Skip to content

[plan] Fix SC2086/SC2129 ShellCheck warnings in compiler-generated shell scripts (unquoted variables, grouped redirects) #17496

@github-actions

Description

@github-actions

Context

From discussion #17412 — Static Analysis Report 2026-02-21.

Problem

ShellCheck (via actionlint) reports 132 SC2086 warnings across 66 workflows: shell variables referenced without double-quotes, risking word splitting and glob expansion.

The most common pattern is unquoted $GITHUB_OUTPUT and similar special variables in compiled workflow steps:

# ❌ Unquoted - risks word splitting
echo "has_content=true" >> $GITHUB_OUTPUT

# ✅ Quoted - safe
echo "has_content=true" >> "$GITHUB_OUTPUT"

Additionally, 162 SC2129 style warnings across all 156 workflows suggest using grouped redirects:

# ❌ Individual redirects
echo "foo=bar" >> $GITHUB_OUTPUT
echo "baz=qux" >> $GITHUB_OUTPUT

# ✅ Grouped redirect
{
  echo "foo=bar"
  echo "baz=qux"
} >> "$GITHUB_OUTPUT"

Steps

  1. Search the workflow compiler (pkg/workflow/) for generated shell script templates that use $GITHUB_OUTPUT, $GITHUB_ENV, $GITHUB_STEP_SUMMARY etc. without quotes
  2. Update the compiler templates to quote all variable references: "$GITHUB_OUTPUT", "$GITHUB_ENV", "$GITHUB_STEP_SUMMARY"
  3. For grouped output patterns, update templates to use { ... } >> "$GITHUB_OUTPUT" syntax
  4. Run make recompile to regenerate all .lock.yml files
  5. Verify with actionlint that SC2086/SC2129 warnings are reduced
  6. Run make agent-finish before committing

Acceptance Criteria

  • Compiler templates quote all special GitHub environment variable references
  • SC2086 warnings reduced significantly (target: 0 for compiler-generated code)
  • make recompile succeeds
  • All existing tests pass (make test-unit)

Generated by Plan Command for issue #discussion #17412

  • expires on Feb 23, 2026, 12:57 PM UTC

Metadata

Metadata

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions