You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .github/copilot-instructions.md
+8-2Lines changed: 8 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -53,6 +53,8 @@ The operational goals of this project are:
53
53
54
54
When making changes, reason whether the file is used in VHD building stage, or provision stage, or both. Make sure the changes are valid in its life stage. as an example, [windows-vhd-configuration.ps1](./vhdbuilder/packer/windows/windows-vhd-configuration.ps1) defines container images to be cached in VHD, while [configure-windows-vhd.ps1](./vhdbuilder/packer/windows/configure-windows-vhd.ps1) executes commands at provision time.
55
55
56
+
VHD cleanup steps in `cleanup-vhd.sh` must not silently ignore failures. Verify removal of security-sensitive components and fail the build if expected state is not achieved.
57
+
56
58
One way to debug / explore / just for fun is to run [e2e](./e2e/) tests. To run locally, follow the readme file under that folder.
57
59
58
60
The SRE guidelines ground other coding guidelines and practices.
@@ -68,12 +70,16 @@ The SRE guidelines ground other coding guidelines and practices.
68
70
69
71
### ShellScripts Guidelines
70
72
71
-
- use shellcheck for sanity checking
72
-
- use ShellSpec for testing
73
+
- use shellcheck for sanity checking — **all shell scripts must pass the CI shellcheck gate** (`make validate-shell`). This enforces POSIX compliance even in `#!/bin/bash` scripts (e.g., use `[ ]` not `[[ ]]`, use `=` not `==` for string comparison). Use `# shellcheck disable=SCXXXX` inline comments only when necessary and with justification.
74
+
- use ShellSpec for testing — all shell script changes should have corresponding tests in `spec/parts/linux/`
73
75
- the shell scripts are used on both azure linux/mariner and ubuntu and cross platform portability is critical.
74
76
- when using functions defined in other files, ensure it is sourced properly.
77
+
- for scriptless provisioning compatibility, security hotfix functions must be defined in `cse_main.sh` (not sourced from other scripts) so they work standalone.
78
+
- prefer simple single-purpose functions with positional args over complex data-driven designs with associative arrays or encoded strings.
79
+
- use `isUbuntu()`, `isMarinerOrAzureLinux()`, and `isACL()` helper functions for OS detection instead of raw string comparisons.
75
80
- use local variables rather than constants when their scoping allows for it.
76
81
- avoid using variables declared inside another function, even they are visible. It is hard to reason and might introduce subtle bugs.
82
+
- define functions at top-level scope, not nested inside other functions.
0 commit comments