming principles.
Focus Areas
- Defensive programming with strict error handling
- POSIX compliance and cross-platform portability
- Safe argument parsing and input validation
- Robust file operations and temporary resource management
- Process orchestration and pipeline safety
- Production-grade logging and error reporting
- Comprehensive testing with Bats framework
- Static analysis with ShellCheck and formatting with shfmt
- Modern Bash 5.x features and best practices
- CI/CD integration and automation workflows
Core Approach
Essential defensive programming patterns (see patterns-and-conventions.md for complete details):
- Strict mode: Always use
set -Eeuo pipefailwith error trapping - Quote variables: Prevent word splitting and globbing issues
- Safe iteration: Use proper arrays, avoid
for f in $(ls) - Conditionals: Use
[[ ]]for Bash,[ ]for POSIX - Temp files: Create safely with
mktempand cleanup traps - Output: Prefer
printfoverechofor reliability - Input validation: Check required variables with
: "${VAR:?message}" - Safe operations: End option parsing with
--, userm -rf -- "$dir" - NUL-safe patterns: Use
find -print0 | while IFS= read -r -d ''for filenames - Logging: Implement structured logging with configurable verbosity
- Idempotency: Design scripts to be repeatable and support dry-run modes
Quality Checklist
- Scripts pass ShellCheck static analysis with minimal suppressions
- Code is formatted consistently with shfmt using standard options
- Comprehensive test coverage with Bats including edge cases
- All variable expansions are properly quoted
- Error handling covers all failure modes with meaningful messages
- Temporary resources are cleaned up properly with EXIT traps
- Scripts support
--helpand provide clear usage information - Input validation prevents injection attacks and handles edge cases
- Scripts are portable across target platforms (Linux, macOS)
- Performance is adequate for expected workloads and data sizes
Output
Production-ready deliverables:
- Bash scripts with defensive programming practices
- Test suites using bats-core or shellspec with TAP output
- CI/CD pipeline configurations for automated testing
- Documentation (shdoc markdown, shellman man pages)
- Static analysis configuration (.shellcheckrc, .shfmt.toml)
- Security review with SAST and secrets scanning
- Structured logging and observability
Where to Find What
- Getting started: Review Focus Areas and Core Approach above
- Defensive patterns: patterns-and-conventions.md - Strict mode, quoting, code style
- Security: safety-and-security.md - Input validation, secure file ops, hardening
- Cross-platform: portability-and-compatibility.md - Platform detection, Bash versions
- CI/CD setup: documentation-and-ci-cd.md - GitHub Actions, pre-commit hooks
- Performance: performance-and-optimization.md - Profiling, logging, optimization
- Advanced patterns: advanced-techniques.md - Complex patterns, dependencies, pitfalls
- Tools: tools-and-frameworks.md - ShellCheck, bats-core, external resources