Skip to content

Update M-CMP deployment script#2208

Merged
cb-github-robot merged 1 commit intocloud-barista:mainfrom
seokho-son:main
Nov 17, 2025
Merged

Update M-CMP deployment script#2208
cb-github-robot merged 1 commit intocloud-barista:mainfrom
seokho-son:main

Conversation

@seokho-son
Copy link
Copy Markdown
Member

@seokho-son seokho-son commented Nov 17, 2025

No description provided.

@seokho-son
Add M-CMP deployment script
4bdcbf3 
Signed-off-by: Seokho Son <shsongist@gmail.com>
Copilot AI review requested due to automatic review settings November 17, 2025 08:48
Copilot AI reviewed Nov 17, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves the M-CMP deployment script by adding configuration constants, enhancing security practices, and improving user experience with better error handling and documentation.

  • Introduces configuration constants for minimum system requirements (vCPU, RAM)
  • Enhances security by downloading Docker installation script to a temporary file before execution
  • Improves robustness with proper variable quoting and error handling for directory navigation

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

scripts/set-mcmp.sh

# Detect actual user (important when executed with sudo)
TARGET_USER="${SUDO_USER:-$USER}"
TARGET_HOME=$(eval echo ~"$TARGET_USER")
Copy link

Copilot AI Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The eval echo pattern used here can be a security risk. Consider using the safer alternative:

TARGET_HOME=$(getent passwd "$TARGET_USER" | cut -d: -f6)

This approach reads from the system's password database without shell expansion, avoiding potential command injection if TARGET_USER contains malicious input.

Suggested change
TARGET_HOME=$(eval echo ~"$TARGET_USER")
TARGET_HOME=$(getent passwd "$TARGET_USER" | cut -d: -f6)

Copilot uses AI. Check for mistakes.
scripts/set-mcmp.sh
echo " ⚠️ Security Note: Downloading and executing remote script"
echo " → See https://docs.docker.com/engine/install/ for manual installation"
TMP_DOCKER_SCRIPT=$(mktemp)
curl -fsSL https://get.docker.com -o "$TMP_DOCKER_SCRIPT"
Copy link

Copilot AI Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding error handling for the curl download step. If the download fails, the script will attempt to execute an empty or incomplete file:

if ! curl -fsSL https://get.docker.com -o "$TMP_DOCKER_SCRIPT"; then
  echo "❌ Error: Failed to download Docker installation script"
  rm -f "$TMP_DOCKER_SCRIPT"
  exit 1
fi
Suggested change
curl -fsSL https://get.docker.com -o "$TMP_DOCKER_SCRIPT"
if ! curl -fsSL https://get.docker.com -o "$TMP_DOCKER_SCRIPT"; then
echo "❌ Error: Failed to download Docker installation script"
rm -f "$TMP_DOCKER_SCRIPT"
exit 1
fi

Copilot uses AI. Check for mistakes.
@seokho-son
Copy link
Copy Markdown
Member Author

seokho-son commented Nov 17, 2025

/approve

@github-actions github-actions bot added the approved This PR is approved and will be merged soon. label Nov 17, 2025
@cb-github-robot cb-github-robot merged commit 683fc9b into cloud-barista:main Nov 17, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@github-actions github-actions[bot] github-actions[bot] approved these changes

@yunkon-kim yunkon-kim Awaiting requested review from yunkon-kim yunkon-kim is a code owner

Assignees

No one assigned

Labels

approved This PR is approved and will be merged soon. script

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@seokho-son @cb-github-robot