Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Fix three code bugs #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
sabengco wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Fix three code bugs #1

sabengco wants to merge 1 commit into from

Conversation

@sabengco
Copy link
Owner

@sabengco sabengco commented Oct 14, 2025

Fixes for CI Script Security, Robustness, and Portability

Summary

This PR addresses three bugs in CI scripts: an insecure Docker login, fragile build script logic, and an unportable/incorrect Azure upload process, along with general script hardening.

Details

This PR implements several fixes across the CI shell scripts to improve security, robustness, and portability:

  1. Docker Login Security (ci-scripts/dockerprovision.sh):

    • Bug: The docker login -p command exposes the password in process arguments.
    • Fix: Modified to use echo "$DOCKER_PW" | docker login --password-stdin, preventing password exposure in ps output and logs.
    • Additional: Ensured docker create uses a clean name and docker pull and docker commit use quoted variables. buildtarget.txt is now overwritten with printf instead of appended.

  2. Build Script Robustness (ci-scripts/buildsamples.sh):

    • Bug: Relied on a fragile relative path for buildtarget.txt and used unquoted command substitution for file iteration, failing on paths with spaces.
    • Fix: Improved buildtarget.txt location logic and refactored the project iteration to use find ... -exec sh -c 'for f do ... "$f" ...' sh {} +, safely handling spaces in file paths.
    • Additional: The dockerprovision.sh script now copies buildsamples.sh and buildtarget.txt to absolute paths within the container and invokes buildsamples.sh using its absolute path for reliability.

  3. Azure Upload Portability and Correctness (ci-scripts/uploadtoazure.sh):

    • Bug: Used Bash-specific [[ ... ]] syntax, causing errors in strict /bin/sh environments, and uploaded all files with a single blob name, risking overwrites.
    • Fix: Replaced [[ ... ]] with POSIX-compliant [ ... ], made container creation idempotent (azure storage container create ... || true), and ensured each uploaded artifact gets a unique blob name ($BUILD_BUILDNUMBER-$(basename "$file")).

General Hardening:

  • Added #!/usr/bin/env sh shebangs and set -eu to installazcli.sh, preserveimage.sh, dockerprovision.sh, buildsamples.sh, and uploadtoazure.sh for better script robustness and error handling.
  • Ensured mkdir -p and quoted paths are used in preserveimage.sh.

Open in Cursor Open in Web

@cursoragent
CI: harden Docker and Azure scripts, fix builds
cbb0886 
- Use docker login --password-stdin to avoid leaking credentials
- Quote variables; add set -eu for safety; add shebangs
- Make uploadtoazure.sh POSIX-compliant; create container idempotently; unique blob names
- Make preserveimage.sh resilient with mkdir -p; quote paths
- Make buildsamples.sh robust: locate buildtarget.txt and handle spaces
- Clean builder container before reuse; fix paths inside container
@cursor
Copy link

cursor bot commented Oct 14, 2025

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
Learn more about Cursor Agents

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sabengco @cursoragent