Merge pull request #3 from cisagov/lineage/skeleton

⚠️ CONFLICT! Lineage pull request for: skeleton

Author: jsf9k

action.yml

@@ -6,6 +6,14 @@ branding:
 description: Disables AppArmor on the GitHub Actions runner.
 name: Disable AppArmor
 
+# We use a shell argument for each step that provides the same guardrails we
+# would have in our bash scripts. The `-Eueo pipefail` sets errtrace, nounset,
+# errexit, and pipefail. The `-x` will print all commands as they are run. We
+# are currently unable to set this as a default (like we can in workflows) so
+# this must be added to each step that runs shell commands. Please see the
+# following GitHub discussion that requests this feature for any status
+# updates: https://github.com/orgs/community/discussions/18597
+
 runs:
   using: composite
   steps:
@@ -16,9 +24,9 @@ runs:
       # https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2093797
       # for more details.
       run: sudo aa-teardown || true
-      shell: bash
+      shell: bash -Eueo pipefail -x {0}
 
     - id: disable-apparmor
       name: Disable and stop AppArmor systemd service
       run: sudo systemctl disable --now apparmor.service
-      shell: bash
+      shell: bash -Eueo pipefail -x {0}