Skip to content

chore(infra): replace COMPOSE_FILE chain with profiles and sentinels#6339

Merged
gustavosbarreto merged 1 commit into
masterfrom
chore/compose-replace-compose-file
May 20, 2026
Merged

chore(infra): replace COMPOSE_FILE chain with profiles and sentinels#6339
gustavosbarreto merged 1 commit into
masterfrom
chore/compose-replace-compose-file

Conversation

@geovannewashington
Copy link
Copy Markdown
Member

@geovannewashington geovannewashington commented May 19, 2026

What changed?

Replaces the manual COMPOSE_FILE string concatenation in bin/utils
with a new bin/docker-compose wrapper. bin/utils is deleted.

Env loading is now delegated to Compose via COMPOSE_ENV_FILES.
Feature flags are translated to COMPOSE_PROFILES for add-only
services. Overlay files are loaded via include: sentinels in
docker-compose.yml. EXTRA_COMPOSE_FILE in the Makefile is renamed
to SHELLHUB_INCLUDE_EXTRA to follow the same convention.

Why

Part of #111. Steps 2, 3 and 4 from the migration plan are collapsed
into a single PR since they are too coupled to split safely.

How to test

  1. ./bin/docker-compose up -d - confirm all services healthy
  2. ./bin/docker-compose down, set SHELLHUB_DATABASE=mongo in
    .env.override, ./bin/docker-compose up -d - confirm mongo
    present, postgres absent
  3. Set SHELLHUB_DATABASE=migrate - confirm both databases present
  4. Set SHELLHUB_DATABASE=invalid - confirm ❌ error and exit
  5. Set SHELLHUB_ENV=development - confirm agent present

@geovannewashington geovannewashington self-assigned this May 19, 2026
@geovannewashington geovannewashington requested a review from a team as a code owner May 19, 2026 19:35
@geovannewashington geovannewashington added kind/refactor docker Pull requests that update Docker code labels May 19, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 19, 2026
edited
Loading

Claude finished @geovannewashington's task in 1m 56s —— View job

Code Review Complete

Reviewed 8 files across code quality, security, testing, language patterns, and architecture. 1 inline issue posted (high severity).

The overall approach is solid — replacing COMPOSE_FILE chaining with include: sentinels and profiles is cleaner and lets Docker Compose handle env loading via COMPOSE_ENV_FILES. The required: false on depends_on for database services correctly prevents startup failures when only one database profile is active. Cross-repo compatibility with cloud/ is confirmed intact.

Issue found

bin/setup was not updated as part of this PR but still sources the deleted bin/utils (line 3) and calls exit_if_not_running (line 29). It will crash on any invocation. See inline comment for details.

If you've addressed the feedback and want a new review, tag @shellhub-io/admin and a team member can trigger it.

@geovannewashington geovannewashington force-pushed the chore/compose-replace-compose-file branch from a2fcadb to 4c16a35 Compare May 19, 2026 19:44
github-actions[bot]
github-actions Bot reviewed May 19, 2026
View reviewed changes
Comment thread bin/utils
@geovannewashington geovannewashington force-pushed the chore/compose-replace-compose-file branch from 4c16a35 to 856223c Compare May 19, 2026 19:50
@otavio
Copy link
Copy Markdown
Member

otavio commented May 19, 2026

/review

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 19, 2026
edited
Loading

Claude finished @otavio's task in 2m 25s —— View job

Code Review Complete

Reviewed 6 files across code quality, security, testing, language patterns, and architecture. 1 inline issue posted (critical severity, 2 locations).

The overall approach is clean — replacing COMPOSE_FILE chaining with include: sentinels and COMPOSE_PROFILES is a solid simplification. docker-compose.override.yml support is preserved via Compose's native auto-merge (no COMPOSE_FILE or -f set). Cross-repo compatibility with cloud/ is intact. The peek() function safely reads env values with hardcoded caller inputs. The previous review's bin/setup issue has been addressed.

Issue found

grep -c 'true' exits with code 1 when zero lines match (POSIX behavior). Under set -eu (newly added in this PR), the SERVICES=$(...) assignment propagates that exit and kills the script before the "ShellHub is not running" error message is reached. Affects bin/cli:8 and bin/setup:32. Fix: append || true to the pipeline inside the command substitution.

If you've addressed the feedback and want a new review, tag @shellhub-io/admin and a team member can trigger it.

github-actions[bot]
github-actions Bot reviewed May 19, 2026
View reviewed changes
Comment thread bin/cli Outdated
SCRIPT_DIR=$(cd "$(dirname "$0")" && pwd -P)
cd "$SCRIPT_DIR/.."

SERVICES=$(docker compose ps -q | grep -v INFO: | xargs docker inspect -f '{{.State.Running}}' 2>/dev/null | grep -c 'true')
Copy link
Copy Markdown

@github-actions github-actions Bot May 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: grep -c exits 1 when count is 0, killing the script under set -e before the error message prints.

grep -c 'true' returns exit code 1 when zero lines match (POSIX behavior — exit status is based on whether any lines matched, regardless of -c). Since set -eu is active on line 3, the command substitution SERVICES=$(...) propagates that non-zero exit, and the shell terminates immediately at this line. The [ "$SERVICES" -le 0 ] guard and the "ShellHub is not running" error message on line 9 are never reached.

The old bin/utils had the same pipeline inside exit_if_not_running, but was safe because bin/utils used set -o allexport — not set -e.

Same issue in bin/setup:32.

Suggested change
SERVICES=$(docker compose ps -q | grep -v INFO: | xargs docker inspect -f '{{.State.Running}}' 2>/dev/null | grep -c 'true')
SERVICES=$(docker compose ps -q | grep -v INFO: | xargs docker inspect -f '{{.State.Running}}' 2>/dev/null | grep -c 'true' || true)

github-actions[bot]
github-actions Bot reviewed May 19, 2026
View reviewed changes
Comment thread bin/setup Outdated
echo ""

exit_if_not_running
SERVICES=$(docker compose ps -q | grep -v INFO: | xargs docker inspect -f '{{.State.Running}}' 2>/dev/null | grep -c 'true')
Copy link
Copy Markdown

@github-actions github-actions Bot May 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRITICAL: Same grep -c / set -e issue as bin/cli:8.

See the comment on bin/cli:8 for full details. The script silently exits instead of printing the "not running" error message.

Suggested change
SERVICES=$(docker compose ps -q | grep -v INFO: | xargs docker inspect -f '{{.State.Running}}' 2>/dev/null | grep -c 'true')
SERVICES=$(docker compose ps -q | grep -v INFO: | xargs docker inspect -f '{{.State.Running}}' 2>/dev/null | grep -c 'true' || true)

@geovannewashington
chore(infra): replace COMPOSE_FILE chain with profiles and sentinels
53e6b9b 
Replace the manual COMPOSE_FILE string concatenation in bin/utils with
a new bin/docker-compose wrapper that uses COMPOSE_PROFILES and
SHELLHUB_INCLUDE_* sentinel variables.

bin/utils is deleted. Its responsibilities are now handled directly by
bin/docker-compose:

- Env loading is delegated to Compose via COMPOSE_ENV_FILES instead of
  set -o allexport sourcing.
- Feature flags are translated to COMPOSE_PROFILES for add-only
  services (agent, mongo, postgres).
- Overlay files (dev, autossl, enterprise) are loaded via include:
  sentinels in docker-compose.yml instead of COMPOSE_FILE
  concatenation.
- Cross-repo cloud includes are handled the same way.

The Makefile's EXTRA_COMPOSE_FILE is renamed to SHELLHUB_INCLUDE_EXTRA
to follow the same sentinel convention.
@geovannewashington geovannewashington force-pushed the chore/compose-replace-compose-file branch from 856223c to 53e6b9b Compare May 19, 2026 20:13
@otavio
Copy link
Copy Markdown
Member

otavio commented May 19, 2026

/review

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 19, 2026
edited
Loading

Claude finished @otavio's task in 4m 32s —— View job

Code Review Complete

Reviewed 6 files across code quality, security, testing, language patterns, and architecture — no issues found. The code looks good as-is.

The overall approach is solid — replacing COMPOSE_FILE chaining with include: sentinels and COMPOSE_PROFILES is a clean simplification. The previous review's issues (bin/setup sourcing deleted bin/utils, grep -c under set -e) have been correctly addressed. Cross-repo compatibility with cloud/ is intact. The docker-compose.override.yml auto-merge behavior is preserved since neither COMPOSE_FILE nor -f flags are set. The peek() function safely reads env values with hardcoded caller inputs, and the eval usage is not exploitable.

If you push additional changes and want a new review, tag @shellhub-io/admin and a team member can trigger it.

@gustavosbarreto gustavosbarreto merged commit 56649dc into master May 20, 2026
11 checks passed
@gustavosbarreto gustavosbarreto deleted the chore/compose-replace-compose-file branch May 20, 2026 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

@geovannewashington geovannewashington

Labels

docker Pull requests that update Docker code kind/refactor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@geovannewashington @otavio @gustavosbarreto