workflows: use set -xeuo pipefail globally

This is the same change as Homebrew/brew#18369.
Homebrew · Sep 28, 2024 · d7ccd4a · d7ccd4a
1 parent 41d21e0
commit d7ccd4a
Show file tree

Hide file tree

Showing 18 changed files with 77 additions and 27 deletions.
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
@@ -10,6 +10,10 @@ on:
     paths:
       - '.github/workflows/*.ya?ml'
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: "actionlint-${{ github.ref }}"
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
@@ -35,7 +39,6 @@ jobs:
           test-bot: false
 
       - name: Set up actionlint
-        shell: bash
         env:
           HOMEBREW_TAP_REPOSITORY: ${{ steps.setup-homebrew.outputs.repository-path }}
         run: |
@@ -48,7 +51,7 @@ jobs:
 
           # Setting `shell: /bin/bash` prevents shellcheck from running on
           # those steps, so let's change them to `shell: bash` for linting.
-          sed -i 's:/bin/bash -e {0}:bash:' .github/workflows/*.y*ml
+          sed -i 's|shell: /bin/bash -x|shell: bash -x|' .github/workflows/*.y*ml
           # The JSON matcher needs to be accessible to the container host.
           cp "$(brew --repository)/.github/actionlint-matcher.json" "$HOME"
           echo "::add-matcher::$HOME/actionlint-matcher.json"

diff --git a/.github/workflows/autobump.yml b/.github/workflows/autobump.yml
@@ -18,6 +18,10 @@ on:
 permissions:
   contents: read
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 jobs:
   autobump:
     if: github.repository == 'Homebrew/homebrew-core'

diff --git a/.github/workflows/automerge-from-merge-queue.yml b/.github/workflows/automerge-from-merge-queue.yml
@@ -7,6 +7,10 @@ on:
     types:
       - completed
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: automerge-merge_queue-${{ github.event.workflow_run.event }}-${{ github.event.workflow_run.id }}
   cancel-in-progress: true
@@ -252,9 +256,6 @@ jobs:
       contents: read
       pull-requests: read
       actions: write # to dispatch publish workflow
-    defaults:
-      run:
-        shell: bash
     steps:
       - name: Set up Homebrew
         uses: Homebrew/actions/setup-homebrew@master

diff --git a/.github/workflows/automerge-triggers.yml b/.github/workflows/automerge-triggers.yml
@@ -9,6 +9,10 @@ on:
       - unlabeled
       - ready_for_review
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 jobs:
   check:
     if: >

diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
@@ -8,6 +8,10 @@ on:
     types:
       - completed
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: automerge-${{ github.event.workflow_run.event }}-${{ github.event.workflow_run.id }}
   cancel-in-progress: true
@@ -182,9 +186,6 @@ jobs:
       contents: read
       pull-requests: read
       actions: write # to dispatch publish workflow
-    defaults:
-      run:
-        shell: bash
     steps:
       - name: Set up Homebrew
         uses: Homebrew/actions/setup-homebrew@master

diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml
@@ -20,6 +20,10 @@ env:
   HOMEBREW_DEVELOPER: 1
   HOMEBREW_NO_AUTO_UPDATE: 1
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: cache-${{ github.event.pull_request.number }}
   cancel-in-progress: true

diff --git a/.github/workflows/clean-up-closed-prs.yml b/.github/workflows/clean-up-closed-prs.yml
@@ -5,6 +5,10 @@ on:
     types:
       - closed
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.number }}
   cancel-in-progress: true
@@ -23,9 +27,6 @@ jobs:
     runs-on: ubuntu-latest
     container:
       image: ghcr.io/homebrew/ubuntu22.04:master
-    defaults:
-      run:
-        shell: bash
     permissions:
       contents: read
       actions: write # for `gh run cancel`

diff --git a/.github/workflows/create-replacement-pr.yml b/.github/workflows/create-replacement-pr.yml
@@ -1,6 +1,10 @@
 name: Create replacement pull request
 run-name: "Replace PR #${{ inputs.pull_request }}"
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.inputs.pull_request }}-${{ github.event.inputs.upload }}
   cancel-in-progress: ${{ !fromJson(github.event.inputs.upload) }}
@@ -56,9 +60,6 @@ jobs:
       repository-projects: write # for `gh pr edit`
       attestations: write # for actions/attest-build-provenance
       id-token: write # for actions/attest-build-provenance
-    defaults:
-      run:
-        shell: bash
     steps:
       - name: Post comment once started
         uses: Homebrew/actions/post-comment@master

diff --git a/.github/workflows/dispatch-build-bottle.yml b/.github/workflows/dispatch-build-bottle.yml
@@ -40,6 +40,10 @@ env:
   DISPATCH_BUILD_BOTTLE_ISSUE: ${{ inputs.issue }}
   DISPATCH_BUILD_BOTTLE_UPLOAD: ${{ inputs.upload }}
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 # Intentionally the same as dispatch-rebottle
 concurrency: bottle-${{ github.event.inputs.formula }}
 
@@ -143,7 +147,7 @@ jobs:
       contents: read
     defaults:
       run:
-        shell: /bin/bash -e {0}
+        shell: /bin/bash -xeuo pipefail {0}
         working-directory: ${{matrix.workdir || github.workspace}}
     env:
       GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
@@ -197,9 +201,6 @@ jobs:
     if: inputs.upload
     container:
       image: ghcr.io/homebrew/ubuntu22.04:master
-    defaults:
-      run:
-        shell: bash
     env:
       HOMEBREW_SIMULATE_MACOS_ON_LINUX: 1
       GH_REPO: ${{github.repository}}

diff --git a/.github/workflows/dispatch-rebottle.yml b/.github/workflows/dispatch-rebottle.yml
@@ -31,6 +31,10 @@ on:
         default: true
         required: false
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 # Intentionally the same as dispatch-build-bottle
 concurrency: bottle-${{ github.event.inputs.formula }}
 
@@ -84,7 +88,7 @@ jobs:
     timeout-minutes: ${{fromJson(inputs.timeout)}}
     defaults:
       run:
-        shell: /bin/bash -e {0}
+        shell: /bin/bash -xeuo pipefail {0}
         working-directory: ${{matrix.workdir || github.workspace}}
     env:
       GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
@@ -134,9 +138,6 @@ jobs:
     if: inputs.upload
     container:
       image: ghcr.io/homebrew/ubuntu22.04:master
-    defaults:
-      run:
-        shell: bash
     env:
       HOMEBREW_SIMULATE_MACOS_ON_LINUX: 1
       GH_REPO: ${{github.repository}}

diff --git a/.github/workflows/manage-pull-request-labels.yml b/.github/workflows/manage-pull-request-labels.yml
@@ -5,6 +5,10 @@ on:
     types:
       - unlabeled
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.number }}-${{ github.event.label.name }}
   cancel-in-progress: true

diff --git a/.github/workflows/publish-commit-bottles.yml b/.github/workflows/publish-commit-bottles.yml
@@ -32,6 +32,10 @@ on:
         description: "Message to include when autosquashing revision bumps, deletions, and rebuilds (requires autosquash)"
         required: false
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 env:
   PR: ${{inputs.pull_request}}
   INPUT_MESSAGE: ${{ inputs.message }}
@@ -251,9 +255,6 @@ jobs:
       actions: read # for `brew pr-pull`
       pull-requests: write # for `gh pr edit|review`
       repository-projects: write # for `gh pr edit`
-    defaults:
-      run:
-        shell: bash
     steps:
       - name: Post comment once started
         uses: Homebrew/actions/post-comment@master

diff --git a/.github/workflows/recreate-linux-runners.yml b/.github/workflows/recreate-linux-runners.yml
@@ -11,6 +11,10 @@ on:
     types:
       - completed
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: recreate-linux-runners-${{ github.event.workflow_run.id || github.ref }}
   cancel-in-progress: true

diff --git a/.github/workflows/remove-disabled-packages.yml b/.github/workflows/remove-disabled-packages.yml
@@ -13,6 +13,10 @@ on:
 env:
   RUN_URL: ${{github.event.repository.html_url}}/actions/runs/${{github.run_id}}
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: remove-disabled-packages
   cancel-in-progress: true

diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml
@@ -10,6 +10,10 @@ on:
     # Once every day at 1AM
     - cron: "0 1 * * *"
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: scheduled
   cancel-in-progress: true

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -20,6 +20,10 @@ env:
   GH_PROMPT_DISABLED: 1
   SCRIPTS_PATH: .github/workflows/scripts
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: "tests-${{ github.ref }}"
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
@@ -213,7 +217,7 @@ jobs:
     timeout-minutes: ${{ matrix.timeout }}
     defaults:
       run:
-        shell: /bin/bash -e {0}
+        shell: /bin/bash -xeuo pipefail {0}
         working-directory: ${{matrix.workdir || github.workspace}}
     env:
       GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
@@ -332,7 +336,7 @@ jobs:
     timeout-minutes: ${{ matrix.timeout }}
     defaults:
       run:
-        shell: /bin/bash -e {0}
+        shell: /bin/bash -xeuo pipefail {0}
         working-directory: ${{matrix.workdir || github.workspace}}
     env:
       GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

diff --git a/.github/workflows/triage-ci.yml b/.github/workflows/triage-ci.yml
@@ -7,6 +7,10 @@ on:
     types:
       - completed
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: triage-ci-${{ github.event.workflow_run.event }}-${{ github.event.workflow_run.id }}
   cancel-in-progress: true

diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml
@@ -7,6 +7,10 @@ env:
   GH_NO_UPDATE_NOTIFIER: 1
   GH_PROMPT_DISABLED: 1
 
+defaults:
+  run:
+    shell: bash -xeuo pipefail {0}
+
 concurrency:
   group: "triage-${{ github.event.number }}"
   cancel-in-progress: true