Skip to content

ci: pin Run tests step to bash so $TEST_SCRIPT expands on Windows#11659

Merged
zkochan merged 1 commit into
mainfrom
ci-fix-windows-test-shell
May 14, 2026
Merged

ci: pin Run tests step to bash so $TEST_SCRIPT expands on Windows#11659
zkochan merged 1 commit into
mainfrom
ci-fix-windows-test-shell

Conversation

@zkochan

@zkochan zkochan commented May 14, 2026

Copy link
Copy Markdown
Member

Summary

  • The Run tests step in .github/workflows/test.yml had no explicit shell:, so on Windows it ran under PowerShell — where \$TEST_SCRIPT is not a variable (PowerShell exposes env vars as \$env:TEST_SCRIPT).
  • That made the expansion empty, so pn run "" exited 0 and just printed the available scripts. The Windows test legs have been silently no-op'ing since ci: address zizmor findings across workflows #11608 (May 12), when the script name was moved from a \${{ ... }} interpolation into the TEST_SCRIPT env var to satisfy zizmor's template-injection rule.
  • This pins the step to shell: bash, matching the sibling Verify Node version and Determine test scope steps. \$TEST_SCRIPT now expands correctly on every platform.

Test plan

  • CI passes on this branch with Windows actually running tests (look for Run pn run "ci:test-branch" actually invoking jest/etc., not just Lifecycle scripts: followed by a script listing).
  • The Linux jobs continue to pass.

Written by an agent (Claude Code, claude-opus-4-7).

Summary by CodeRabbit

  • Chores
    • Test workflow step now explicitly specifies bash shell, ensuring consistent behavior across different execution environments and improving configuration clarity.

Review Change Stack

Without an explicit shell, the step ran under PowerShell on
windows-latest, where `$TEST_SCRIPT` is not a variable (PowerShell
exposes env vars as `$env:TEST_SCRIPT`). `pn run ""` then exited 0
and just listed available scripts — the Windows test legs have been
silently no-op'ing since the env-var move in #11608.

The sibling `Verify Node version` and `Determine test scope` steps
already pin `shell: bash`; this brings `Run tests` in line.

---
Written by an agent (Claude Code, claude-opus-4-7).
Copilot AI review requested due to automatic review settings May 14, 2026 22:50
@coderabbitai

coderabbitai Bot commented May 14, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: e03cd254-3407-4278-9bc9-f0f3b38a829e

📥 Commits

Reviewing files that changed from the base of the PR and between a4f3c6d and 7633558.

📒 Files selected for processing (1)
  • .github/workflows/test.yml
📜 Recent review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: Agent
  • GitHub Check: Analyze (javascript)
  • GitHub Check: Compile & Lint
🔇 Additional comments (1)
.github/workflows/test.yml (1)

91-97: LGTM!


📝 Walkthrough

Walkthrough

The reusable test workflow in .github/workflows/test.yml now explicitly declares shell: bash for the "Run tests" step, ensuring consistent bash shell execution across runner environments. The step's environment variables and command remain unchanged.

Changes

Test Workflow Configuration

Layer / File(s) Summary
Explicit bash shell for test execution
.github/workflows/test.yml
The "Run tests" step now includes an explicit shell: bash declaration to ensure deterministic shell behavior across different runner platforms.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A single line of bash so clear,
Workflow steps now have no fear,
Shell declared, no guessing games,
Tests run true by proper names!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly describes the main change: adding 'shell: bash' to the Run tests step to fix $TEST_SCRIPT expansion on Windows.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci-fix-windows-test-shell

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@zkochan zkochan merged commit e8fc343 into main May 14, 2026
18 of 19 checks passed
@zkochan zkochan deleted the ci-fix-windows-test-shell branch May 14, 2026 23:28
zkochan added a commit that referenced this pull request May 15, 2026
…short names (#11661)

`os.tmpdir()` on GitHub's Windows runners returns the 8.3 short-name form
of the user-profile directory (e.g. `C:\Users\RUNNER~1\AppData\Local\Temp`)
because `runneradmin` is longer than 8 characters. The `~` then trips the
`quoteShellArg` allowlist regex and every test that calls `sendLineScript`
or `generateSendStdinScript` throws "Unsupported character in shell argument".

The tilde is safe to allow:
- cmd.exe performs no tilde expansion at all.
- POSIX shells only expand `~` when it is unquoted at the start of a word;
  inside the double-quoted `"${arg}"` wrapper produced here it is literal.

The matching CodeQL shell-injection sanitization argument is unchanged —
the allowlist is still anchored and still rejects every metacharacter.

The bug was masked until #11659 because the Windows test legs had been
silently no-op'ing since #11608.

---
Written by an agent (Claude Code, claude-opus-4-7).
github-actions Bot pushed a commit to Eyalm321/pnpm that referenced this pull request May 18, 2026
…pm#11659)

Without an explicit shell, the step ran under PowerShell on
windows-latest, where `$TEST_SCRIPT` is not a variable (PowerShell
exposes env vars as `$env:TEST_SCRIPT`). `pn run ""` then exited 0
and just listed available scripts — the Windows test legs have been
silently no-op'ing since the env-var move in pnpm#11608.

The sibling `Verify Node version` and `Determine test scope` steps
already pin `shell: bash`; this brings `Run tests` in line.

---
Written by an agent (Claude Code, claude-opus-4-7).
github-actions Bot pushed a commit to Eyalm321/pnpm that referenced this pull request May 18, 2026
…short names (pnpm#11661)

`os.tmpdir()` on GitHub's Windows runners returns the 8.3 short-name form
of the user-profile directory (e.g. `C:\Users\RUNNER~1\AppData\Local\Temp`)
because `runneradmin` is longer than 8 characters. The `~` then trips the
`quoteShellArg` allowlist regex and every test that calls `sendLineScript`
or `generateSendStdinScript` throws "Unsupported character in shell argument".

The tilde is safe to allow:
- cmd.exe performs no tilde expansion at all.
- POSIX shells only expand `~` when it is unquoted at the start of a word;
  inside the double-quoted `"${arg}"` wrapper produced here it is literal.

The matching CodeQL shell-injection sanitization argument is unchanged —
the allowlist is still anchored and still rejects every metacharacter.

The bug was masked until pnpm#11659 because the Windows test legs had been
silently no-op'ing since pnpm#11608.

---
Written by an agent (Claude Code, claude-opus-4-7).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants