Merge pull request #1719 from scala-steward-org/topic/change-default-…

…of-disableSandbox Change default value of --disable-sandbox
scala-steward-org · Nov 6, 2020 · 6b4b1dc · 6b4b1dc
2 parents 2b37338 + d996533
commit 6b4b1dc
Show file tree

Hide file tree

Showing 8 changed files with 14 additions and 15 deletions.
diff --git a/build.sbt b/build.sbt
@@ -260,7 +260,6 @@ lazy val dockerSettings = Def.settings(
   },
   Docker / packageName := s"fthomas/${name.value}",
   dockerUpdateLatest := true,
-  dockerEntrypoint += "--disable-sandbox",
   dockerEnvVars := Map("PATH" -> "/opt/docker/sbt/bin:${PATH}")
 )
 

diff --git a/docs/running.md b/docs/running.md
@@ -15,8 +15,6 @@ sbt stage
   --env-var FOO=BAR
 ```
 
-> If [Firejail](https://firejail.wordpress.com/) is not available locally, the option `--disable-sandbox` can be used (not recommended for production environment).
-
 Or as a [Docker](https://www.docker.com/) container:
 
 ```bash
@@ -90,7 +88,7 @@ example1.realm=Example Realm
 ```
 sbt
 project core
-run --disable-sandbox --do-not-fork --workspace "/path/workspace" --repos-file "/path/repos.md" --default-repo-conf "/path/default.scala-steward.conf" --git-ask-pass "/path/pass.sh" --git-author-email "email@example.org" --vcs-type "gitlab" --vcs-api-host "https://gitlab.com/api/v4/" --vcs-login "gitlab.steward"
+run --do-not-fork --workspace "/path/workspace" --repos-file "/path/repos.md" --default-repo-conf "/path/default.scala-steward.conf" --git-ask-pass "/path/pass.sh" --git-author-email "email@example.org" --vcs-type "gitlab" --vcs-api-host "https://gitlab.com/api/v4/" --vcs-login "gitlab.steward"
 ```
 
 
@@ -167,7 +165,6 @@ check:
     - ln -sfT "$CI_PROJECT_DIR/.ivy2" "$HOME/.ivy2"
     - >-
       /opt/docker/bin/scala-steward
-        --disable-sandbox
         --workspace  "$CI_PROJECT_DIR/workspace"
         --process-timeout 30min
         --do-not-fork

diff --git a/modules/core/src/main/scala/org/scalasteward/core/application/Cli.scala b/modules/core/src/main/scala/org/scalasteward/core/application/Cli.scala
@@ -40,7 +40,8 @@ object Cli {
       signCommits: Boolean = false,
       whitelist: List[String] = Nil,
       readOnly: List[String] = Nil,
-      disableSandbox: Boolean = false,
+      enableSandbox: Option[Boolean] = None,
+      disableSandbox: Boolean = true,
       doNotFork: Boolean = false,
       ignoreOptsFiles: Boolean = false,
       envVar: List[EnvVar] = Nil,

diff --git a/modules/core/src/main/scala/org/scalasteward/core/application/Config.scala b/modules/core/src/main/scala/org/scalasteward/core/application/Config.scala
@@ -91,7 +91,7 @@ object Config {
   final case class SandboxCfg(
       whitelistedDirectories: List[String],
       readOnlyDirectories: List[String],
-      disableSandbox: Boolean
+      enableSandbox: Boolean
   )
 
   final case class ScalafixCfg(
@@ -118,7 +118,7 @@ object Config {
         sandboxCfg = SandboxCfg(
           whitelistedDirectories = args.whitelist,
           readOnlyDirectories = args.readOnly,
-          disableSandbox = args.disableSandbox
+          enableSandbox = args.enableSandbox.getOrElse(args.disableSandbox)
         )
       ),
       scalafixCfg = ScalafixCfg(

diff --git a/modules/core/src/main/scala/org/scalasteward/core/io/ProcessAlg.scala b/modules/core/src/main/scala/org/scalasteward/core/io/ProcessAlg.scala
@@ -71,10 +71,10 @@ object ProcessAlg {
   }
 
   def fromExecImpl[F[_]](config: ProcessCfg)(execImpl: Args => F[List[String]]): ProcessAlg[F] =
-    if (config.sandboxCfg.disableSandbox)
-      new NoSandbox[F](config)(execImpl)
-    else
+    if (config.sandboxCfg.enableSandbox)
       new WithFirejail[F](config)(execImpl)
+    else
+      new NoSandbox[F](config)(execImpl)
 
   def create[F[_]](blocker: Blocker, config: ProcessCfg)(implicit
       contextShift: ContextShift[F],

diff --git a/modules/core/src/test/scala/org/scalasteward/core/io/ProcessAlgTest.scala b/modules/core/src/test/scala/org/scalasteward/core/io/ProcessAlgTest.scala
@@ -28,8 +28,8 @@ class ProcessAlgTest extends AnyFunSuite with Matchers {
       .unsafeRunSync()
   }
 
-  test("execSandboxed: echo with disableSandbox = true") {
-    val cfg = ProcessCfg(Nil, Duration.Zero, SandboxCfg(Nil, Nil, disableSandbox = true))
+  test("execSandboxed: echo with enableSandbox = false") {
+    val cfg = ProcessCfg(Nil, Duration.Zero, SandboxCfg(Nil, Nil, enableSandbox = false))
     val state = MockProcessAlg
       .create(cfg)
       .execSandboxed(Nel.of("echo", "hello"), File.temp)
@@ -43,8 +43,8 @@ class ProcessAlgTest extends AnyFunSuite with Matchers {
     )
   }
 
-  test("execSandboxed: echo with disableSandbox = false") {
-    val cfg = ProcessCfg(Nil, Duration.Zero, SandboxCfg(Nil, Nil, disableSandbox = false))
+  test("execSandboxed: echo with enableSandbox = true") {
+    val cfg = ProcessCfg(Nil, Duration.Zero, SandboxCfg(Nil, Nil, enableSandbox = true))
     val state = MockProcessAlg
       .create(cfg)
       .execSandboxed(Nel.of("echo", "hello"), File.temp)

diff --git a/modules/core/src/test/scala/org/scalasteward/core/mock/MockContext.scala b/modules/core/src/test/scala/org/scalasteward/core/mock/MockContext.scala
@@ -42,6 +42,7 @@ object MockContext {
         vcsApiHost = Uri(),
         vcsLogin = "bot-doe",
         gitAskPass = File.temp / "askpass.sh",
+        enableSandbox = Some(true),
         envVar = List(
           EnvVar("VAR1", "val1"),
           EnvVar("VAR2", "val2")

diff --git a/scripts/run.sh b/scripts/run.sh
@@ -29,6 +29,7 @@ COMMON_ARGS=(
   --git-author-email "me@$LOGIN.org"
   --vcs-login "$LOGIN"
   --ignore-opts-files
+  --enable-sandbox
   --env-var "SBT_OPTS=-Xmx2048m -Xss8m -XX:MaxMetaspaceSize=512m"
   --sign-commits
   --cache-ttl 6hours