docs: update copilot instructions with shell script best practices#8482
Open
docs: update copilot instructions with shell script best practices#8482
Conversation
Add learnings from PR #8475/#8476 review cycle: - ShellSpec tests expected for all shell script changes - Scriptless provisioning: define hotfix functions in cse_main.sh - Prefer simple functions with positional args - Use OS helper functions (isUbuntu, isMarinerOrAzureLinux) - Define functions at top-level, not nested - VHD cleanup must not silently ignore failures Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
djsly
requested review from
AbelHu,
Devinwong,
SriHarsha001,
awesomenix,
calvin197,
cameronmeissner,
ganeshkumarashok,
junjiezhang1997,
lilypan26,
mxj220,
pdamianov-dev,
phealy,
r2k1,
sulixu,
surajssd,
timmy-wright and
zachary-bailey
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the repository’s Copilot instructions to capture recent review learnings for shell-script and VHD build hygiene, so future contributions follow the same guardrails used in the DirtyFrag/CopyFail2 mitigation work.
Changes:
- Adds guidance that VHD cleanup must not ignore failures and should verify removal of sensitive components.
- Strengthens ShellScripts guidelines around ShellSpec expectations, scriptless provisioning compatibility, OS helper usage, and function scoping.
- Encourages simpler function design (single-purpose, positional args) to reduce fragility in provisioning scripts.
|
|
||
| - use shellcheck for sanity checking | ||
| - use ShellSpec for testing | ||
| - use ShellSpec for testing — all shell script changes should have corresponding tests in `spec/parts/linux/` |
|
|
||
| When making changes, reason whether the file is used in VHD building stage, or provision stage, or both. Make sure the changes are valid in its life stage. as an example, [windows-vhd-configuration.ps1](./vhdbuilder/packer/windows/windows-vhd-configuration.ps1) defines container images to be cached in VHD, while [configure-windows-vhd.ps1](./vhdbuilder/packer/windows/configure-windows-vhd.ps1) executes commands at provision time. | ||
|
|
||
| VHD cleanup steps in `cleanup-vhd.sh` must not silently ignore failures. Verify removal of security-sensitive components and fail the build if expected state is not achieved. |
Clarify that all shell scripts must pass the CI shellcheck gate (make validate-shell), which enforces POSIX compliance even in bash scripts (e.g. [ ] not [[ ]], = not ==). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
awesomenix
approved these changes
May 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add learnings from the DirtyFrag/CopyFail2 PR review cycle (#8475, #8476):