fix: resolve second subshell issue in image-only validation #16
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The validate-image-only-changed step also had a subshell issue with the pipe pattern that prevented validation state from persisting. Applied the same process substitution fix. This resolves the false failures where all individual checks pass but the workflow still exits with code 1.
dcolina
added a commit
that referenced
this pull request
Dec 15, 2025
## Problem
The `BASE_REPO` variable was only defined inside the repository
allowlist validation block (step 3), but it was being used later in the
image existence check (step 5). This caused the variable to be empty
when `verify_image_existence` was enabled, leading to validation
failures.
## Root Cause
In the image validation loop:
- `BASE_REPO` extraction logic was inside the `if [ -n "$ALLOWED_REPOS"
]` block (lines 433-440)
- The image existence check at line 524 used
`CANONICAL_IMAGE="${BASE_REPO}:${TAG}"`
- When `ALLOWED_REPOS` was set, `BASE_REPO` was defined and everything
worked
- However, the variable was being used outside its scope, which is a
logic error
## Solution
- **Move BASE_REPO extraction logic** outside the conditional block
(before step 4)
- Now `BASE_REPO` is always available for both repository validation and
image existence check
- Update step numbering in comments: steps 4-7 instead of 3-5
- Add explicit logging of `BASE_REPO` value for debugging
## Changes
```diff
# 2. Extract repository and tag
REPO="${image%:*}"
TAG="${image##*:}"
+# 3. Extract base repository name (always, needed for multiple validations)
+BASE_REPO="$REPO"
+if [[ "$REPO" =~ / ]]; then
+ if [[ "$REPO" =~ ^[a-z0-9.-]+\.[a-z]{2,}/ ]] || [[ "$REPO" =~ ^gcr\.io/ ]] || [[ "$REPO" =~ ^.*\.gcr\.io/ ]]; then
+ BASE_REPO="${REPO#*/}"
+ fi
+fi
+echo " Base repository: $BASE_REPO"
+
-# 3. Check repository is in allowlist (if configured)
+# 4. Check repository is in allowlist (if configured)
if [ -n "$ALLOWED_REPOS" ]; then
- BASE_REPO="$REPO" # ← Was only defined here
- if [[ "$REPO" =~ / ]]; then
- ...
- fi
...
fi
```
## Testing
This fixes the validation failure in [PR
#362](dotCMS/deutschebank-infrastructure#362)
where the image existence check was failing due to empty `BASE_REPO`
variable.
After this fix is merged and v1.1.1 tag is recreated, PR #362 should
pass all validations.
## Related
- Fixes issue discovered in deutschebank-infrastructure PR #362
- Related to #15 (subshell fixes)
- Related to #16 (second subshell fix)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
Found a second subshell issue in the
validate-image-only-changedstep that was causing the same false failure problem.Root Cause
The loop checking if only image field changed also used a pipe pattern:
This creates a subshell where file writes don't persist after the loop.
Solution
Applied the same process substitution fix:
Testing
This will be validated with PR #362 in deutschebank-infrastructure repository.
Related