diff --git a/.github/actions/publish/action.yml b/.github/actions/publish/action.yml
index e5e6de814f5..2d86395589d 100644
--- a/.github/actions/publish/action.yml
+++ b/.github/actions/publish/action.yml
@@ -17,6 +17,21 @@ inputs:
     type: string
     default: "true"
 
+# shared environment values for "Package release" step that is split between Windows and non-Windows hosts.
+x-package-release-env: &package-release-env
+  # ensure we sign the artifacts
+  NODE_ENV: production
+  # Apple notarization
+  XCODE_APP_LOADER_EMAIL: ${{ fromJSON(inputs.secrets).XCODE_APP_LOADER_EMAIL }}
+  XCODE_APP_LOADER_PASSWORD: ${{ fromJSON(inputs.secrets).XCODE_APP_LOADER_PASSWORD }}
+  XCODE_APP_LOADER_TEAM_ID: ${{ fromJSON(inputs.secrets).XCODE_APP_LOADER_TEAM_ID }}
+  # Windows signing
+  WINDOWS_SIGNING_CERT_PATH: ${{ steps.import_win_signing_cert.outputs.filePath }}
+  WINDOWS_SIGNING_PASSWORD: ${{ fromJSON(inputs.secrets).WINDOWS_SIGNING_PASSWORD }}
+  # https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/#improvements-for-public-repository-forks
+  # https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks#about-workflow-runs-from-public-forks
+  CSC_FOR_PULL_REQUEST: true
+
 runs:
   # https://docs.github.com/en/actions/creating-actions/creating-a-composite-action
   using: "composite"
@@ -48,10 +63,7 @@ runs:
     - name: Install host dependencies
       if: runner.os == 'Linux'
       shell: bash
-      run: |
-        set -ea
-        sudo apt-get update
-        sudo apt-get install -y --no-install-recommends fakeroot dpkg rpm
+      run: sudo apt-get install -y --no-install-recommends fakeroot dpkg rpm
 
     - name: Install host dependencies
       if: runner.os == 'macOS'
@@ -102,36 +114,18 @@ runs:
         encodedString: ${{ fromJSON(inputs.secrets).WINDOWS_SIGNING }}
 
     - name: Package release
-      id: package_release
       if: runner.os != 'Windows'
       shell: bash
-      run: |
-        ./build/make-all.sh
-        APPLICATION_VERSION="$(jq -r '.version' package.json)"
-        echo "version=${APPLICATION_VERSION}" >> $GITHUB_OUTPUT
+      run: ./build/make-all.sh
+      env:
+        <<: *package-release-env
 
     - name: Package release
-      id: package_release
       if: runner.os == 'Windows'
-      shell: powershell # npm run make fails on bash on windows
-      run: |
-        ./build/make-all.sh
-        APPLICATION_VERSION="$(jq -r '.version' package.json)"
-        echo "version=${APPLICATION_VERSION}" >> $GITHUB_OUTPUT
-
+      shell: powershell # npm run make fails on bash on windows; some node-gyp weirdness
+      run: ./build/make-all.sh
       env:
-        # ensure we sign the artifacts
-        NODE_ENV: production
-        # Apple notarization
-        XCODE_APP_LOADER_EMAIL: ${{ fromJSON(inputs.secrets).XCODE_APP_LOADER_EMAIL }}
-        XCODE_APP_LOADER_PASSWORD: ${{ fromJSON(inputs.secrets).XCODE_APP_LOADER_PASSWORD }}
-        XCODE_APP_LOADER_TEAM_ID: ${{ fromJSON(inputs.secrets).XCODE_APP_LOADER_TEAM_ID }}
-        # Windows signing
-        WINDOWS_SIGNING_CERT_PATH: ${{ steps.import_win_signing_cert.outputs.filePath }}
-        WINDOWS_SIGNING_PASSWORD: ${{ fromJSON(inputs.secrets).WINDOWS_SIGNING_PASSWORD }}
-        # https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/#improvements-for-public-repository-forks
-        # https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks#about-workflow-runs-from-public-forks
-        CSC_FOR_PULL_REQUEST: true
+        <<: *package-release-env
 
     - name: Upload artifacts
       uses: actions/upload-artifact@v3
diff --git a/.github/actions/test/action.yml b/.github/actions/test/action.yml
index d56bb3b2e7e..d49894267c5 100644
--- a/.github/actions/test/action.yml
+++ b/.github/actions/test/action.yml
@@ -30,10 +30,8 @@ runs:
 
     - name: Install host dependencies
       if: runner.os == 'Linux'
-      shell: bash --noprofile --norc -eo pipefail -x {0}
+      shell: bash
       run: |
-        set -ea
-        sudo apt-get update
         sudo apt-get install -y --no-install-recommends xvfb libudev-dev
         cat < package.json | jq -r '.hostDependencies[][]' - | \
           xargs -L1 echo | sed 's/|//g' | xargs -L1 \
@@ -48,19 +46,20 @@ runs:
       with:
         python-version: '3.11'
 
+    - name: Install project dependencies
+      shell: bash
+      run: npm ci
+
     - name: Test release
-      shell: bash --noprofile --norc -eo pipefail -x {0}
-      run: |
-        set -ea
-        npm ci
-        ./build/test-all.sh
+      shell: bash
+      run: ./build/test-all.sh
       env:
         # https://www.electronjs.org/docs/latest/api/environment-variables
         ELECTRON_NO_ATTACH_CONSOLE: 'true'
 
     - name: Compress custom source
       if: runner.os != 'Windows'
-      shell: pwsh
+      shell: bash
       run: tar -acf ${{ runner.temp }}/custom.tgz .
 
     - name: Compress custom source