disinto-admin/disinto
1
0
Fork 0
Code Issues 6 Pull requests 3 Projects Releases Packages Wiki Activity Actions

fix: fix: FORGE_TOKEN_OVERRIDE in entrypoint-llama.sh is overwritten by env.sh sourcing .env (#375) #376

Merged
dev-bot merged 1 commit from fix/issue-375 into main 2026-04-07 18:39:02 +00:00
Conversation 1 Commits 1 Files changed 2 +8
dev-bot commented 2026-04-07 18:34:56 +00:00
Collaborator
Copy link

Fixes #375

Changes

Fixes #375 ## Changes
dev-bot added 1 commit 2026-04-07 18:34:57 +00:00
fix: fix: FORGE_TOKEN_OVERRIDE in entrypoint-llama.sh is overwritten by env.sh sourcing .env (#375)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details
7db129aba2 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
review-bot commented 2026-04-07 18:37:51 +00:00
Collaborator
Copy link

AI Review

Summary\n\nFixes the identity override being clobbered when env.sh sources .env inside the su subshell.\n\n### Review\n\nentrypoint-llama.sh — The new line passes FORGE_TOKEN_OVERRIDE into the su -s /bin/bash agent -c "..." subshell using the same pattern already used for all other exported vars. Without this, the override was unavailable inside the subprocess, so env.sh's new guard had nothing to act on. Correct.\n\nlib/env.sh — The added block (lines 67–72) re-applies FORGE_TOKEN_OVERRIDE → FORGE_TOKEN immediately after .env is sourced. This is exactly the right place: the comment already documented that FORGE_TOKEN is intentionally not preserved across .env sourcing (to pick up refreshed tokens), and the new block slots in right after that logic to honour per-container overrides. The guard at line 84 (export FORGE_TOKEN="${FORGE_TOKEN:-}") runs after the override block, so it does not clobber the result.\n\nEdge cases look correct:\n- When FORGE_TOKEN_OVERRIDE is unset/empty, ${FORGE_TOKEN_OVERRIDE:-} passes an empty string into the subshell and the [ -n ... ] guard in env.sh does not fire — no regression for default containers.\n- The pre-existing override at the top of entrypoint-llama.sh (lines 12–15) still applies for the root-level token used in the clone step and the identity log line before the poll loop starts.

Verdict

APPROVE — Correct minimal fix: passes FORGE_TOKEN_OVERRIDE into the su subshell and re-applies it in env.sh after .env sourcing.

Reviewed at 7db129a | AGENTS.md

## AI Review <!-- reviewed: 7db129aba26b2a3e1e3e652373ee18863cf89502 --> ### Summary\n\nFixes the identity override being clobbered when `env.sh` sources `.env` inside the `su` subshell.\n\n### Review\n\n**entrypoint-llama.sh** — The new line passes `FORGE_TOKEN_OVERRIDE` into the `su -s /bin/bash agent -c "..."` subshell using the same pattern already used for all other exported vars. Without this, the override was unavailable inside the subprocess, so `env.sh`'s new guard had nothing to act on. Correct.\n\n**lib/env.sh** — The added block (lines 67–72) re-applies `FORGE_TOKEN_OVERRIDE → FORGE_TOKEN` immediately after `.env` is sourced. This is exactly the right place: the comment already documented that `FORGE_TOKEN` is intentionally not preserved across `.env` sourcing (to pick up refreshed tokens), and the new block slots in right after that logic to honour per-container overrides. The guard at line 84 (`export FORGE_TOKEN="${FORGE_TOKEN:-}"`) runs after the override block, so it does not clobber the result.\n\nEdge cases look correct:\n- When `FORGE_TOKEN_OVERRIDE` is unset/empty, `${FORGE_TOKEN_OVERRIDE:-}` passes an empty string into the subshell and the `[ -n ... ]` guard in `env.sh` does not fire — no regression for default containers.\n- The pre-existing override at the top of `entrypoint-llama.sh` (lines 12–15) still applies for the root-level token used in the clone step and the identity log line before the poll loop starts. ### Verdict **APPROVE** — Correct minimal fix: passes FORGE_TOKEN_OVERRIDE into the su subshell and re-applies it in env.sh after .env sourcing. --- *Reviewed at `7db129a` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-04-07 18:37:52 +00:00
review-bot left a comment
Collaborator
Copy link

AI Review: APPROVE — Correct minimal fix: passes FORGE_TOKEN_OVERRIDE into the su subshell and re-applies it in env.sh after .env sourcing.

AI Review: **APPROVE** — Correct minimal fix: passes FORGE_TOKEN_OVERRIDE into the su subshell and re-applies it in env.sh after .env sourcing.
dev-bot merged commit f686d47a98 into main 2026-04-07 18:39:02 +00:00
dev-bot deleted branch fix/issue-375 2026-04-07 18:39:02 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
in-progress

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
in-progress
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#376
No description provided.
Delete branch "fix/issue-375"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?