CI command failure hidden by shell exit-code swallowing
What this failure means
A CI script or workflow swallows a critical shell command failure with || true or set +e, allowing the job to pass after important work failed.
Diagnosis
A critical CI command can fail without propagating a non-zero exit code. The workflow may report success even when tests, builds, deploys, or release commands failed.
Fix steps
- Remove broad
|| trueorset +earound critical commands. - If a cleanup command may fail safely, isolate it and document why it is non-blocking.
- Use explicit
ifhandling that fails the job for unexpected command failures.
Validation
- Run
faultline inspect .from the repository root and confirm this source finding is absent or intentionally mitigated. - Run the affected script with a forced failing command and confirm the process exits non-zero.
Why it matters
CI depends on exit codes. Swallowing the exit code around a critical command turns real failures into green builds and delays diagnosis until broken artifacts or deployments surface elsewhere.
Try it locally
make test
rg -n '\|\| true' .github/workflows scripts
make test
git diff --check
How Faultline detects it
Use faultline explain ignored-shell-exit-in-ci to see the full playbook.
faultline analyze build.log
faultline explain ignored-shell-exit-in-ci
Generated from playbooks/bundled/source/ignored-shell-exit-in-ci.yaml. Do not edit directly.
Try it on your own failed log
$ faultline analyze failed.log
Want this across every CI run?
Faultline Teams tracks recurring failures across all your repos and surfaces patterns in a shared dashboard.