vm run: ship tracked files only by default; add --include-untracked + --dry-run
Workspace-mode vm run and vm workspace prepare used to copy both tracked AND untracked non-ignored files into the guest. That silently catches local .env files, scratch notes, credentials, and any other working-tree state a developer hasn't explicitly gitignored — a real data-exposure footgun given the golden image ships Docker and the usual dev tooling. Flip the default to tracked-only. Users who actually want the fuller set opt in with --include-untracked (documented in both commands' help). Gitignored files are still always excluded regardless of the flag. Add --dry-run to both vm run and vm workspace prepare. Dry-run inspects the repo CLI-side (no VM created, no daemon RPC needed since the daemon is always local and the inspection is a pure git read), prints the exact file list + mode, and exits. A byte-level preview of what would land in the guest. When running real (non-dry) and untracked files exist in the repo but are being skipped under the new default, print a one-line notice pointing to --include-untracked so users aren't surprised when the guest is missing something they expected. Signature changes: - ListOverlayPaths takes an includeUntracked bool (tracked always; untracked gated by flag). - InspectRepo takes the same flag and passes it through. - VMWorkspacePrepareParams gains IncludeUntracked. - WorkspaceService.workspaceInspectRepo seam signature widened to match (4 callers in tests updated). New workspace package tests cover both modes and verify that gitignored files never leak regardless of the flag. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
25a1466947
commit
2a7f55f028
11 changed files with 293 additions and 67 deletions
|
|
@ -39,9 +39,10 @@ type vmRunGuestClient interface {
|
|||
// RepoName, HEAD commit, etc.) comes back from the workspace.prepare
|
||||
// RPC, which does the full git inspection daemon-side.
|
||||
type vmRunRepo struct {
|
||||
sourcePath string
|
||||
branchName string
|
||||
fromRef string
|
||||
sourcePath string
|
||||
branchName string
|
||||
fromRef string
|
||||
includeUntracked bool
|
||||
}
|
||||
|
||||
const vmRunToolingInstallTimeoutSeconds = 120
|
||||
|
|
@ -193,13 +194,19 @@ func (d *deps) runVMRun(ctx context.Context, socketPath string, cfg model.Daemon
|
|||
if strings.TrimSpace(repo.branchName) != "" {
|
||||
fromRef = repo.fromRef
|
||||
}
|
||||
if !repo.includeUntracked {
|
||||
if err := noteUntrackedSkipped(ctx, stderr, repo.sourcePath); err != nil {
|
||||
printVMRunWarning(stderr, fmt.Sprintf("count untracked files failed: %v", err))
|
||||
}
|
||||
}
|
||||
prepared, err := d.vmWorkspacePrepare(ctx, socketPath, api.VMWorkspacePrepareParams{
|
||||
IDOrName: vmRef,
|
||||
SourcePath: repo.sourcePath,
|
||||
GuestPath: vmRunGuestDir(),
|
||||
Branch: repo.branchName,
|
||||
From: fromRef,
|
||||
Mode: string(model.WorkspacePrepareModeShallowOverlay),
|
||||
IDOrName: vmRef,
|
||||
SourcePath: repo.sourcePath,
|
||||
GuestPath: vmRunGuestDir(),
|
||||
Branch: repo.branchName,
|
||||
From: fromRef,
|
||||
Mode: string(model.WorkspacePrepareModeShallowOverlay),
|
||||
IncludeUntracked: repo.includeUntracked,
|
||||
})
|
||||
if err != nil {
|
||||
return fmt.Errorf("vm %q is running but workspace prepare failed: %w", vmRef, err)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue