CI: use explicit list with --preserve-env#626
Conversation
WalkthroughThis pull request refactors environment variable propagation in two build scripts. Both Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR updates Concourse CI task scripts to pass a controlled set of environment variables into the ubuntu user context via sudo --preserve-env, instead of injecting them using an intermediate env ... command. This keeps the environment handoff explicit while reducing command wrapping.
Changes:
- Switch
ci/tasks/os-images/build.shto usesudo --preserve-env=...forGEM_HOME,BUILD_TIME,UBUNTU_ADVANTAGE_TOKEN, andUBUNTU_DEBOOTSTRAP_MIRROR. - Switch
ci/tasks/build.shto usesudo --preserve-env=...forGEM_HOME,UBUNTU_ADVANTAGE_TOKEN, andUBUNTU_FIPS_USE_IAAS_KERNEL.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| ci/tasks/os-images/build.sh | Preserves a specific env var allowlist when running the OS-image rake task as ubuntu. |
| ci/tasks/build.sh | Preserves a specific env var allowlist when running the stemcell build rake task as ubuntu. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@ci/tasks/build.sh`:
- Around line 80-82: Before calling the sudo block that preserves UBUNTU_* vars,
ensure UBUNTU_ADVANTAGE_TOKEN and UBUNTU_FIPS_USE_IAAS_KERNEL are explicitly
initialized to safe defaults so set -u inside sourced prelude scripts won't
fail; add exports like UBUNTU_ADVANTAGE_TOKEN=${UBUNTU_ADVANTAGE_TOKEN:-} and
UBUNTU_FIPS_USE_IAAS_KERNEL=${UBUNTU_FIPS_USE_IAAS_KERNEL:-} immediately before
the sudo --preserve-env invocation in ci/tasks/build.sh and likewise add the
same default initialization in ci/tasks/os-images/build.sh (so the sudo
--preserve-env list can safely refer to those variables).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: c866bb63-3e01-4323-9cba-d6090eaedede
📒 Files selected for processing (2)
ci/tasks/build.shci/tasks/os-images/build.sh
No description provided.