add --force flag and positional <env> argument to vulnerabilities ins…

[ortizjeronimo]

Added support for -f | --force flag:

Enables fully non-interactive installs.

Auto-accepts installation without user prompts.

Skips overwriting config if it already exists.

Downloads default config automatically if missing.

Summary by CodeRabbit

• New Features

  • Added --force flag to enable automated installation without interactive prompts, improving setup efficiency for scripted environments.

• Improvements

  • Enhanced error handling and recovery during the installation process with more reliable command execution and failure detection.
  • Improved configuration file management with conditional overwrite logic that preserves existing configurations when appropriate.
  • Refined command-line help interface and argument parsing for better user guidance during setup.

[coderabbitai]

📝 Walkthrough

Walkthrough

The bash script env-setup.sh has been refactored to replace argument parsing with a manual loop-based approach, introduce a new --force flag to skip interactive prompts, consolidate error handling into inline command chains, and add conditional logic for configuration file management.

Changes

Cohort / File(s)	Summary
Argument Parsing & CLI scripts/env-setup.sh	Replaced getopts and ad-hoc flag checking with show_help() function and manual while [[ $# -gt 0 ]] loop; added -f/--force flag; ENVIRONMENT now sourced from first non-flag argument.
Force Mode & Installation Flow scripts/env-setup.sh	Force mode now prints installation message and bypasses interactive confirmations; non-force rejection path simplified.
Error Handling scripts/env-setup.sh	Replaced if ! command; then ... exit patterns with inline command || { ...; exit 1; } blocks for mkdir, chown, systemctl, file operations, and chmod.
Configuration Management scripts/env-setup.sh	Added conditional overwrite logic for existing configs; interactive prompt for replacement in standard mode; force mode skips replacement and uses silent curl for missing configs.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 With whiskers twitching, I hop with glee—
New flags and logic flow so free!
Force mode dashes past with care,
Error chains handled with proper flair,
This script now hops with elegance rare! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'add --force flag and positional argument to vulnerabilities ins…' is truncated and clearly related to the main changes in the PR, which add a --force flag for non-interactive installation and refactor argument handling.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/update-script-for-automation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

scripts/env-setup.sh (1)

40-43: Invalid flags are silently treated as environment names.

The * case captures any argument, including misspelled flags like --froce or unknown options like --debug. This could lead to confusing behavior where a typo creates an unexpected service name.

Consider validating that non-flag arguments don't start with -:

🛡️ Proposed fix to validate positional arguments

     *)
+      if [[ "$1" == -* ]]; then
+        echo "Unknown option: $1"
+        show_help
+      fi
       ENVIRONMENT="$1"
       shift
       ;;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/env-setup.sh` around lines 40 - 43, The case '*' branch currently
assigns any argument to ENVIRONMENT (ENVIRONMENT="$1"; shift) which treats
unknown flags or typos like "--froce" as valid environments; update the '*'
handler to validate the positional argument: if "$1" begins with '-' print a
clear error message and exit non‑zero, otherwise assign ENVIRONMENT="$1" and
shift; change the case pattern or add an explicit check in the '*' branch so
flags are rejected instead of silently accepted.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@scripts/env-setup.sh`:
- Around line 104-105: The chmod command on
/usr/local/bin/scanoss-vulnerabilities-api.sh lacks error handling; mirror the
cp error check by testing chmod's exit status and exiting with a non‑zero code
on failure: after running chmod +x "$DEST" (or the existing
/usr/local/bin/scanoss-vulnerabilities-api.sh reference), check its return value
and call echo "chmod failed" and exit 1 if it fails; locate the chmod invocation
in scripts/env-setup.sh and use the same error-handling pattern used for the cp
command that references $SCRIPT_DIR/scanoss-vulnerabilities-api.sh.
- Around line 131-138: The current curl redirection to "$CONF_DIR/$CONF" can
truncate or create a partial config on failure; update the download logic (both
the FORCE_INSTALL branch and the interactive branch where read -p is used) to
download into a temporary file (e.g., "$CONF_DIR/$CONF.tmp" or using mktemp),
verify curl exit status and non-empty content, then atomically move the temp
file to "$CONF_DIR/$CONF" (mv) only on success; if the download fails, remove
the temp file and emit a clear warning and do not overwrite the existing
"$CONF_DIR/$CONF" (and optionally exit with non-zero when FORCE_INSTALL is set).

---

Nitpick comments:
In `@scripts/env-setup.sh`:
- Around line 40-43: The case '*' branch currently assigns any argument to
ENVIRONMENT (ENVIRONMENT="$1"; shift) which treats unknown flags or typos like
"--froce" as valid environments; update the '*' handler to validate the
positional argument: if "$1" begins with '-' print a clear error message and
exit non‑zero, otherwise assign ENVIRONMENT="$1" and shift; change the case
pattern or add an explicit check in the '*' branch so flags are rejected instead
of silently accepted.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b9273911-7f1f-4803-b194-ed2db42a8d91

📥 Commits

Reviewing files that changed from the base of the PR and between 70186d6 and 6f2ce37.

📒 Files selected for processing (1)

• scripts/env-setup.sh

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Inconsistent error handling on chmod.

Line 104 has proper error handling, but line 105's chmod has no error handling. If the permission change fails, the startup script may not be executable, causing service start failures later.

🔧 Proposed fix to add consistent error handling

 cp "$SCRIPT_DIR/scanoss-vulnerabilities-api.sh" /usr/local/bin || { echo "startup script copy failed"; exit 1; }
-chmod +x /usr/local/bin/scanoss-vulnerabilities-api.sh
+chmod +x /usr/local/bin/scanoss-vulnerabilities-api.sh || { echo "chmod on startup script failed"; exit 1; }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	cp "$SCRIPT_DIR/scanoss-vulnerabilities-api.sh" /usr/local/bin || { echo "startup script copy failed"; exit 1; }
	chmod +x /usr/local/bin/scanoss-vulnerabilities-api.sh
	cp "$SCRIPT_DIR/scanoss-vulnerabilities-api.sh" /usr/local/bin || { echo "startup script copy failed"; exit 1; }
	chmod +x /usr/local/bin/scanoss-vulnerabilities-api.sh || { echo "chmod on startup script failed"; exit 1; }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/env-setup.sh` around lines 104 - 105, The chmod command on
/usr/local/bin/scanoss-vulnerabilities-api.sh lacks error handling; mirror the
cp error check by testing chmod's exit status and exiting with a non‑zero code
on failure: after running chmod +x "$DEST" (or the existing
/usr/local/bin/scanoss-vulnerabilities-api.sh reference), check its return value
and call echo "chmod failed" and exit 1 if it fails; locate the chmod invocation
in scripts/env-setup.sh and use the same error-handling pattern used for the cp
command that references $SCRIPT_DIR/scanoss-vulnerabilities-api.sh.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Curl failure may leave an empty or partial config file.

When curl fails, the output redirection (>) still creates/truncates the target file. This could leave an empty or corrupted config at $CONF_DIR/$CONF, which may cause the service to fail on startup with a confusing error.

Consider writing to a temp file first and moving on success:

🛡️ Proposed fix to avoid corrupted config on download failure

     if [ "$FORCE_INSTALL" -eq 1 ]; then
       echo "[FORCE] Downloading default config to $CONF_DIR/$CONF"
-      curl -s "$CONF_DOWNLOAD" > "$CONF_DIR/$CONF" || echo "Warning: curl download failed"
+      if curl -sf "$CONF_DOWNLOAD" -o "$CONF_DIR/$CONF.tmp"; then
+        mv "$CONF_DIR/$CONF.tmp" "$CONF_DIR/$CONF"
+      else
+        rm -f "$CONF_DIR/$CONF.tmp"
+        echo "Warning: curl download failed"
+      fi
     else
       read -p "Download sample $CONF (y/n) [y]? " -n 1 -r
       echo
       if [[ ! $REPLY =~ ^[Nn]$ ]]; then
-        curl -s "$CONF_DOWNLOAD" > "$CONF_DIR/$CONF" || echo "Warning: curl download failed"
+        if curl -sf "$CONF_DOWNLOAD" -o "$CONF_DIR/$CONF.tmp"; then
+          mv "$CONF_DIR/$CONF.tmp" "$CONF_DIR/$CONF"
+        else
+          rm -f "$CONF_DIR/$CONF.tmp"
+          echo "Warning: curl download failed"
+        fi
       else

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if [ "$FORCE_INSTALL" -eq 1 ]; then
	echo "[FORCE] Downloading default config to $CONF_DIR/$CONF"
	curl -s "$CONF_DOWNLOAD" > "$CONF_DIR/$CONF" || echo "Warning: curl download failed"
	else
	read -p "Download sample $CONF (y/n) [y]? " -n 1 -r
	echo
	if [[ ! $REPLY =~ ^[Nn]$ ]]; then
	curl -s "$CONF_DOWNLOAD" > "$CONF_DIR/$CONF" || echo "Warning: curl download failed"
	if [ "$FORCE_INSTALL" -eq 1 ]; then
	echo "[FORCE] Downloading default config to $CONF_DIR/$CONF"
	if curl -sf "$CONF_DOWNLOAD" -o "$CONF_DIR/$CONF.tmp"; then
	mv "$CONF_DIR/$CONF.tmp" "$CONF_DIR/$CONF"
	else
	rm -f "$CONF_DIR/$CONF.tmp"
	echo "Warning: curl download failed"
	fi
	else
	read -p "Download sample $CONF (y/n) [y]? " -n 1 -r
	echo
	if [[ ! $REPLY =~ ^[Nn]$ ]]; then
	if curl -sf "$CONF_DOWNLOAD" -o "$CONF_DIR/$CONF.tmp"; then
	mv "$CONF_DIR/$CONF.tmp" "$CONF_DIR/$CONF"
	else
	rm -f "$CONF_DIR/$CONF.tmp"
	echo "Warning: curl download failed"
	fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/env-setup.sh` around lines 131 - 138, The current curl redirection to
"$CONF_DIR/$CONF" can truncate or create a partial config on failure; update the
download logic (both the FORCE_INSTALL branch and the interactive branch where
read -p is used) to download into a temporary file (e.g., "$CONF_DIR/$CONF.tmp"
or using mktemp), verify curl exit status and non-empty content, then atomically
move the temp file to "$CONF_DIR/$CONF" (mv) only on success; if the download
fails, remove the temp file and emit a clear warning and do not overwrite the
existing "$CONF_DIR/$CONF" (and optionally exit with non-zero when FORCE_INSTALL
is set).