Conversation
Owner
szymonos
commented
Feb 8, 2026
szymonos
commented
- feat: add markdownlint and shellcheck to pre-commit hooks
- fix: resolve all pre-commit hooks errors
- feat(docs): AGENTS.md
- feat: add strict error handling to source.sh and safe scripts
- feat: add strict error handling to standard install scripts
- feat: add strict error handling to complex install and setup scripts
- fix(ps): setup_profile_allusers
- feat: improve mktemp usage for cross-distro compatibility
There was a problem hiding this comment.
Pull request overview
Resiliency-focused refactor that adds stricter linting and error handling across provisioning/install scripts, plus new contributor/agent documentation.
Changes:
- Add pre-commit hooks for Markdown linting and ShellCheck, plus markdownlint configuration.
- Enable stricter shell error handling and safer temp directory cleanup patterns across many scripts.
- Add
AGENTS.mddescribing repo structure, workflow, and style guidelines.
Reviewed changes
Copilot reviewed 86 out of 86 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| wsl/wsl_setup.ps1 | Updates WSL zsh profile setup script path to the .zsh variant. |
| AGENTS.md | Adds agent/developer guidance, repo structure, and workflow notes. |
| .pre-commit-config.yaml | Adds markdownlint-cli2 and shellcheck hooks to pre-commit. |
| .markdownlint.yml | Adds baseline markdownlint configuration. |
| .assets/scripts/linux_setup.sh | Improves quoting and updates zsh profile setup script extension. |
| .assets/provision/upgrade_system.sh | Enables stricter shell error handling. |
| .assets/provision/source.sh | Adds strict mode and tweaks parameter parsing / locals initialization. |
| .assets/provision/setup_ssh.sh | Enables strict mode and makes $1 handling safe under set -u. |
| .assets/provision/setup_python.sh | Enables strict mode. |
| .assets/provision/setup_profile_user_zsh.zsh | Updates self-reference comment to match new filename. |
| .assets/provision/setup_profile_user.sh | Enables strict mode. |
| .assets/provision/setup_profile_allusers.sh | Enables strict mode. |
| .assets/provision/setup_profile_allusers.ps1 | Installs prerelease PSResourceGet and removes older versions. |
| .assets/provision/setup_omp.sh | Enables strict mode and hardens param parsing defaults. |
| .assets/provision/setup_gnome.sh | Enables strict mode. |
| .assets/provision/setup_gh_ssh.sh | Enables strict mode. |
| .assets/provision/setup_gh_repos.sh | Enables strict mode and fixes array iteration quoting. |
| .assets/provision/setup_gh_https.sh | Enables strict mode and initializes local variables. |
| .assets/provision/setup_docker_mount.sh | Enables strict mode and hardens param parsing. |
| .assets/provision/set_ulimits.sh | Enables strict mode. |
| .assets/provision/set_authorized_keys.sh | Enables strict mode and makes $1 handling safe under set -u. |
| .assets/provision/install_zsh.sh | Enables strict mode. |
| .assets/provision/install_yq.sh | Enables strict mode and improves mktemp usage/cleanup. |
| .assets/provision/install_xrdp.sh | Enables strict mode. |
| .assets/provision/install_uv.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_tfswitch.sh | Enables strict mode and safe arg defaulting. |
| .assets/provision/install_tflint.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_terrascan.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_terraform.sh | Enables strict mode and safe arg defaulting. |
| .assets/provision/install_smee.sh | Enables strict mode. |
| .assets/provision/install_ripgrep.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_pwsh.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_prek.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_podman.sh | Enables strict mode. |
| .assets/provision/install_pixi.sh | Enables strict mode. |
| .assets/provision/install_omp.sh | Enables strict mode; improves args defaulting and tmp cleanup. |
| .assets/provision/install_nodejs.sh | Enables strict mode; improves tmp cleanup. |
| .assets/provision/install_nerdctl.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_minikube.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_miniforge.sh | Enables strict mode; hardens param parsing and tmp cleanup. |
| .assets/provision/install_miniconda.sh | Enables strict mode; hardens param parsing and tmp cleanup. |
| .assets/provision/install_kustomize.sh | Enables strict mode; improves tmp cleanup. |
| .assets/provision/install_kubeseal.sh | Enables strict mode; improves args defaulting and tmp cleanup. |
| .assets/provision/install_kubelogin.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_kubectx.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_kubectl.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_kubectl-convert.sh | Enables strict mode; improves tmp cleanup. |
| .assets/provision/install_kubecolor.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_kind.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_kde.sh | Enables strict mode. |
| .assets/provision/install_k9s.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_k3d.sh | Enables strict mode; improves arg defaulting. |
| .assets/provision/install_helm.sh | Enables strict mode; improves arg defaulting. |
| .assets/provision/install_gnome.sh | Enables strict mode. |
| .assets/provision/install_gh.sh | Enables strict mode; improves tmp cleanup. |
| .assets/provision/install_gcloud.sh | Improves mktemp usage and adds cleanup trap. |
| .assets/provision/install_fzf.sh | Enables strict mode. |
| .assets/provision/install_fonts_nerd.sh | Enables strict mode; improves tmp cleanup. |
| .assets/provision/install_fonts_cascadiacode.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_flux.sh | Enables strict mode; improves arg defaulting. |
| .assets/provision/install_fastfetch.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_eza.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_exa.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_etcdctl.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_edge.sh | Enables strict mode. |
| .assets/provision/install_docker.sh | Enables strict mode. |
| .assets/provision/install_distrobox.sh | Enables strict mode. |
| .assets/provision/install_crictl.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_cowsay.sh | Enables strict mode. |
| .assets/provision/install_cmatrix.sh | Enables strict mode. |
| .assets/provision/install_cilium.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_btop.sh | Enables strict mode. |
| .assets/provision/install_brew.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_bat.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_base.sh | Enables stricter error handling. |
| .assets/provision/install_azurecli_uv.sh | Enables strict mode. |
| .assets/provision/install_azurecli.sh | Enables strict mode; hardens param parsing. |
| .assets/provision/install_azcopy.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/install_argorolloutscli.sh | Enables strict mode; improves arg defaulting and tmp cleanup. |
| .assets/provision/fix_secure_path.sh | Enables stricter error handling. |
| .assets/provision/fix_nodejs_certs.sh | Enables strict mode. |
| .assets/provision/fix_certifi_certs.sh | Enables strict mode and fixes array iteration quoting. |
| .assets/provision/fix_azcli_certs.sh | Enables strict mode and fixes array iteration quoting. |
| .assets/provision/distro_check.sh | Enables strict mode and makes $1 handling safe under set -u. |
| .assets/provision/autoexec.sh | Enables stricter error handling for WSL boot script. |
| .assets/config/bash_cfg/functions.sh | Fixes hostname variable check. |
szymonos
force-pushed
the
rfr/oc
branch
2 times, most recently
from
618a82d to
935c796
Compare
- Add set -euo pipefail to source.sh library (critical - sourced by 37 scripts)
- Fix parameter handling in source.sh functions:
- download_file() and get_gh_release_latest(): declare $param="$2" → declare $param="${2:-}"
- Initialize local variables with empty defaults: local owner='' instead of local owner
- Fix download_url variable in get_gh_release_latest() - initialize before use
- Add set -euo pipefail to 6 safe bash scripts (already used ${1:-} pattern):
- install_distrobox.sh, install_docker.sh, install_edge.sh
- install_xrdp.sh, setup_profile_allusers.sh, install_azurecli_uv.sh
- Add set -eu to 1 POSIX sh script: install_base.sh (no pipefail - not POSIX)
- Move set -e statements to appear after comment blocks with blank line for readability
- All scripts tested and validated with shellcheck
Phase 1 of 4: source.sh library + scripts with safe parameter handling
Affected: 8 files (source.sh + 7 provision scripts)
- Add set -euo pipefail to 33 install_*.sh scripts with version parameter pattern
- Fix parameter handling: REL=$1 → REL=${1:-} in all 33 scripts to handle unset parameters safely
- Fix additional unbound variable bugs in source.sh:
- Initialized local variables with empty defaults: local owner='' instead of local owner
- Fixed download_url variable in get_gh_release_latest() - was referenced before initialization
- Changed unset download_url → download_url='' initialization pattern
- Move set -e statements to appear after comment blocks with blank line for readability
- All scripts tested and validated with shellcheck
Phase 2 of 4: Standard install scripts with version parameters
Affected: 33 install_*.sh scripts + source.sh improvements
Scripts: argorolloutscli, azcopy, bat, brew, cilium, crictl, etcdctl, exa, eza,
fastfetch, flux, fonts_cascadiacode, helm, k3d, k9s, kind, kubecolor, kubectl,
kubectx, kubelogin, kubeseal, kustomize, minikube, nerdctl, omp, pwsh, ripgrep,
terraform, terrascan, tflint, tfswitch, uv, yq
- Add set -euo pipefail to remaining install_*.sh scripts (btop, cmatrix, cowsay, fonts_nerd, fzf, gh, gnome, kde, kubectl-convert, nodejs, pixi, podman, prek, smee, zsh)
- Add set -eu to remaining POSIX sh scripts (autoexec, fix_secure_path, upgrade_system)
- Add set -euo pipefail to certificate fix scripts (fix_azcli_certs, fix_certifi_certs, fix_nodejs_certs)
- Fix parameter handling in install_azurecli, install_miniconda, install_miniforge (declare $param="${2:-}")
- Add set -euo pipefail to all setup_*.sh scripts (docker_mount, gh_https, gh_repos, gh_ssh, gnome, omp, profile_user, python, ssh)
- Add set -euo pipefail to set_*.sh scripts (authorized_keys, ulimits)
- Add set -euo pipefail to distro_check.sh utility script
- Fix unbound variable issues with ${1:-} and ${2:-} patterns throughout
- Initialize local variables in setup_gh_https.sh (gh_cfg='', key='')
- Move set -e statements to appear after comment blocks with blank line for readability
- All scripts tested and validated with shellcheck
Phase 3 of 4: Complex scripts with parameter parsing and setup scripts
Affected: 36 files (install, setup, set, fix, utility scripts)
- Change mktemp -dp to mktemp -d -p for cross-distro compatibility - Add trap to remove TMP_DIR/tmp_dir on EXIT immediately after mktemp - Remove obsolete 'rm -fr $TMP_DIR' commands and comments - Remove unnecessary empty lines after removed commands - Trap lines properly indented to match mktemp lines - All scripts tested and validated with shellcheck Affected: 36 files (install scripts using mktemp) Scripts: argorolloutscli, azcopy, bat, brew, cilium, crictl, etcdctl, exa, eza, fastfetch, fonts_cascadiacode, fonts_nerd, gcloud, gh, k9s, kind, kubecolor, kubectl-convert, kubectl, kubectx, kubelogin, kubeseal, kustomize, miniconda, miniforge, minikube, nerdctl, nodejs, omp, prek, pwsh, ripgrep, terrascan, tflint, uv, yq Total: 80 insertions(+), 121 deletions(-)
Fix multiple patterns that break under strict error handling: - Add || true to ((retry_count++)) to prevent 0 arithmetic evaluation - Replace 0 checks after command substitution with inline conditionals - Fix operator precedence bugs (|| var=true && var2=value patterns) - Add || true to grep commands that may not match - Protect id command substitutions in user variable assignments This ensures scripts run reliably with set -euo pipefail enabled.
Change trap pattern to save and restore outer scope traps. Pattern: local saved_return=$(trap -p RETURN) local saved_exit=$(trap -p EXIT) local cleanup="rm -rf '$tmp_dir'" [ -n "$saved_return" ] && cleanup="$cleanup; $saved_return" || cleanup="$cleanup; trap - RETURN" [ -n "$saved_exit" ] && cleanup="$cleanup; $saved_exit" || cleanup="$cleanup; trap - EXIT" trap "$cleanup" RETURN EXIT This ensures: - RETURN: Cleans up when function returns normally - EXIT: Cleans up when script exits due to set -euo pipefail failures - Trap restoration: Preserves and restores any outer scope traps Benefits: - Works correctly for both nested and direct function calls - Prevents trap conflicts between nested functions - Makes functions more reusable in different contexts - Automatic cleanup on any failure path Note: RETURN traps are per-function scope in bash, so they don't show up in 'trap -p RETURN' from nested functions. However, EXIT traps are global and must be properly saved/restored.
- Separate declaration and assignment for saved_return/saved_exit (SC2155) - Add shellcheck disable directives for intentional trap expansion pattern - Use consistent rm -fr flag order across codebase - Declare all local variables upfront in install_github_release_user - Remove unnecessary output redirection and duplicate local declarations
| : ' | ||
| sudo .assets/provision/upgrade_system.sh | ||
| ' | ||
| set -eu |
There was a problem hiding this comment.
upgrade_system.sh appears to be a bash script, but strict mode is enabled with set -eu only. This misses -o pipefail, which is part of the repo’s stated shell strict-mode standard and can prevent silent failures in pipelines. Consider switching to set -euo pipefail here for consistency and safer error handling.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.