fix: SWA env file restore, build-arg quoting, Docker rollback cd_prefix, dead if-True#1
Open
thor-guardrail wants to merge 1 commit into
Conversation
…ix, dead if-True Four bugs fixed: 1. providers/azure/swa.py: .env.production.local was deleted before build but never restored in the finally block. Now backs up the file and restores it (along with restoring/removing .env.production correctly when it didn't previously exist). 2. providers/azure/container.py + builders/docker.py: _build_args_str() emitted --build-arg KEY=VALUE without quoting values, causing build failures when values contain spaces or shell metacharacters. Now uses shlex.quote(). 3. cli.py: _check_access() had a bare 'if True:' guard around the access-granted message, which was dead code (always executed). Replaced with a direct call + explanatory comment. Behaviour is unchanged but the intent is explicit. 4. providers/docker/container.py: rollback()'s no-target path chained two docker compose commands with '&&' but the second command was missing cd_prefix, so it ran from the wrong directory on the remote host when project_dir is set.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Four distinct bugs found during code review, grouped here because they're all correctness/safety fixes.
1.
providers/azure/swa.py—.env.production.localdeleted but never restoredSeverity: Bug (data loss)
The SWA deployer backs up
.env.productionbefore overwriting it for the build, and restores it in thefinallyblock. However,.env.production.localwas also deleted (to prevent it from overriding the build env), but was never restored. This means that if a project had a.env.production.localfile, a failed or successful SWA deploy would permanently destroy it.Fix: Backup the file's contents before deleting, restore in
finally.Additionally: if
.env.productiondidn't exist before the deploy, thefinallyblock only restored it whenenv_production_backup is not None. When the file was freshly created, it would be left behind. Now cleans it up in that case too.2.
providers/azure/container.py+builders/docker.py—_build_args_str()doesn't quote valuesSeverity: Bug (silent failure)
--build-arg KEY=VALUEwas constructed without quotingVALUE. Any build arg value containing spaces,$, backticks, or other shell metacharacters would be misinterpreted by the shell (both functions useshell=True). For example,CACHE_BUST=2024-01-01T12:00:00Zis fine, but aNODE_ENV=production buildor anything with a space would silently corrupt the Docker build command.Fix:
shlex.quote()applied to each value.3.
cli.py—if True:dead code in_check_access()Severity: Code quality (dead code)
_check_access()had:This is always executed, making the guard meaningless. It was likely a placeholder during development. The behaviour (always printing an access-granted dim line) is actually reasonable as an audit trail, so the fix just removes the dead guard and adds an explanatory comment.
4.
providers/docker/container.py—rollback()missingcd_prefixon second chained commandSeverity: Bug (wrong directory)
In the no-target-revision rollback path:
When
project_diris set, thecd_prefixmoves to the right directory for the first command. But after&&, the shell is still in the original directory for the second command. Thedocker compose upruns from the wrong directory and will fail to finddocker-compose.ymlunless it happens to be in the SSH default path.Fix: Add
cd_prefixto the second command.Files changed
dds/providers/azure/swa.pydds/providers/azure/container.pydds/builders/docker.pydds/cli.pydds/providers/docker/container.py