feat(swarm): add global_id handling in secret initialization script#177
Conversation
|
Warning Review limit reached
Next review available in: 37 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
WalkthroughThe initialization script now reads ChangesGlobal ID initialization
DNS manager affinity bootstrap
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/swarm-scripts/00-initialize-secrets.sh`:
- Around line 72-87: The ensure_global_id_pointer function is missing DB
password handling and is doing unsafe manual SQL escaping. Update the mysql
calls in ensure_global_id_pointer to use the same DB credentials as the rest of
the init flow, including DB_PASSWORD from the environment, so the SELECT/INSERT
can authenticate correctly. Replace the inline sed-based escaping for the INSERT
value with a safer approach by delegating to swarm-cli.py or another
parameterized/escaping mechanism that correctly handles backslashes and quotes.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 06420a02-5788-4244-8e3c-648a835ad6f8
📒 Files selected for processing (1)
src/swarm-scripts/00-initialize-secrets.sh
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/swarm-scripts/74.setup-dns-manager.sh`:
- Around line 71-87: The final success message is being printed before the new
ClusterPolicyAffinityRule setup path completes, so move the completion log to
after the AFFINITY_RULE_ID check/create block in setup-dns-manager.sh. Update
the script flow around the new affinity-rule logic so the existing “Done...”
message is emitted only after the cluster policy and swarm-cli.py operations
finish successfully.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 31113a90-0d5a-423c-af46-71ed70bbf56a
📒 Files selected for processing (2)
src/swarm-scripts/00-initialize-secrets.shsrc/swarm-scripts/74.setup-dns-manager.sh
💤 Files with no reviewable changes (1)
- src/swarm-scripts/00-initialize-secrets.sh
7db4d30 to
e673da5
Compare
Implemented logic to check for and create a ClusterPolicyAffinityRule for 'knot-affinity' in the DNS manager setup script. This ensures the rule is only created if it does not already exist, enhancing the provisioning process.
Replaced direct MySQL commands with Python script calls for checking and creating the global_id in the SwarmIdPointer. This enhances the script's maintainability and aligns with the recent refactor of secret initialization.
Reintroduced the completion message indicating that the provision worker will reconcile the service shortly, enhancing user feedback during the DNS manager setup process.
4402978 to
7df46d5
Compare
Summary by CodeRabbit