fix: resolve subshell issue in image validation loop#15
Merged
Conversation
The while loop was using a pipe which creates a subshell, causing /tmp/validation_failed.txt writes to not persist after the loop. Changed to process substitution pattern to fix this issue. This fixes validation failures where all checks pass but the job still exits with error code 1.
dcolina
added a commit
that referenced
this pull request
Dec 12, 2025
## Problem Found a second subshell issue in the `validate-image-only-changed` step that was causing the same false failure problem. ## Root Cause The loop checking if only image field changed also used a pipe pattern: ```bash echo "$CHANGED_FILES" | jq -r '.[]' | while IFS= read -r file; do # validation code that writes to /tmp files done ``` This creates a subshell where file writes don't persist after the loop. ## Solution Applied the same process substitution fix: ```bash while IFS= read -r file; do # validation code done < <(echo "$CHANGED_FILES" | jq -r '.[]') ``` ## Testing This will be validated with PR #362 in deutschebank-infrastructure repository. ## Related - Fixes same issue as #15 - Required for dotCMS/deutschebank-infrastructure#362
dcolina
added a commit
that referenced
this pull request
Dec 15, 2025
## Problem
The `BASE_REPO` variable was only defined inside the repository
allowlist validation block (step 3), but it was being used later in the
image existence check (step 5). This caused the variable to be empty
when `verify_image_existence` was enabled, leading to validation
failures.
## Root Cause
In the image validation loop:
- `BASE_REPO` extraction logic was inside the `if [ -n "$ALLOWED_REPOS"
]` block (lines 433-440)
- The image existence check at line 524 used
`CANONICAL_IMAGE="${BASE_REPO}:${TAG}"`
- When `ALLOWED_REPOS` was set, `BASE_REPO` was defined and everything
worked
- However, the variable was being used outside its scope, which is a
logic error
## Solution
- **Move BASE_REPO extraction logic** outside the conditional block
(before step 4)
- Now `BASE_REPO` is always available for both repository validation and
image existence check
- Update step numbering in comments: steps 4-7 instead of 3-5
- Add explicit logging of `BASE_REPO` value for debugging
## Changes
```diff
# 2. Extract repository and tag
REPO="${image%:*}"
TAG="${image##*:}"
+# 3. Extract base repository name (always, needed for multiple validations)
+BASE_REPO="$REPO"
+if [[ "$REPO" =~ / ]]; then
+ if [[ "$REPO" =~ ^[a-z0-9.-]+\.[a-z]{2,}/ ]] || [[ "$REPO" =~ ^gcr\.io/ ]] || [[ "$REPO" =~ ^.*\.gcr\.io/ ]]; then
+ BASE_REPO="${REPO#*/}"
+ fi
+fi
+echo " Base repository: $BASE_REPO"
+
-# 3. Check repository is in allowlist (if configured)
+# 4. Check repository is in allowlist (if configured)
if [ -n "$ALLOWED_REPOS" ]; then
- BASE_REPO="$REPO" # ← Was only defined here
- if [[ "$REPO" =~ / ]]; then
- ...
- fi
...
fi
```
## Testing
This fixes the validation failure in [PR
#362](dotCMS/deutschebank-infrastructure#362)
where the image existence check was failing due to empty `BASE_REPO`
variable.
After this fix is merged and v1.1.1 tag is recreated, PR #362 should
pass all validations.
## Related
- Fixes issue discovered in deutschebank-infrastructure PR #362
- Related to #15 (subshell fixes)
- Related to #16 (second subshell fix)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The image validation was failing with exit code 1 even when all validation checks passed successfully. This was caused by a bash subshell issue.
Root Cause
The validation loop used a pipe pattern:
This pattern creates a subshell, and files written inside the subshell (
/tmp/validation_failed.txt) are not visible to the parent shell after the loop completes.Solution
Changed to process substitution pattern:
This runs the loop in the current shell context, allowing file writes to persist correctly.
Testing
This fix will be validated with test PR #360 in deutschebank-infrastructure repository, which previously showed all checks passing but failed with exit code 1.
Related