[Sprint] sprint-loop-39#35
Merged
Merged
Conversation
Run each repository scan in a subshell and pass bucket+record back to the parent so cd failures and iteration order never leave the outer shell in another repo. Add bats coverage that cwd is restored.
Add bats cases for COMPLETE short-circuit, stale scan re-trigger, non-COMPLETE path, and fractional imageScanCompletedAt via mocked _describe_findings, date, and scan_image.
…SUR-2478) Exercise same-image vs different-image flows with mocked inspect output and counters for tag/push side effects.
The subprocess-based $PWD assertion always passed regardless of implementation since child processes cannot modify parent PWD. Drop it; the existing multi-repo branch-column test provides the relevant indirect coverage.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sprint plan — 2026-05-06 — sprint-loop-39
Sprint goal
This sprint hardens operational tooling in
shell-scriptsby fixing fragile working-directory handling ingit-checkand closing high-value test gaps around AWS ECR scan refresh logic and Docker image copy short-circuiting. Together, the work reduces subtle POSIX/OLDPWDfailure modes in a multi-repo sweep script and locks in behavior for date normalization and “same image” fast paths that are currently unexercised in bats, improving confidence in CI and local automation without expanding scope beyond the three selected Linear items.Selected issues
SUR-2470 — Anti-pattern: git-check uses bare cd / cd - in a loop with incomplete error recovery
bash/git-checkusescdinto each discovered repo andcd -to return, which breaks whenOLDPWDchanges, directories disappear, orcd -fails—leaving the script in an undefined cwd for later iterations. The issue recommends restructuring the loop to run each repo’s work inside a subshell (or equivalent) so the outer working directory is always restored.cd/cd -pairs that depend onOLDPWDfor returning to the pre-iteration directory.pre-commit/ shellcheck / shfmt remain clean for touched files.git-check, or manual verification steps are documented only if no harness exists (prefer adding coverage where practical).SUR-2477 — Test: aws::refresh_scan cache invalidation date comparison logic is untested
aws::refresh_scaninbash/aws.shcompares ECR scan completion time to image push time usingjqfloorto normalize fractional timestamps;tests/aws.batsdoes not cover this function oraws::scan_image. Acceptance criteria require bats cases for COMPLETE short-circuit, push vs scan ordering, fractional seconds, with mocks foraws::scan_status,aws::cmd, andaws::scan_image.aws::refresh_scanfor: alreadyCOMPLETE(no re-scan), push newer than scan (re-scan), scan newer than push (skip re-scan), and fractional-second normalization viajq floor.aws::scan_status,aws::cmd,aws::scan_imageas needed).tests/aws.bats(or agreed split file) runs green under the repo’s bats invocation.SUR-2478 — Test: docker::cp_if_different same-image short-circuit path is not covered by tests
docker::cp_if_differentanddocker::repo_tags_hasinbash/docker.shhave no tests; the “same image” path should skip pull/tag/push when the digest already exists at the destination tag. Acceptance criteria call for bats (e.g. newtests/docker.bats) covering same-image vs different-image flows anddocker::repo_tags_haswith mockeddocker inspectoutput.docker::repo_tags_hasbehavior is covered with mockeddocker inspectoutput as described in the issue.make test/ existing bats layout per repository conventions.Risks and mitigations
git-checkbehavior (e.g., error propagation, logging). Mitigation: preserve external CLI contract and log messages; run existing sprint/regression scripts if any covergit-check; review diff forexitvscontinuesemantics.tests/aws.batsand other library specs; load helpers consistently.date -d. Mitigation: keep comparisons inside mocked JSON paths and library logic as the issue describes.Out of scope
shell-scriptsor teamSurinis, or in Linear states other than Backlog at selection time.manual(none encountered in this pass).relatedTograph (not used as blockers per instructions).bash/aws.shorbash/docker.shbeyond what SUR-2477/SUR-2478 require for testability.Linear Evidence
ce9ebfde-ff2b-4f54-90f1-c388591ca110)a43901a0-b02b-4009-aae1-a6e8903d127d, team linkage confirmed on project record)list_issueswithproject=shell-scripts,team=Surinis,state=Backlog,limit=250,orderBy=updatedAt; per-candidateget_issue(..., includeRelations=true)forblockedBy;list_issues(parentId=<id>)for sub-issue checks;list_comments(issueId=<id>)for full comment threads[][](provided open PR file list was empty)Sub-issue Status
No issue in the reviewed Backlog set had Linear sub-issues; parent/sub-issue gating did not apply.
Linear State Transitions