Thales Maciel
99de42385f
Previously `banger vm workspace export` ran `git add -A` against the guest's real `.git/index`, so the observation step left staged changes behind that users never asked for. Reconnecting later (ssh, another export) surfaced them and looked like phantom work. Route `git add -A` through a throwaway index file instead: tmp_idx=$(mktemp ...) trap 'rm -f "$tmp_idx"' EXIT git read-tree <ref> --index-output="$tmp_idx" GIT_INDEX_FILE="$tmp_idx" git add -A GIT_INDEX_FILE="$tmp_idx" git diff --cached <ref> --binary|--name-only The real .git/index, working tree, and refs stay exactly as the user left them. Same diff content — commits past <ref>, uncommitted edits, and untracked files (minus .gitignore) all captured. Regression test locks the invariant: every export script must route add -A through GIT_INDEX_FILE and clean the temp index on exit. CLI help text updated to say "non-mutating".
172 lines
6.3 KiB
Go
172 lines
6.3 KiB
Go
package daemon
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"net"
|
|
"strings"
|
|
"time"
|
|
|
|
"banger/internal/api"
|
|
sess "banger/internal/daemon/session"
|
|
ws "banger/internal/daemon/workspace"
|
|
"banger/internal/model"
|
|
"banger/internal/system"
|
|
)
|
|
|
|
func (d *Daemon) ExportVMWorkspace(ctx context.Context, params api.WorkspaceExportParams) (api.WorkspaceExportResult, error) {
|
|
guestPath := strings.TrimSpace(params.GuestPath)
|
|
if guestPath == "" {
|
|
guestPath = "/root/repo"
|
|
}
|
|
vm, err := d.FindVM(ctx, params.IDOrName)
|
|
if err != nil {
|
|
return api.WorkspaceExportResult{}, err
|
|
}
|
|
if vm.State != model.VMStateRunning || !system.ProcessRunning(vm.Runtime.PID, vm.Runtime.APISockPath) {
|
|
return api.WorkspaceExportResult{}, fmt.Errorf("vm %q is not running", vm.Name)
|
|
}
|
|
client, err := d.dialGuest(ctx, net.JoinHostPort(vm.Runtime.GuestIP, "22"))
|
|
if err != nil {
|
|
return api.WorkspaceExportResult{}, fmt.Errorf("dial guest: %w", err)
|
|
}
|
|
defer client.Close()
|
|
|
|
// diffRef is the git ref everything is diffed against.
|
|
// When the caller supplies BaseCommit (the HEAD at workspace.prepare time),
|
|
// we diff against that fixed point so committed guest changes are included.
|
|
// Without it we fall back to HEAD, which silently drops them.
|
|
diffRef := strings.TrimSpace(params.BaseCommit)
|
|
if diffRef == "" {
|
|
diffRef = "HEAD"
|
|
}
|
|
|
|
// Both scripts run `git add -A` to capture the working tree
|
|
// (committed deltas + uncommitted modifications + untracked files
|
|
// minus .gitignore), but they route it through a throwaway index
|
|
// file instead of .git/index. Export is an observation step; the
|
|
// user's real staging area must stay exactly as they left it.
|
|
patchScript := exportScript(guestPath, diffRef, "--binary")
|
|
patch, err := client.RunScriptOutput(ctx, patchScript)
|
|
if err != nil {
|
|
return api.WorkspaceExportResult{}, fmt.Errorf("export workspace diff: %w", err)
|
|
}
|
|
|
|
namesScript := exportScript(guestPath, diffRef, "--name-only")
|
|
namesOut, _ := client.RunScriptOutput(ctx, namesScript)
|
|
var changed []string
|
|
for _, line := range strings.Split(strings.TrimSpace(string(namesOut)), "\n") {
|
|
if line = strings.TrimSpace(line); line != "" {
|
|
changed = append(changed, line)
|
|
}
|
|
}
|
|
|
|
return api.WorkspaceExportResult{
|
|
GuestPath: guestPath,
|
|
BaseCommit: diffRef,
|
|
Patch: patch,
|
|
ChangedFiles: changed,
|
|
HasChanges: len(patch) > 0,
|
|
}, nil
|
|
}
|
|
|
|
// exportScript emits a shell snippet that diffs the working tree at
|
|
// guestPath against diffRef (HEAD or a commit SHA) WITHOUT touching
|
|
// the repo's real index. diffFlag selects the git-diff output mode
|
|
// ("--binary" for the patch body, "--name-only" for the file list).
|
|
//
|
|
// Mechanics: seed a temp index from diffRef's tree via git read-tree,
|
|
// restage the working tree into that temp index with GIT_INDEX_FILE,
|
|
// then emit the diff. The temp index is rm'd on exit via trap.
|
|
func exportScript(guestPath, diffRef, diffFlag string) string {
|
|
return fmt.Sprintf(
|
|
"set -euo pipefail\n"+
|
|
"cd %s\n"+
|
|
"tmp_idx=\"$(mktemp \"${TMPDIR:-/tmp}/banger-export.XXXXXX\")\"\n"+
|
|
"trap 'rm -f \"$tmp_idx\"' EXIT\n"+
|
|
"git read-tree %s --index-output=\"$tmp_idx\"\n"+
|
|
"GIT_INDEX_FILE=\"$tmp_idx\" git add -A\n"+
|
|
"GIT_INDEX_FILE=\"$tmp_idx\" git diff --cached %s %s\n",
|
|
sess.ShellQuote(guestPath),
|
|
sess.ShellQuote(diffRef),
|
|
sess.ShellQuote(diffRef),
|
|
diffFlag,
|
|
)
|
|
}
|
|
|
|
func (d *Daemon) PrepareVMWorkspace(ctx context.Context, params api.VMWorkspacePrepareParams) (model.WorkspacePrepareResult, error) {
|
|
mode, err := ws.ParsePrepareMode(params.Mode)
|
|
if err != nil {
|
|
return model.WorkspacePrepareResult{}, err
|
|
}
|
|
guestPath := strings.TrimSpace(params.GuestPath)
|
|
if guestPath == "" {
|
|
guestPath = "/root/repo"
|
|
}
|
|
branchName := strings.TrimSpace(params.Branch)
|
|
fromRef := strings.TrimSpace(params.From)
|
|
if branchName != "" && fromRef == "" {
|
|
fromRef = "HEAD"
|
|
}
|
|
if branchName == "" && strings.TrimSpace(params.From) != "" {
|
|
return model.WorkspacePrepareResult{}, errors.New("workspace from requires branch")
|
|
}
|
|
var prepared model.WorkspacePrepareResult
|
|
_, err = d.withVMLockByRef(ctx, params.IDOrName, func(vm model.VMRecord) (model.VMRecord, error) {
|
|
if vm.State != model.VMStateRunning || !system.ProcessRunning(vm.Runtime.PID, vm.Runtime.APISockPath) {
|
|
return model.VMRecord{}, fmt.Errorf("vm %q is not running", vm.Name)
|
|
}
|
|
result, err := d.prepareVMWorkspaceLocked(ctx, vm, strings.TrimSpace(params.SourcePath), guestPath, branchName, fromRef, mode, params.ReadOnly)
|
|
if err != nil {
|
|
return model.VMRecord{}, err
|
|
}
|
|
prepared = result
|
|
return vm, nil
|
|
})
|
|
return prepared, err
|
|
}
|
|
|
|
func (d *Daemon) prepareVMWorkspaceLocked(ctx context.Context, vm model.VMRecord, sourcePath, guestPath, branchName, fromRef string, mode model.WorkspacePrepareMode, readOnly bool) (model.WorkspacePrepareResult, error) {
|
|
spec, err := ws.InspectRepo(ctx, sourcePath, branchName, fromRef)
|
|
if err != nil {
|
|
return model.WorkspacePrepareResult{}, err
|
|
}
|
|
if len(spec.Submodules) > 0 && mode != model.WorkspacePrepareModeFullCopy {
|
|
return model.WorkspacePrepareResult{}, fmt.Errorf("workspace mode %q does not support git submodules in %s (%s); use --mode full_copy", mode, spec.RepoRoot, strings.Join(spec.Submodules, ", "))
|
|
}
|
|
address := net.JoinHostPort(vm.Runtime.GuestIP, "22")
|
|
if err := d.waitForGuestSSH(ctx, address, 250*time.Millisecond); err != nil {
|
|
return model.WorkspacePrepareResult{}, fmt.Errorf("guest ssh unavailable: %w", err)
|
|
}
|
|
client, err := d.dialGuest(ctx, address)
|
|
if err != nil {
|
|
return model.WorkspacePrepareResult{}, fmt.Errorf("dial guest ssh: %w", err)
|
|
}
|
|
defer client.Close()
|
|
if err := ws.ImportRepoToGuest(ctx, client, spec, guestPath, mode); err != nil {
|
|
return model.WorkspacePrepareResult{}, err
|
|
}
|
|
if readOnly {
|
|
var chmodLog bytes.Buffer
|
|
chmodScript := fmt.Sprintf("set -euo pipefail\nchmod -R a-w %s\n", sess.ShellQuote(guestPath))
|
|
if err := client.RunScript(ctx, chmodScript, &chmodLog); err != nil {
|
|
return model.WorkspacePrepareResult{}, sess.FormatStepError("set workspace readonly", err, chmodLog.String())
|
|
}
|
|
}
|
|
return model.WorkspacePrepareResult{
|
|
VMID: vm.ID,
|
|
SourcePath: spec.SourcePath,
|
|
RepoRoot: spec.RepoRoot,
|
|
RepoName: spec.RepoName,
|
|
GuestPath: guestPath,
|
|
Mode: mode,
|
|
ReadOnly: readOnly,
|
|
HeadCommit: spec.HeadCommit,
|
|
CurrentBranch: spec.CurrentBranch,
|
|
BranchName: spec.BranchName,
|
|
BaseCommit: spec.BaseCommit,
|
|
PreparedAt: model.Now(),
|
|
}, nil
|
|
}
|