Add DuckDB linker environment variables

[forstmeier]

Overview

Changes

• add data manager image environment variables

Comments

Another fix.

Summary by CodeRabbit

Release Notes

• Chores
  • Updated build configuration for the datamanager application to improve runtime library resolution with updated environment variables.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[Copilot]

Pull request overview

This PR adds DuckDB linker environment variables to the data manager Docker image to ensure proper library linking during the build process.

Changes:

• Added three environment variables (LIBRARY_PATH, LD_LIBRARY_PATH, PKG_CONFIG_PATH) to configure library paths for DuckDB dependencies

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Walkthrough

This change modifies the applications/datamanager/Dockerfile to configure environment variables for runtime library lookup. Three environment variables are added: LIBRARY_PATH, LD_LIBRARY_PATH, and PKG_CONFIG_PATH, all pointing to /usr/local/lib (with PKG_CONFIG_PATH additionally including /usr/local/lib/pkgconfig). A whitespace-only modification is also made to the rustup toolchain installation command.

Possibly related PRs

• Update builder/server DuckDB dependencies #662: Adds libduckdb installation in /usr/local and runs ldconfig; this PR complements it by setting environment variables to ensure runtime library lookup finds those libraries.
• Fix DuckDB download location for subsequent COPY statement expectations #663: Ensures DuckDB shared libraries are placed in /usr/local/lib and adjusts library path environment variables for correct runtime resolution.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely describes the main change: adding DuckDB linker environment variables to the Dockerfile.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pulumi]

🚀 The Update (preview) for forstmeier/pocketsizefund/production (at 60c79af) was successful.

✨ Neo Explanation

Initial production deployment creating a complete ECS-based microservices environment on AWS with three containerized services (datamanager, equitypricemodel, portfoliomanager) behind an application load balancer with private networking and service discovery.

Root Cause Analysis

This deployment was triggered by a code change in the repository. The infrastructure code is creating a complete AWS environment from scratch for the PocketSizeFund application in the production stack. This appears to be an initial deployment defining a microservices architecture with three services: datamanager, equitypricemodel, and portfoliomanager.

Dependency Chain

The deployment follows a clear infrastructure hierarchy:

1. Foundation: VPC and networking components (subnets, route tables, internet gateway, NAT gateway) are created first to establish network isolation
2. Security layer: Security groups and IAM roles are configured to control access between components
3. Service infrastructure: ECS cluster, service discovery namespace, and load balancer are provisioned to host the applications
4. Application deployment: Three ECS services are deployed with their task definitions, pointing to pre-built container images in ECR
5. Routing: Load balancer listener rules route external HTTP traffic to the datamanager and portfoliomanager services, while equitypricemodel runs as an internal service accessible via service discovery

The private subnets host the ECS tasks, which pull container images through VPC endpoints (ECR API/DKR) and access S3 through a gateway endpoint, avoiding internet traffic. Public-facing traffic enters through the ALB in public subnets.

Risk analysis

Low Risk - This is a greenfield deployment creating all new resources. No existing infrastructure is being replaced or deleted.

Resource Changes

    Name                           Type                                                          Operation
+   ecs_egress                     aws:ec2/securityGroupRule:SecurityGroupRule                   create
+   datamanager_sd                 aws:servicediscovery/service:Service                          create
+   public_subnet_2_rta            aws:ec2/routeTableAssociation:RouteTableAssociation           create
+   datamanager_service            aws:ecs/service:Service                                       create
+   execution_role                 aws:iam/role:Role                                             create
+   datamanager_tg                 aws:lb/targetGroup:TargetGroup                                create
+   execution_role_policy          aws:iam/rolePolicyAttachment:RolePolicyAttachment             create
+   public_internet_route          aws:ec2/route:Route                                           create
+   ecs_from_alb                   aws:ec2/securityGroupRule:SecurityGroupRule                   create
+   portfoliomanager_task          aws:ecs/taskDefinition:TaskDefinition                         create
+   equitypricemodel_service       aws:ecs/service:Service                                       create
+   pocketsizefund-production      pulumi:pulumi:Stack                                           create
+   alb_sg                         aws:ec2/securityGroup:SecurityGroup                           create
+   ecs_sg                         aws:ec2/securityGroup:SecurityGroup                           create
+   service_discovery              aws:servicediscovery/privateDnsNamespace:PrivateDnsNamespace  create
+   portfoliomanager_sd            aws:servicediscovery/service:Service                          create
+   private_subnet_1_rta           aws:ec2/routeTableAssociation:RouteTableAssociation           create
+   private_subnet_2_rta           aws:ec2/routeTableAssociation:RouteTableAssociation           create
+   datamanager_task               aws:ecs/taskDefinition:TaskDefinition                         create
+   private_subnet_2               aws:ec2/subnet:Subnet                                         create
+   vpc_endpoints_sg               aws:ec2/securityGroup:SecurityGroup                           create
+   execution_role_secrets_policy  aws:iam/rolePolicy:RolePolicy                                 create
+   datamanager_logs               aws:cloudwatch/logGroup:LogGroup                              create
+   vpc_endpoints_ingress          aws:ec2/securityGroupRule:SecurityGroupRule                   create
+   ecr_api_endpoint               aws:ec2/vpcEndpoint:VpcEndpoint                               create
+   alb                            aws:lb/loadBalancer:LoadBalancer                              create
+   nat_route                      aws:ec2/route:Route                                           create
+   igw                            aws:ec2/internetGateway:InternetGateway                       create
+   nat_gateway                    aws:ec2/natGateway:NatGateway                                 create
+   task_role_s3_policy            aws:iam/rolePolicy:RolePolicy                                 create
+   portfoliomanager_rule          aws:lb/listenerRule:ListenerRule                              create
+   vpc                            aws:ec2/vpc:Vpc                                               create
+   private_route_table            aws:ec2/routeTable:RouteTable                                 create
+   ecs_self_ingress               aws:ec2/securityGroupRule:SecurityGroupRule                   create
+   equitypricemodel_task          aws:ecs/taskDefinition:TaskDefinition                         create
+   http_listener                  aws:lb/listener:Listener                                      create
+   portfoliomanager_service       aws:ecs/service:Service                                       create
+   ecs_cluster                    aws:ecs/cluster:Cluster                                       create
+   public_route_table             aws:ec2/routeTable:RouteTable                                 create
+   portfoliomanager_logs          aws:cloudwatch/logGroup:LogGroup                              create
+   ecr_dkr_endpoint               aws:ec2/vpcEndpoint:VpcEndpoint                               create
... and 12 other changes

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

applications/datamanager/Dockerfile (1)

24-27: Consider using duckdb-rs-specific environment variables for more reliable build linkage.

LIBRARY_PATH and LD_LIBRARY_PATH will help during the build, but the duckdb-rs crate is designed to use DUCKDB_LIB_DIR and DUCKDB_INCLUDE_DIR for locating system-provided DuckDB libraries. These are more reliable than LIBRARY_PATH and pkg-config discovery.

Replace these three ENV variables with:

• ENV DUCKDB_LIB_DIR=/usr/local/lib
• ENV DUCKDB_INCLUDE_DIR=/usr/local/include

(The PKG_CONFIG_PATH is ineffective here since the DuckDB archive does not include a .pc file.)

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4c599a0 and 60c79af.

📒 Files selected for processing (1)

• applications/datamanager/Dockerfile

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Run Rust code checks

🔇 Additional comments (1)

applications/datamanager/Dockerfile (1)

20-20: No functional change detected.

This appears to be a whitespace-only modification with no impact on build behavior.