Skip to content

Add one-command Docker deployment#5

Closed
Futureppo wants to merge 2 commits into
mainfrom
agent/one-click-deploy
Closed

Add one-command Docker deployment#5
Futureppo wants to merge 2 commits into
mainfrom
agent/one-click-deploy

Conversation

@Futureppo

Copy link
Copy Markdown
Owner

What changed

  • add an executable scripts/deploy.sh for interactive and unattended Linux deployment
  • generate a strong local API key when the sample placeholder is still present
  • protect .env and the OAuth credential directory with restrictive permissions
  • import an OAuth JSON credential, start Docker Compose, and wait for the service health endpoint
  • preserve existing configuration and credentials so the same command can update an installation
  • document the workflow in both Chinese and English READMEs

Why

The existing Docker Compose flow is reliable but still requires several manual setup steps. A single guarded entry point makes first-time deployment and later updates easier while retaining the required credential and security boundaries.

User impact

Linux users with Docker Compose v2 can deploy from one command. If no credential is provided, the script initializes the configuration but deliberately does not start an unusable service.

Validation

  • mocked full deployment path, including credential import, Compose pull/up, environment updates, and health success
  • mocked no-credential initialization path
  • bash -n scripts/deploy.sh
  • go test ./...
  • go vet ./...
  • go build ./cmd/grok2api
  • git diff --check

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new Linux deployment script (scripts/deploy.sh) to enable one-command deployment using Docker and Docker Compose, along with corresponding documentation updates in both the Chinese and English README files. The review feedback focuses on improving the robustness of the deployment script: specifically, using the ENVIRON array in awk to safely handle backslashes in user-defined API keys, refining the cleanup trap to avoid passing empty strings to rm, and stripping quotes or expanding tildes from user-inputted credential paths to enhance the interactive setup experience.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread scripts/deploy.sh
Comment on lines +56 to +71
awk -v key="$key" -v value="$value" '
BEGIN { replaced = 0 }
index($0, key "=") == 1 {
if (!replaced) {
print key "=" value
replaced = 1
}
next
}
{ print }
END {
if (!replaced) {
print key "=" value
}
}
' "$file" >"$temporary"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Passing arbitrary user-controlled values to awk via -v can lead to issues if the value contains backslashes (e.g., in user-defined API keys), as awk interprets them as escape sequences.

Using the ENVIRON array in awk is a safer and more robust way to pass variables without any backslash-escaping side effects.

Suggested change
awk -v key="$key" -v value="$value" '
BEGIN { replaced = 0 }
index($0, key "=") == 1 {
if (!replaced) {
print key "=" value
replaced = 1
}
next
}
{ print }
END {
if (!replaced) {
print key "=" value
}
}
' "$file" >"$temporary"
KEY="$key" VALUE="$value" awk '
BEGIN { replaced = 0; key = ENVIRON["KEY"]; value = ENVIRON["VALUE"] }
index($0, key "=") == 1 {
if (!replaced) {
print key "=" value
replaced = 1
}
next
}
{ print }
END {
if (!replaced) {
print key "=" value
}
}
' "$file" >"$temporary"

Comment thread scripts/deploy.sh

compose_tmp="$(mktemp "${INSTALL_DIR}/compose.yaml.XXXXXX")"
env_tmp=""
trap 'rm -f "$compose_tmp" "$env_tmp"' EXIT

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

If the script exits before env_tmp is initialized (e.g., if downloading the compose file fails), the trap will execute rm -f "$compose_tmp" "". While usually harmless, passing an empty string to rm can be avoided by using Bash parameter expansion ${var:+"$var"} to only expand non-empty variables.

Suggested change
trap 'rm -f "$compose_tmp" "$env_tmp"' EXIT
trap 'rm -f ${compose_tmp:+"$compose_tmp"} ${env_tmp:+"$env_tmp"}' EXIT

Comment thread scripts/deploy.sh
Comment on lines +148 to +156
if [[ -n "$credential_source" ]]; then
[[ -f "$credential_source" ]] || fail "找不到凭证文件:$credential_source"
credential_name="$(basename "$credential_source")"
[[ "$credential_name" == *.json ]] || credential_name="${credential_name}.json"
cp "$credential_source" "$INSTALL_DIR/auths/$credential_name"
chmod 600 "$INSTALL_DIR/auths/$credential_name"
credential="$INSTALL_DIR/auths/$credential_name"
success "已导入凭证:auths/$credential_name"
fi

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

When users interactively input a file path, they often copy-paste paths wrapped in single/double quotes (especially when dragging and dropping files into the terminal) or use a tilde ~ to represent their home directory.

Stripping these quotes and expanding the tilde automatically provides a much smoother and more robust user experience.

if [[ -n "$credential_source" ]]; then
  # Strip leading/trailing single/double quotes
  credential_source="${credential_source#\'
}"
  credential_source="${credential_source%\'
}"
  credential_source="${credential_source#\"}"
  credential_source="${credential_source%\"}"

  # Expand tilde to HOME
  if [[ "$credential_source" == "~/"* ]]; then
    credential_source="${HOME}/${credential_source#~/}"
  fi

  [[ -f "$credential_source" ]] || fail "找不到凭证文件:$credential_source"
  credential_name="$(basename "$credential_source")"
  [[ "$credential_name" == *.json ]] || credential_name="${credential_name}.json"
  cp "$credential_source" "$INSTALL_DIR/auths/$credential_name"
  chmod 600 "$INSTALL_DIR/auths/$credential_name"
  credential="$INSTALL_DIR/auths/$credential_name"
  success "已导入凭证:auths/$credential_name"
fi

@Futureppo Futureppo closed this Jul 12, 2026
@Futureppo Futureppo deleted the agent/one-click-deploy branch July 12, 2026 17:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant