fix(ci): resolve cd.yml shellcheck errors (SC2129, SC1009/1073/1072) (#309)#312
Merged
Conversation
added 3 commits
June 21, 2026 14:34
Site A — lines 161-163 of .github/workflows/cd.yml.
Three sequential `echo … >> "$GITHUB_ENV"` writes inside the
`while IFS='=' read -r key value` loop now share a single
`{ … } >> "$GITHUB_ENV"` redirect, addressing shellcheck SC2129
("Consider using { cmd1; cmd2; } >> file instead of individual
redirects"). The grouped form is byte-identical: Bash applies the
trailing redirect on the brace group to every command in it, so the
same three lines are emitted in the same order on every iteration;
only the file descriptor handling changes from open-per-echo to
open-per-iteration.
Refs #309 (site A only).
…009/1073/1072)
Site B — Open cd-failure issue step in .github/workflows/cd.yml.
actionlint extracts the raw `run:` body and feeds it to its embedded
shellcheck, which sees `${{ github.* }}` as broken parameter
expansions (the inner `{` is not a valid modifier opener). On the
pre-patch file that produced a parse cascade: SC1009, SC1073, and
SC1072 — none of which correspond to a real syntax error in our
script; they are all shellcheck reporting that its fallback parser
ran out of file looking for a closing quote that never existed.
Hoist `github.run_id`, `github.event_name`, and
`github.event.inputs.dry_run` into the step's `env:` block (alongside
the existing `RUN_URL`), then read them as plain shell variables
(${RUN_ID}, ${EVENT_NAME}, ${DRY_RUN_INPUT}) in the script. Actionlint
expands `env:` values before the step starts, so the shell sees
identical strings to the inline form — no behavior change. Site A's
SC2129 was fixed in the preceding commit.
Refs #309 (site B only).
… cascade)
The cd-failure step's parameter expansion '${BACKUP_DIR:-<placeholder>}'
used non-ASCII characters (em-dash) and shell-operator look-alikes
(angle brackets, square brackets) in the default value. Shellcheck
(run by actionlint) could not parse the default as a single text token
and reported a phantom SC1009/1073/1072 cascade pointing at line 11
column 13 of the embedded run-script.
Replace with a plain ASCII placeholder
'UNSET_SEE_WORKFLOW_RUN_LOG_FOR_BACKUP_DIR'. Operators grep for the
literal string in cd-failure issue bodies; shellcheck now parses the
parameter expansion cleanly.
alexandervazquez98
force-pushed
the
fix/309-cd-yml-shellcheck
branch
from
700ca4d to
888036c
Compare
This was referenced Jun 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes GitHub issue #309 by resolving shellcheck errors in
.github/workflows/cd.ymlthat were blocking theactionlintandlint-verify (PR1 gate)checks on every PR.Three surgical edits, no new files, no version bumps, byte-identical workflow runtime behavior.
Why
actionlintruns shellcheck against every workflow on the base branch. Three embedded shell constructs incd.ymlfailed:SC2129style complaint: three sequentialecho ... >> "$GITHUB_ENV"redirects can be grouped as{ ... } >> "$GITHUB_ENV".${{ github.run_id }},${{ github.event_name }}, and${{ github.event.inputs.dry_run }}inside therun:block were an unnecessary mix of GitHub Actions expression syntax and shell syntax; moving them toenv:is cleaner even though shellcheck parses${VAR}and${{ VAR }}similarly.SC1009/SC1073/SC1072phantom "unterminated string" cascade: the parameter expansion${BACKUP_DIR:-<unset — see workflow run log for the deploy's BACKUP_DIR>}had em-dashes and angle brackets in the default value. Shellcheck could not parse the default as a single text token and reported a cascade at line 11 col 13 of the embedded run-script. Replacing with a plain ASCII placeholderUNSET_SEE_WORKFLOW_RUN_LOG_FOR_BACKUP_DIRsatisfies shellcheck; the operator message is preserved (operators grep for the literal token in cd-failure issue bodies).These pre-existed on
mainand blocked every PR — most visibly PR #307 (docs only).What changes
.github/workflows/cd.yml:echoredirects in{ ... } >> "$GITHUB_ENV"(SC2129).env:asRUN_ID,EVENT_NAME,DRY_RUN_INPUT; read them as shell variables in therun:script.Diff: 1 file, +13/-8 across three commits. No new files. No
# shellcheck disable=. No actionlint version bump. No PR #307 edits.Verification expectation
After this lands on
main:actionlintcheck turns green on the PR.lint-verify (PR1 gate)check turns green on the PR.Out of scope
scripts/safe-rebuild.shor extractingscripts/open-cd-failure-issue.sh..shellcheckrc, pre-commit hooks, or actionlint severity policy changes.1.7.8.if: falsereal-deploy step.Refs: #309, #307