Fix Intel CI env corruption and remove Python 3.14 pinning

[sbryngelson]

Summary

• Replace printenv >> $GITHUB_ENV with a before/after diff that exports only vars added/changed by Intel setvars.sh. The old approach dumped all env vars including shell internals with special characters, causing "Invalid format 'sudo apt-key add GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB'" errors in GitHub Actions.
• Remove explicit Python 3.14 setup from test.yml and lint-toolchain.yml (runners already have a suitable Python).

Test plan

• Ubuntu Intel debug job passes (previously failing with env corruption)
• Ubuntu Intel no-debug job passes
• Lint toolchain job passes without explicit Python 3.14

🤖 Generated with Claude Code

[github-actions]

Claude Code Review

Head SHA: e53ec1a
Files changed: 2 — .github/workflows/test.yml, .github/workflows/lint-toolchain.yml
Net diff: +6 / -11

---

Summary

• Fixes Intel CI env corruption by replacing a blanket printenv >> $GITHUB_ENV with a before/after diff that exports only the env vars added or modified by setvars.sh.
• Removes the explicit actions/setup-python@v5 pin to Python 3.14 from both the Intel test job and the lint-toolchain job, deferring to the runner's pre-installed Python.
• Both changes are targeted and minimal; no Fortran source, test golden files, or parameter system is affected.

---

Findings

.github/workflows/test.yml, lines 126–131 — core fix (looks correct)

The before/after diff pattern is a well-known workaround for this class of GITHUB_ENV corruption:

printenv | sort > /tmp/env_before
source /opt/intel/oneapi/setvars.sh
printenv | sort > /tmp/env_after
diff /tmp/env_before /tmp/env_after | grep '^>' | sed 's/^> //' >> $GITHUB_ENV

It correctly handles:

• New vars: appear only on the > side of the diff — captured.
• Modified vars (e.g., PATH extension): produce both a < and a > line — the new value is captured.
• Unchanged vars: produce no diff output — correctly skipped.

One minor edge case to be aware of: if any env var value contains a literal newline, printenv | sort can interleave lines and produce spurious diff noise. This is extremely unlikely for Intel OneAPI vars and is the same limitation as the original approach, so it is not a blocker.

.github/workflows/lint-toolchain.yml and test.yml — Python 3.14 removal

Removing the pinned python-version: '3.14' is reasonable. Python 3.14 was pre-release at the time that pin was introduced, which can cause actions/setup-python to pull an alpha/beta build. Ubuntu GitHub-hosted runners ship Python 3.12 by default, which is well within MFC toolchain requirements. No issues foreseen.

---

Improvement Opportunities (optional, non-blocking)

1. Scope /tmp filenames to the job — Using /tmp/env_before / /tmp/env_after is fine for sequential jobs, but if self-hosted runners ever run jobs concurrently on the same host, these paths could collide. Consider /tmp/env_before_$$ (PID-qualified) for robustness.
2. Silent failure on diff exit code — diff exits 1 when files differ (the normal case here). If the set -e / errexit shell option is active (it is by default in GitHub Actions run: steps), the pipeline could abort after diff. Wrapping as diff ... || true or { diff ... || true; } | grep ... would make the intent explicit. In practice GitHub Actions runs with set -eo pipefail, so the pipeline form diff ... | grep ... | sed ... already exits on the grep or sed result rather than diff, but an explicit || true adds clarity.

[qodo-code-review]

Review Summary by Qodo

Fix Intel CI env corruption and remove Python 3.14 pinning

🐞 Bug fix ✨ Enhancement

Walkthroughs

Description

• Fix Intel CI environment corruption by exporting only new/changed vars
  - Replace printenv >> $GITHUB_ENV with before/after diff approach
  - Prevents shell internals with special characters from corrupting GITHUB_ENV
• Remove explicit Python 3.14 setup from CI workflows
  - Runners already have suitable Python versions available

Diagram

flowchart LR
  A["Intel setvars.sh<br/>environment setup"] -->|"before/after<br/>diff approach"| B["Export only<br/>new/changed vars"]
  B -->|"prevents corruption"| C["Clean GITHUB_ENV<br/>parsing"]
  D["Remove explicit<br/>Python 3.14 setup"] -->|"simplify CI"| E["Use runner<br/>default Python"]

Loading

File Changes

1. .github/workflows/lint-toolchain.yml ⚙️ Configuration changes +0/-5

Remove explicit Python 3.14 setup

• Removed explicit Python 3.14 setup step using actions/setup-python@v5
• Relies on ubuntu-latest runner's default Python version

.github/workflows/lint-toolchain.yml

---

2. .github/workflows/test.yml 🐞 Bug fix +6/-6

Fix Intel env corruption and remove Python setup

• Replaced printenv >> $GITHUB_ENV with before/after diff approach to export only new/changed
 environment variables from Intel setvars.sh
• Added comments explaining the fix for environment variable corruption
• Removed explicit Python 3.14 setup step using actions/setup-python@v5
• Uses diff command to identify and export only variables modified by Intel setup

.github/workflows/test.yml

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. Env diff pipeline can fail 🐞 Bug ⛯ Reliability

Description

The Intel setup now uses a diff | grep | sed >> $GITHUB_ENV pipeline where diff commonly exits 1
when it finds changes (expected) and grep exits 1 when there are no matches. In environments where
pipeline failures propagate (as this workflow appears to rely on for fallbacks), this can fail the
Intel setup step and block CI.

Code

.github/workflows/test.yml[R129-132]

+          printenv | sort > /tmp/env_before
          source /opt/intel/oneapi/setvars.sh
-          printenv >> $GITHUB_ENV
-
-      - name: Set up Python 3.14
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.14'
+          printenv | sort > /tmp/env_after
+          diff /tmp/env_before /tmp/env_after | grep '^>' | sed 's/^> //' >> $GITHUB_ENV

Evidence

The Intel step writes env changes via a pipeline whose intermediate commands legitimately return
non-zero exit codes during success cases (differences found / no matches). Separately, the same
workflow already uses a pipeline+|| fallback pattern that only behaves as intended when pipeline
failures propagate, indicating the workflow is sensitive to pipeline exit status behavior.

.github/workflows/test.yml[126-133]
.github/workflows/test.yml[137-143]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The Intel oneAPI env export uses a `diff | grep | sed` pipeline that can return non-zero exit codes in normal/success cases (e.g., `diff` returns 1 when it finds differences). In CI environments where pipeline failures propagate, this can fail the step and break Intel CI.

### Issue Context
This is in the `Setup Ubuntu (Intel)` step that writes environment changes to `$GITHUB_ENV` for subsequent steps.

### Fix Focus Areas
- .github/workflows/test.yml[126-133]
- .github/workflows/test.yml[129-132]

### Suggested change
Wrap the pipeline with `|| true` (and optionally filter to `KEY=VALUE` lines) so expected non-zero statuses don’t fail the job.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more

[github-actions]

Claude Code Review

Head SHA: e53ec1a
Files changed: 2

• .github/workflows/test.yml
• .github/workflows/lint-toolchain.yml

Summary

• Replaces printenv >> $GITHUB_ENV with a before/after diff approach to avoid exporting shell internals that corrupt GITHUB_ENV parsing — correct diagnosis of the root cause.
• Removes explicit Python 3.14 pinning from both workflow files.
• Net change: +6 / -11 lines.

---

Findings

🔴 Bug: diff exit code 1 will abort the step under pipefail

File: .github/workflows/test.yml, new lines ~129–132

GitHub Actions runs bash with -eo pipefail by default. The diff command exits 1 when files differ (which they will after setvars.sh sets variables). Under pipefail, a non-zero exit from any command in a pipeline propagates as the pipeline's exit code, causing the entire step to fail immediately after setvars.sh runs.

# Current (broken):
diff /tmp/env_before /tmp/env_after | grep '^>' | sed 's/^> //' >> $GITHUB_ENV

Fix — append || true to suppress the expected non-zero exit from diff:

diff /tmp/env_before /tmp/env_after | grep '^>' | sed 's/^> //' >> $GITHUB_ENV || true

Without this fix, the Intel CI jobs will still fail, just at a different point than before.

🟡 Observation: multi-line env var values not handled

GITHUB_ENV requires a special heredoc syntax for multi-line values (NAME<<EOF\nVALUE\nEOF). The printenv | sort | diff | sed pipeline will emit raw newlines for any multi-line value, which would corrupt GITHUB_ENV. Intel's setvars.sh is unlikely to introduce such vars, but worth noting if the pattern is reused elsewhere.

🟡 Observation: Python 3.14 removal may introduce non-determinism

Both workflow files previously pinned python-version: '3.14'. Relying on whatever Python the runner ships can cause unexpected breakage if GitHub updates the runner image. The PR description says "runners already have a suitable Python" — acceptable if confirmed for the runner images in use (ubuntu-22.04/ubuntu-latest), but it removes an explicit contract.

---

Verdict

The diff exit-code bug (🔴) means this PR will not fix the Intel CI failure and may instead produce a new failure mode. The fix is a one-word change (|| true). Everything else in the approach is sound.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c657c010-0968-45b7-9a71-541b8808714c

📥 Commits

Reviewing files that changed from the base of the PR and between 31899ad and e53ec1a.

📒 Files selected for processing (2)

• .github/workflows/lint-toolchain.yml
• .github/workflows/test.yml

---

📝 Walkthrough

Walkthrough

This pull request modifies two GitHub Actions workflow files. The lint-toolchain workflow removes a Python setup step that configured version 3.14. The test workflow updates how environment variables are exported to GitHub by introducing a selective export mechanism that captures environment state before and after sourcing the Intel setvars script, extracts only the changed variables using diff and sed, and appends them to the GitHub environment. The same Python 3.14 setup step is also removed from this workflow.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates CI workflows to avoid corrupting GitHub Actions environment exports when sourcing Intel oneAPI setvars.sh, and removes explicit Python 3.14 setup steps in favor of the runner’s default Python.

Changes:

• Replaces printenv >> $GITHUB_ENV with a before/after environment comparison intended to export only new/changed variables after setvars.sh.
• Removes actions/setup-python@v5 pinning to Python 3.14 from the Intel job in test.yml and from lint-toolchain.yml.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
.github/workflows/test.yml	Changes how Intel oneAPI environment variables are persisted into GITHUB_ENV; removes Python 3.14 setup in that job.
.github/workflows/lint-toolchain.yml	Removes the explicit Python 3.14 setup step.

[Copilot]

diff exits with status 1 when the files differ, and with GitHub Actions’ default bash -e -o pipefail this will fail the step even when differences are expected. Additionally, grep '^>' will exit 1 (and fail the step) if there are no added/changed vars. Consider using an approach that returns success in these cases (e.g., comm -13 on the sorted env snapshots, or otherwise ensure the pipeline ignores diff/grep non-zero statuses) while still appending only the desired KEY=VALUE lines to $GITHUB_ENV.

Suggested change

	diff /tmp/env_before /tmp/env_after | grep '^>' | sed 's/^> //' >> $GITHUB_ENV
	comm -13 /tmp/env_before /tmp/env_after >> "$GITHUB_ENV"

[qodo-code-review]

1. Env diff pipeline can fail 🐞 Bug ⛯ Reliability

The Intel setup now uses a diff | grep | sed >> $GITHUB_ENV pipeline where diff commonly exits 1
when it finds changes (expected) and grep exits 1 when there are no matches. In environments where
pipeline failures propagate (as this workflow appears to rely on for fallbacks), this can fail the
Intel setup step and block CI.

Agent Prompt

### Issue description
The Intel oneAPI env export uses a `diff | grep | sed` pipeline that can return non-zero exit codes in normal/success cases (e.g., `diff` returns 1 when it finds differences). In CI environments where pipeline failures propagate, this can fail the step and break Intel CI.

### Issue Context
This is in the `Setup Ubuntu (Intel)` step that writes environment changes to `$GITHUB_ENV` for subsequent steps.

### Fix Focus Areas
- .github/workflows/test.yml[126-133]
- .github/workflows/test.yml[129-132]

### Suggested change
Wrap the pipeline with `|| true` (and optionally filter to `KEY=VALUE` lines) so expected non-zero statuses don’t fail the job.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools