From 2fe34b6444502079dc0b84365ce82dbc92de308e Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 13 Apr 2024 14:06:49 +0200
Subject: Adding upstream version 6.17.2.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 src/ansiblelint/rules/risky_shell_pipe.md | 39 +++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 src/ansiblelint/rules/risky_shell_pipe.md

(limited to 'src/ansiblelint/rules/risky_shell_pipe.md')

diff --git a/src/ansiblelint/rules/risky_shell_pipe.md b/src/ansiblelint/rules/risky_shell_pipe.md
new file mode 100644
index 0000000..302d0d9
--- /dev/null
+++ b/src/ansiblelint/rules/risky_shell_pipe.md
@@ -0,0 +1,39 @@
+# risky-shell-pipe
+
+This rule checks for the bash `pipefail` option with the Ansible `shell` module.
+
+You should always set `pipefail` when piping output from one command to another.
+The return status of a pipeline is the exit status of the command. The
+`pipefail` option ensures that tasks fail as expected if the first command
+fails.
+
+As this requirement does apply to PowerShell, for shell commands that have
+`pwsh` inside `executable` attribute, this rule will not trigger.
+
+## Problematic Code
+
+```yaml
+---
+- name: Example playbook
+  hosts: localhost
+  tasks:
+    - name: Pipeline without pipefail
+      ansible.builtin.shell: false | cat
+```
+
+## Correct Code
+
+```yaml
+---
+- name: Example playbook
+  hosts: localhost
+  become: false
+  tasks:
+    - name: Pipeline with pipefail
+      ansible.builtin.shell: set -o pipefail && false | cat
+
+    - name: Pipeline with pipefail, multi-line
+      ansible.builtin.shell: |
+        set -o pipefail # <-- adding this will prevent surprises
+        false | cat
+```
-- 
cgit v1.2.3