Improve bootstrap script logging for clarity and debuggability#251
Improve bootstrap script logging for clarity and debuggability#251
Conversation
…empotency - Add set -e for fail-fast error handling - Group operations under descriptive section headers (1a, 1b, 1c, 1d) - Suppress verbose gcloud/gsutil output to reduce noise - Show idempotency status: ○ for existing, ✓ for created resources - Add completion summary with actionable next steps - Update project insights with logging patterns learned Addresses #200 Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Caution Review failedThe pull request is closed. 📝 WalkthroughWalkthroughUpdates docs and bootstrap tooling: refactors bootstrap scripts into labeled idempotent phases, adds strict error handling and WIF/GitHub setup, automates organization-level IAM role grants, adjusts Terraform backend bucket, and refreshes long‑ and short‑term insights content. Changes
Sequence Diagram(s)sequenceDiagram
participant Dev as Developer
participant Script as project-setup.sh
participant GCP as Google Cloud
participant GH as GitHub
participant GCS as GCS (Terraform backend)
Dev->>Script: run setup (flags, repo path)
Script->>GCP: ensure project exists, enable APIs
Script->>GCP: create WIF pool & OIDC provider
Script->>GCP: grant org/project IAM roles to SA
Script->>GH: create repos/environments, push secrets (WIF configs)
Script->>GCS: create/update backend bucket / backend.tf
GCS-->>Script: confirm backend ready
GH-->>Script: confirm secrets/environments created
GCP-->>Script: confirm roles & WIF bindings
Script-->>Dev: summary / completion status
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 2❌ Failed checks (2 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
🧪 Generate unit tests (beta)
Comment |
|
View your CI Pipeline Execution ↗ for commit 8091f25
☁️ Nx Cloud last updated this comment at |
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
teams/kernel/iac/bootstrap/project-setup.sh (1)
173-176:⚠️ Potential issue | 🟡 MinorTypo in error message: underscore instead of hyphen.
The error message says
--nx-cloud-access_token-read-writebut the actual flag is--nx-cloud-access-token-read-write.🐛 Proposed fix
if [ -z "$NX_CLOUD_ACCESS_TOKEN_READ_WRITE" ] then - echo "Error: --nx-cloud-access_token-read-write flag is required" + echo "Error: --nx-cloud-access-token-read-write flag is required" exit 1 fi
🤖 Fix all issues with AI agents
In `@teams/kernel/iac/bootstrap/project-setup.sh`:
- Around line 1-2: The script declares a POSIX shell with "#!/bin/sh" but uses
bash-only redirections "&>/dev/null"; replace every "&>/dev/null" occurrence
(e.g., the redirections used in commands around lines referenced in the review)
with the POSIX-compliant form ">/dev/null 2>&1" so the script is portable under
dash/ash; search for the string "&>/dev/null" and update those instances in the
script (project-setup.sh) to the recommended redirect syntax.
In `@teams/kernel/iac/bootstrap/README.md`:
- Around line 52-54: Remove the unused parameter mention
--mongodb-atlas-group-id from the README header comments so the documented
expected parameters match the script and example invocation; locate the header
block that lists script flags (references to --mongodb-atlas-group-id and
MONGODB_ATLAS_GROUP_ID) and delete that flag and any associated variable name
from the list, ensuring the remaining parameters (e.g.,
--mongodb-atlas-public-key, --mongodb-atlas-private-key) remain intact and the
example command and header are consistent.
🧹 Nitpick comments (1)
teams/kernel/iac/bootstrap/project-setup.sh (1)
473-475: Consider reviewing theroles/editorgrant for least-privilege compliance.The
roles/editorprimitive role grants broad permissions that overlap with many of the specific roles already granted (e.g.,storage.admin,cloudsql.admin). While this may be intentional for bootstrap convenience, it's worth verifying whether such broad access is required, or if the specific roles alone would suffice.
| #!/bin/sh | ||
| set -e |
There was a problem hiding this comment.
POSIX shell declared but bash-specific syntax used throughout.
The shebang specifies #!/bin/sh for POSIX compatibility, but the script uses &>/dev/null (a bash-specific redirect) on multiple lines (300, 308, 318, 359, 367, 381, 394, 510, 523). On systems where /bin/sh is dash, ash, or another strict POSIX shell, these redirections will fail.
🔧 Proposed fix: Use POSIX-compliant redirections
Replace all occurrences of &>/dev/null with >/dev/null 2>&1:
-if gcloud resource-manager tags keys describe "$GCP_ORGANIZATION_ID/$GCP_TAG_KEY_SHORT_NAME" &>/dev/null; then
+if gcloud resource-manager tags keys describe "$GCP_ORGANIZATION_ID/$GCP_TAG_KEY_SHORT_NAME" >/dev/null 2>&1; thenApply the same pattern to lines 308, 318, 359, 367, 381, 394, 510, and 523.
🤖 Prompt for AI Agents
In `@teams/kernel/iac/bootstrap/project-setup.sh` around lines 1 - 2, The script
declares a POSIX shell with "#!/bin/sh" but uses bash-only redirections
"&>/dev/null"; replace every "&>/dev/null" occurrence (e.g., the redirections
used in commands around lines referenced in the review) with the POSIX-compliant
form ">/dev/null 2>&1" so the script is portable under dash/ash; search for the
string "&>/dev/null" and update those instances in the script (project-setup.sh)
to the recommended redirect syntax.
| ```bash | ||
| bash teams/kernel/iac/project-setup.sh --gcp-project-id=$GCP_PROJECT_ID --gcp-billing-account-id=$GCP_BILLING_ACCOUNT_ID --domain=$DOMAIN --github-username=$GITHUB_USERNAME --github-repository=$GITHUB_REPOSITORY | ||
| sh {FOLDER_PATH}/project-setup.sh --owner-account-email=$OWNER_ACCOUNT_EMAIL --gcp-organization-id=$GCP_ORGANIZATION_ID --gcp-billing-account-id=$GCP_BILLING_ACCOUNT_ID --domain-name=$DOMAIN_NAME --github-username=$GITHUB_USERNAME --github-repository=$GITHUB_REPOSITORY --neon-api-key=$NEON_API_KEY --neon-project-location=$NEON_PROJECT_LOCATION --mongodb-atlas-org-id=$MONGODB_ATLAS_ORG_ID --mongodb-atlas-public-key=$MONGODB_ATLAS_PUBLIC_KEY --mongodb-atlas-private-key=$MONGODB_ATLAS_PRIVATE_KEY --nx-cloud-access-token-read-write=$NX_CLOUD_ACCESS_TOKEN_READ_WRITE --nx-cloud-access-token-read=$NX_CLOUD_ACCESS_TOKEN_READ | ||
| ``` |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
rg -n "mongodb-atlas-group-id|MONGODB_ATLAS_GROUP_ID" teams/kernel/iac/bootstrap/project-setup.shRepository: amaralc/explore
Length of output: 88
🏁 Script executed:
head -n 30 teams/kernel/iac/bootstrap/project-setup.sh | cat -nRepository: amaralc/explore
Length of output: 2137
🏁 Script executed:
sed -n '25p' teams/kernel/iac/bootstrap/project-setup.shRepository: amaralc/explore
Length of output: 730
Remove unused --mongodb-atlas-group-id from the script's expected parameters list.
The script's header comments (lines 6–21) list --mongodb-atlas-group-id as an expected parameter, but it is never used in the script logic and is omitted from the script's own example command (line 25). The README is consistent with the script's documented example, so the inconsistency should be resolved by removing --mongodb-atlas-group-id from the header comments.
🤖 Prompt for AI Agents
In `@teams/kernel/iac/bootstrap/README.md` around lines 52 - 54, Remove the unused
parameter mention --mongodb-atlas-group-id from the README header comments so
the documented expected parameters match the script and example invocation;
locate the header block that lists script flags (references to
--mongodb-atlas-group-id and MONGODB_ATLAS_GROUP_ID) and delete that flag and
any associated variable name from the list, ensuring the remaining parameters
(e.g., --mongodb-atlas-public-key, --mongodb-atlas-private-key) remain intact
and the example command and header are consistent.
|



Summary
Enhanced the bootstrap script logging to be more friendly, less verbose, and provide better visibility into script execution:
set -eto stop on any failuregcloudandgsutilcommands redirect to/dev/null○ existingvs✓ createdfor resource statusExample Output
Before:
After:
Test Plan
Closes #200
🤖 Generated with Claude Code
Summary by CodeRabbit
Documentation
Chores