From 893e972c0d16a551dbb40a4efe6ccbf623cb6acd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 3 Jan 2026 21:24:12 +0000 Subject: [PATCH 1/3] Initial plan -- 2.49.1 From 2419c6b9706ce3325b24cda9af121f3f35f44dfd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 3 Jan 2026 21:29:23 +0000 Subject: [PATCH 2/3] Update CI workflow with defensive improvements and lint for invalid variable assignments Co-authored-by: jmiller-moko <230051081+jmiller-moko@users.noreply.github.com> --- .github/workflows/ci.yml | 89 +++++++++++++++++++++++++++++++++------- 1 file changed, 74 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b19ed5f..afcd691 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,8 +22,8 @@ # INGROUP: MokoStandards.CI # REPO: https://github.com/mokoconsulting-tech/MokoStandards # PATH: /.github/workflows/ci.yml -# VERSION: 01.00.00 -# BRIEF: Continuous integration workflow enforcing repository standards. +# VERSION: 01.00.01 +# BRIEF: Continuous integration workflow enforcing repository standards. Defensive improvements. # NOTE: name: Continuous Integration @@ -45,6 +45,10 @@ on: permissions: contents: read +defaults: + run: + shell: bash + jobs: ci: name: Repository Validation Pipeline @@ -66,27 +70,82 @@ jobs: - name: Verify script executability run: | - chmod +x scripts/**/*.sh || true + # Make all shell scripts executable (best-effort) + set -euo pipefail + find . -type f -name '*.sh' -print0 | xargs -0 chmod +x || true + + - name: Lint for invalid bash variable assignments (detect LHS with '/') + # This step is defensive: it looks for assignments where the LHS contains a slash, + # which would result in "No such file or directory" when executed in bash. + run: | + set -euo pipefail + echo "Scanning for suspicious variable assignments (slash in LHS)..." + # Find lines that look like an assignment and contain a slash before '=' (ignore comments) + # Limit to repository and scripts directories to reduce false positives. + matches="$(grep -R --line-number -E '^[[:space:]]*[^#[:space:]][^=]*\/[^=]*=' . || true)" + if [ -n "${matches:-}" ]; then + echo "ERROR: Suspicious assignments detected (slash in LHS). Review and fix these lines:" + echo "${matches}" + echo "" + echo "Example of a problematic line: PREfix/TOP=\"${BRANCH_PREFIX%%/*}\"" + exit 1 + fi + echo "No suspicious variable assignments found." - name: Required validations run: | - set -e + set -euo pipefail - scripts/validate/manifest.sh - scripts/validate/xml_wellformed.sh + # Ensure required validation scripts exist, then run them. + required_scripts=( + "scripts/validate/manifest.sh" + "scripts/validate/xml_wellformed.sh" + ) + + missing=() + for s in "${required_scripts[@]}"; do + if [ ! -f "${s}" ]; then + missing+=("${s}") + fi + done + + if [ "${#missing[@]}" -gt 0 ]; then + echo "Required validation scripts missing:" + for m in "${missing[@]}"; do + echo " - ${m}" + done + exit 1 + fi + + for s in "${required_scripts[@]}"; do + chmod +x "${s}" + "${s}" + done - name: Optional validations run: | - set +e + set -euo pipefail || true - scripts/validate/changelog.sh - scripts/validate/language_structure.sh - scripts/validate/license_headers.sh - scripts/validate/no_secrets.sh - scripts/validate/paths.sh - scripts/validate/php_syntax.sh - scripts/validate/tabs.sh - scripts/validate/version_alignment.sh + optional_scripts=( + "scripts/validate/changelog.sh" + "scripts/validate/language_structure.sh" + "scripts/validate/license_headers.sh" + "scripts/validate/no_secrets.sh" + "scripts/validate/paths.sh" + "scripts/validate/php_syntax.sh" + "scripts/validate/tabs.sh" + "scripts/validate/version_alignment.sh" + ) + + for s in "${optional_scripts[@]}"; do + if [ -f "${s}" ]; then + chmod +x "${s}" + echo "Running optional validation: ${s}" + "${s}" || echo "Optional validation failed: ${s}" + else + echo "Skipping missing optional script: ${s}" + fi + done - name: CI summary if: always() -- 2.49.1 From eaf73bce66945497c1ec8cc0e6f2110df53067d1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 3 Jan 2026 21:30:59 +0000 Subject: [PATCH 3/3] Address code review feedback: fix optional validations and improve grep pattern Co-authored-by: jmiller-moko <230051081+jmiller-moko@users.noreply.github.com> --- .github/workflows/ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index afcd691..af1557e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,13 +81,13 @@ jobs: set -euo pipefail echo "Scanning for suspicious variable assignments (slash in LHS)..." # Find lines that look like an assignment and contain a slash before '=' (ignore comments) - # Limit to repository and scripts directories to reduce false positives. - matches="$(grep -R --line-number -E '^[[:space:]]*[^#[:space:]][^=]*\/[^=]*=' . || true)" + # Limit search to relevant directories to reduce false positives. + matches="$(grep -R --line-number --exclude-dir=.git --exclude-dir=node_modules --exclude-dir=vendor -E '^[[:space:]]*[^#[:space:]][^=]*\/[^=]*=' . || true)" if [ -n "${matches:-}" ]; then echo "ERROR: Suspicious assignments detected (slash in LHS). Review and fix these lines:" echo "${matches}" echo "" - echo "Example of a problematic line: PREfix/TOP=\"${BRANCH_PREFIX%%/*}\"" + echo 'Example of a problematic line: PREfix/TOP="${BRANCH_PREFIX%%/*}"' exit 1 fi echo "No suspicious variable assignments found." @@ -124,7 +124,7 @@ jobs: - name: Optional validations run: | - set -euo pipefail || true + set +e optional_scripts=( "scripts/validate/changelog.sh" -- 2.49.1