From 0f5e504f9ee067b19149c808639b8bbd568f8252 Mon Sep 17 00:00:00 2001 From: Wolfgang Walther Date: Tue, 10 Jun 2025 21:59:31 +0200 Subject: [PATCH] workflows: use bash shell explicitly This forces better error handling as described in [1]. Without this change, bash would *not* run with `-o pipefail`, which means some errors go unnoticed. By naming `bash` explicitly, `-o pipefail` is enabled. 1: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#defaultsrunshell --- .github/workflows/backport.yml | 4 ++++ .github/workflows/check-cherry-picks.yml | 4 ++++ .github/workflows/check-format.yml | 4 ++++ .github/workflows/check-shell.yml | 4 ++++ .github/workflows/codeowners-v2.yml | 4 ++++ .github/workflows/edited.yml | 4 ++++ .github/workflows/eval-aliases.yml | 4 ++++ .github/workflows/eval.yml | 4 ++++ .github/workflows/labels.yml | 4 ++++ .github/workflows/lib-tests.yml | 4 ++++ .github/workflows/manual-nixos-v2.yml | 4 ++++ .github/workflows/manual-nixpkgs-v2.yml | 4 ++++ .github/workflows/nix-parse-v2.yml | 4 ++++ .github/workflows/nixpkgs-vet.yml | 4 ++++ .github/workflows/no-channel.yml | 4 ++++ .github/workflows/periodic-merge-24h.yml | 4 ++++ .github/workflows/periodic-merge-6h.yml | 4 ++++ .github/workflows/periodic-merge.yml | 4 ++++ .github/workflows/reviewers.yml | 4 ++++ 19 files changed, 76 insertions(+) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index ea184fb914a4..68d833b01e06 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -14,6 +14,10 @@ permissions: issues: write pull-requests: write +defaults: + run: + shell: bash + jobs: backport: name: Backport Pull Request diff --git a/.github/workflows/check-cherry-picks.yml b/.github/workflows/check-cherry-picks.yml index 77aafd9f0ff2..618c1cf9ffed 100644 --- a/.github/workflows/check-cherry-picks.yml +++ b/.github/workflows/check-cherry-picks.yml @@ -17,6 +17,10 @@ concurrency: permissions: pull-requests: write +defaults: + run: + shell: bash + jobs: check: name: cherry-pick-check diff --git a/.github/workflows/check-format.yml b/.github/workflows/check-format.yml index 616d8e574592..ef1e3e1a7456 100644 --- a/.github/workflows/check-format.yml +++ b/.github/workflows/check-format.yml @@ -12,6 +12,10 @@ concurrency: permissions: {} +defaults: + run: + shell: bash + jobs: nixos: name: fmt-check diff --git a/.github/workflows/check-shell.yml b/.github/workflows/check-shell.yml index 03649bfd934d..37eddde22529 100644 --- a/.github/workflows/check-shell.yml +++ b/.github/workflows/check-shell.yml @@ -15,6 +15,10 @@ concurrency: permissions: {} +defaults: + run: + shell: bash + jobs: shell-check: strategy: diff --git a/.github/workflows/codeowners-v2.yml b/.github/workflows/codeowners-v2.yml index a857b1542263..84bbbc980633 100644 --- a/.github/workflows/codeowners-v2.yml +++ b/.github/workflows/codeowners-v2.yml @@ -35,6 +35,10 @@ concurrency: permissions: {} +defaults: + run: + shell: bash + env: OWNERS_FILE: ci/OWNERS # Don't do anything on draft PRs diff --git a/.github/workflows/edited.yml b/.github/workflows/edited.yml index 5d93f5b8ce18..186bd9cb8a0c 100644 --- a/.github/workflows/edited.yml +++ b/.github/workflows/edited.yml @@ -22,6 +22,10 @@ concurrency: permissions: {} +defaults: + run: + shell: bash + jobs: base: name: Trigger jobs diff --git a/.github/workflows/eval-aliases.yml b/.github/workflows/eval-aliases.yml index 451656a103ab..913341d6c814 100644 --- a/.github/workflows/eval-aliases.yml +++ b/.github/workflows/eval-aliases.yml @@ -12,6 +12,10 @@ concurrency: permissions: {} +defaults: + run: + shell: bash + jobs: eval-aliases: name: Eval nixpkgs with aliases enabled diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml index bb99c0dfbc68..711932b6a02b 100644 --- a/.github/workflows/eval.yml +++ b/.github/workflows/eval.yml @@ -22,6 +22,10 @@ concurrency: permissions: {} +defaults: + run: + shell: bash + jobs: prepare: name: Prepare diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index 5cdec70b62ce..1e485a6df89b 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -17,6 +17,10 @@ permissions: issues: write # needed to create *new* labels pull-requests: write +defaults: + run: + shell: bash + jobs: labels: name: label-pr diff --git a/.github/workflows/lib-tests.yml b/.github/workflows/lib-tests.yml index 710356d8b771..4a22a5e2dfdc 100644 --- a/.github/workflows/lib-tests.yml +++ b/.github/workflows/lib-tests.yml @@ -15,6 +15,10 @@ concurrency: permissions: {} +defaults: + run: + shell: bash + jobs: nixpkgs-lib-tests: name: nixpkgs-lib-tests diff --git a/.github/workflows/manual-nixos-v2.yml b/.github/workflows/manual-nixos-v2.yml index 6d0b050fb3f8..f2728da91c93 100644 --- a/.github/workflows/manual-nixos-v2.yml +++ b/.github/workflows/manual-nixos-v2.yml @@ -24,6 +24,10 @@ concurrency: permissions: {} +defaults: + run: + shell: bash + jobs: nixos: name: nixos-manual-build diff --git a/.github/workflows/manual-nixpkgs-v2.yml b/.github/workflows/manual-nixpkgs-v2.yml index 7fa628959c64..f68fae524e90 100644 --- a/.github/workflows/manual-nixpkgs-v2.yml +++ b/.github/workflows/manual-nixpkgs-v2.yml @@ -16,6 +16,10 @@ concurrency: permissions: {} +defaults: + run: + shell: bash + jobs: nixpkgs: name: nixpkgs-manual-build diff --git a/.github/workflows/nix-parse-v2.yml b/.github/workflows/nix-parse-v2.yml index 201a9c8b48ca..bd920bd1e7a0 100644 --- a/.github/workflows/nix-parse-v2.yml +++ b/.github/workflows/nix-parse-v2.yml @@ -12,6 +12,10 @@ concurrency: permissions: {} +defaults: + run: + shell: bash + jobs: tests: name: nix-files-parseable-check diff --git a/.github/workflows/nixpkgs-vet.yml b/.github/workflows/nixpkgs-vet.yml index e8694cc68979..df0ce2401c4c 100644 --- a/.github/workflows/nixpkgs-vet.yml +++ b/.github/workflows/nixpkgs-vet.yml @@ -20,6 +20,10 @@ permissions: {} # We don't use a concurrency group here, because the action is triggered quite often (due to the PR edit trigger), and contributors would get notified on any canceled run. # There is a feature request for suppressing notifications on concurrency-canceled runs: https://github.com/orgs/community/discussions/13015 +defaults: + run: + shell: bash + jobs: check: name: nixpkgs-vet diff --git a/.github/workflows/no-channel.yml b/.github/workflows/no-channel.yml index 9371f9b44f13..d02d422d5d71 100644 --- a/.github/workflows/no-channel.yml +++ b/.github/workflows/no-channel.yml @@ -8,6 +8,10 @@ on: permissions: {} +defaults: + run: + shell: bash + jobs: fail: if: | diff --git a/.github/workflows/periodic-merge-24h.yml b/.github/workflows/periodic-merge-24h.yml index 43ac1545a265..f56142b722b8 100644 --- a/.github/workflows/periodic-merge-24h.yml +++ b/.github/workflows/periodic-merge-24h.yml @@ -16,6 +16,10 @@ on: permissions: {} +defaults: + run: + shell: bash + jobs: periodic-merge: if: github.repository_owner == 'NixOS' diff --git a/.github/workflows/periodic-merge-6h.yml b/.github/workflows/periodic-merge-6h.yml index 8ec7afa27564..e056d7634a5d 100644 --- a/.github/workflows/periodic-merge-6h.yml +++ b/.github/workflows/periodic-merge-6h.yml @@ -16,6 +16,10 @@ on: permissions: {} +defaults: + run: + shell: bash + jobs: periodic-merge: if: github.repository_owner == 'NixOS' diff --git a/.github/workflows/periodic-merge.yml b/.github/workflows/periodic-merge.yml index 0f686b2f96e5..046a0d2fb4dd 100644 --- a/.github/workflows/periodic-merge.yml +++ b/.github/workflows/periodic-merge.yml @@ -12,6 +12,10 @@ on: required: true type: string +defaults: + run: + shell: bash + jobs: merge: runs-on: ubuntu-24.04-arm diff --git a/.github/workflows/reviewers.yml b/.github/workflows/reviewers.yml index bf205a8b3890..655471ffec60 100644 --- a/.github/workflows/reviewers.yml +++ b/.github/workflows/reviewers.yml @@ -22,6 +22,10 @@ concurrency: permissions: {} +defaults: + run: + shell: bash + jobs: request: name: Request