Switch tarx to go-git's gitignore matcher

[phinze]

A user report came in about a vanilla bridgetown new app failing to boot after deploy with Errno::ENOENT - tmp/pids/server.pid. Bridgetown ships with tmp/pids/.keep plus a .gitignore that uses /tmp/* and !/tmp/pids/ to keep the pidfile directory tracked. When miren bundles source for deploy, the gitignore walker drops tmp/ from the tar entirely, so tmp/pids/ never makes it into the image, and Puma has nowhere to write its pidfile.

The walker was using shibumi/go-pathspec, a generic glob library whose GitIgnore function takes a single string path with no way to indicate it's a directory. Our isGitignored worked around that by checking both relPath and relPath + "/" and OR-ing the result, but the dual-form check breaks negations: the no-slash form matches /tmp/* and short-circuits before the trailing-slash negation !/tmp/pids/ ever gets a chance. Once the walker SkipDirs tmp/pids/, lazy directory emission drops tmp/ from the tar. Pathspec is a generic glob library, not a real gitignore implementation, and we'd been bending it into the wrong shape.

Swapping to go-git/v5/plumbing/format/gitignore, the parser go-git itself uses, gets us a proper Match(path []string, isDir bool) bool API. All 19 existing tarx tests pass unchanged, which is a strong signal the swap is behavior-preserving for everything except the bug we were after. TestMakeTarBridgetownTmpPids is the new regression guard. Binary delta is +20KB after dead-code elimination.

Closes MIR-1075.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d6b06571-0d1a-4571-9a45-0b011ca6280d

📥 Commits

Reviewing files that changed from the base of the PR and between 5b5fec6 and f0180d7.

📒 Files selected for processing (2)

• pkg/tarx/tarx.go
• pkg/tarx/tarx_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• pkg/tarx/tarx.go

---

📝 Walkthrough

Walkthrough

The tarx package replaces go-pathspec with go-git’s gitignore.Pattern/Matcher, adding parseGitignoreFile, parseStringPatterns, and pathSegments to build scoped matchers and updating ValidatePattern to reject empty/whitespace and use gitignore.ParsePattern. ComputeManifest and tar creation now apply matcher segment logic and dynamically load nested .gitignore files. Tar streaming uses io.Pipe with explicit close ordering and CloseWithError to propagate errors. Two tests for nested and sibling .gitignore behavior were added. go.mod was updated to add go-git and adjust indirect requirements.

---

_{Review rate limit: 3/5 reviews remaining, refill in 12 minutes and 32 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/tarx/tarx.go`:
- Around line 32-35: The file currently swallows all errors from
os.ReadFile(path) when loading .gitignore, which hides real read failures;
change the reader so it only treats a missing file (os.IsNotExist(err)) as
optional and returns patterns, nil in that case, but for other errors return the
error to the caller; update the .gitignore-reading function to return (patterns,
error) accordingly and propagate that error through ComputeManifest and
makeTarWithFilter instead of treating every failure as “no patterns”.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ac632f55-18d2-4ead-bbff-d280e9216905

📥 Commits

Reviewing files that changed from the base of the PR and between 47c2774 and 5e643e6.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• go.mod
• pkg/tarx/tarx.go
• pkg/tarx/tarx_test.go

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pkg/tarx/tarx.go`:
- Around line 290-293: The goroutine that calls filepath.Walk currently ignores
the error returned by Walk, causing nested .gitignore parse errors (from
parseGitignoreFile) to be lost and the reader to see EOF; modify the goroutine
that uses os.Pipe to capture the error returned by filepath.Walk and propagate
it to the reader by writing the error through the pipe (or closing the writer
with the error) so callers of the tar generation observe the failure; locate the
Walk invocation and its callback, ensure any non-nil error from filepath.Walk is
forwarded (not swallowed) and that parseGitignoreFile errors returned from the
callback are returned by Walk and sent across the pipe to the reader side.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 77cdb787-b9c0-4b82-be0f-e8fa2186144c

📥 Commits

Reviewing files that changed from the base of the PR and between 5e643e6 and b896458.

📒 Files selected for processing (1)

• pkg/tarx/tarx.go

[evanphx]

All good, but I think we need to fix the cross-contanimation of the gitignore patterns from sibling directories.

[evanphx]

Ah, the pattern domain thing makes sense. I had to go through it, basically it's clamping the pattern to paths that are inside the path to the gitignore.