Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: automate ballerine deployment #2871

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from

Conversation

pratapalakshmi
Copy link
Collaborator

@pratapalakshmi pratapalakshmi commented Dec 1, 2024

Summary by CodeRabbit

  • New Features

    • Added a help function for usage instructions in the installation script.
    • Introduced domain validation and OS-specific Docker installation functions.
    • Enhanced environment variable handling for frontend and Docker Compose configurations.
    • Implemented a deployment function for streamlined deployment processes.
  • Bug Fixes

    • Updated static URLs for various services to improve reliability.
    • Added restart policies for PostgreSQL and Caddy services to enhance resilience.
  • Chores

    • Improved script usability by implementing command-line argument parsing and default settings.

Copy link

changeset-bot bot commented Dec 1, 2024

⚠️ No Changeset found

Latest commit: 496be43

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copy link
Contributor

coderabbitai bot commented Dec 1, 2024

Walkthrough

The changes introduced in this pull request enhance the ballerine_install.sh script by adding new functions for help, domain validation, and OS-specific Docker installation. The script now defaults to "localhost" if no command-line arguments are provided and includes a new command-line argument parsing loop. Additionally, the docker-compose-build.yml and docker-compose-build-https.yml files have been updated to use static localhost URLs for various services, replacing dynamic domain references, and include restart policies for the PostgreSQL and Caddy services.

Changes

File Change Summary
ballerine_install.sh - Changed shebang from #!/usr/bin/env bash to #!/bin/bash.
- Added functions: show_help(), check_http_https(), install_docker_ubuntu(), install_docker_macos(), check_os().
- Updated update_frontend_build_variables() to accept a Vite domain name.
- Introduced update_docker_compose() for validating and updating environment variables.
- Added command-line argument parsing loop.
deploy/docker-compose-build.yml - Updated VITE_API_URL to a static URL for ballerine-kyb-app.
- Changed CORS origins for ballerine-workflow-service to static localhost URLs.
- Added restart: on-failure for ballerine-postgres.
deploy/docker-compose-build-https.yml - Changed ballerine-workflow-service to build from a local directory instead of using a pre-built image.
- Updated VITE_API_URL to a static URL.
- Changed CORS origins for ballerine-workflow-service to static localhost URLs.
- Added restart: on-failure for ballerine-postgres and caddy.

Possibly related PRs

  • chore: update ansible docker deployment steps #2413: The changes in the setup-ballerine.yml file regarding the deployment tasks based on the vite_api_url are related to the modifications in the main PR that involve updating environment variables and handling domain inputs in the ballerine_install.sh script.

Suggested reviewers

  • liorzam
  • Omri-Levy
  • alonp99

Poem

In the script where rabbits play,
New functions hop in, bright as day.
With localhost now leading the way,
Docker dances, come what may!
A joyful leap, a code ballet! 🐇✨


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (2)
ballerine_install.sh (2)

21-35: Input validation in check_http_https() is too restrictive.

The function check_http_https() exits if the input does not contain 'http://' or 'https://'. Users might provide domains without protocols (e.g., 'example.com'), causing the script to exit unexpectedly. Consider allowing inputs without protocols and defaulting to 'http://' or 'https://' as needed.

Apply this diff to adjust the input validation:

 check_http_https() {
     local input=$1
     echo "checking domain if suitable $input"
-    if [[ $input == *http://* && $input != *https://* ]]; then
-        echo "The string contains 'http' but not 'https'."
-    elif [[ $input == *https://* && $input != *http://* ]]; then
-        echo "The string contains 'https' but not 'http'."
-    elif [[ $input == *http://* && $input == *https://* ]]; then
-        echo "The string contains both 'http' and 'https'."
+    if [[ $input == *http://* || $input == *https://* ]]; then
+        echo "The domain contains protocol information."
     else
-        echo "The string contains neither 'http' nor 'https'."
-        exit 1;
+        echo "No protocol specified. Defaulting to 'https://'."
+        input="https://$input"
     fi
 }

157-157: Variable 'VERBOSE' is set but not used.

The VERBOSE variable is assigned a value but not utilized anywhere in the script. Consider implementing verbose logging or removing the variable if it's unnecessary.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 27e0342 and 15aa1cb.

📒 Files selected for processing (2)
  • ballerine_install.sh (1 hunks)
  • deploy/docker-compose-build.yml (3 hunks)
🧰 Additional context used
🪛 Shellcheck (0.10.0)
ballerine_install.sh

[warning] 156-156: VERBOSE appears unused. Verify use (or export if used externally).

(SC2034)

🔇 Additional comments (1)
deploy/docker-compose-build.yml (1)

101-101: Adding restart: on-failure to PostgreSQL service enhances reliability.

Including a restart policy ensures that the ballerine-postgres service will automatically restart if it fails, improving the robustness of your application.

Comment on lines 91 to 121
echo "The operating system is not recognized."
;;
esac
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Script continues after failing to recognize the operating system.

When the operating system is not recognized, the script should exit to prevent unintended behavior.

Apply this diff to exit the script when the OS is unrecognized:

 echo "The operating system is not recognized."
+exit 1
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
echo "The operating system is not recognized."
;;
esac
echo "The operating system is not recognized."
exit 1
;;
esac

Comment on lines 79 to 108
echo "The host is running a Linux distribution but not Ubuntu."
echo "We do not support this Linux distribution"
fi
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Script does not exit on unsupported Linux distributions.

After detecting an unsupported Linux distribution, the script continues execution. This may lead to errors later on. It's essential to exit the script when the OS is unsupported.

Apply this diff to exit the script for unsupported Linux distributions:

 echo "We do not support this Linux distribution"
+exit 1
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
echo "The host is running a Linux distribution but not Ubuntu."
echo "We do not support this Linux distribution"
fi
echo "The host is running a Linux distribution but not Ubuntu."
echo "We do not support this Linux distribution"
exit 1
fi

Comment on lines 107 to 141
sed -i '' "s|http://localhost:3000|$VITE_DOMAIN_NAME|g" $i
done
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Incompatible sed -i usage across different operating systems.

The sed -i '' command is specific to macOS. On Linux systems like Ubuntu, the syntax should be sed -i without the empty quotes. This difference can cause the script to fail on Ubuntu.

Apply this diff to make sed command compatible across macOS and Linux:

 for i in $env_files;
     do
         echo "Updating env variables of $i"
-        sed -i '' "s|http://localhost:3000|$VITE_DOMAIN_NAME|g" $i
+        if [[ "$OSTYPE" == "darwin"* ]]; then
+            sed -i '' "s|http://localhost:3000|$VITE_DOMAIN_NAME|g" $i
+        else
+            sed -i "s|http://localhost:3000|$VITE_DOMAIN_NAME|g" $i
+        fi
     done
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
sed -i '' "s|http://localhost:3000|$VITE_DOMAIN_NAME|g" $i
done
for i in $env_files;
do
echo "Updating env variables of $i"
if [[ "$OSTYPE" == "darwin"* ]]; then
sed -i '' "s|http://localhost:3000|$VITE_DOMAIN_NAME|g" $i
else
sed -i "s|http://localhost:3000|$VITE_DOMAIN_NAME|g" $i
fi
done

Comment on lines 124 to 131
echo "Updating env variables for KYB in $i"
sed -i '' "s|http://localhost:5201|$KYB_DOMAIN|g" $i

echo "Updating env variables for Workflow Dashboard in $i"
sed -i '' "s|http://localhost:5200|$WORKFLOW_DASHBOARD_DOMAIN|g" $i

install_docker
echo "Updating env variables for Backoffice in $i"
sed -i '' "s|http://localhost:5137|$BACKOFFICE_DOMAIN|g" $i
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

sed -i command may fail due to platform differences.

The use of sed -i '' in updating Docker Compose files is platform-specific to macOS. This will cause errors on Linux systems. Adjust the script to handle both macOS and Linux.

Apply this diff to update the sed commands:

 for i in $env_files;
     do
         echo "Updating env variables for KYB in $i"
-        sed -i '' "s|http://localhost:5201|$KYB_DOMAIN|g" $i
+        if [[ "$OSTYPE" == "darwin"* ]]; then
+            sed -i '' "s|http://localhost:5201|$KYB_DOMAIN|g" $i
+        else
+            sed -i "s|http://localhost:5201|$KYB_DOMAIN|g" $i
+        fi

         echo "Updating env variables for Workflow Dashboard in $i"
-        sed -i '' "s|http://localhost:5200|$WORKFLOW_DASHBOARD_DOMAIN|g" $i
+        if [[ "$OSTYPE" == "darwin"* ]]; then
+            sed -i '' "s|http://localhost:5200|$WORKFLOW_DASHBOARD_DOMAIN|g" $i
+        else
+            sed -i "s|http://localhost:5200|$WORKFLOW_DASHBOARD_DOMAIN|g" $i
+        fi

         echo "Updating env variables for Backoffice in $i"
-        sed -i '' "s|http://localhost:5137|$BACKOFFICE_DOMAIN|g" $i
+        if [[ "$OSTYPE" == "darwin"* ]]; then
+            sed -i '' "s|http://localhost:5137|$BACKOFFICE_DOMAIN|g" $i
+        else
+            sed -i "s|http://localhost:5137|$BACKOFFICE_DOMAIN|g" $i
+        fi
     done
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
echo "Updating env variables for KYB in $i"
sed -i '' "s|http://localhost:5201|$KYB_DOMAIN|g" $i
echo "Updating env variables for Workflow Dashboard in $i"
sed -i '' "s|http://localhost:5200|$WORKFLOW_DASHBOARD_DOMAIN|g" $i
install_docker
echo "Updating env variables for Backoffice in $i"
sed -i '' "s|http://localhost:5137|$BACKOFFICE_DOMAIN|g" $i
echo "Updating env variables for KYB in $i"
if [[ "$OSTYPE" == "darwin"* ]]; then
sed -i '' "s|http://localhost:5201|$KYB_DOMAIN|g" $i
else
sed -i "s|http://localhost:5201|$KYB_DOMAIN|g" $i
fi
echo "Updating env variables for Workflow Dashboard in $i"
if [[ "$OSTYPE" == "darwin"* ]]; then
sed -i '' "s|http://localhost:5200|$WORKFLOW_DASHBOARD_DOMAIN|g" $i
else
sed -i "s|http://localhost:5200|$WORKFLOW_DASHBOARD_DOMAIN|g" $i
fi
echo "Updating env variables for Backoffice in $i"
if [[ "$OSTYPE" == "darwin"* ]]; then
sed -i '' "s|http://localhost:5137|$BACKOFFICE_DOMAIN|g" $i
else
sed -i "s|http://localhost:5137|$BACKOFFICE_DOMAIN|g" $i
fi

@@ -23,7 +23,7 @@ services:
- ballerine-workflow-service
restart: on-failure
environment:
VITE_API_URL: 'http://${DOMAIN_NAME:-localhost:3000}/api/v1/'
VITE_API_URL: 'http://localhost:3000/api/v1/'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Hardcoding VITE_API_URL to localhost may limit flexibility.

Setting VITE_API_URL to 'http://localhost:3000/api/v1/' restricts the application to only work with a local API server. In production environments, the API might be hosted on a different domain. Consider making this URL configurable.

Apply this diff to restore configurability:

 VITE_API_URL: 'http://localhost:3000/api/v1/'
+# Consider using an environment variable or a Docker argument to set VITE_API_URL dynamically.

Committable suggestion skipped: line range outside the PR's diff.

Comment on lines +53 to +56
BACKOFFICE_CORS_ORIGIN: http://localhost:5137
WORKFLOW_DASHBOARD_CORS_ORIGIN: http://localhost:5200
PORT: ${WORKFLOW_SVC_PORT}
KYB_EXAMPLE_CORS_ORIGIN: http://${DOMAIN_NAME:-localhost}:${KYB_APP_PORT}
KYB_EXAMPLE_CORS_ORIGIN: http://localhost:5201
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Hardcoding CORS origins may cause cross-origin issues.

By hardcoding the CORS origins to localhost, services running on other domains won't be able to communicate with the API. This can cause issues in staging or production environments.

Apply this diff to make the CORS origins configurable:

 BACKOFFICE_CORS_ORIGIN: http://localhost:5137
 WORKFLOW_DASHBOARD_CORS_ORIGIN: http://localhost:5200
 KYB_EXAMPLE_CORS_ORIGIN: http://localhost:5201
+# Consider using environment variables to set these origins dynamically based on deployment.

Committable suggestion skipped: line range outside the PR's diff.

@pratapalakshmi pratapalakshmi changed the title chore: automate ballerine deployment chore[wip]: automate ballerine deployment Dec 5, 2024
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (2)
deploy/docker-compose-build-https.yml (2)

31-32: Consider multi-stage builds and build arguments

While building from local context is good for development, consider:

  1. Using multi-stage builds to optimize the final image
  2. Adding build arguments for flexibility

Example enhancement:

     build:
       context: ../services/workflows-service/
+      args:
+        NODE_ENV: ${NODE_ENV:-production}
+      target: ${BUILD_TARGET:-production}

Line range hint 1-116: Consider maintaining environment-based configuration

The current changes show a trend towards hardcoding values that were previously configurable through environment variables. While this might simplify initial setup, it could:

  1. Reduce deployment flexibility across different environments
  2. Make it harder to maintain different configurations for development, staging, and production
  3. Potentially expose sensitive information in the configuration

Consider maintaining the environment-based configuration approach and providing clear documentation or default values in a .env.example file.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 15aa1cb and 59477bc.

📒 Files selected for processing (1)
  • deploy/docker-compose-build-https.yml (4 hunks)
🧰 Additional context used
🪛 yamllint (1.35.1)
deploy/docker-compose-build-https.yml

[error] 114-114: duplication of key "restart" in mapping

(key-duplicates)

@@ -97,6 +98,7 @@ services:
timeout: 45s
interval: 10s
retries: 10
restart: on-failure
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix duplicate restart policy in caddy service

The caddy service has conflicting restart policies:

  1. restart: unless-stopped (line 103)
  2. restart: on-failure (line 114)

Remove the duplicate restart policy and decide on a single strategy:

  caddy:
    image: caddy:latest
    restart: unless-stopped
    container_name: caddy
    ports:
      - 80:80
      - 443:443
    volumes:
      - "../deploy/caddy/Caddyfile:/etc/caddy/Caddyfile"
      - "../deploy/./caddy/site:/srv"
      - "../deploy/caddy/caddy_data:/data"
      - "../deploy/caddy/caddy_config:/config"
-    restart: on-failure

Also applies to: 114-114

@@ -23,12 +23,13 @@ services:
- ballerine-workflow-service
restart: on-failure
environment:
VITE_API_URL: 'http://${DOMAIN_NAME:-localhost:3000}/api/v1/'
VITE_API_URL: 'http://localhost:3000/api/v1/'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Avoid hardcoding localhost URLs in Docker configurations

Hardcoding localhost:3000 reduces deployment flexibility. Consider keeping the parameterized version using environment variables to support different deployment environments.

-      VITE_API_URL: 'http://localhost:3000/api/v1/'
+      VITE_API_URL: 'http://${DOMAIN_NAME:-localhost:3000}/api/v1/'
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
VITE_API_URL: 'http://localhost:3000/api/v1/'
VITE_API_URL: 'http://${DOMAIN_NAME:-localhost:3000}/api/v1/'

Comment on lines +53 to +56
BACKOFFICE_CORS_ORIGIN: http://localhost:5137
WORKFLOW_DASHBOARD_CORS_ORIGIN: http://localhost:5200
PORT: ${WORKFLOW_SVC_PORT}
KYB_EXAMPLE_CORS_ORIGIN: http://${DOMAIN_NAME:-localhost}:${KYB_APP_PORT}
KYB_EXAMPLE_CORS_ORIGIN: http://localhost:5201
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Revise CORS configuration for security and flexibility

  1. Hardcoding CORS origins to localhost limits deployment flexibility
  2. Consider security implications of CORS configuration in production
-      BACKOFFICE_CORS_ORIGIN: http://localhost:5137
-      WORKFLOW_DASHBOARD_CORS_ORIGIN: http://localhost:5200
-      KYB_EXAMPLE_CORS_ORIGIN: http://localhost:5201
+      BACKOFFICE_CORS_ORIGIN: http://${DOMAIN_NAME:-localhost}:${BACKOFFICE_PORT:-5137}
+      WORKFLOW_DASHBOARD_CORS_ORIGIN: http://${DOMAIN_NAME:-localhost}:${WORKFLOW_DASHBOARD_PORT:-5200}
+      KYB_EXAMPLE_CORS_ORIGIN: http://${DOMAIN_NAME:-localhost}:${KYB_APP_PORT:-5201}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
BACKOFFICE_CORS_ORIGIN: http://localhost:5137
WORKFLOW_DASHBOARD_CORS_ORIGIN: http://localhost:5200
PORT: ${WORKFLOW_SVC_PORT}
KYB_EXAMPLE_CORS_ORIGIN: http://${DOMAIN_NAME:-localhost}:${KYB_APP_PORT}
KYB_EXAMPLE_CORS_ORIGIN: http://localhost:5201
BACKOFFICE_CORS_ORIGIN: http://${DOMAIN_NAME:-localhost}:${BACKOFFICE_PORT:-5137}
WORKFLOW_DASHBOARD_CORS_ORIGIN: http://${DOMAIN_NAME:-localhost}:${WORKFLOW_DASHBOARD_PORT:-5200}
PORT: ${WORKFLOW_SVC_PORT}
KYB_EXAMPLE_CORS_ORIGIN: http://${DOMAIN_NAME:-localhost}:${KYB_APP_PORT:-5201}

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (2)
ballerine_install.sh (2)

1-5: Enhance script initialization with additional safety flags

Add set -u to catch undefined variables and consider adding a script description.

 #!/bin/bash

-set -e
+set -eu
+
+# Ballerine Installation Script
+# Version: 1.0
+# Description: Automates the deployment of Ballerine services
 
 echo "Running as: $(id)"

132-155: Extract hardcoded URLs as constants

Hardcoded URLs should be defined as constants at the beginning of the script for better maintainability.

 #!/bin/bash
+
+# Default service URLs
+readonly DEFAULT_WORKFLOW_SERVICE_URL="http://localhost:3000"
+readonly DEFAULT_BACKOFFICE_URL="http://localhost:5137"
+readonly DEFAULT_WORKFLOW_DASHBOARD_URL="http://localhost:5200"
+readonly DEFAULT_KYB_URL="http://localhost:5201"
 
 update_docker_compose(){
     echo "Updating Docker Compose..."
     WORKFLOW_SERVICE_DOMAIN=$1
     read -p "Enter the backoffice domain: " BACKOFFICE_DOMAIN
-    check_http_https $BACKOFFICE_DOMAIN
+    validate_domain_url "$BACKOFFICE_DOMAIN"
     read -p "Enter the workflow dashboard domain: " WORKFLOW_DASHBOARD_DOMAIN
-    check_http_https $WORKFLOW_DASHBOARD_DOMAIN
+    validate_domain_url "$WORKFLOW_DASHBOARD_DOMAIN"
     read -p "Enter the kyb domain: " KYB_DOMAIN
-    check_http_https $KYB_DOMAIN
+    validate_domain_url "$KYB_DOMAIN"
     
     for i in $env_files; do
         echo "Updating env variables for KYB in $i"
-        sed -i '' "s|http://localhost:5201|$KYB_DOMAIN|g" $i
+        sed -i '' "s|$DEFAULT_KYB_URL|$KYB_DOMAIN|g" $i
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 59477bc and 0ad21b5.

📒 Files selected for processing (1)
  • ballerine_install.sh (1 hunks)
🧰 Additional context used
🪛 Shellcheck (0.10.0)
ballerine_install.sh

[warning] 208-208: VERBOSE appears unused. Verify use (or export if used externally).

(SC2034)

🔇 Additional comments (2)
ballerine_install.sh (2)

84-112: Script must exit on unsupported operating systems

The script continues execution after detecting unsupported operating systems, which could lead to failures.


115-127: Make sed commands compatible across platforms

Comment on lines 59 to 89
install_docker_ubuntu(){
echo "Installing docker..."
# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
}


install_docker_macos(){
echo "Install docker using the following docs"
echo "https://docs.docker.com/desktop/setup/install/mac-install/"
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Enhance Docker installation security and functionality

The Docker installation functions need improvements in security and functionality:

  1. Add GPG key verification
  2. Pin Docker package versions
  3. Implement actual macOS installation
 install_docker_ubuntu(){
     echo "Installing docker..."
+    
+    # Verify Docker's GPG key
+    DOCKER_GPG_FINGERPRINT="9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
+    
     # Add Docker's official GPG key:
     sudo apt-get update
     sudo apt-get install ca-certificates curl
     sudo install -m 0755 -d /etc/apt/keyrings
     sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+    
+    # Verify fingerprint
+    if ! gpg --dry-run --quiet --import --import-options import-show /etc/apt/keyrings/docker.asc | grep -q "$DOCKER_GPG_FINGERPRINT"; then
+        echo "Error: Docker GPG key verification failed"
+        exit 1
+    fi
+    
     sudo chmod a+r /etc/apt/keyrings/docker.asc

     # Add the repository to Apt sources:
     echo \
     "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
     $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
     sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
     sudo apt-get update
-    sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+    # Pin specific versions for reproducibility
+    sudo apt-get install \
+        docker-ce=5:24.0.0-1~ubuntu.22.04~jammy \
+        docker-ce-cli=5:24.0.0-1~ubuntu.22.04~jammy \
+        containerd.io=1.6.27-1 \
+        docker-buildx-plugin=0.12.0-1~ubuntu.22.04~jammy \
+        docker-compose-plugin=2.24.0-1~ubuntu.22.04~jammy
 }

 install_docker_macos(){
-    echo "Install docker using the following docs"
-    echo "https://docs.docker.com/desktop/setup/install/mac-install/"
+    echo "Installing Docker Desktop for macOS..."
+    
+    # Check if Homebrew is installed
+    if ! command -v brew >/dev/null 2>&1; then
+        echo "Error: Homebrew is required but not installed"
+        echo "Install from https://brew.sh"
+        exit 1
+    fi
+    
+    # Install Docker Desktop
+    if ! brew install --cask docker; then
+        echo "Error: Failed to install Docker Desktop"
+        exit 1
+    fi
+    
+    echo "Docker Desktop installed. Please start Docker Desktop from Applications"
 }

Committable suggestion skipped: line range outside the PR's diff.

Comment on lines +187 to +233
# Parse arguments
while [[ $# -gt 0 ]]; do
case "$1" in
-h|--help)
show_help
exit 0
;;
-d|--domain)
if [ -n "$2" ]; then
VITE_DOMAIN_NAME="$2"
echo "VITE DOMAIN: $VITE_DOMAIN_NAME"
check_http_https $VITE_DOMAIN_NAME
update_frontend_build_variables $VITE_DOMAIN_NAME
update_docker_compose $VITE_DOMAIN_NAME
shift 2
else
echo "Error: --domain requires a domain name."
exit 1
fi
;;
-v|--verbose)
VERBOSE=true
echo "Verbose mode enabled."
shift
;;
*)
echo "Unknown option: $1"
echo "Use -h or --help for usage information."
exit 1
;;
esac
done
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Address unused VERBOSE flag and improve argument validation

The VERBOSE flag is set but never used, and domain validation should happen before assignment.

+# Logging function
+log_verbose() {
+    if [ "${VERBOSE:-false}" = true ]; then
+        echo "[DEBUG] $*"
+    fi
+}
+
 while [[ $# -gt 0 ]]; do
     case "$1" in
         -d|--domain)
             if [ -n "$2" ]; then
+                # Validate domain before assignment
+                if ! validate_domain_url "$2"; then
+                    exit 1
+                fi
                 VITE_DOMAIN_NAME="$2"
-                echo "VITE DOMAIN: $VITE_DOMAIN_NAME"
-                check_http_https $VITE_DOMAIN_NAME
+                log_verbose "VITE DOMAIN: $VITE_DOMAIN_NAME"
                 update_frontend_build_variables $VITE_DOMAIN_NAME
                 update_docker_compose $VITE_DOMAIN_NAME
                 shift 2

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools
🪛 Shellcheck (0.10.0)

[warning] 208-208: VERBOSE appears unused. Verify use (or export if used externally).

(SC2034)

Comment on lines 37 to 59
deploy_ballerine() {
local input=$1
echo "checking domain if suitable $input"
if [[ $input == *http://* && $input != *https://* ]]; then
cd deploy; sudo docker-compose -f docker-compose-build.yml up -d
elif [[ $input == *https://* && $input != *http://* ]]; then
cd deploy; sudo docker-compose -f docker-compose-build-https.yml up -d
elif [[ $input == *http://* && $input == *https://* ]]; then
echo "The string contains both 'http' and 'https'."
exit 1;
else
echo "The string contains neither 'http' nor 'https'."
exit 1;
fi
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Critical: Refactor deployment function to improve security and reliability

The function has several issues that need to be addressed:

  1. Duplicates domain validation logic
  2. Uses sudo without checking permissions
  3. Lacks error handling for docker-compose
 deploy_ballerine() {
     local input=$1
-    echo "checking domain if suitable $input"
-    if [[ $input == *http://* && $input != *https://* ]]; then
-        cd deploy; sudo docker-compose -f docker-compose-build.yml up -d
-    elif [[ $input == *https://* && $input != *http://* ]]; then
-        cd deploy; sudo docker-compose -f docker-compose-build-https.yml up -d
-    elif [[ $input == *http://* && $input == *https://* ]]; then
-        echo "The string contains both 'http' and 'https'."
-        exit 1;
-    else
-        echo "The string contains neither 'http' nor 'https'."
-        exit 1;
-    fi
+    
+    # Check if script is run with sudo
+    if [ "$EUID" -ne 0 ]; then
+        echo "Error: This script must be run with sudo privileges"
+        exit 1
+    fi
+    
+    # Reuse existing domain validation
+    validate_domain_url "$input"
+    
+    # Select compose file based on protocol
+    local compose_file
+    if [[ $input == *https://* ]]; then
+        compose_file="docker-compose-build-https.yml"
+    else
+        compose_file="docker-compose-build.yml"
+    fi
+    
+    # Deploy with error handling
+    cd deploy || exit 1
+    if ! docker-compose -f "$compose_file" up -d; then
+        echo "Error: Failed to deploy Ballerine services"
+        exit 1
+    fi
 }

Committable suggestion skipped: line range outside the PR's diff.

Comment on lines 158 to 199
create_caddy_file(){
echo "Creating Caddy file..."
BACKOFFICE_DOMAIN=$1
WORKFLOW_DASHBOARD_DOMAIN=$2
KYB_DOMAIN=$3
WORKFLOW_SERVICE_DOMAIN=$4
mkdir -p "$PWD/deploy/caddy"
output_file="$PWD/deploy/caddy/Caddyfile"
cat <<EOF > "$output_file"
$BACKOFFICE_DOMAIN {
reverse_proxy backoffice:80
}

$WORKFLOW_SERVICE_DOMAIN {
reverse_proxy workflow-service:3000
}

install_docker
$KYB_DOMAIN {
reverse_proxy kyb-app:80
}

if [[ ! -z "${WORKFLOW_SERVICE_DOMAIN_NAME}" ]]; then
### Update frontend build variables only if domain_name is given
update_frontend_build_variables
update_env_docker_compose
fi
$WORKFLOW_DASHBOARD_DOMAIN {
reverse_proxy workflows-dashboard:80
}
EOF

}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add error handling and backup for Caddy configuration

The function should backup existing configuration and validate file creation.

 create_caddy_file(){
     echo "Creating Caddy file..."
     BACKOFFICE_DOMAIN=$1
     WORKFLOW_DASHBOARD_DOMAIN=$2
     KYB_DOMAIN=$3
     WORKFLOW_SERVICE_DOMAIN=$4
     
-    mkdir -p "$PWD/deploy/caddy"
+    local caddy_dir="$PWD/deploy/caddy"
+    local output_file="$caddy_dir/Caddyfile"
+    
+    # Create directory with error handling
+    if ! mkdir -p "$caddy_dir"; then
+        echo "Error: Failed to create Caddy directory"
+        exit 1
+    fi
+    
+    # Backup existing configuration
+    if [ -f "$output_file" ]; then
+        if ! cp "$output_file" "${output_file}.backup"; then
+            echo "Error: Failed to backup existing Caddy configuration"
+            exit 1
+        fi
+    fi
     
-    output_file="$PWD/deploy/caddy/Caddyfile"
     cat <<EOF > "$output_file"
 $BACKOFFICE_DOMAIN {
   reverse_proxy backoffice:80
 }
 # ... rest of the configuration ...
 EOF
+    
+    # Verify file creation
+    if [ ! -f "$output_file" ]; then
+        echo "Error: Failed to create Caddy configuration file"
+        exit 1
+    fi
+    
+    echo "Successfully created Caddy configuration at $output_file"
 }

Committable suggestion skipped: line range outside the PR's diff.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)
ballerine_install.sh (1)

7-18: Enhance help message with default values and requirements

The help message is clear but could be more informative by including:

  • Default values when no arguments are provided
  • Requirements for domain URLs (http/https)
  • Examples with actual protocol prefixes
 show_help() {
     echo "Usage: $0 [OPTIONS]"
     echo ""
     echo "Options:"
     echo "  -h, --help       Display this help message."
-    echo "  -d, --domain     vite_domain  Vite Domain URL."
+    echo "  -d, --domain     vite_domain  Vite Domain URL (must start with http:// or https://)."
     echo "  -v, --verbose    Enable verbose output."
     echo ""
+    echo "Defaults:"
+    echo "  When no arguments are provided, all domains default to localhost"
     echo "Examples:"
-    echo "  $0 --domain example.com"
+    echo "  $0 --domain http://example.com"
+    echo "  $0 --domain https://example.com"
     echo "  $0 -v"
 }
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 0ad21b5 and d7d099c.

📒 Files selected for processing (1)
  • ballerine_install.sh (1 hunks)
🧰 Additional context used
🪛 Shellcheck (0.10.0)
ballerine_install.sh

[warning] 215-215: VERBOSE appears unused. Verify use (or export if used externally).

(SC2034)

🔇 Additional comments (8)
ballerine_install.sh (8)

84-114: LGTM: OS detection function improvements

The function now properly handles error cases and exits when appropriate, addressing previous review comments.


128-132: LGTM: Platform-specific sed command handling

The functions now properly handle sed command differences between macOS and Linux.

Also applies to: 152-160


21-35: ⚠️ Potential issue

Improve domain validation with proper URL format checks

The current validation only checks for protocol presence but doesn't validate the URL format.

This issue was previously identified. Please implement the suggested improvements from the previous review comment that includes:

  1. Better URL format validation using regex
  2. More informative error messages
  3. Clear warning for non-secure HTTP protocol

37-51: ⚠️ Potential issue

Critical: Improve deployment function security and reliability

The function has several critical issues that need to be addressed:

  1. Unsafe directory change without verification
  2. No error handling for docker-compose commands
  3. Duplicated domain validation logic

This issue was previously identified. Please implement the suggested improvements from the previous review comment that includes:

  1. Directory existence verification
  2. Error handling for docker-compose commands
  3. Reuse of existing domain validation

59-81: ⚠️ Potential issue

Enhance Docker installation security and functionality

The Docker installation functions need improvements in security and functionality.

This issue was previously identified. Please implement the suggested improvements from the previous review comment that includes:

  1. GPG key verification
  2. Docker package version pinning
  3. Actual macOS installation implementation

165-191: ⚠️ Potential issue

Improve Caddy configuration reliability

The function needs better error handling and backup functionality.

This issue was previously identified. Please implement the suggested improvements from the previous review comment that includes:

  1. Configuration backup
  2. Directory creation error handling
  3. File creation verification

227-229: ⚠️ Potential issue

Add domain validation before deployment

The script should validate VITE_DOMAIN_NAME before deployment.

This issue was previously identified. Please implement the suggested improvements from the previous review comment that includes domain validation before deployment.


214-217: ⚠️ Potential issue

Address unused VERBOSE flag

The VERBOSE flag is set but never used in the script.

Either implement the verbose logging functionality or remove the unused flag:

-        -v|--verbose)
-            VERBOSE=true
-            echo "Verbose mode enabled."
-            shift
-            ;;

If keeping the verbose mode, implement it using a logging function as suggested in previous review comments.

Likely invalid or redundant comment.

🧰 Tools
🪛 Shellcheck (0.10.0)

[warning] 215-215: VERBOSE appears unused. Verify use (or export if used externally).

(SC2034)

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🧹 Outside diff range and nitpick comments (2)
ballerine_install.sh (2)

6-18: Enhance help message with more details

The help message could be more informative by including:

  • Default values (e.g., "localhost")
  • Examples for all available options including verbose mode
  • Prerequisites (e.g., sudo access requirement)
 show_help() {
     echo "Usage: $0 [OPTIONS]"
     echo ""
     echo "Options:"
     echo "  -h, --help       Display this help message."
     echo "  -d, --domain     vite_domain  Vite Domain URL."
     echo "  -v, --verbose    Enable verbose output."
     echo ""
+    echo "Prerequisites:"
+    echo "  - Requires sudo access for Docker operations"
+    echo ""
+    echo "Defaults:"
+    echo "  - If no domain is provided, 'localhost' will be used"
+    echo ""
     echo "Examples:"
     echo "  $0 --domain example.com"
-    echo "  $0 -v"
+    echo "  $0 --domain https://example.com -v"
+    echo "  $0 --verbose"
 }

173-197: Externalize port configuration

The reverse proxy port numbers are hardcoded in the Caddy configuration. These should be configurable to support different deployment scenarios.

+# Add at the beginning of the script
+BACKOFFICE_PORT=${BACKOFFICE_PORT:-80}
+WORKFLOW_SERVICE_PORT=${WORKFLOW_SERVICE_PORT:-3000}
+KYB_PORT=${KYB_PORT:-80}
+WORKFLOW_DASHBOARD_PORT=${WORKFLOW_DASHBOARD_PORT:-80}

 create_caddy_file(){
     # ... existing code ...
     cat <<EOF > "$output_file"
 $BACKOFFICE_DOMAIN {
-  reverse_proxy backoffice:80
+  reverse_proxy backoffice:${BACKOFFICE_PORT}
 }

 $WORKFLOW_SERVICE_DOMAIN {
-  reverse_proxy workflow-service:3000
+  reverse_proxy workflow-service:${WORKFLOW_SERVICE_PORT}
 }

 $KYB_DOMAIN {
-  reverse_proxy kyb-app:80
+  reverse_proxy kyb-app:${KYB_PORT}
 }

 $WORKFLOW_DASHBOARD_DOMAIN {
-  reverse_proxy workflows-dashboard:80
+  reverse_proxy workflows-dashboard:${WORKFLOW_DASHBOARD_PORT}
 }
 EOF
 }
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between d7d099c and 849e369.

📒 Files selected for processing (1)
  • ballerine_install.sh (1 hunks)
🧰 Additional context used
🪛 Shellcheck (0.10.0)
ballerine_install.sh

[warning] 223-223: VERBOSE appears unused. Verify use (or export if used externally).

(SC2034)

Comment on lines +21 to +35
check_http_https() {
local input=$1
echo "checking domain if suitable $input"
if [[ $input == *http://* && $input != *https://* ]]; then
echo "The string contains 'http' but not 'https'."
elif [[ $input == *https://* && $input != *http://* ]]; then
echo "The string contains 'https' but not 'http'."
elif [[ $input == *http://* && $input == *https://* ]]; then
echo "The string contains both 'http' and 'https'."
exit 1;
else
echo "The string contains neither 'http' nor 'https'."
exit 1;
fi
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Eliminate code duplication in HTTP/HTTPS validation

The HTTP/HTTPS validation logic is duplicated between check_http_https and deploy_ballerine functions. This violates the DRY principle and makes maintenance harder.

Refactor to reuse the validation logic:

 check_http_https() {
     local input=$1
     echo "checking domain if suitable $input"
+    local protocol=""
     if [[ $input == *http://* && $input != *https://* ]]; then
         echo "The string contains 'http' but not 'https'."
+        protocol="http"
     elif [[ $input == *https://* && $input != *http://* ]]; then
         echo "The string contains 'https' but not 'http'."
+        protocol="https"
     elif [[ $input == *http://* && $input == *https://* ]]; then
         echo "The string contains both 'http' and 'https'."
         exit 1;
     else
         echo "The string contains neither 'http' nor 'https'."
         exit 1;
     fi
+    echo "$protocol"
 }

 deploy_ballerine() {
     local input=$1
-    echo "checking domain if suitable $input"
-    if [[ $input == *http://* && $input != *https://* ]]; then
+    local protocol
+    protocol=$(check_http_https "$input")
+    if [[ "$protocol" == "http" ]]; then
       if [[ "$OSTYPE" == "darwin"* ]]; then
         cd deploy; sudo docker-compose -f docker-compose-build.yml up -d
       else
          cd deploy; sudo docker compose -f docker-compose-build.yml up -d
       fi
-    elif [[ $input == *https://* && $input != *http://* ]]; then
+    elif [[ "$protocol" == "https" ]]; then
        if [[ "$OSTYPE" == "darwin"* ]]; then
         cd deploy; sudo docker-compose -f docker-compose-build-https.yml up -d
        else
         cd deploy; sudo docker compose -f docker-compose-build-https.yml up -d
        fi
-    elif [[ $input == *http://* && $input == *https://* ]]; then
-        echo "The string contains both 'http' and 'https'."
-        exit 1;
     else
-        echo "The string contains neither 'http' nor 'https'."
         cd deploy; sudo docker-compose -f docker-compose-build.yml up -d
     fi
 }

Also applies to: 37-59

echo "checking domain if suitable $input"
if [[ $input == *http://* && $input != *https://* ]]; then
if [[ "$OSTYPE" == "darwin"* ]]; then
cd deploy; sudo docker-compose -f docker-compose-build.yml up -d
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Add safety checks for directory operations

The cd commands lack error handling and directory existence verification, which could lead to script failures.

-      cd deploy; sudo docker-compose -f docker-compose-build.yml up -d
+      if [ ! -d "deploy" ]; then
+          echo "Error: deploy directory not found"
+          exit 1
+      fi
+      cd deploy || exit 1
+      sudo docker-compose -f docker-compose-build.yml up -d

Also applies to: 44-44, 48-48, 50-50, 57-57

Comment on lines 132 to +140
echo $env_files
for i in $env_files;
do
echo "Updating env variables of $i"
sed -i "s/localhost/${WORKFLOW_SERVICE_DOMAIN_NAME}/g" $i
if [[ "$OSTYPE" == "darwin"* ]]; then
sed -i '' "s|http://localhost:3000|$VITE_DOMAIN_NAME|g" $i
else
sed -i "s|http://localhost:3000|$VITE_DOMAIN_NAME|g" $i
fi
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Add error handling for file operations

The find commands lack error handling, and the script continues even if no files are found.

-    env_files=$(find ./apps -name "*.env.example")
-    echo $env_files
+    env_files=$(find ./apps -name "*.env.example") || {
+        echo "Error: Failed to search for env files"
+        exit 1
+    }
+    if [ -z "$env_files" ]; then
+        echo "Warning: No .env.example files found"
+        return
+    }
+    echo "Found env files: $env_files"

Also applies to: 156-168

Comment on lines +235 to +237
check_os

## Bring docker-container up
cd deploy; sudo docker-compose -f docker-compose-build.yml up -d
deploy_ballerine $VITE_DOMAIN_NAME
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add service readiness check and cleanup handling

The script should verify service readiness after deployment and handle cleanup on exit.

+check_service_readiness() {
+    local max_attempts=30
+    local attempt=1
+    echo "Checking service readiness..."
+    while [ $attempt -le $max_attempts ]; do
+        if curl -s -f "$VITE_DOMAIN_NAME" >/dev/null; then
+            echo "Services are ready!"
+            return 0
+        fi
+        echo "Attempt $attempt/$max_attempts: Services not ready yet..."
+        sleep 10
+        attempt=$((attempt + 1))
+    done
+    echo "Error: Services failed to become ready"
+    return 1
+}
+
+cleanup() {
+    if [ -d "deploy" ]; then
+        cd deploy || exit 1
+        echo "Cleaning up containers..."
+        sudo docker-compose down 2>/dev/null || true
+    fi
+}
+
+# Set up trap for cleanup
+trap cleanup EXIT
+
 check_os
 deploy_ballerine $VITE_DOMAIN_NAME
+check_service_readiness || exit 1
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
check_os
## Bring docker-container up
cd deploy; sudo docker-compose -f docker-compose-build.yml up -d
deploy_ballerine $VITE_DOMAIN_NAME
check_service_readiness() {
local max_attempts=30
local attempt=1
echo "Checking service readiness..."
while [ $attempt -le $max_attempts ]; do
if curl -s -f "$VITE_DOMAIN_NAME" >/dev/null; then
echo "Services are ready!"
return 0
fi
echo "Attempt $attempt/$max_attempts: Services not ready yet..."
sleep 10
attempt=$((attempt + 1))
done
echo "Error: Services failed to become ready"
return 1
}
cleanup() {
if [ -d "deploy" ]; then
cd deploy || exit 1
echo "Cleaning up containers..."
sudo docker-compose down 2>/dev/null || true
fi
}
# Set up trap for cleanup
trap cleanup EXIT
check_os
deploy_ballerine $VITE_DOMAIN_NAME
check_service_readiness || exit 1

Comment on lines +92 to +122
check_os() {
# Get the operating system name
uname_out="$(uname -s)"

function update_frontend_build_variables() {
case "${uname_out}" in
Linux*)
# Check if the Linux distro is Ubuntu
if [ -f /etc/os-release ]; then
. /etc/os-release
if [[ $ID == "ubuntu" ]]; then
echo "The host is running Ubuntu."
install_docker_ubuntu
else
echo "The host is running a Linux distribution but not Ubuntu."
echo "We do not support this Linux distribution"
exit 1
fi
else
echo "The host is running Linux but /etc/os-release is not available."
fi
;;
Darwin*)
echo "The host is running macOS."
install_docker_macos
;;
*)
echo "The operating system is not recognized."
exit 1
;;
esac
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Verify Docker installation success

The script should verify that Docker was successfully installed and is running.

 check_os() {
+    verify_docker() {
+        if ! command -v docker >/dev/null 2>&1; then
+            echo "Error: Docker installation failed"
+            exit 1
+        fi
+        if ! docker info >/dev/null 2>&1; then
+            echo "Error: Docker daemon is not running"
+            exit 1
+        fi
+    }
+
     # Get the operating system name
     uname_out="$(uname -s)"
     case "${uname_out}" in
         Linux*)
             if [ -f /etc/os-release ]; then
                 . /etc/os-release
                 if [[ $ID == "ubuntu" ]]; then
                     echo "The host is running Ubuntu."
                     install_docker_ubuntu
+                    verify_docker
                 else
                     echo "The host is running a Linux distribution but not Ubuntu."
                     echo "We do not support this Linux distribution"
                     exit 1
                 fi
             else
                 echo "The host is running Linux but /etc/os-release is not available."
             fi
             ;;
         Darwin*)
             echo "The host is running macOS."
             install_docker_macos
+            verify_docker
             ;;
         *)
             echo "The operating system is not recognized."
             exit 1
             ;;
     esac
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
check_os() {
# Get the operating system name
uname_out="$(uname -s)"
function update_frontend_build_variables() {
case "${uname_out}" in
Linux*)
# Check if the Linux distro is Ubuntu
if [ -f /etc/os-release ]; then
. /etc/os-release
if [[ $ID == "ubuntu" ]]; then
echo "The host is running Ubuntu."
install_docker_ubuntu
else
echo "The host is running a Linux distribution but not Ubuntu."
echo "We do not support this Linux distribution"
exit 1
fi
else
echo "The host is running Linux but /etc/os-release is not available."
fi
;;
Darwin*)
echo "The host is running macOS."
install_docker_macos
;;
*)
echo "The operating system is not recognized."
exit 1
;;
esac
}
check_os() {
verify_docker() {
if ! command -v docker >/dev/null 2>&1; then
echo "Error: Docker installation failed"
exit 1
fi
if ! docker info >/dev/null 2>&1; then
echo "Error: Docker daemon is not running"
exit 1
fi
}
# Get the operating system name
uname_out="$(uname -s)"
case "${uname_out}" in
Linux*)
if [ -f /etc/os-release ]; then
. /etc/os-release
if [[ $ID == "ubuntu" ]]; then
echo "The host is running Ubuntu."
install_docker_ubuntu
verify_docker
else
echo "The host is running a Linux distribution but not Ubuntu."
echo "We do not support this Linux distribution"
exit 1
fi
else
echo "The host is running Linux but /etc/os-release is not available."
fi
;;
Darwin*)
echo "The host is running macOS."
install_docker_macos
verify_docker
;;
*)
echo "The operating system is not recognized."
exit 1
;;
esac
}

@pratapalakshmi pratapalakshmi changed the title chore[wip]: automate ballerine deployment chore: automate ballerine deployment Dec 8, 2024
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (2)
deploy/docker-compose-build-https.yml (2)

26-26: ⚠️ Potential issue

Maintain deployment flexibility with environment variables

The hardcoded localhost URLs reduce deployment flexibility and may cause issues in different environments.

Consider reverting to environment variable interpolation:

-      VITE_API_URL: 'http://localhost:3000/api/v1/'
+      VITE_API_URL: 'http://${DOMAIN_NAME:-localhost:3000}/api/v1/'
-      BACKOFFICE_CORS_ORIGIN: http://localhost:5137
-      WORKFLOW_DASHBOARD_CORS_ORIGIN: http://localhost:5200
-      KYB_EXAMPLE_CORS_ORIGIN: http://localhost:5201
+      BACKOFFICE_CORS_ORIGIN: http://${DOMAIN_NAME:-localhost}:${BACKOFFICE_PORT:-5137}
+      WORKFLOW_DASHBOARD_CORS_ORIGIN: http://${DOMAIN_NAME:-localhost}:${WORKFLOW_DASHBOARD_PORT:-5200}
+      KYB_EXAMPLE_CORS_ORIGIN: http://${DOMAIN_NAME:-localhost}:${KYB_APP_PORT:-5201}

Also applies to: 53-56


101-101: ⚠️ Potential issue

Fix duplicate restart policy in caddy service

The caddy service has conflicting restart policies which is invalid YAML.

Choose one restart policy:

  caddy:
    image: caddy:latest
    restart: unless-stopped
    container_name: caddy
    ports:
      - 80:80
      - 443:443
    volumes:
      - "../deploy/caddy/Caddyfile:/etc/caddy/Caddyfile"
      - "../deploy/./caddy/site:/srv"
      - "../deploy/caddy/caddy_data:/data"
      - "../deploy/caddy/caddy_config:/config"
-    restart: on-failure

Also applies to: 114-114

🧹 Nitpick comments (2)
deploy/docker-compose-build-https.yml (2)

31-32: Consider using versioned images for production deployments

While building from source is great for development, consider using versioned images from a container registry for production deployments to ensure consistency and faster deployments.

-    build:
-      context: ../services/workflows-service/
+    image: ghcr.io/ballerine-io/workflows-service:${VERSION:-latest}

Line range hint 41-65: Enhance security for sensitive environment variables

Consider these security improvements:

  1. Use Docker secrets or external secret management for sensitive data
  2. Avoid exposing API tokens and secrets directly in environment variables
  3. Consider adding validation for required environment variables

Example for using Docker secrets:

secrets:
  api_key:
    file: ./secrets/api_key.txt
  unified_api_token:
    file: ./secrets/unified_api_token.txt

services:
  ballerine-workflow-service:
    secrets:
      - api_key
      - unified_api_token
    environment:
      API_KEY_FILE: /run/secrets/api_key
      UNIFIED_API_TOKEN_FILE: /run/secrets/unified_api_token
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 849e369 and 496be43.

📒 Files selected for processing (3)
  • ballerine_install.sh (1 hunks)
  • deploy/docker-compose-build-https.yml (4 hunks)
  • deploy/docker-compose-build.yml (3 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • deploy/docker-compose-build.yml
🧰 Additional context used
🪛 Shellcheck (0.10.0)
ballerine_install.sh

[warning] 223-223: VERBOSE appears unused. Verify use (or export if used externally).

(SC2034)

🪛 yamllint (1.35.1)
deploy/docker-compose-build-https.yml

[error] 114-114: duplication of key "restart" in mapping

(key-duplicates)

🔇 Additional comments (8)
ballerine_install.sh (8)

7-18: LGTM!

The help function is well-structured and provides clear usage instructions.


21-35: Eliminate code duplication in HTTP/HTTPS validation

The HTTP/HTTPS validation logic is duplicated between check_http_https and deploy_ballerine functions. This violates the DRY principle and makes maintenance harder.

Refactor to reuse the validation logic:

 check_http_https() {
     local input=$1
     echo "checking domain if suitable $input"
+    local protocol=""
     if [[ $input == *http://* && $input != *https://* ]]; then
         echo "The string contains 'http' but not 'https'."
+        protocol="http"
     elif [[ $input == *https://* && $input != *http://* ]]; then
         echo "The string contains 'https' but not 'http'."
+        protocol="https"
     elif [[ $input == *http://* && $input == *https://* ]]; then
         echo "The string contains both 'http' and 'https'."
         exit 1;
     else
         echo "The string contains neither 'http' nor 'https'."
         exit 1;
     fi
+    echo "$protocol"
 }

Also applies to: 37-59


67-89: Enhance Docker installation security and functionality

The Docker installation functions need improvements in security and functionality:

  1. Add GPG key verification
  2. Pin Docker package versions
  3. Implement actual macOS installation

92-122: Verify Docker installation success

The script should verify that Docker was successfully installed and is running.


132-140: Add error handling for file operations

The find commands lack error handling, and the script continues even if no files are found.

-    env_files=$(find ./apps -name "*.env.example")
-    echo $env_files
+    env_files=$(find ./apps -name "*.env.example") || {
+        echo "Error: Failed to search for env files"
+        exit 1
+    }
+    if [ -z "$env_files" ]; then
+        echo "Warning: No .env.example files found"
+        return
+    }
+    echo "Found env files: $env_files"

173-199: Add error handling and backup for Caddy configuration

The function should backup existing configuration and validate file creation.


235-237: Add service readiness check and cleanup handling

The script should verify service readiness after deployment and handle cleanup on exit.


223-223: ⚠️ Potential issue

Address unused VERBOSE flag

The VERBOSE flag is set but never used. Consider implementing a logging function to utilize this flag.

+# Logging function
+log_verbose() {
+    if [ "${VERBOSE:-false}" = true ]; then
+        echo "[DEBUG] $*"
+    fi
+}

-echo "VITE DOMAIN: $VITE_DOMAIN_NAME"
+log_verbose "VITE DOMAIN: $VITE_DOMAIN_NAME"

Likely invalid or redundant comment.

🧰 Tools
🪛 Shellcheck (0.10.0)

[warning] 223-223: VERBOSE appears unused. Verify use (or export if used externally).

(SC2034)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants