Fix MariaDB password mismatch between test workflow and init scripts#1799
Conversation
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Comment |
Co-authored-by: yingbull <8680161+yingbull@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR fixes a critical database initialization failure in the container test workflow caused by password mismatch. The workflow sets MYSQL_ROOT_PASSWORD=testpassword for testing, but the initialization script hardcoded -ppassword, causing all database setup commands to fail.
Changes:
- Modified
populate_db.shto dynamically read password fromMYSQL_ROOT_PASSWORDenvironment variable - Added fallback to
passwordfor development environments (maintains backward compatibility) - Updated all 6 mysql command invocations to use the dynamic password variable
| mysql -u root -p"$DB_PASSWORD" -e "CREATE DATABASE IF NOT EXISTS drugref2;" | ||
| mysql -u root -p"$DB_PASSWORD" drugref2 < /database/mysql/development-drugref.sql | ||
| echo 'Loading demo data for development...' | ||
| mysql -u root -ppassword oscar < /scripts/development.sql | ||
| mysql -u root -p"$DB_PASSWORD" oscar < /scripts/development.sql | ||
| echo 'Preparing demographic names for development environment...' | ||
| mysql -u root -ppassword oscar < /database/mysql/updates/update-2025-11-06-demo-name-sanitization.sql | ||
| mysql -u root -p"$DB_PASSWORD" oscar < /database/mysql/updates/update-2025-11-06-demo-name-sanitization.sql |
There was a problem hiding this comment.
The password variable should not be directly concatenated with the -p flag in mysql commands. When the password contains special characters or spaces, this can cause parsing issues. The current pattern -p"$DB_PASSWORD" works but is not the recommended approach for shell scripts.
Consider using one of these safer alternatives:
- Use
MYSQL_PWDenvironment variable:MYSQL_PWD="$DB_PASSWORD" mysql -u root ... - Use mysql config file: Create a temporary
.my.cnfwith credentials - Separate the flag and password:
mysql -u root -p"${DB_PASSWORD}" ...with braces for clarity
While the current implementation will work for the expected password values ('password' and 'testpassword'), using MYSQL_PWD would be more robust and follow MySQL best practices.
The workflow test sets
MYSQL_ROOT_PASSWORD=testpasswordbutpopulate_db.shhardcoded-ppassword, causing all database initialization commands to fail during container testing.Changes
populate_db.shto read password fromMYSQL_ROOT_PASSWORDenvironment variablepasswordfor development environments where the variable matcheslocal.envmysqlcommand invocations to use the dynamic password variableImplementation
This resolves the initialization timeout in the workflow test while maintaining compatibility with existing development environments.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.
Summary by cubic
Updates container image caching in build workflows based on feedback from #1796 to reduce unnecessary rebuilds and improve cache invalidation. Also fixes devcontainer DB initialization by using the MYSQL_ROOT_PASSWORD env var to avoid password mismatches in development and tests.
Written for commit 1a8b273. Summary will update on new commits.