CI: use explicit list with --preserve-env

[aramprice]

No description provided.

[coderabbitai]

Walkthrough

This pull request refactors environment variable propagation in two build scripts. Both ci/tasks/build.sh and ci/tasks/os-images/build.sh were updated to replace explicit env VAR="${VAR:-}" assignments with sudo --preserve-env=VAR1,VAR2 syntax. The heredoc execution pattern (/bin/bash --login -i) and target user context remain unchanged; only the mechanism for passing environment variables through sudo was modified.

Suggested reviewers

• mkocher
• selzoc

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is empty, but the repository uses a Merge Forward strategy that requires specific branch workflow information in PR descriptions.	Add a pull request description explaining the changes and their rationale, and clarify which branch this PR targets and whether additional merge-forward steps are needed.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly describes the main change: updating sudo invocations to use an explicit list with --preserve-env instead of explicit env assignments.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch explicit-env

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR updates Concourse CI task scripts to pass a controlled set of environment variables into the ubuntu user context via sudo --preserve-env, instead of injecting them using an intermediate env ... command. This keeps the environment handoff explicit while reducing command wrapping.

Changes:

• Switch ci/tasks/os-images/build.sh to use sudo --preserve-env=... for GEM_HOME, BUILD_TIME, UBUNTU_ADVANTAGE_TOKEN, and UBUNTU_DEBOOTSTRAP_MIRROR.
• Switch ci/tasks/build.sh to use sudo --preserve-env=... for GEM_HOME, UBUNTU_ADVANTAGE_TOKEN, and UBUNTU_FIPS_USE_IAAS_KERNEL.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
ci/tasks/os-images/build.sh	Preserves a specific env var allowlist when running the OS-image rake task as ubuntu.
ci/tasks/build.sh	Preserves a specific env var allowlist when running the stemcell build rake task as ubuntu.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ci/tasks/build.sh`:
- Around line 80-82: Before calling the sudo block that preserves UBUNTU_* vars,
ensure UBUNTU_ADVANTAGE_TOKEN and UBUNTU_FIPS_USE_IAAS_KERNEL are explicitly
initialized to safe defaults so set -u inside sourced prelude scripts won't
fail; add exports like UBUNTU_ADVANTAGE_TOKEN=${UBUNTU_ADVANTAGE_TOKEN:-} and
UBUNTU_FIPS_USE_IAAS_KERNEL=${UBUNTU_FIPS_USE_IAAS_KERNEL:-} immediately before
the sudo --preserve-env invocation in ci/tasks/build.sh and likewise add the
same default initialization in ci/tasks/os-images/build.sh (so the sudo
--preserve-env list can safely refer to those variables).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: c866bb63-3e01-4323-9cba-d6090eaedede

📥 Commits

Reviewing files that changed from the base of the PR and between dc3c1ee and 0993002.

📒 Files selected for processing (2)

• ci/tasks/build.sh
• ci/tasks/os-images/build.sh