gh actions: replace shell:bash with an improved default (#43338)

The new default will show exactly what commands are executed, and will
stop if undefined variables are used.

It's not possible set a default shell for "composite" action steps.
There's a pending feature request for it here:
  https://github.com/community/community/discussions/18597

.github/actions/setup-sentry/action.yml

@@ -54,7 +54,9 @@ runs:
   using: 'composite'
   steps:
     - name: Setup default environment variables
-      shell: bash
+      # the default for "bash" is:
+      #      bash --noprofile --norc -eo pipefail {0}
+      shell: bash --noprofile --norc -eo pipefail -ux {0}
       env:
         MATRIX_INSTANCE: ${{ matrix.instance }}
         # XXX: We should be using something like len(strategy.matrix.instance) (not possible atm)
@@ -95,7 +97,7 @@ runs:
 
         # this handles pytest test sharding
         if [ "$MATRIX_INSTANCE" ]; then
-          if ! [ "$MATRIX_INSTANCE_TOTAL" ]; then
+          if ! [ "${MATRIX_INSTANCE_TOTAL:-}" ]; then
             echo "MATRIX_INSTANCE_TOTAL is required."
             exit 1
           fi
@@ -113,15 +115,15 @@ runs:
       id: config
       env:
         MATRIX_INSTANCE: ${{ matrix.instance }}
-      shell: bash
+      shell: bash --noprofile --norc -eo pipefail -ux {0}
       run: |
         echo "yarn-cache-dir=$(yarn cache dir)" >> "$GITHUB_OUTPUT"
         echo "matrix-instance-number=$(($MATRIX_INSTANCE+1))" >> "$GITHUB_OUTPUT"
-        echo "matrix-instance-total=$(($MATRIX_INSTANCE_TOTAL))" >> "$GITHUB_OUTPUT"
+        echo "matrix-instance-total=$((${MATRIX_INSTANCE_TOTAL:-}))" >> "$GITHUB_OUTPUT"
         echo "acceptance-dir=.artifacts/visual-snapshots/acceptance" >> "$GITHUB_OUTPUT"
 
     - name: Install python dependencies
-      shell: bash
+      shell: bash --noprofile --norc -eo pipefail -ux {0}
       env:
         # This is necessary when other repositories (e.g. relay) want to take advantage of this workflow
         # without needing to fork it. The path needed is the one where setup.py is located
@@ -132,7 +134,7 @@ runs:
         SENTRY_LIGHT_BUILD=1 pip install --no-deps -e .
 
     - name: Start devservices
-      shell: bash
+      shell: bash --noprofile --norc -eo pipefail -ux {0}
       env:
         NEED_KAFKA: ${{ inputs.kafka }}
         NEED_SNUBA: ${{ inputs.snuba }}

.github/workflows/bump-sentry-in-getsentry.yml

@@ -9,6 +9,12 @@ on:
     branches:
       - master
 
+defaults:
+  run:
+    # the default default is:
+    #      bash --noprofile --norc -eo pipefail {0}
+    shell: bash --noprofile --norc -eo pipefail -ux {0}
+
 jobs:
   bump-sentry:
     runs-on: ubuntu-20.04
@@ -29,7 +35,6 @@ jobs:
           token: ${{ secrets.BUMP_SENTRY_TOKEN }}
 
       - name: bump-sentry ${{ github.sha }}
-        shell: bash
         run: |
           cd getsentry
 

.github/workflows/migrations.yml

@@ -7,6 +7,12 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+defaults:
+  run:
+    # the default default is:
+    #      bash --noprofile --norc -eo pipefail {0}
+    shell: bash --noprofile --norc -eo pipefail -ux {0}
+
 jobs:
   did-migration-change:
     name: check if any migration changes
@@ -36,7 +42,6 @@ jobs:
 
     steps:
       - name: Failure because of modified migration
-        shell: bash
         run: |
           echo "If you have a valid reason to modify a migration please get approval"
           echo "from @getsentry/owners-migrations, then ask a Github admin to merge." && exit 1