Thales Maciel
2a7f55f028
Workspace-mode vm run and vm workspace prepare used to copy both tracked AND untracked non-ignored files into the guest. That silently catches local .env files, scratch notes, credentials, and any other working-tree state a developer hasn't explicitly gitignored — a real data-exposure footgun given the golden image ships Docker and the usual dev tooling. Flip the default to tracked-only. Users who actually want the fuller set opt in with --include-untracked (documented in both commands' help). Gitignored files are still always excluded regardless of the flag. Add --dry-run to both vm run and vm workspace prepare. Dry-run inspects the repo CLI-side (no VM created, no daemon RPC needed since the daemon is always local and the inspection is a pure git read), prints the exact file list + mode, and exits. A byte-level preview of what would land in the guest. When running real (non-dry) and untracked files exist in the repo but are being skipped under the new default, print a one-line notice pointing to --include-untracked so users aren't surprised when the guest is missing something they expected. Signature changes: - ListOverlayPaths takes an includeUntracked bool (tracked always; untracked gated by flag). - InspectRepo takes the same flag and passes it through. - VMWorkspacePrepareParams gains IncludeUntracked. - WorkspaceService.workspaceInspectRepo seam signature widened to match (4 callers in tests updated). New workspace package tests cover both modes and verify that gitignored files never leak regardless of the flag. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
54 lines
1.9 KiB
Go
54 lines
1.9 KiB
Go
package cli
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"io"
|
|
|
|
"banger/internal/daemon/workspace"
|
|
)
|
|
|
|
// runWorkspaceDryRun inspects the local repo at resolvedPath and
|
|
// prints the file list that `vm run` / `workspace prepare` would ship
|
|
// into the guest. Runs on the CLI side (no daemon RPC needed) since
|
|
// the daemon is always local and the workspace inspection is a pure
|
|
// git read.
|
|
func runWorkspaceDryRun(ctx context.Context, out io.Writer, resolvedPath, branchName, fromRef string, includeUntracked bool) error {
|
|
spec, err := workspace.InspectRepo(ctx, resolvedPath, branchName, fromRef, includeUntracked)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
fmt.Fprintf(out, "dry-run: %d file(s) would be copied to guest\n", len(spec.OverlayPaths))
|
|
fmt.Fprintf(out, "repo: %s\n", spec.RepoRoot)
|
|
if includeUntracked {
|
|
fmt.Fprintln(out, "mode: tracked + untracked non-ignored (--include-untracked)")
|
|
} else {
|
|
fmt.Fprintln(out, "mode: tracked only (re-run with --include-untracked to also copy untracked non-ignored files)")
|
|
}
|
|
fmt.Fprintln(out, "---")
|
|
for _, path := range spec.OverlayPaths {
|
|
fmt.Fprintln(out, path)
|
|
}
|
|
if !includeUntracked {
|
|
if err := noteUntrackedSkipped(ctx, out, spec.RepoRoot); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// noteUntrackedSkipped prints a one-line notice to stderr-analog when
|
|
// the repo has untracked non-ignored files that will NOT be copied
|
|
// because --include-untracked was not passed. Silent when there are
|
|
// no such files, or when the count can't be determined.
|
|
func noteUntrackedSkipped(ctx context.Context, out io.Writer, repoRoot string) error {
|
|
count, err := workspace.CountUntrackedPaths(ctx, repoRoot)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if count == 0 {
|
|
return nil
|
|
}
|
|
fmt.Fprintf(out, "---\nnote: %d untracked non-ignored file(s) were NOT copied (git-tracked files only by default — pass --include-untracked to include them)\n", count)
|
|
return nil
|
|
}
|