Remove home directory option

[joejstuart]

User description

Using HOME is causing issues with release service CI. So writing directly to tmp.

---

PR Type

Bug fix

---

Description

• Remove HOME directory fallback from temp file creation

• Write snapshot directly to /tmp instead of HOME

• Fixes CI issues with release service environment

---

Diagram Walkthrough

flowchart LR
  A["mktemp with HOME fallback"] -- "Remove HOME option" --> B["mktemp /tmp directly"]

Loading

File Walkthrough

	Relevant files
Bug fix	reduce-snapshot.sh Remove HOME fallback from mktemp command                                  hack/reduce-snapshot.sh Changed mktemp command to write directly to /tmp instead of using ${HOME:-/tmp} fallback Removes conditional HOME directory logic that was causing CI issues Simplifies temp file creation for snapshot processing +1/-1

---

[qodo-code-review]

PR Compliance Guide 🔍

(Compliance updated until commit 06dfeb3)

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Insecure temp file usage Description: Creating temporary files in a shared /tmp namespace with a predictable filename pattern (mktemp /tmp/snapshot.XXXXXX) can still expose the path to other users and, if elsewhere the path is reused insecurely, may enable symlink or race attacks; prefer mktemp -t with restrictive umask or ensure the file is opened with O_EXCL semantics and permissions are validated. reduce-snapshot.sh [38-42] Referred Code WORKING_SNAPSHOT="$(mktemp /tmp/snapshot.XXXXXX)" if [[ -f "$SNAPSHOT" ]]; then cp "$SNAPSHOT" "$WORKING_SNAPSHOT" else printf "%s" "$SNAPSHOT" > "$WORKING_SNAPSHOT"
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Missing audit log: The change to create a temp snapshot file at /tmp lacks any logging of this critical file operation (creation/copy), making it unclear who performed the action and its outcome. Referred Code WORKING_SNAPSHOT="$(mktemp /tmp/snapshot.XXXXXX)" if [[ -f "$SNAPSHOT" ]]; then cp "$SNAPSHOT" "$WORKING_SNAPSHOT" else Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Unchecked mktemp: The mktemp result is used without checking for failure or validating path existence, and subsequent cp/printf operations do not handle errors or report context. Referred Code WORKING_SNAPSHOT="$(mktemp /tmp/snapshot.XXXXXX)" if [[ -f "$SNAPSHOT" ]]; then cp "$SNAPSHOT" "$WORKING_SNAPSHOT" else printf "%s" "$SNAPSHOT" > "$WORKING_SNAPSHOT" Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Temp file security: Writing directly to /tmp with a predictable prefix may increase risk on multi-user systems; no checks on permissions/umask or mktemp failure are present. Referred Code WORKING_SNAPSHOT="$(mktemp /tmp/snapshot.XXXXXX)" if [[ -f "$SNAPSHOT" ]]; then cp "$SNAPSHOT" "$WORKING_SNAPSHOT" else printf "%s" "$SNAPSHOT" > "$WORKING_SNAPSHOT" Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

---

Previous compliance checks

Compliance check up to commit 06dfeb3

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Missing audit logs: The change to create a temp working snapshot at /tmp does not include any logging of this critical file operation (creation/copy) with user, timestamp, action, and outcome. Referred Code WORKING_SNAPSHOT="$(mktemp /tmp/snapshot.XXXXXX)" if [[ -f "$SNAPSHOT" ]]; then cp "$SNAPSHOT" "$WORKING_SNAPSHOT" else printf "%s" "$SNAPSHOT" > "$WORKING_SNAPSHOT" Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Unhandled failures: The new temp file creation and copy/write operations lack explicit error handling or checks for mktemp/cp/printf failures, which can lead to silent failures. Referred Code WORKING_SNAPSHOT="$(mktemp /tmp/snapshot.XXXXXX)" if [[ -f "$SNAPSHOT" ]]; then cp "$SNAPSHOT" "$WORKING_SNAPSHOT" else printf "%s" "$SNAPSHOT" > "$WORKING_SNAPSHOT" Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Input not validated: The script uses variables like SNAPSHOT without validating path safety or existence when copying to the temp file, which may present edge-case or injection risks if externally influenced. Referred Code if [[ -f "$SNAPSHOT" ]]; then cp "$SNAPSHOT" "$WORKING_SNAPSHOT" else printf "%s" "$SNAPSHOT" > "$WORKING_SNAPSHOT" Learn more about managing compliance generic rules or creating your own custom rules

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Create temporary file in standard location Improve script portability by allowing mktemp to use the standard temporary directory location (respecting the $TMPDIR environment variable) instead of hardcoding /tmp. hack/reduce-snapshot.sh [38] -WORKING_SNAPSHOT="$(mktemp /tmp/snapshot.XXXXXX)" +WORKING_SNAPSHOT="$(mktemp snapshot.XXXXXX)" Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies that hardcoding /tmp is less portable and proposes a better practice by letting mktemp use the standard $TMPDIR variable.	Low
More

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
generative	69.00% <ø> (ø)
integration	69.00% <ø> (ø)
unit	69.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.