Use atmos for readme generation @goruha (#978)
what
- Use atmos for readme generation
why
- Use atmos to generate readme instead of build-harness
🚀 Enhancements
fix: `codespell` typo fixes, replace unsafe array assignments, quote variable expansions to prevent globbing @RoseSecurity (#980)
what
[!NOTE]
All modifications are non-functional improvements focused on reliability and security
- Codespell typo fixes
- Improve shell script quality and security by fixing unquoted variables and unsafe array splitting patterns identified by ShellCheck
- Replace unsafe array assignment patterns like
array=($(command))with the more robustmapfile -t array < <(command)syntax - Quote all variable expansions to prevent word splitting and globbing
- Fix command substitutions that could break with special characters.
why
- Improve the reliability and security of Geodesic
references
Add Atmos auth integration to Geodesic @osterman (#979)
Summary
This PR integrates Atmos authentication support into Geodesic by:
- Mounting Atmos-specific directories (
.cache/atmosand.local/share/atmos) when they exist on the host - Configuring Atmos XDG environment variables for proper credential and cache storage
- Adding a new
use-identityhelper function for seamless Atmos auth workflow
Changes
1. Wrapper Script (wrapper-body.sh)
- Added conditional mounting of
.cache/atmosand.local/share/atmosdirectories - Only mounts directories if they exist on the host to avoid unnecessary overhead
- Enables persistent SSO token caching and keyring storage across Geodesic sessions
2. Atmos Configuration (atmos.sh)
- Export
ATMOS_XDG_CONFIG_HOME,ATMOS_XDG_DATA_HOME, andATMOS_XDG_CACHE_HOMEenvironment variables - These direct Atmos to use the container's home directory paths that are mounted from the host
3. New use-identity Function
- Added in atmos.sh as a general-purpose function (not AWS-specific)
- Usage:
use-identity [identity-name]use-identityalone brings up the interactive identity selectoruse-identity my-identitydirectly authenticates with that identity using--identity=my-identitysyntax
- Integrates with AWS prompt refresh when available (checks for
export_current_aws_role)
Test Plan
- Verify Atmos auth directories are mounted when present
- Test
use-identitywith no arguments (should show selector) - Test
use-identity my-identity(should authenticate directly) - Verify SSO tokens persist across Geodesic sessions
- Verify keyring data persists across Geodesic sessions
- Confirm existing
assume-roleworkflows still work - Test with Geodesic container that has Atmos installed
🧰 Included Tools
fix: `codespell` typo fixes, replace unsafe array assignments, quote variable expansions to prevent globbing @RoseSecurity (#980)
what
[!NOTE]
All modifications are non-functional improvements focused on reliability and security
- Codespell typo fixes
- Improve shell script quality and security by fixing unquoted variables and unsafe array splitting patterns identified by ShellCheck
- Replace unsafe array assignment patterns like
array=($(command))with the more robustmapfile -t array < <(command)syntax - Quote all variable expansions to prevent word splitting and globbing
- Fix command substitutions that could break with special characters.
why
- Improve the reliability and security of Geodesic
references
Add Atmos auth integration to Geodesic @osterman (#979)
Summary
This PR integrates Atmos authentication support into Geodesic by:
- Mounting Atmos-specific directories (
.cache/atmosand.local/share/atmos) when they exist on the host - Configuring Atmos XDG environment variables for proper credential and cache storage
- Adding a new
use-identityhelper function for seamless Atmos auth workflow
Changes
1. Wrapper Script (wrapper-body.sh)
- Added conditional mounting of
.cache/atmosand.local/share/atmosdirectories - Only mounts directories if they exist on the host to avoid unnecessary overhead
- Enables persistent SSO token caching and keyring storage across Geodesic sessions
2. Atmos Configuration (atmos.sh)
- Export
ATMOS_XDG_CONFIG_HOME,ATMOS_XDG_DATA_HOME, andATMOS_XDG_CACHE_HOMEenvironment variables - These direct Atmos to use the container's home directory paths that are mounted from the host
3. New use-identity Function
- Added in atmos.sh as a general-purpose function (not AWS-specific)
- Usage:
use-identity [identity-name]use-identityalone brings up the interactive identity selectoruse-identity my-identitydirectly authenticates with that identity using--identity=my-identitysyntax
- Integrates with AWS prompt refresh when available (checks for
export_current_aws_role)
Test Plan
- Verify Atmos auth directories are mounted when present
- Test
use-identitywith no arguments (should show selector) - Test
use-identity my-identity(should authenticate directly) - Verify SSO tokens persist across Geodesic sessions
- Verify keyring data persists across Geodesic sessions
- Confirm existing
assume-roleworkflows still work - Test with Geodesic container that has Atmos installed
Footnote
In every release, we update all unpinned packages to their latest packaged versions. These changes are not detailed here.