docs(templates): document startup_script_behavior in-depth
#7857
Conversation
startup_script_behavior in-depthstartup_script_behavior in-depth
ec07da6 to
50b4a64
Compare
| # Notice: var.repo and var.dotfiles_uri are specified elsewhere in the Terraform | ||
| # code as input variables. | ||
| REPO=${var.repo} | ||
| DOTFILES_URI=${var.dotfiles_uri} |
There was a problem hiding this comment.
| DOTFILES_URI=${var.dotfiles_uri} | |
| DOTFILES_URI=${data.coder_parameter.dotfiles_uri} |
Should we suggest using the coder_parameter resource here as we do not support terraform variables anymore for workspace-level variables?
There was a problem hiding this comment.
I think that's a good idea, but I'd like to avoid making the change in this PR. Perhaps we should check if there's other places this correction needs to be done as well and do them all in one go?
|
|
||
| Use the Coder agent's `startup_script_behavior` to change the behavior between `blocking` and `non-blocking` (default). The blocking behavior is recommended for most use cases because it allows the startup script to complete before the user accesses the workspace. For example, let's say you want to check out a very large repo in the startup script. If the startup script is non-blocking, the user may log in via SSH or open the IDE before the repo is fully checked out. This can lead to a poor user experience. | ||
|
|
||
| Whichever behavior is enabled, the user can still choose to override it by specifying the appropriate flags (or environment variables) in the CLI when connecting to the workspace. For example, `coder ssh --no-wait` will connect to the workspace without waiting for the startup script to complete. |
There was a problem hiding this comment.
Should we specify which are the appropriate environment variables here?
There was a problem hiding this comment.
I wanted to keep this terse, so perhaps we should link to the troubleshooting section instead that already mentions them?
|
|
||
| Here are a few guidelines for writing a good startup script (more on these below): | ||
|
|
||
| 1. Use `set -e` to exit the script if any command fails and `|| true` for commands that are allowed to fail |
There was a problem hiding this comment.
Would it make sense to recommend "unofficial Bash strict mode" (i.e. set -euo pipefail)?
There was a problem hiding this comment.
Do you have a good link for it? Maybe we can link it as an apropos. Otherwise I think it's better to K.I.S.S. We don't want to end up writing a how-to-bash. 😅
There was a problem hiding this comment.
As it's "unofficial", it's hard to find a good link. I like jevans' illustrated reasoning: https://wizardzines.com/comics/bash-errors/
But I agree, we don't want this to devolve into a full Bash scripting tutorial. At most, we link to https://tldp.org/LDP/abs/html/
There was a problem hiding this comment.
Haha, I really want to link that comic now 😆
docs/templates/index.md
Outdated
| EOT | ||
| } | ||
| ``` | ||
|
|
||
| The startup script can contain important steps that must be executed successfully so that the workspace is in a usable state, for this reason we recommend using `set -e` (exit on error) at the top and `|| true` (allow command to fail) to ensure the user is notified when something goes wrong. These are not shown in the example above because, while useful, they need to be used with care. |
There was a problem hiding this comment.
Should we just recommend full "unofficial strict mode" and recommend folks use shellcheck?
There was a problem hiding this comment.
I expanded on this, LMKWYT.
There was a problem hiding this comment.
PS. The downside with the expanded part, it technically could require a disclaimer, which I didn't put in.
Note that this only applies when using Bash or another advanced shell that supports this feature. If the users shell is
/bin/shthen this will likely fail catastrophically.
Note^2 it can work with
/bin/shbecause often it's linked tobash
Again, we don't want to teach shell, but we also want to nudge in the right direction. Though problem.
docs/templates/index.md
Outdated
| EOT | ||
| } | ||
| ``` | ||
|
|
||
| The startup script can contain important steps that must be executed successfully so that the workspace is in a usable state, for this reason we recommend using `set -e` (exit on error) at the top and `|| true` (allow command to fail) to ensure the user is notified when something goes wrong. These are not shown in the example above because, while useful, they need to be used with care. | ||
|
|
||
| We also recommend that startup scripts always have an end, meaning that long running processes should be run in the background. This is usually achieved by adding `&` to the end of the command. For example, `sleep 10 &` will run the command in the background and allow the startup script to complete. |
There was a problem hiding this comment.
| We also recommend that startup scripts always have an end, meaning that long running processes should be run in the background. This is usually achieved by adding `&` to the end of the command. For example, `sleep 10 &` will run the command in the background and allow the startup script to complete. | |
| We also recommend that startup scripts exit as quickly as possible. Long-running processes should be run in the background. This is usually achieved by adding `&` to the end of the command. For example, `sleep 10 &` will run the command in the background and allow the startup script to complete. |
There was a problem hiding this comment.
I like the idea, but I think the fixup may give the wrong idea. We don't want people writing git clone [big repo] & so that the script completes ASAP. I'll noodle on it. 👍🏻
There was a problem hiding this comment.
"Should exit as quickly as possible while leaving the workspace in a ready-to-use state"?
There was a problem hiding this comment.
That's definitely better. Although I think it'd be simpler to invert it:
We also recommend that startup scripts do not run forever.
Thoughts? I think both your suggestion and this one are good a fit.
docs/templates/index.md
Outdated
| ``` | ||
|
|
||
| This script tells us what command is being run and what the exit status is. If the exit status is non-zero, it means the command failed. Note that here we don't need `set -x` because we're manually echoing the commands which protects against sensitive information being shown in the log. We also don't need `set -e` because we're manually checking the exit status and exiting if it's non-zero. |
There was a problem hiding this comment.
Note that here we don't need
set -xbecause we're manually echoing the commands which protects against sensitive information being shown in the log.
I think this is worth emphasising even more e.g. with a > **Note:**
Co-authored-by: Cian Johnston <cian@coder.com>
Co-authored-by: Cian Johnston <cian@coder.com>
Fixes #7759