Refactor shell scripts for improved safety and consistency; add guidelines to documentation

.devcontainer/library-scripts/load-env.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# Exit on error. Append "|| true" if you expect an error.
+set -o errexit
+# Exit on error inside any functions or subshells.
+set -o errtrace
+# Do not allow use of undefined vars. Use ${VAR:-} to use an undefined VAR
+set -o nounset
+# Catch the error in case mysqldump fails (but gzip succeeds) in `mysqldump |gzip`
+set -o pipefail
+# Turn on traces, useful while debugging but commented out by default
+# set -o xtrace
+
+# Load environment variables from .env file
+readonly ENV_FILE="/workspaces/finance/.devcontainer/.env"
+
+if [[ ! -f "${ENV_FILE}" ]]; then
+    echo >&2 "Error: Environment file not found: ${ENV_FILE}"
+    exit 1
+fi
+
+echo "Loading environment variables from ${ENV_FILE}"
+
+# Read the env file line by line to handle special characters correctly
+while IFS= read -r line || [[ -n "${line}" ]]; do
+    # Skip comments and empty lines
+    [[ "${line}" =~ ^[[:space:]]*# ]] && continue
+    [[ -z "${line}" ]] && continue
+
+    # Export the variable
+    if [[ "${line}" =~ ^[[:alpha:]][[:alnum:]_]*= ]]; then
+        export "${line}"
+    else
+        echo >&2 "Warning: Skipping invalid line: ${line}"
+    fi
+done < "${ENV_FILE}"
+
+# Verify PAT loaded correctly (without printing the actual token)
+if [[ -n "${GITHUB_PERSONAL_ACCESS_TOKEN:-}" ]]; then
+    echo "GitHub Personal Access Token loaded successfully"
+else
+    echo >&2 "ERROR: GitHub Personal Access Token not loaded"
+    exit 1
+fi