fix(docker-compose-light): revert/light-compose and fix init scripts (examples & cy…#38492
fix(docker-compose-light): revert/light-compose and fix init scripts (examples & cy…#38492bschreder wants to merge 1 commit intoapache:masterfrom
Conversation
…press init) - restore expected EXAMPLES env usage in docker-compose-light.yml - ensure psql uses -d "" in cypress-init.sh and examples-init.sh
Code Review Agent Run #77a788Actionable Suggestions - 0Review Details
Bito Usage GuideCommands Type the following command in the pull request comment and save the comment.
Refer to the documentation for additional commands. Configuration This repository uses Documentation & Help AI Code Review powered by |
codeant-ai-for-open-source
bot
added
the
size:XS
![codeant-ai-for-open-source[bot]](https://avatars.githubusercontent.com/u/151810221?s=60&v=4){kind=small}
| set -e | ||
|
|
||
| psql -v ON_ERROR_STOP=1 --username "${POSTGRES_USER}" <<-EOSQL | ||
| psql -v ON_ERROR_STOP=1 --username "${POSTGRES_USER}" -d "${POSTGRES_DB}" <<-EOSQL |
There was a problem hiding this comment.
Suggestion: Environment variables for database user, password, and name are interpolated directly into SQL without proper quoting/escaping, so if they contain quotes or special characters the SQL will break or could be leveraged for SQL injection; instead, escape dangerous characters in the shell and use quoted identifiers/strings in the SQL. [security]
Severity Level: Major ⚠️
- ❌ Examples database initialization fails with quoted EXAMPLES_* values.
- ⚠️ Docker-compose-light demo may start without examples database.
- ⚠️ SQL injection risk if environment variables externally controlled.There was a problem hiding this comment.
Pull request overview
This PR fixes docker-compose-light example DB initialization by restoring the expected EXAMPLES_* environment wiring and ensuring Postgres init scripts connect to an explicit database during bootstrap.
Changes:
- Update Postgres init scripts to run
psqlagainstPOSTGRES_DBto avoid default-DB connection failures. - Override
EXAMPLES_HOST/EXAMPLES_DBindocker-compose-light.ymlso examples loading targetsdb-light. - Publish the
db-lightPostgres port to the host (parameterized viaDATABASE_PORT).
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| docker/docker-entrypoint-initdb.d/examples-init.sh | Connect psql to POSTGRES_DB so user/db creation runs reliably in light compose. |
| docker/docker-entrypoint-initdb.d/cypress-init.sh | Connect psql to POSTGRES_DB so cypress DB creation runs reliably in light compose. |
| docker-compose-light.yml | Fix examples DB host/db env overrides; add host port publishing for db-light. |
| image: postgres:17 | ||
| restart: unless-stopped | ||
| ports: | ||
| - "${DATABASE_PORT:-5432}:5432" # Parameterized port, accessible on all interfaces |
There was a problem hiding this comment.
db-light now publishes Postgres on all interfaces (no 127.0.0.1 bind). This is inconsistent with docker-compose.yml (which binds 127.0.0.1:${DATABASE_PORT:-5432}:5432) and can unintentionally expose the database when running on a shared/remote host. Consider binding to localhost (or making the bind address configurable) to keep the default safer.
| - "${DATABASE_PORT:-5432}:5432" # Parameterized port, accessible on all interfaces | |
| - "${DATABASE_BIND_ADDRESS:-127.0.0.1}:${DATABASE_PORT:-5432}:5432" # Bind Postgres to localhost by default |
| image: postgres:17 | ||
| restart: unless-stopped | ||
| ports: | ||
| - "${DATABASE_PORT:-5432}:5432" # Parameterized port, accessible on all interfaces |
There was a problem hiding this comment.
Publishing the DB port using ${DATABASE_PORT} is potentially misleading here because DATABASE_PORT is also used by Superset to build its in-network SQLAlchemy URI (where db-light is still reachable on container port 5432 regardless of the published host port). If someone changes DATABASE_PORT to avoid a host port collision, Superset will likely try connecting to db-light:${DATABASE_PORT} and fail. Consider using a separate variable for the published host port (or hardcoding :5432 for container-to-container traffic and only parameterizing the host side).
| - "${DATABASE_PORT:-5432}:5432" # Parameterized port, accessible on all interfaces | |
| - "${HOST_DATABASE_PORT:-5432}:5432" # Host-published port; container always listens on 5432 |
User description
…press init)
SUMMARY
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
TESTING INSTRUCTIONS
ADDITIONAL INFORMATION
Fixes #38491
CodeAnt-AI Description
Restore example DB init and expose light DB port in docker-compose-light
What Changed
Impact
✅ Clearer example DB initialization✅ Accessible local DB port for development✅ Reliable test/example database creation💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.