vm run: ship tracked files only by default; add --include-untracked + --dry-run
Workspace-mode vm run and vm workspace prepare used to copy both tracked AND untracked non-ignored files into the guest. That silently catches local .env files, scratch notes, credentials, and any other working-tree state a developer hasn't explicitly gitignored — a real data-exposure footgun given the golden image ships Docker and the usual dev tooling. Flip the default to tracked-only. Users who actually want the fuller set opt in with --include-untracked (documented in both commands' help). Gitignored files are still always excluded regardless of the flag. Add --dry-run to both vm run and vm workspace prepare. Dry-run inspects the repo CLI-side (no VM created, no daemon RPC needed since the daemon is always local and the inspection is a pure git read), prints the exact file list + mode, and exits. A byte-level preview of what would land in the guest. When running real (non-dry) and untracked files exist in the repo but are being skipped under the new default, print a one-line notice pointing to --include-untracked so users aren't surprised when the guest is missing something they expected. Signature changes: - ListOverlayPaths takes an includeUntracked bool (tracked always; untracked gated by flag). - InspectRepo takes the same flag and passes it through. - VMWorkspacePrepareParams gains IncludeUntracked. - WorkspaceService.workspaceInspectRepo seam signature widened to match (4 callers in tests updated). New workspace package tests cover both modes and verify that gitignored files never leak regardless of the flag. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
25a1466947
commit
2a7f55f028
11 changed files with 293 additions and 67 deletions
|
|
@ -67,11 +67,12 @@ var HostCommandOutputFunc = func(ctx context.Context, name string, args ...strin
|
|||
return output, fmt.Errorf("%s: %w: %s", command, err, detail)
|
||||
}
|
||||
|
||||
// InspectRepo resolves rawPath into an absolute repo root and captures the
|
||||
// HEAD, branch, optional base-from ref, git identity, origin URL, submodules,
|
||||
// and overlay paths (tracked + untracked non-ignored files) needed for a
|
||||
// prepare.
|
||||
func InspectRepo(ctx context.Context, rawPath, branchName, fromRef string) (RepoSpec, error) {
|
||||
// InspectRepo resolves rawPath into an absolute repo root and captures
|
||||
// the HEAD, branch, optional base-from ref, git identity, origin URL,
|
||||
// submodules, and overlay paths needed for a prepare. Overlay paths
|
||||
// cover tracked files by default; untracked non-ignored files are
|
||||
// included only when includeUntracked is true.
|
||||
func InspectRepo(ctx context.Context, rawPath, branchName, fromRef string, includeUntracked bool) (RepoSpec, error) {
|
||||
sourcePath, err := ResolveSourcePath(rawPath)
|
||||
if err != nil {
|
||||
return RepoSpec{}, err
|
||||
|
|
@ -119,7 +120,7 @@ func InspectRepo(ctx context.Context, rawPath, branchName, fromRef string) (Repo
|
|||
if err != nil {
|
||||
return RepoSpec{}, fmt.Errorf("resolve origin url for %s: %w", repoRoot, err)
|
||||
}
|
||||
overlayPaths, err := ListOverlayPaths(ctx, repoRoot)
|
||||
overlayPaths, err := ListOverlayPaths(ctx, repoRoot, includeUntracked)
|
||||
if err != nil {
|
||||
return RepoSpec{}, err
|
||||
}
|
||||
|
|
@ -292,17 +293,22 @@ func ListSubmodules(ctx context.Context, repoRoot string) ([]string, error) {
|
|||
return submodules, nil
|
||||
}
|
||||
|
||||
// ListOverlayPaths returns tracked + untracked non-ignored files in
|
||||
// repoRoot. Missing tracked entries (deleted working-tree files) are skipped.
|
||||
func ListOverlayPaths(ctx context.Context, repoRoot string) ([]string, error) {
|
||||
// ListOverlayPaths returns tracked files in repoRoot, plus (when
|
||||
// includeUntracked is true) untracked non-ignored files. Missing
|
||||
// tracked entries (deleted working-tree files) are skipped in both
|
||||
// modes.
|
||||
//
|
||||
// The default is tracked-only because "untracked + not gitignored"
|
||||
// silently catches local credentials, .env files, scratch notes, and
|
||||
// other secrets that live in the working tree but aren't meant to
|
||||
// leave the developer's machine. Callers that genuinely want the
|
||||
// fuller set (scratch repos, vendored binaries the user is iterating
|
||||
// on) opt in explicitly.
|
||||
func ListOverlayPaths(ctx context.Context, repoRoot string, includeUntracked bool) ([]string, error) {
|
||||
trackedOutput, err := GitOutput(ctx, repoRoot, "ls-files", "-z")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("list tracked files for %s: %w", repoRoot, err)
|
||||
}
|
||||
untrackedOutput, err := GitOutput(ctx, repoRoot, "ls-files", "--others", "--exclude-standard", "-z")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("list untracked files for %s: %w", repoRoot, err)
|
||||
}
|
||||
paths := make([]string, 0)
|
||||
seen := make(map[string]struct{})
|
||||
for _, relPath := range ParseNullSeparatedOutput(trackedOutput) {
|
||||
|
|
@ -318,20 +324,44 @@ func ListOverlayPaths(ctx context.Context, repoRoot string) ([]string, error) {
|
|||
seen[relPath] = struct{}{}
|
||||
paths = append(paths, relPath)
|
||||
}
|
||||
for _, relPath := range ParseNullSeparatedOutput(untrackedOutput) {
|
||||
if relPath == "" {
|
||||
continue
|
||||
if includeUntracked {
|
||||
untrackedOutput, err := GitOutput(ctx, repoRoot, "ls-files", "--others", "--exclude-standard", "-z")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("list untracked files for %s: %w", repoRoot, err)
|
||||
}
|
||||
if _, ok := seen[relPath]; ok {
|
||||
continue
|
||||
for _, relPath := range ParseNullSeparatedOutput(untrackedOutput) {
|
||||
if relPath == "" {
|
||||
continue
|
||||
}
|
||||
if _, ok := seen[relPath]; ok {
|
||||
continue
|
||||
}
|
||||
seen[relPath] = struct{}{}
|
||||
paths = append(paths, relPath)
|
||||
}
|
||||
seen[relPath] = struct{}{}
|
||||
paths = append(paths, relPath)
|
||||
}
|
||||
sort.Strings(paths)
|
||||
return paths, nil
|
||||
}
|
||||
|
||||
// CountUntrackedPaths returns the number of untracked non-ignored
|
||||
// files in repoRoot. Used by the CLI to warn the user when they are
|
||||
// about to ship a workspace that has local-but-unignored scratch
|
||||
// files which, under the default, will be skipped.
|
||||
func CountUntrackedPaths(ctx context.Context, repoRoot string) (int, error) {
|
||||
untrackedOutput, err := GitOutput(ctx, repoRoot, "ls-files", "--others", "--exclude-standard", "-z")
|
||||
if err != nil {
|
||||
return 0, fmt.Errorf("list untracked files for %s: %w", repoRoot, err)
|
||||
}
|
||||
count := 0
|
||||
for _, relPath := range ParseNullSeparatedOutput(untrackedOutput) {
|
||||
if relPath != "" {
|
||||
count++
|
||||
}
|
||||
}
|
||||
return count, nil
|
||||
}
|
||||
|
||||
// ParsePrepareMode validates and canonicalises a user-supplied mode value.
|
||||
func ParsePrepareMode(raw string) (model.WorkspacePrepareMode, error) {
|
||||
switch strings.TrimSpace(raw) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue