Skip to content

fix: add set -eo pipefail to all bash steps in pipeline templates and generated steps#494

Draft
Copilot wants to merge 1 commit intomainfrom
copilot/ensure-clear-failure-messages
Draft

fix: add set -eo pipefail to all bash steps in pipeline templates and generated steps#494
Copilot wants to merge 1 commit intomainfrom
copilot/ensure-clear-failure-messages

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 10, 2026

Summary

Every bash step in the generated pipeline templates now runs with set -eo pipefail, ensuring that any failure causes an immediate, clearly-failed step — never a green step that silently swallowed an error.

Root cause

Several bash steps were missing set -eo pipefail, including all three "Download agentic pipeline compiler" steps (Agent, Detection, and Execution jobs) and the TriggerFiltersExtension scripts download step. These steps run a checksum pattern:

grep "ado-aw-linux-x64" checksums.txt | sha256sum -c -
mv ado-aw-linux-x64 ado-aw
chmod +x ado-aw

Without -e (exit on error) and without pipefail, a failure in grep or sha256sum was silently ignored because mv and chmod would succeed and become the step's final exit code. The step appeared green despite a checksum failure — exactly the class of bug mentioned in the problem statement.

Changes

src/data/base.yml and src/data/1es-base.yml

  • Added set -eo pipefail to all 27 bash steps in both templates (Agent, Detection, and Execution jobs)
  • Upgraded "Run copilot" and "Run threat analysis" from set -o pipefail to set -eo pipefail
  • Fixed grep | tail -1 in "Prepare analyzed outputs" to use || true inside the subshell, so an expected no-match doesn't abort the condition: always() cleanup step
  • Fixed "Execute safe outputs" exit-code capture from CMD; EXIT=$? to CMD && EXIT=0 || EXIT=$? for compatibility with set -e

src/compile/extensions/trigger_filters.rs

  • Added set -eo pipefail to the scripts download step (same grep | sha256sum -c - bug)

src/compile/common.rs

  • Added set -eo pipefail to generate_integrity_check ("Verify pipeline integrity" step)
  • Added set -eo pipefail to generate_awf_path_step ("Generate GITHUB_PATH file" step)
  • Added set -eo pipefail to the verify_mcp_backends debug probe step

src/runtimes/lean/mod.rs, src/runtimes/node/mod.rs, src/runtimes/dotnet/mod.rs

  • Added set -eo pipefail to all generated runtime setup steps

src/compile/extensions/mod.rs

  • Added set -eo pipefail to append_prompt_step

@jamesadevine
fix: add set -eo pipefail to all bash steps in pipeline templates and…
3b13fc0 
… generated steps

Agent-Logs-Url: https://github.com/githubnext/ado-aw/sessions/ee7bd3f2-df67-4c0e-bd34-984357737bea

Co-authored-by: jamesadevine <4742697+jamesadevine@users.noreply.github.com>
Copilot AI requested a review from jamesadevine May 10, 2026 10:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamesadevine jamesadevine Awaiting requested review from jamesadevine

Assignees

@jamesadevine jamesadevine

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jamesadevine