refactor: improve code quality and reproducibility

gounthar · gounthar · commit aad83865872c · 2025-10-15T17:57:11.000+02:00
- Pin yq version to v4.44.3 with curl fallback
- Pin devcontainer features (Docker 27.0, gh CLI 2.62)
- Add shell safety flags (set -Eeuo pipefail)
- Replace hardcoded paths with git rev-parse
- Improve variable quoting throughout scripts
- Add validation checks (yq exists, gh authenticated)
- Enhance error handling in all scripts

Addresses all valid suggestions from AI reviewers (CodeRabbitAI and Gemini).
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -4,11 +4,11 @@
 
   "features": {
     "ghcr.io/devcontainers/features/docker-in-docker:2": {
-      "version": "latest",
+      "version": "27.0",
       "dockerDashComposeVersion": "v2"
     },
     "ghcr.io/devcontainers/features/github-cli:1": {
-      "version": "latest"
+      "version": "2.62"
     }
   },
 
diff --git a/.devcontainer/setup.sh b/.devcontainer/setup.sh
@@ -1,16 +1,28 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # GitHub Codespaces setup script for Jenkins Quickstart Tutorials
 # This script configures the Codespace environment and prepares Jenkins URL configuration
 
-set -e  # Exit on error
+set -Eeuo pipefail  # Exit on error, undefined variables, pipe failures
 
 echo "================================"
 echo "Setting up Jenkins Tutorials Environment"
 echo "================================"
 
 # Install yq (YAML processor) - required for JCasc configuration
 echo "📦 Installing yq YAML processor..."
-sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
+YQ_VERSION="${YQ_VERSION:-v4.44.3}"
+YQ_URL="https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64"
+
+# Try wget first, fall back to curl if unavailable
+if command -v wget &> /dev/null; then
+    sudo wget -qO /usr/local/bin/yq "${YQ_URL}"
+elif command -v curl &> /dev/null; then
+    sudo curl -fsSL -o /usr/local/bin/yq "${YQ_URL}"
+else
+    echo "❌ Error: Neither wget nor curl found. Cannot download yq."
+    exit 1
+fi
+
 sudo chmod a+x /usr/local/bin/yq
 yq --version
 
@@ -65,36 +77,45 @@ To build locally:
 WELCOME_EOF
 
 # Add Jenkins URL based on environment
-if [ -n "$CODESPACE_NAME" ] && [ -n "$GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN" ]; then
-    echo "Jenkins will be accessible at:" >> "$WELCOME_FILE"
-    echo "  https://${CODESPACE_NAME}-8080.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN}" >> "$WELCOME_FILE"
+if [ -n "${CODESPACE_NAME:-}" ] && [ -n "${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN:-}" ]; then
+    echo "Jenkins will be accessible at:" >> "${WELCOME_FILE}"
+    echo "  https://${CODESPACE_NAME}-8080.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN}" >> "${WELCOME_FILE}"
 else
-    echo "Jenkins will be accessible at:" >> "$WELCOME_FILE"
-    echo "  http://localhost:8080" >> "$WELCOME_FILE"
+    echo "Jenkins will be accessible at:" >> "${WELCOME_FILE}"
+    echo "  http://localhost:8080" >> "${WELCOME_FILE}"
 fi
 
-echo "" >> "$WELCOME_FILE"
-echo "Default credentials: admin/admin" >> "$WELCOME_FILE"
-echo "================================" >> "$WELCOME_FILE"
-echo "" >> "$WELCOME_FILE"
+echo "" >> "${WELCOME_FILE}"
+echo "Default credentials: admin/admin" >> "${WELCOME_FILE}"
+echo "================================" >> "${WELCOME_FILE}"
+echo "" >> "${WELCOME_FILE}"
 
 # Display the welcome message
-cat "$WELCOME_FILE"
+cat "${WELCOME_FILE}"
 
-echo "✅ Setup Complete! Welcome message saved to $WELCOME_FILE"
+echo "✅ Setup Complete! Welcome message saved to ${WELCOME_FILE}"
 echo ""
 
 # Add welcome message to .bashrc so it shows on every new terminal
+# Use git rev-parse to find repo root dynamically instead of hardcoding path
+REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
+WELCOME_PATH="${REPO_ROOT}/.devcontainer/welcome.txt"
+
 if ! grep -q "Jenkins Quickstart Tutorials Welcome" ~/.bashrc; then
     echo "" >> ~/.bashrc
     echo "# Jenkins Quickstart Tutorials Welcome" >> ~/.bashrc
-    echo "if [ -f /workspaces/quickstart-tutorials/.devcontainer/welcome.txt ]; then" >> ~/.bashrc
-    echo "    cat /workspaces/quickstart-tutorials/.devcontainer/welcome.txt" >> ~/.bashrc
+    echo "if [ -f \"${WELCOME_PATH}\" ]; then" >> ~/.bashrc
+    echo "    cat \"${WELCOME_PATH}\"" >> ~/.bashrc
     echo "fi" >> ~/.bashrc
 fi
 
 # Set port 8080 visibility to public using gh CLI (if in Codespaces)
-if [ -n "$CODESPACE_NAME" ]; then
+if [ -n "${CODESPACE_NAME:-}" ]; then
     echo "🔓 Setting port 8080 visibility to public..."
-    gh codespace ports visibility 8080:public -c "$CODESPACE_NAME" 2>/dev/null || echo "⚠️  Could not set port visibility automatically. Please set port 8080 to public manually in the PORTS panel."
+    # Check if gh CLI is authenticated before attempting to set port visibility
+    if gh auth status &>/dev/null; then
+        gh codespace ports visibility 8080:public -c "${CODESPACE_NAME}" 2>/dev/null || echo "⚠️  Could not set port visibility automatically. Please set port 8080 to public manually in the PORTS panel."
+    else
+        echo "⚠️  gh CLI not authenticated. Please set port 8080 to public manually in the PORTS panel."
+    fi
 fi
diff --git a/dockerfiles/codespacesURL.sh b/dockerfiles/codespacesURL.sh
@@ -1,18 +1,24 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # GitHub Codespaces URL configuration script for Jenkins
 # This script configures Jenkins URLs to work with Codespaces port forwarding
 
-# Set the path to the configuration file
-config_file="/workspaces/quickstart-tutorials/dockerfiles/jenkins.yaml"
+set -Eeuo pipefail  # Exit on error, undefined variables, pipe failures
+
+# Resolve repo root and config file dynamically
+REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
+config_file="${REPO_ROOT}/dockerfiles/jenkins.yaml"
+
+# Port configuration (default 8080)
+PORT="${PORT:-8080}"
 
 # Check if running in GitHub Codespaces
-if [ -n "$CODESPACE_NAME" ] && [ -n "$GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN" ]; then
+if [ -n "${CODESPACE_NAME:-}" ] && [ -n "${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN:-}" ]; then
     # Build Codespaces URL from environment variables
-    service_url="https://${CODESPACE_NAME}-8080.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN}"
+    service_url="https://${CODESPACE_NAME}-${PORT}.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN}"
     echo "✅ Detected GitHub Codespaces environment"
 else
     # Fallback for local development
-    service_url="http://127.0.0.1:8080"
+    service_url="http://127.0.0.1:${PORT}"
     echo "ℹ️  Running in local environment"
 fi
 
@@ -24,7 +30,7 @@ message="📚 Available tutorial profiles: "
 
 # Build the profiles list message
 for target in "${targets[@]}"; do
-  message+="\033[36m$target\033[0m, "
+  message+="\033[36m${target}\033[0m, "
 done
 
 # Remove the trailing comma and space
@@ -36,37 +42,39 @@ echo "🚀 Jenkins Quickstart Tutorials Setup"
 echo "======================================"
 echo ""
 echo "Once you run \033[42;30mdocker compose --profile <profile-name> up\033[0m,"
-echo "Jenkins will be accessible at: \033[36m$service_url\033[0m"
+echo "Jenkins will be accessible at: \033[36m${service_url}\033[0m"
 echo ""
-echo -e "$message"
+echo -e "${message}"
 echo ""
 echo "Quick start commands:"
 for target in "${targets[@]}"; do
-  echo "  • \033[42;30mdocker compose --profile $target up -d\033[0m - Start $target tutorial"
+  echo "  • \033[42;30mdocker compose --profile ${target} up -d\033[0m - Start ${target} tutorial"
 done
 echo ""
 
 # Check if jenkins.yaml exists
-if [ ! -f "$config_file" ]; then
-    echo "⚠️  Warning: Jenkins configuration file not found at $config_file"
+if [ ! -f "${config_file}" ]; then
+    echo "⚠️  Warning: Jenkins configuration file not found at ${config_file}"
     echo "   Configuration will be done when Jenkins starts."
     exit 0
 fi
 
 echo "🔧 Updating Jenkins configuration..."
 
+# Verify yq is available
+if ! command -v yq &> /dev/null; then
+    echo "❌ Error: yq not found. Please install yq to update Jenkins configuration."
+    echo "   Jenkins URL may need manual configuration."
+    exit 1
+fi
+
 # Use yq to update the Jenkins location URL in the configuration file
-if command -v yq &> /dev/null; then
-    yq eval ".unclassified.location.url = \"$service_url/\"" "$config_file" > "$config_file.tmp" && mv "$config_file.tmp" "$config_file"
+yq -i ".unclassified.location.url = \"${service_url}/\"" "${config_file}"
 
-    # Suppress the Reverse Proxy setup warning for Codespaces
-    yq e -i ".jenkins.disabledAdministrativeMonitors = [\"hudson.diagnosis.ReverseProxySetupMonitor\"]" "$config_file"
+# Suppress the Reverse Proxy setup warning for Codespaces
+yq -i '.jenkins.disabledAdministrativeMonitors = ["hudson.diagnosis.ReverseProxySetupMonitor"]' "${config_file}"
 
-    echo "✅ Jenkins configuration updated successfully"
-else
-    echo "⚠️  Warning: yq not found, skipping configuration update"
-    echo "   Jenkins URL may need manual configuration"
-fi
+echo "✅ Jenkins configuration updated successfully"
 
 echo ""
 echo "🎉 Setup complete! You're ready to start a tutorial."
