Modernize, minimize, and cleanup containers #129
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eflumerf
approved these changes
Jan 2, 2026
Member
eflumerf
left a comment
eflumerf
left a comment
There was a problem hiding this comment.
Things look reasonable to me, however I do not have any kind of testing environment so I can't speak too much about functionality.
jcpunk
force-pushed
the
modernize
branch
12 times, most recently
from
72b65f9 to
c8d8f52
Compare
jcpunk
force-pushed
the
modernize
branch
12 times, most recently
from
284efa9 to
1258c6a
Compare
You can always manualy inspect the environment
Better sanity checking for both scripts
The get_login method now accepts an optional user parameter, but when user is provided and no matching authentication is found, the method returns None implicitly. This could lead to NoneType errors in calling code. Consider raising an exception when the requested login is not found, similar to how the error is logged but execution continues. Co-authored-by: Copilot <[email protected]>
The function returns False here, but earlier in the retry loop at lines 140 and 196, successful operations return True. This creates an inconsistency: the function may return True, False, or raise an exception. Consider either always raising an exception on failure (removing the return False) or documenting the mixed return behavior clearly. Co-authored-by: Copilot <[email protected]>
The get_login method has inconsistent error handling. When a service is not found and no user is specified, the method logs an error but doesn't raise an exception (line 198), potentially returning None. This could lead to AttributeError later when the caller tries to access attributes on the returned value. Add a raise statement after line 198 to maintain consistency with the user-specified case. Co-authored-by: Copilot <[email protected]>
The ensure_required_variables helper logs the value of every environment variable whose name does not contain one of the hard‑coded sensitive keywords (USERNAME, PASSWORD, DATABASE_URI), which will expose any other secrets (e.g. API_TOKEN, JWT_SECRET) to container logs. An attacker or unprivileged operator with access to logs could recover these credentials and use them to access downstream services or databases. To avoid leaking secrets, stop printing environment variable values entirely (or maintain a strict allowlist of non‑sensitive variables) and only report whether each variable is defined or missing. Co-authored-by: Copilot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There is a lot going on here. An AI summary exists further down the comment history.
I recommend reviewing the commits one at a time rather than the full diff as a blob.
In theory each commit is a rational step with clear self contained logic.
Copilot and coderabbit identified bits of code that probably never worked. These are probably bits that could be dropped, but that would require an expert to review.
The changes to the application specific code should probably be reviewed.
With NP04 offline right now I couldn't check against the current runtime for some things.
To be clear, I really only care about the containers as containers in kubernetes...
I've tried to set the docker build step for the
microservicescontainer to run after themicroservices_dependenciescontainer. Those workflows wont really work until this PR is merged. After that everything should be fine...