fix: lint bash scripts with shellcheck

Fix shellcheck warnings across all bash scripts in scripts/: - Quote default assignments to prevent globbing (SC2223) - Replace backticks with $() syntax (SC2006) - Use [ a ] && [ b ] instead of [ a -a b ] (SC2166) - Remove legacy x-prefix comparisons (SC2268) - Separate local declaration from assignment (SC2155) - Quote variables to prevent word splitting (SC2086) - Use mapfile instead of array=($(cmd)) (SC2207) - Replace expr with $((...)) arithmetic (SC2003) - Refactor command existence checks (SC2181/SC2034) Closes #31689 Signed-off-by: Moritz Röseler <moritz.roeseler@gmail.com>
1 week ago · 241770ec1a
parent f928025cdb
commit 241770ec1a
6 changed files with 101 additions and 92 deletions
--- a/scripts/get
+++ b/scripts/get
@ -20,13 +20,13 @@
 PROJECT_NAME="helm"
 TILLER_NAME="tiller"

-: ${USE_SUDO:="true"}
-: ${HELM_INSTALL_DIR:="/usr/local/bin"}
+: "${USE_SUDO:=true}"
+: "${HELM_INSTALL_DIR:=/usr/local/bin}"

 # initArch discovers the architecture for this system.
 initArch() {
  ARCH=$(uname -m)
-  case $ARCH in
+  case "$ARCH" in
    armv5*) ARCH="armv5";;
    armv6*) ARCH="armv6";;
    armv7*) ARCH="arm";;
@ -40,7 +40,7 @@ initArch() {

 # initOS discovers the operating system for this system.
 initOS() {
-  OS=$(echo `uname`|tr '[:upper:]' '[:lower:]')
+  OS=$(uname | tr '[:upper:]' '[:lower:]')

  case "$OS" in
    # Minimalist GNU for Windows
@ -50,7 +50,7 @@ initOS() {

 # runs the given command as root (detects if we are root already)
 runAsRoot() {
-  if [ $EUID -ne 0 -a "$USE_SUDO" = "true" ]; then
+  if [ $EUID -ne 0 ] && [ "$USE_SUDO" = "true" ]; then
    sudo "${@}"
  else
    "${@}"
@ -75,7 +75,7 @@ verifySupported() {

 # checkDesiredVersion checks if the desired version is available.
 checkDesiredVersion() {
-  if [ "x$DESIRED_VERSION" == "x" ]; then
+  if [ -z "$DESIRED_VERSION" ]; then
    # Pinning tag to v2.17.0 as per https://github.com/helm/helm/issues/9607
    TAG=v2.17.0
  else
@ -87,7 +87,8 @@ checkDesiredVersion() {
 # if it needs to be changed.
 checkHelmInstalledVersion() {
  if [[ -f "${HELM_INSTALL_DIR}/${PROJECT_NAME}" ]]; then
-    local version=$("${HELM_INSTALL_DIR}/${PROJECT_NAME}" version -c | grep '^Client' | cut -d'"' -f2)
+    local version
+    version=$("${HELM_INSTALL_DIR}/${PROJECT_NAME}" version -c | grep '^Client' | cut -d'"' -f2)
    if [[ "$version" == "$TAG" ]]; then
      echo "Helm ${version} is already ${DESIRED_VERSION:-latest}"
      return 0
@ -126,8 +127,10 @@ downloadFile() {
 # installs it.
 installFile() {
  HELM_TMP="$HELM_TMP_ROOT/$PROJECT_NAME"
-  local sum=$(openssl sha1 -sha256 ${HELM_TMP_FILE} | awk '{print $2}')
-  local expected_sum=$(cat ${HELM_SUM_FILE})
+  local sum
+  sum=$(openssl sha1 -sha256 "${HELM_TMP_FILE}" | awk '{print $2}')
+  local expected_sum
+  expected_sum=$(cat "${HELM_SUM_FILE}")
  if [ "$sum" != "$expected_sum" ]; then
    echo "SHA sum of ${HELM_TMP_FILE} does not match. Aborting."
    exit 1
@ -166,13 +169,11 @@ fail_trap() {

 # testVersion tests the installed client to make sure it is working.
 testVersion() {
-  set +e
-  HELM="$(command -v $PROJECT_NAME)"
-  if [ "$?" = "1" ]; then
-    echo "$PROJECT_NAME not found. Is $HELM_INSTALL_DIR on your "'$PATH?'
+  if ! command -v "$PROJECT_NAME" &> /dev/null; then
+    # shellcheck disable=SC2016
+    echo "$PROJECT_NAME not found. Is $HELM_INSTALL_DIR on your "'\$PATH?'
    exit 1
  fi
-  set -e
  echo "Run '$PROJECT_NAME init' to configure $PROJECT_NAME."
 }

@ -195,11 +196,11 @@ cleanup() {
 # Execution

 #Stop execution on any error
-trap "fail_trap" EXIT
+trap 'fail_trap' EXIT
 set -e

 # Parsing input arguments (if any)
-export INPUT_ARGUMENTS="${@}"
+export INPUT_ARGUMENTS="$*"
 set -u
 while [[ $# -gt 0 ]]; do
  case $1 in
--- a/scripts/get-helm-3
+++ b/scripts/get-helm-3
@ -17,13 +17,13 @@
 # The install script is based off of the MIT-licensed script from glide,
 # the package manager for Go: https://github.com/Masterminds/glide.sh/blob/master/get

-: ${BINARY_NAME:="helm"}
-: ${USE_SUDO:="true"}
-: ${DEBUG:="false"}
-: ${VERIFY_CHECKSUM:="true"}
-: ${VERIFY_SIGNATURES:="false"}
-: ${HELM_INSTALL_DIR:="/usr/local/bin"}
-: ${GPG_PUBRING:="pubring.kbx"}
+: "${BINARY_NAME:=helm}"
+: "${USE_SUDO:=true}"
+: "${DEBUG:=false}"
+: "${VERIFY_CHECKSUM:=true}"
+: "${VERIFY_SIGNATURES:=false}"
+: "${HELM_INSTALL_DIR:=/usr/local/bin}"
+: "${GPG_PUBRING:=pubring.kbx}"

 HAS_CURL="$(type "curl" &> /dev/null && echo true || echo false)"
 HAS_WGET="$(type "wget" &> /dev/null && echo true || echo false)"
@ -35,7 +35,7 @@ HAS_TAR="$(type "tar" &> /dev/null && echo true || echo false)"
 # initArch discovers the architecture for this system.
 initArch() {
  ARCH=$(uname -m)
-  case $ARCH in
+  case "$ARCH" in
    armv5*) ARCH="armv5";;
    armv6*) ARCH="armv6";;
    armv7*) ARCH="arm";;
@ -49,7 +49,7 @@ initArch() {

 # initOS discovers the operating system for this system.
 initOS() {
-  OS=$(echo `uname`|tr '[:upper:]' '[:lower:]')
+  OS=$(uname | tr '[:upper:]' '[:lower:]')

  case "$OS" in
    # Minimalist GNU for Windows
@ -59,7 +59,7 @@ initOS() {

 # runs the given command as root (detects if we are root already)
 runAsRoot() {
-  if [ $EUID -ne 0 -a "$USE_SUDO" = "true" ]; then
+  if [ $EUID -ne 0 ] && [ "$USE_SUDO" = "true" ]; then
    sudo "${@}"
  else
    "${@}"
@ -112,7 +112,7 @@ verifySupported() {

 # checkDesiredVersion checks if the desired version is available.
 checkDesiredVersion() {
-  if [ "x$DESIRED_VERSION" == "x" ]; then
+  if [ -z "$DESIRED_VERSION" ]; then
    # Get tag from release URL
    local latest_release_url="https://get.helm.sh/helm3-latest-version"
    local latest_release_response=""
@ -122,7 +122,7 @@ checkDesiredVersion() {
      latest_release_response=$( wget "$latest_release_url" -q -O - 2>&1 || true )
    fi
    TAG=$( echo "$latest_release_response" | grep '^v[0-9]' )
-    if [ "x$TAG" == "x" ]; then
+    if [ -z "$TAG" ]; then
      printf "Could not retrieve the latest release tag information from %s: %s\n" "${latest_release_url}" "${latest_release_response}"
      exit 1
    fi
@ -135,7 +135,8 @@ checkDesiredVersion() {
 # if it needs to be changed.
 checkHelmInstalledVersion() {
  if [[ -f "${HELM_INSTALL_DIR}/${BINARY_NAME}" ]]; then
-    local version=$("${HELM_INSTALL_DIR}/${BINARY_NAME}" version --template="{{ .Version }}")
+    local version
+    version=$("${HELM_INSTALL_DIR}/${BINARY_NAME}" version --template="{{ .Version }}")
    if [[ "$version" == "$TAG" ]]; then
      echo "Helm ${version} is already ${DESIRED_VERSION:-latest}"
      return 0
@ -193,8 +194,10 @@ installFile() {
 # verifyChecksum verifies the SHA256 checksum of the binary package.
 verifyChecksum() {
  printf "Verifying checksum... "
-  local sum=$(openssl sha1 -sha256 ${HELM_TMP_FILE} | awk '{print $2}')
-  local expected_sum=$(cat ${HELM_SUM_FILE})
+  local sum
+  sum=$(openssl sha1 -sha256 "${HELM_TMP_FILE}" | awk '{print $2}')
+  local expected_sum
+  expected_sum=$(cat "${HELM_SUM_FILE}")
  if [ "$sum" != "$expected_sum" ]; then
    echo "SHA sum of ${HELM_TMP_FILE} does not match. Aborting."
    exit 1
@ -216,7 +219,8 @@ verifySignatures() {
  fi
  local gpg_keyring="${HELM_TMP_ROOT}/keyring.gpg"
  local gpg_homedir="${HELM_TMP_ROOT}/gnupg"
-  mkdir -p -m 0700 "${gpg_homedir}"
+  mkdir -p "${gpg_homedir}"
+  chmod 0700 "${gpg_homedir}"
  local gpg_stderr_device="/dev/null"
  if [ "${DEBUG}" == "true" ]; then
    gpg_stderr_device="/dev/stderr"
@ -233,13 +237,15 @@ verifySignatures() {
  fi
  local error_text="If you think this might be a potential security issue,"
  error_text="${error_text}\nplease see here: https://github.com/helm/community/blob/master/SECURITY.md"
-  local num_goodlines_sha=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
+  local num_goodlines_sha
+  num_goodlines_sha=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
  if [[ ${num_goodlines_sha} -lt 2 ]]; then
    echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256!"
    echo -e "${error_text}"
    exit 1
  fi
-  local num_goodlines_tar=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
+  local num_goodlines_tar
+  num_goodlines_tar=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
  if [[ ${num_goodlines_tar} -lt 2 ]]; then
    echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz!"
    echo -e "${error_text}"
@ -266,13 +272,11 @@ fail_trap() {

 # testVersion tests the installed client to make sure it is working.
 testVersion() {
-  set +e
-  HELM="$(command -v $BINARY_NAME)"
-  if [ "$?" = "1" ]; then
-    echo "$BINARY_NAME not found. Is $HELM_INSTALL_DIR on your "'$PATH?'
+  if ! command -v "$BINARY_NAME" &> /dev/null; then
+    # shellcheck disable=SC2016
+    echo "$BINARY_NAME not found. Is $HELM_INSTALL_DIR on your "'\$PATH?'
    exit 1
  fi
-  set -e
 }

 # help provides possible cli installation arguments
@ -294,7 +298,7 @@ cleanup() {
 # Execution

 #Stop execution on any error
-trap "fail_trap" EXIT
+trap 'fail_trap' EXIT
 set -e

 # Set debug if desired
@ -303,7 +307,7 @@ if [ "${DEBUG}" == "true" ]; then
 fi

 # Parsing input arguments (if any)
-export INPUT_ARGUMENTS="${@}"
+export INPUT_ARGUMENTS="$*"
 set -u
 while [[ $# -gt 0 ]]; do
  case $1 in
--- a/scripts/get-helm-4
+++ b/scripts/get-helm-4
@ -17,13 +17,13 @@
 # The install script is based off of the MIT-licensed script from glide,
 # the package manager for Go: https://github.com/Masterminds/glide.sh/blob/master/get

-: ${BINARY_NAME:="helm"}
-: ${USE_SUDO:="true"}
-: ${DEBUG:="false"}
-: ${VERIFY_CHECKSUM:="true"}
-: ${VERIFY_SIGNATURES:="false"}
-: ${HELM_INSTALL_DIR:="/usr/local/bin"}
-: ${GPG_PUBRING:="pubring.kbx"}
+: "${BINARY_NAME:=helm}"
+: "${USE_SUDO:=true}"
+: "${DEBUG:=false}"
+: "${VERIFY_CHECKSUM:=true}"
+: "${VERIFY_SIGNATURES:=false}"
+: "${HELM_INSTALL_DIR:=/usr/local/bin}"
+: "${GPG_PUBRING:=pubring.kbx}"

 HAS_CURL="$(type "curl" &> /dev/null && echo true || echo false)"
 HAS_WGET="$(type "wget" &> /dev/null && echo true || echo false)"
@ -35,7 +35,7 @@ HAS_TAR="$(type "tar" &> /dev/null && echo true || echo false)"
 # initArch discovers the architecture for this system.
 initArch() {
  ARCH=$(uname -m)
-  case $ARCH in
+  case "$ARCH" in
    armv5*) ARCH="armv5";;
    armv6*) ARCH="armv6";;
    armv7*) ARCH="arm";;
@ -49,7 +49,7 @@ initArch() {

 # initOS discovers the operating system for this system.
 initOS() {
-  OS=$(echo `uname`|tr '[:upper:]' '[:lower:]')
+  OS=$(uname | tr '[:upper:]' '[:lower:]')

  case "$OS" in
    # Minimalist GNU for Windows
@ -59,7 +59,7 @@ initOS() {

 # runs the given command as root (detects if we are root already)
 runAsRoot() {
-  if [ $EUID -ne 0 -a "$USE_SUDO" = "true" ]; then
+  if [ $EUID -ne 0 ] && [ "$USE_SUDO" = "true" ]; then
    sudo "${@}"
  else
    "${@}"
@ -112,7 +112,7 @@ verifySupported() {

 # checkDesiredVersion checks if the desired version is available.
 checkDesiredVersion() {
-  if [ "x$DESIRED_VERSION" == "x" ]; then
+  if [ -z "$DESIRED_VERSION" ]; then
    # Get tag from release URL
    local latest_release_url="https://get.helm.sh/helm4-latest-version"
    local latest_release_response=""
@ -122,7 +122,7 @@ checkDesiredVersion() {
      latest_release_response=$( wget "$latest_release_url" -q -O - 2>&1 || true )
    fi
    TAG=$( echo "$latest_release_response" | grep '^v[0-9]' )
-    if [ "x$TAG" == "x" ]; then
+    if [ -z "$TAG" ]; then
      printf "Could not retrieve the latest release tag information from %s: %s\n" "${latest_release_url}" "${latest_release_response}"
      exit 1
    fi
@ -135,7 +135,8 @@ checkDesiredVersion() {
 # if it needs to be changed.
 checkHelmInstalledVersion() {
  if [[ -f "${HELM_INSTALL_DIR}/${BINARY_NAME}" ]]; then
-    local version=$("${HELM_INSTALL_DIR}/${BINARY_NAME}" version --template="{{ .Version }}")
+    local version
+    version=$("${HELM_INSTALL_DIR}/${BINARY_NAME}" version --template="{{ .Version }}")
    if [[ "$version" == "$TAG" ]]; then
      echo "Helm ${version} is already ${DESIRED_VERSION:-latest}"
      return 0
@ -193,8 +194,10 @@ installFile() {
 # verifyChecksum verifies the SHA256 checksum of the binary package.
 verifyChecksum() {
  printf "Verifying checksum... "
-  local sum=$(openssl sha1 -sha256 ${HELM_TMP_FILE} | awk '{print $2}')
-  local expected_sum=$(cat ${HELM_SUM_FILE})
+  local sum
+  sum=$(openssl sha1 -sha256 "${HELM_TMP_FILE}" | awk '{print $2}')
+  local expected_sum
+  expected_sum=$(cat "${HELM_SUM_FILE}")
  if [ "$sum" != "$expected_sum" ]; then
    echo "SHA sum of ${HELM_TMP_FILE} does not match. Aborting."
    exit 1
@ -216,7 +219,8 @@ verifySignatures() {
  fi
  local gpg_keyring="${HELM_TMP_ROOT}/keyring.gpg"
  local gpg_homedir="${HELM_TMP_ROOT}/gnupg"
-  mkdir -p -m 0700 "${gpg_homedir}"
+  mkdir -p "${gpg_homedir}"
+  chmod 0700 "${gpg_homedir}"
  local gpg_stderr_device="/dev/null"
  if [ "${DEBUG}" == "true" ]; then
    gpg_stderr_device="/dev/stderr"
@ -233,13 +237,15 @@ verifySignatures() {
  fi
  local error_text="If you think this might be a potential security issue,"
  error_text="${error_text}\nplease see here: https://github.com/helm/community/blob/master/SECURITY.md"
-  local num_goodlines_sha=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
+  local num_goodlines_sha
+  num_goodlines_sha=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
  if [[ ${num_goodlines_sha} -lt 2 ]]; then
    echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256!"
    echo -e "${error_text}"
    exit 1
  fi
-  local num_goodlines_tar=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
+  local num_goodlines_tar
+  num_goodlines_tar=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
  if [[ ${num_goodlines_tar} -lt 2 ]]; then
    echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz!"
    echo -e "${error_text}"
@ -266,13 +272,11 @@ fail_trap() {

 # testVersion tests the installed client to make sure it is working.
 testVersion() {
-  set +e
-  HELM="$(command -v $BINARY_NAME)"
-  if [ "$?" = "1" ]; then
-    echo "$BINARY_NAME not found. Is $HELM_INSTALL_DIR on your "'$PATH?'
+  if ! command -v "$BINARY_NAME" &> /dev/null; then
+    # shellcheck disable=SC2016
+    echo "$BINARY_NAME not found. Is $HELM_INSTALL_DIR on your "'\$PATH?'
    exit 1
  fi
-  set -e
 }

 # help provides possible cli installation arguments
@ -294,7 +298,7 @@ cleanup() {
 # Execution

 #Stop execution on any error
-trap "fail_trap" EXIT
+trap 'fail_trap' EXIT
 set -e

 # Set debug if desired
@ -303,7 +307,7 @@ if [ "${DEBUG}" == "true" ]; then
 fi

 # Parsing input arguments (if any)
-export INPUT_ARGUMENTS="${@}"
+export INPUT_ARGUMENTS="$*"
 set -u
 while [[ $# -gt 0 ]]; do
  case $1 in
--- a/scripts/release-notes.sh
+++ b/scripts/release-notes.sh
@ -29,10 +29,10 @@ if [[ -z "${PREVIOUS_RELEASE}" || -z "${RELEASE}" ]]; then
 fi

 ## validate git tags
-for tag in $RELEASE $PREVIOUS_RELEASE; do
-  OK=$(git tag -l ${tag} | wc -l)
+for tag in "$RELEASE" "$PREVIOUS_RELEASE"; do
+  OK=$(git tag -l "${tag}" | wc -l)
  if [[ "$OK" == "0" ]]; then
-    echo ${tag} is not a valid release version
+    echo "${tag} is not a valid release version"
    exit 1
  fi
 done
@ -46,17 +46,16 @@ if [[ ! -e "./_dist/helm-${RELEASE}-darwin-amd64.tar.gz.sha256sum" ]]; then
 fi

 ## Generate CHANGELOG from git log
-CHANGELOG=$(git log --no-merges --pretty=format:'- %s %H (%aN)' ${PREVIOUS_RELEASE}..${RELEASE})
-if [[ ! $? -eq 0 ]]; then
+if ! CHANGELOG=$(git log --no-merges --pretty=format:'- %s %H (%aN)' "${PREVIOUS_RELEASE}".."${RELEASE}"); then
  echo "Error creating changelog"
  echo "try running \`git log --no-merges --pretty=format:'- %s %H (%aN)' ${PREVIOUS_RELEASE}..${RELEASE}\`"
  exit 1
 fi

 ## guess at MAJOR / MINOR / PATCH versions
-MAJOR=$(echo ${RELEASE} | sed 's/^v//' | cut -f1 -d.)
-MINOR=$(echo ${RELEASE} | sed 's/^v//' | cut -f2 -d.)
-PATCH=$(echo ${RELEASE} | sed 's/^v//' | cut -f3 -d.)
+MAJOR=$(echo "${RELEASE}" | sed 's/^v//' | cut -f1 -d.)
+MINOR=$(echo "${RELEASE}" | sed 's/^v//' | cut -f2 -d.)
+PATCH=$(echo "${RELEASE}" | sed 's/^v//' | cut -f3 -d.)

 ## Print release notes to stdout
 cat <<EOF
@ -81,25 +80,25 @@ The community keeps growing, and we'd love to see you there!

 Download Helm ${RELEASE}. The common platform binaries are here:

- [MacOS amd64](https://get.helm.sh/helm-${RELEASE}-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-darwin-amd64.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-darwin-amd64.tar.gz.sha256))
- [MacOS arm64](https://get.helm.sh/helm-${RELEASE}-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-darwin-arm64.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-darwin-arm64.tar.gz.sha256))
- [Linux amd64](https://get.helm.sh/helm-${RELEASE}-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-amd64.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-amd64.tar.gz.sha256))
- [Linux arm](https://get.helm.sh/helm-${RELEASE}-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-arm.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-arm.tar.gz.sha256))
- [Linux arm64](https://get.helm.sh/helm-${RELEASE}-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-arm64.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-arm64.tar.gz.sha256))
- [Linux i386](https://get.helm.sh/helm-${RELEASE}-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-386.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-386.tar.gz.sha256))
- [Linux loong64](https://get.helm.sh/helm-${RELEASE}-linux-loong64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-loong64.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-loong64.tar.gz.sha256))
- [Linux ppc64le](https://get.helm.sh/helm-${RELEASE}-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-ppc64le.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-ppc64le.tar.gz.sha256))
- [Linux s390x](https://get.helm.sh/helm-${RELEASE}-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-s390x.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-s390x.tar.gz.sha256))
- [Linux riscv64](https://get.helm.sh/helm-${RELEASE}-linux-riscv64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-riscv64.tar.gz.sha256sum) / $(cat _dist/helm-${RELEASE}-linux-riscv64.tar.gz.sha256))
- [Windows amd64](https://get.helm.sh/helm-${RELEASE}-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-${RELEASE}-windows-amd64.zip.sha256sum) / $(cat _dist/helm-${RELEASE}-windows-amd64.zip.sha256))
- [Windows arm64](https://get.helm.sh/helm-${RELEASE}-windows-arm64.zip) ([checksum](https://get.helm.sh/helm-${RELEASE}-windows-arm64.zip.sha256sum) / $(cat _dist/helm-${RELEASE}-windows-arm64.zip.sha256))
+- [MacOS amd64](https://get.helm.sh/helm-${RELEASE}-darwin-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-darwin-amd64.tar.gz.sha256sum) / $(cat "_dist/helm-${RELEASE}-darwin-amd64.tar.gz.sha256"))
+- [MacOS arm64](https://get.helm.sh/helm-${RELEASE}-darwin-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-darwin-arm64.tar.gz.sha256sum) / $(cat "_dist/helm-${RELEASE}-darwin-arm64.tar.gz.sha256"))
+- [Linux amd64](https://get.helm.sh/helm-${RELEASE}-linux-amd64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-amd64.tar.gz.sha256sum) / $(cat "_dist/helm-${RELEASE}-linux-amd64.tar.gz.sha256"))
+- [Linux arm](https://get.helm.sh/helm-${RELEASE}-linux-arm.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-arm.tar.gz.sha256sum) / $(cat "_dist/helm-${RELEASE}-linux-arm.tar.gz.sha256"))
+- [Linux arm64](https://get.helm.sh/helm-${RELEASE}-linux-arm64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-arm64.tar.gz.sha256sum) / $(cat "_dist/helm-${RELEASE}-linux-arm64.tar.gz.sha256"))
+- [Linux i386](https://get.helm.sh/helm-${RELEASE}-linux-386.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-386.tar.gz.sha256sum) / $(cat "_dist/helm-${RELEASE}-linux-386.tar.gz.sha256"))
+- [Linux loong64](https://get.helm.sh/helm-${RELEASE}-linux-loong64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-loong64.tar.gz.sha256sum) / $(cat "_dist/helm-${RELEASE}-linux-loong64.tar.gz.sha256"))
+- [Linux ppc64le](https://get.helm.sh/helm-${RELEASE}-linux-ppc64le.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-ppc64le.tar.gz.sha256sum) / $(cat "_dist/helm-${RELEASE}-linux-ppc64le.tar.gz.sha256"))
+- [Linux s390x](https://get.helm.sh/helm-${RELEASE}-linux-s390x.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-s390x.tar.gz.sha256sum) / $(cat "_dist/helm-${RELEASE}-linux-s390x.tar.gz.sha256"))
+- [Linux riscv64](https://get.helm.sh/helm-${RELEASE}-linux-riscv64.tar.gz) ([checksum](https://get.helm.sh/helm-${RELEASE}-linux-riscv64.tar.gz.sha256sum) / $(cat "_dist/helm-${RELEASE}-linux-riscv64.tar.gz.sha256"))
+- [Windows amd64](https://get.helm.sh/helm-${RELEASE}-windows-amd64.zip) ([checksum](https://get.helm.sh/helm-${RELEASE}-windows-amd64.zip.sha256sum) / $(cat "_dist/helm-${RELEASE}-windows-amd64.zip.sha256"))
+- [Windows arm64](https://get.helm.sh/helm-${RELEASE}-windows-arm64.zip) ([checksum](https://get.helm.sh/helm-${RELEASE}-windows-arm64.zip.sha256sum) / $(cat "_dist/helm-${RELEASE}-windows-arm64.zip.sha256"))

 The [Quickstart Guide](https://helm.sh/docs/intro/quickstart/) will get you going from there. For **upgrade instructions** or detailed installation notes, check the [install guide](https://helm.sh/docs/intro/install/). You can also use a [script to install](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) on any system with \`bash\`.

 ## What's Next

- ${MAJOR}.${MINOR}.$(expr ${PATCH} + 1) will contain only bug fixes.
- ${MAJOR}.$(expr ${MINOR} + 1).${PATCH} is the next feature release. This release will focus on ...
+- ${MAJOR}.${MINOR}.$((PATCH + 1)) will contain only bug fixes.
+- ${MAJOR}.$((MINOR + 1)).${PATCH} is the next feature release. This release will focus on ...

 ## Changelog

--- a/scripts/util.sh
+++ b/scripts/util.sh
@ -28,7 +28,7 @@ kube::util::trap_add() {
    local new_cmd

    # Grab the currently defined trap commands for this trap
-    existing_cmd=`trap -p "${trap_add_name}" |  awk -F"'" '{print $2}'`
+    existing_cmd=$(trap -p "${trap_add_name}" | awk -F"'" '{print $2}')

    if [[ -z "${existing_cmd}" ]]; then
      new_cmd="${trap_add_cmd}"
@ -36,7 +36,8 @@ kube::util::trap_add() {
      new_cmd="${existing_cmd};${trap_add_cmd}"
    fi

-    # Assign the test
+    # Assign the test - expand now is intentional as we're building the command dynamically
+    # shellcheck disable=SC2064
    trap "${new_cmd}" "${trap_add_name}"
  done
 }
--- a/scripts/validate-license.sh
+++ b/scripts/validate-license.sh
@ -28,7 +28,7 @@ find_files() {
 }

 # Use "|| :" to ignore the error code when grep returns empty
-failed_license_header=($(find_files | xargs grep -L 'Licensed under the Apache License, Version 2.0 (the "License")' || :))
+mapfile -t failed_license_header < <(find_files | xargs grep -L 'Licensed under the Apache License, Version 2.0 (the "License")' || :)
 if (( ${#failed_license_header[@]} > 0 )); then
  echo "Some source files are missing license headers."
  printf '%s\n' "${failed_license_header[@]}"
@ -36,7 +36,7 @@ if (( ${#failed_license_header[@]} > 0 )); then
 fi

 # Use "|| :" to ignore the error code when grep returns empty
-failed_copyright_header=($(find_files | xargs grep -L 'Copyright The Helm Authors.' || :))
+mapfile -t failed_copyright_header < <(find_files | xargs grep -L 'Copyright The Helm Authors.' || :)
 if (( ${#failed_copyright_header[@]} > 0 )); then
  echo "Some source files are missing the copyright header."
  printf '%s\n' "${failed_copyright_header[@]}"