Conversation
- Updated various command invocations to assign output to `$null` instead of redirecting to `$null`, enhancing code clarity and consistency across the script.
- Enhanced the method for checking if Docker is running by using output formatting to improve reliability and readability of the code.
- Added functionality to download and install Helm directly if not found via winget, improving installation reliability. - Implemented version lookup and extraction of the Helm binary based on system architecture. - Updated logging for better clarity during the installation process.
- Bumped Helm chart version and appVersion to 1.0.3 for consistency. - Modified Persistent Volume Claim (PVC) paths in logs-pvc.yaml, mysql-storage-pvc.yaml, and shared-images-pvc.yaml to include the release name, enhancing path uniqueness. - Added data path hint in install-k8s.ps1 and summary output in summary.sh for better user guidance.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| Copy-Item "$helmExtract\windows-$arch\helm.exe" "$TOOL_DIR\helm.exe" -Force | ||
| Remove-Item $helmZip -Force -ErrorAction SilentlyContinue | ||
| Remove-Item $helmExtract -Recurse -Force -ErrorAction SilentlyContinue | ||
| RefreshPath |
There was a problem hiding this comment.
Helm binary download lacks checksum verification
Medium Severity
The new Helm direct-download fallback downloads and installs the binary without any checksum verification. The existing k3d download code in the same function verifies a SHA-256 checksum (and calls Err on mismatch), but the new Helm download path extracts and copies helm.exe directly from the zip with no integrity check. Helm publishes .sha256sum files alongside its release artifacts, so verification is straightforward and consistent with the k3d pattern.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
Medium Risk
Changes the on-node
hostPathlocation for MySQL/logs/data volumes, which can affect upgrades by pointing new PVs at a different directory and potentially stranding existing data. Windows installer tweaks are lower risk but touch core installation flow for Docker/Helm/tooling detection.Overview
Helm chart update bumps
clientchart/app version to1.0.3and changeshostPathPV directories for logs, MySQL, and shared data to be scoped per Helm release (e.g.,/tracebloc/{{ .Release.Name }}/...) instead of using shared global paths.Installer reliability improvements (Windows + bash summary) harden Docker-running detection, make Helm installation fall back to downloading the binary when
wingetisn’t available/doesn’t work, and adjust severalwinget/kubectl/helminvocations to capture output consistently. The post-install summary now also prints the workspace data path as/tracebloc/<workspace>.Written by Cursor Bugbot for commit 0fed58f. This will update automatically on new commits. Configure here.