feat: Add update script for custom config

[EmilUnger]

Modified the update script to work with a custom config.

Summary by CodeRabbit

• New Features

  • Added an update script for CISO Assistant that validates the database, creates a backup, and restarts services automatically.
  • Provides clear success and error messages during the update process.

• Chores

  • Simplified updates by relying on an always-pull policy, removing the need for manual image cleanup.
  • Improved reliability with stricter execution settings.

[coderabbitai]

Walkthrough

Adds a Bash script to back up a SQLite database, validate its presence, stop/remove Docker services via a custom compose file, and restart them in detached mode. Uses strict shell options, emits user-facing messages, and notes that image removal is unnecessary due to an always-pull policy.

Changes

Cohort / File(s)	Summary
Update script config/update-ciso-assistant.sh	New Bash script: sets DB and backup paths, validates DB, creates timestamped backup, stops/removes services from docker-compose-custom.yml, restarts them with docker compose up -d, uses set -euo pipefail, and prints success/error messages.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor U as User
  participant S as update-ciso-assistant.sh
  participant FS as Filesystem
  participant DC as docker compose
  participant DE as Docker Engine

  U->>S: Run script
  S->>FS: Check main DB exists
  alt DB missing
    S-->>U: Error and exit
  else DB present
    S->>FS: Create timestamped DB backup
    S->>DC: down --remove-orphans (custom yml)
    DC->>DE: Stop & remove containers
    S->>DC: up -d (custom yml)
    DC->>DE: Start containers (pull policy applies)
    S-->>U: Print success message
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I thump my paws—backup complete!
Containers snooze, then spring to their feet.
Compose hums softly, images pull true,
A tidy warren, refreshed and new.
With bashful scripts and careful care,
The CISO burrow’s light as air. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly and concisely describes the primary change, which is adding an update script that supports custom configuration, and aligns with the actual files and objectives of the pull request.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (3)

config/update-ciso-assistant.sh (3)

20-21: Ensure images are refreshed on update.

If you rely on “always pull policy”, reflect it in the command or explicitly pull before up.

Either:

-docker compose -f docker-compose-custom.yml up -d
+docker compose -f docker-compose-custom.yml up -d --pull always

Or (widely compatible):

+# Fetch latest images
+docker compose -f docker-compose-custom.yml pull -q
 # Start the containers for custom config
 docker compose -f docker-compose-custom.yml up -d

---

4-5: Make paths robust regardless of the invocation directory.

Relative paths will fail if the script is run from config/ or elsewhere.

Apply:

+SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"
+ROOT_DIR="$(cd -- "$SCRIPT_DIR/.." >/dev/null 2>&1 && pwd)"
+COMPOSE_FILE="$ROOT_DIR/docker-compose-custom.yml"
+DB_FILE="$ROOT_DIR/db/ciso-assistant.sqlite3"
-DB_FILE="db/ciso-assistant.sqlite3"
-# ... later ...
-docker compose -f docker-compose-custom.yml rm -fs
+if [ ! -f "$COMPOSE_FILE" ]; then
+  echo "Error: compose file not found at $COMPOSE_FILE"
+  exit 1
+fi
+docker compose -f "$COMPOSE_FILE" rm -fs
-# Start the containers for custom config
-docker compose -f docker-compose-custom.yml up -d
+# Start the containers for custom config
+docker compose -f "$COMPOSE_FILE" up -d

Also applies to: 17-21

---

22-22: Polish: consistent product naming.

Capitalize “Assistant” consistently: “CISO Assistant updated successfully”.

-echo "CISO assistant updated successfully"
+echo "CISO Assistant updated successfully"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c26a373 and 225e08a.

📒 Files selected for processing (1)

• config/update-ciso-assistant.sh (1 hunks)

🧰 Additional context used

🪛 Shellcheck (0.11.0)

config/update-ciso-assistant.sh

[error] 1-1: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 2-2: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 3-3: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 4-4: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 5-5: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 6-6: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 7-7: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 8-8: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 9-9: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 10-10: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 11-11: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 12-12: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 13-13: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 14-14: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 15-15: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 16-16: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 17-17: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 18-18: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 19-19: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 20-20: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 21-21: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

[coderabbitai]

⚠️ Potential issue

Correct the shebang.

There must be no space after #!.

Apply:

-#! /usr/bin/env bash
+#!/usr/bin/env bash

Also ensure the script is executable: git update-index --chmod=+x config/update-ciso-assistant.sh

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	#! /usr/bin/env bash
	#!/usr/bin/env bash

🧰 Tools

🪛 Shellcheck (0.11.0)

[error] 1-1: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

🤖 Prompt for AI Agents

In config/update-ciso-assistant.sh around line 1 the shebang has an extra space
("#! /usr/bin/env bash"); remove the space so it reads "#!/usr/bin/env bash" and
save the file, then mark the script as executable in git with: git update-index
--chmod=+x config/update-ciso-assistant.sh.

[coderabbitai]

⚠️ Potential issue

Fix CRLF line endings (prevents /usr/bin/env bash^M errors).

The file is committed with Windows CRLF endings. On Linux/macOS this will fail to execute.

Recommended remediation:

• Convert this file to LF once: dos2unix config/update-ciso-assistant.sh (or git config core.autocrlf false and re-add)
• Enforce via .gitattributes:

+*.sh text eol=lf

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools

🪛 Shellcheck (0.11.0)

[error] 1-1: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 2-2: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 3-3: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 4-4: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 5-5: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 6-6: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 7-7: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 8-8: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 9-9: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 10-10: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 11-11: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 12-12: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 13-13: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 14-14: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 15-15: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 16-16: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 17-17: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 18-18: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 19-19: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 20-20: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 21-21: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

🤖 Prompt for AI Agents

In config/update-ciso-assistant.sh lines 1-21 the script is committed with CRLF
endings which cause “/usr/bin/env bash^M” execution errors on Unix; convert the
file to LF (e.g., run dos2unix config/update-ciso-assistant.sh or set git config
core.autocrlf false, re-add the file), ensure the executable bit is preserved,
add a .gitattributes entry like "*.sh text eol=lf" to enforce LF on commit, and
commit the normalized file so CI and Unix systems run the script correctly.

[coderabbitai]

⚠️ Potential issue

Harden backup handling: location, timestamp, and permissions.

Current backup goes to CWD with default perms, which can expose sensitive data.

Apply:

-DB_FILE="db/ciso-assistant.sqlite3"
-BACKUP_FILE="ciso-assistant-backup.sqlite3"
+DB_FILE="db/ciso-assistant.sqlite3"
+# Timestamped backup placed alongside the DB
+BACKUP_FILE="db/ciso-assistant-backup-$(date -u +%Y%m%d%H%M%S).sqlite3"

And ensure restrictive perms:

-  cp "$DB_FILE" "$BACKUP_FILE"
+  umask 077
+  cp "$DB_FILE" "$BACKUP_FILE"

Optional: use sqlite3 online backup if you ever decide to back up while services run:

• sqlite3 "$DB_FILE" ".backup '$BACKUP_FILE'"

Also applies to: 12-13

🧰 Tools

🪛 Shellcheck (0.11.0)

[error] 4-4: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 5-5: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

[coderabbitai]

⚠️ Potential issue

Stop services before backing up the SQLite DB (avoid corrupted backups).

Copying a live SQLite file risks corruption. Stop containers first, then back up.

Apply:

-# Backup the database
-if [ ! -f "$DB_FILE" ]; then
-  echo "Error: No database found, please initialize CISO Assistant first"
-  exit 1
-else
-  cp "$DB_FILE" "$BACKUP_FILE"
-  echo "Backup of the database created in $BACKUP_FILE"
-fi
-
-# Stop and clean the containers for custom config
-docker compose -f docker-compose-custom.yml rm -fs
+# Stop and clean the containers for custom config
+docker compose -f docker-compose-custom.yml rm -fs
+
+# Backup the database (after containers are stopped)
+if [ ! -f "$DB_FILE" ]; then
+  echo "Error: No database found, please initialize CISO Assistant first"
+  exit 1
+else
+  cp "$DB_FILE" "$BACKUP_FILE"
+  echo "Backup of the database created in $BACKUP_FILE"
+fi

Also applies to: 16-18

🧰 Tools

🪛 Shellcheck (0.11.0)

[error] 7-7: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 8-8: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 9-9: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 10-10: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 11-11: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 12-12: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 13-13: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

---

[error] 14-14: Literal carriage return. Run script through tr -d '\r' .

(SC1017)

🤖 Prompt for AI Agents

In config/update-ciso-assistant.sh around lines 7 to 14 (and also apply same fix
to lines 16-18), the script copies the SQLite DB while services may still be
running which can produce corrupted backups; modify the script to stop the
service(s) or container(s) that access the DB before creating the backup, verify
they stopped successfully, perform the cp to create the backup, and then restart
the service(s)/container(s) after the backup completes (ensure to handle and
fail with an error if stop or restart commands fail).