Copilot commented on code in PR #13412:
URL: https://github.com/apache/apisix/pull/13412#discussion_r3280019472
##########
ci/redhat-ci.sh:
##########
@@ -39,8 +39,9 @@ install_dependencies() {
yum install -y openresty-pcre-devel openresty-zlib-devel
install_apisix_runtime
+
APISIX_BUILD_TOOLS_REF="${APISIX_BUILD_TOOLS_REF:-apisix-runtime/${APISIX_RUNTIME}}"
curl -o /usr/local/openresty/openssl3/ssl/openssl.cnf \
Review Comment:
The `curl` download of `openssl.cnf` does not fail on HTTP errors. If
`${APISIX_BUILD_TOOLS_REF}` is incorrect or the file path changes, the script
can silently write an error page and continue, causing later failures that are
harder to diagnose. Consider adding `-f` (and typically `-sS -L`) to make the
failure immediate and explicit.
##########
ci/linux-install-openresty.sh:
##########
@@ -54,8 +54,9 @@ fi
install_apisix_runtime
if [ ! "$ENABLE_FIPS" == "true" ]; then
-curl -o /usr/local/openresty/openssl3/ssl/openssl.cnf \
-
https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/conf/openssl3/openssl.cnf
+
APISIX_BUILD_TOOLS_REF="${APISIX_BUILD_TOOLS_REF:-apisix-runtime/${APISIX_RUNTIME}}"
+ curl -o /usr/local/openresty/openssl3/ssl/openssl.cnf \
Review Comment:
The `curl` download of `openssl.cnf` does not use flags that fail on HTTP
errors. If `${APISIX_BUILD_TOOLS_REF}` is mistyped/missing the file, CI may
proceed with a downloaded 404/HTML body and fail later in confusing ways.
Consider adding `-f` (and typically `-sS -L`) so the script fails immediately
when the fetch is invalid.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
