Feature/v2/cloud deploy #51
Conversation
![trag-bot[bot]](https://avatars.githubusercontent.com/in/856808?s=60&v=4){kind=small}
| --profile solfunmeme_dev \ | ||
| --region us-east-2 \ | ||
| --document-name "UpdateEliza" \ | ||
| --document-version "\$LATEST" \ |
There was a problem hiding this comment.
Using $LATEST version in production scripts is risky as it may lead to unexpected behavior when document versions change. Should specify explicit version for consistency.
| @@ -0,0 +1,8 @@ | |||
|
|
|||
| aws codebuild start-build --region us-east-2 \ | |||
There was a problem hiding this comment.
The script lacks AWS credentials validation or profile specification, which could lead to authentication failures in non-interactive environments or when multiple AWS profiles are present.
| #apt install -y strace | ||
|
|
||
| export COREPACK_ENABLE_DOWNLOAD_PROMPT=0 | ||
| corepack enable && corepack install --global pnpm@9.8.0 |
There was a problem hiding this comment.
Global package installation requires root privileges but script doesn't check for root access. This could fail silently or with unclear error messages in non-root environments.
|
|
||
| #strace -f -o /opt/agent/strace.log -s99999 node CMD ["pnpm", "start", "--characters=characters/eliza.character.json"] | ||
| #pnpm start --characters=characters/tine-test.character.json | ||
| pnpm start --characters=$(ls -1p characters/*.json | paste -sd,) |
There was a problem hiding this comment.
Glob expansion without error handling for no matches. If no JSON files exist, this will pass the glob pattern literally to pnpm. Also, filenames with spaces will break the command.
| # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 | ||
| set -x | ||
| #if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then | ||
| strace -f -o /opt/agent/strace.log -s99999 node "$@" |
There was a problem hiding this comment.
The script always runs strace regardless of conditions due to commented if statement, which could impact performance and create unnecessary logs in production environment
| apt update | ||
| apt install -y strace |
There was a problem hiding this comment.
Running apt commands without sudo might fail in non-root environments. Additionally, there's no check if the script runs on a Debian-based system, which could cause failures on other distributions.
| @@ -0,0 +1,21 @@ | |||
|
|
|||
| nvm use 23 | |||
There was a problem hiding this comment.
Node.js version 23 doesn't exist yet. The latest LTS version is 20.x, and the latest current version is 21.x. Using a non-existent version will cause the script to fail.
|
|
||
| # Fetch all variables with the prefix and name them the same as the variable minus agent name underscore | ||
| for key in $(aws ssm describe-parameters --query 'Parameters[?starts_with(Name, `'"${AGENT_NAME}"'_`)].Name' --output text); do | ||
| value=$(aws ssm get-parameter --name "$key" | jq .Parameter.Value -r) |
There was a problem hiding this comment.
The AWS SSM get-parameter command doesn't include --with-decryption flag, which means encrypted parameters won't be automatically decrypted.
| echo "" > "/var/run/agent/secrets/env" # blank the file | ||
|
|
||
| # Fetch all variables with the prefix and name them the same as the variable minus agent name underscore | ||
| for key in $(aws ssm describe-parameters --query 'Parameters[?starts_with(Name, `'"${AGENT_NAME}"'_`)].Name' --output text); do |
There was a problem hiding this comment.
The command output isn't properly handled for cases where AWS CLI fails. Script continues execution even if AWS commands fail, potentially creating incomplete env file.
| @@ -0,0 +1,6 @@ | |||
|
|
|||
| export TWITTER_EMAIL TWITTER_PASSWORD TWITTER_USER | |||
There was a problem hiding this comment.
The export statement uses TWITTER_USER but the AWS SSM command uses TWITTER_USERNAME, causing a mismatch in variable names that will result in empty value being stored in SSM.
|
|
||
| export TWITTER_EMAIL TWITTER_PASSWORD TWITTER_USER | ||
|
|
||
| aws ssm put-parameter --name "tine_agent_twitter_password" --value "${TWITTER_PASSWORD}" --type String |
There was a problem hiding this comment.
The script doesn't use --overwrite flag, which means it will fail if parameters already exist in SSM. This could cause deployment issues in existing environments.
| @@ -0,0 +1,28 @@ | |||
|
|
|||
| # | |||
| bash ./get_secrets.sh | |||
There was a problem hiding this comment.
Script execution lacks error handling and verification of get_secrets.sh existence. A failed secrets retrieval could lead to authentication issues in subsequent Docker operations.
| docker kill agent-docker.service || echo skip | ||
| docker rm --force agent-docker.service || echo skip | ||
|
|
||
| /usr/bin/bash -c 'docker login -u AWS -p $(aws ecr get-login-password --region us-east-2) 767503528736.dkr.ecr.us-east-2.amazonaws.com' |
There was a problem hiding this comment.
Exposing AWS credentials in command line is insecure. The password could be visible in process lists or system logs. Should use environment variables or AWS credentials file.
| --env-file /var/run/agent/secrets/env \ | ||
| --rm \ | ||
| --name "agent-docker.service" \ | ||
| --entrypoint /opt/agent/docker-entrypoint-strace2.sh $DOCKERIMAGE |
There was a problem hiding this comment.
The script uses $DOCKERIMAGE variable in the final docker run command, but this variable is never defined. It should likely be $CORE_AGENT_IMAGE based on the context.
| @@ -0,0 +1,30 @@ | |||
|
|
|||
| # | |||
| bash ./get_secrets.sh | |||
There was a problem hiding this comment.
The script doesn't check if get_secrets.sh execution was successful. Failed secrets retrieval could lead to runtime issues in the container.
| if ! grep -q "^HOME" "/var/run/agent/secrets/env"; then | ||
| echo "WORKSPACE_DIR=\${STATE_DIRECTORY}" >> "/var/run/agent/secrets/env" | ||
| fi |
There was a problem hiding this comment.
The condition checks for HOME but writes WORKSPACE_DIR, which appears to be a logic error. Also, the condition is identical to the previous if statement, suggesting a copy-paste error.
| cd "$(dirname "$0")"/.. | ||
| echo "Cleanup started." |
There was a problem hiding this comment.
The script doesn't check if the directory change was successful before proceeding. A failed cd command could lead to cleanup operations in the wrong directory.
| #aws ssm put-parameter --name "tine_agent_openai_key" --value "${OPENAI_API_KEY}" --type String | ||
| #aws ssm put-parameter --name "tine_agent_openai_endpoint" --value "${OPENAI_API_BASE}" --type String | ||
| #aws ssm put-parameter --name "tine_agent_openai_model" --value "${LLMMODEL}" --type String | ||
| aws ssm put-parameter --name "tine_agent_groq_key" --value "${GROQ_API_KEY}" --type String |
There was a problem hiding this comment.
Sensitive API key is stored without the --overwrite flag, which could lead to parameter creation failures if it already exists, and without SecureString type for encryption.
|
|
||
| aws ssm put-parameter --name "tine_agent_2_agent_image" --value "h4ckermike/elizaos-eliza:feb10" --type String | ||
| aws ssm put-parameter --name "tine_agent_2_docker_username" --value "${DOCKER_USERNAME}" --type String | ||
| aws ssm put-parameter --name "tine_agent_2_docker_password" --value "${DOCKER_PASSWORD}" --type String |
There was a problem hiding this comment.
Docker credentials are stored as plain String type instead of SecureString, potentially exposing sensitive authentication data. Also missing --overwrite flag for consistency.
| @@ -0,0 +1,2 @@ | |||
| #!/bin/bash | |||
| source /var/run/agent/secrets/env | |||
There was a problem hiding this comment.
The script doesn't check if the environment file exists before sourcing it. This could lead to silent failures and unpredictable behavior if the file is missing or inaccessible.
| prms = { | ||
| "portNumber":["22"], | ||
| "localPortNumber":["2222"] | ||
| } |
There was a problem hiding this comment.
Hard-coded port numbers should be configurable parameters or environment variables to allow flexibility and security in different environments.
| source /var/run/agent/secrets/env | ||
|
|
||
| /usr/bin/docker run -p 3000:3000 \ | ||
| -v tokenizer:/app/node_modules/@anush008/tokenizers/ \ |
There was a problem hiding this comment.
Using the same volume name 'tokenizer' for two different mount points can cause conflicts and unexpected behavior. Each volume should have a unique name to ensure proper isolation.
| #!/bin/bash | ||
|
|
||
| source ./env | ||
| /usr/bin/docker remove agent-docker.service |
There was a problem hiding this comment.
The command should be 'docker rm' instead of 'docker remove'. This is incorrect Docker CLI syntax and will fail. The command needs to be corrected to use the proper Docker command.
|
@trag-bot didn't find any issues in the code! ✅✨ |
Pull request summary
|
Porting of scripts into new version
Future thoughts
We can think about moving these scripts into a new repo that holds Eliza as submodule so we don't need to change the base repo.
Basically, a packaging of another repo.