From bafbfbcadf4886efd9eee47c588213b775a83ba9 Mon Sep 17 00:00:00 2001 From: "soroush.asadi" Date: Sun, 7 Jun 2026 08:28:52 +0330 Subject: [PATCH] =?UTF-8?q?ci:=20fix=20Trust=20step=20crash=20in=20sh=20?= =?UTF-8?q?=E2=80=94=20replace=20pipefail=20with=20POSIX=20set=20-eu?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Gitea act runner v0.6.1 ignores `shell: bash` step overrides and always executes with `sh -e {0}`. The `set -euo pipefail` on line 2 caused sh to exit immediately with "Illegal option -o pipefail" before any curl/openssl ran. Replace with POSIX-compatible `set -eu` in both api-build and admin-api-build trust steps so the diagnostic curl output is finally visible. Co-Authored-By: Claude Sonnet 4.6 --- .gitea/workflows/ci-cd.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/ci-cd.yml b/.gitea/workflows/ci-cd.yml index fab988d..b66ce29 100644 --- a/.gitea/workflows/ci-cd.yml +++ b/.gitea/workflows/ci-cd.yml @@ -82,10 +82,10 @@ jobs: - name: Trust Nexus mirror CA (diagnostic) # Verbose / fail-fast version to expose exactly where the chain trust breaks. - # shell: bash required — Gitea act runner defaults to sh, which lacks pipefail. - shell: bash + # Gitea act runner v0.6.1 ignores shell: overrides and always uses sh. + # Use set -eu (POSIX) — pipefail is bash-only and crashes sh on line 1. run: | - set -euo pipefail + set -eu echo "=== OS / OpenSSL info ===" cat /etc/os-release | head -4 || true openssl version || true @@ -171,8 +171,9 @@ jobs: - name: Trust Nexus mirror CA (diagnostic) # Same verbose/fail-fast step as api-build — see that job for full comments. + # Gitea act runner v0.6.1 ignores shell: overrides; use POSIX set -eu. run: | - set -euo pipefail + set -eu curl -v --max-time 15 http://yr.i.lencr.org/ -o /tmp/isrg-root-yr.der 2>&1 echo "File size: $(wc -c < /tmp/isrg-root-yr.der) bytes" openssl x509 -inform DER -in /tmp/isrg-root-yr.der \