Skip to content

[Code Quality] Fix SC2155 shellcheck warnings in workflow scripts #13731

New issue
New issue
Closed as not planned
Closed as not planned
[Code Quality] Fix SC2155 shellcheck warnings in workflow scripts#13731
Labels
automationcode-qualitycookieIssue Monster Loves Cookies!securitytask-mining
@github-actions

Description

@github-actions
github-actions
bot
opened on Feb 4, 2026

Description

Static analysis tools (shellcheck) have identified ~195 instances of SC2155 warnings across workflow shell scripts. This pattern masks command return values, causing error handling to fail silently and potentially leading to incorrect workflow behavior.

Source: Identified in Static Analysis Report - Feb 3, 2026 as the second most common recurring issue.

Problem Pattern

SC2155 occurs when combining variable declaration with command substitution:

local result=$(some_command)
# If some_command fails, $? will be 0 (from 'local'), not the command's exit code

This means that if [ $? -ne 0 ] checks will never detect command failures, causing silent errors.

Security/Reliability Impact

  • Silent failures: Commands can fail without detection
  • Error handling bypassed: Conditional logic based on exit codes won't work
  • Incorrect values: Scripts may use undefined or incorrect values without knowing the command failed

Suggested Fix Pattern

Split declaration and assignment into separate statements:

Example

Before (Incorrect):

local output=$(gh api repos/owner/repo)
if [ $? -ne 0 ]; then
  echo "API call failed"  # This will NEVER execute!
fi

After (Correct):

local output
output=$(gh api repos/owner/repo)
if [ $? -ne 0 ]; then
  echo "API call failed"  # Now this works correctly
  exit 1
fi

Alternative with set -e:

set -e  # Exit on error
local output
output=$(gh api repos/owner/repo)  # Will exit if this fails
# Continue only if successful

Files Affected

Based on historical static analysis, this pattern appears in:

  • Workflow setup scripts (.github/workflows/*.md shell steps)
  • Action scripts (actions/setup/sh/*.sh)
  • Helper scripts (scripts/*.sh)

Estimated: ~195 occurrences across workflow files

Success Criteria

  • Identify all SC2155 warnings using shellcheck
  • Fix each instance by splitting declaration and assignment
  • Verify error handling works correctly after fixes
  • Add tests for error paths where practical
  • Run shellcheck to confirm warnings are resolved
  • All workflows continue to function correctly

Priority

Medium - While this is a reliability issue affecting error handling, workflows are currently functioning. However, this could hide future failures and make debugging more difficult.

Estimated Effort

4-8 hours - Need to systematically review and fix ~195 instances across multiple workflow files. Can be done incrementally by workflow or script file.

References

Approach

Consider tackling this in phases:

  1. Phase 1: Fix critical workflows (CI, deployment, security) - ~50 instances
  2. Phase 2: Fix frequently-run workflows (daily agents) - ~70 instances
  3. Phase 3: Fix remaining workflows - ~75 instances

AI generated by Discussion Task Miner - Code Quality Improvement Agent

  • expires on Feb 18, 2026, 1:25 PM UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    automationcode-qualitycookieIssue Monster Loves Cookies!securitytask-mining

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions