From 95a972b7aad82cdb085665c5e1af5246588b9d05 Mon Sep 17 00:00:00 2001 From: Pablo Zaidenvoren Date: Sun, 7 Jun 2026 15:29:14 +0000 Subject: [PATCH] Address SSH runner review feedback Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- src/runner/ssh-server.sh | 32 ++++++++++++++++++++++---------- tests/runtime.test.ts | 5 +++-- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/src/runner/ssh-server.sh b/src/runner/ssh-server.sh index 72188b4..f3a7a3b 100644 --- a/src/runner/ssh-server.sh +++ b/src/runner/ssh-server.sh @@ -12,10 +12,22 @@ if [ -n "${VSCODE_SSH_AUTH_SOCK}" ]; then export SSH_AUTH_SOCK=${VSCODE_SSH_AUTH_SOCK} fi +append_unique_line() { + local file="$1" + local line="$2" + + mkdir -p "$(dirname "$file")" + touch "$file" + if ! grep -qxF "$line" "$file"; then + printf '%s\n' "$line" >> "$file" + fi +} + if [ -n "${SSH_AUTH_SOCK:-}" ]; then - echo "export SSH_AUTH_SOCK=\"${SSH_AUTH_SOCK}\"" >> ~/.profile - echo "export SSH_AUTH_SOCK=\"${SSH_AUTH_SOCK}\"" >> ~/.bashrc - echo "export SSH_AUTH_SOCK=\"${SSH_AUTH_SOCK}\"" >> ~/.zshenv + ssh_auth_sock_export="export SSH_AUTH_SOCK=\"${SSH_AUTH_SOCK}\"" + append_unique_line "$HOME/.profile" "$ssh_auth_sock_export" + append_unique_line "$HOME/.bashrc" "$ssh_auth_sock_export" + append_unique_line "$HOME/.zshenv" "$ssh_auth_sock_export" fi CRED_FILE="${CRED_FILE:-.devbox/ssh/credentials}" @@ -27,12 +39,12 @@ as_root() { return fi - if command -v sudo >/dev/null 2>&1; then - sudo -n "$@" 2>/dev/null || sudo "$@" + if command -v sudo >/dev/null 2>&1 && sudo -n true 2>/dev/null; then + sudo -n "$@" return fi - echo "ERROR: need root privileges (run as root or install/configure sudo)" >&2 + echo "ERROR: need root privileges (run as root or configure passwordless sudo)" >&2 exit 1 } @@ -44,12 +56,12 @@ as_root_bash() { return fi - if command -v sudo >/dev/null 2>&1; then - sudo -n bash -lc "$cmd" 2>/dev/null || sudo bash -lc "$cmd" + if command -v sudo >/dev/null 2>&1 && sudo -n true 2>/dev/null; then + sudo -n bash -lc "$cmd" return fi - echo "ERROR: need root privileges (run as root or install/configure sudo)" >&2 + echo "ERROR: need root privileges (run as root or configure passwordless sudo)" >&2 exit 1 } @@ -139,7 +151,7 @@ minimumReleaseAge = 259200" > "$HOME/.bunfig.toml" # Use existing password if present, otherwise create it once if [[ -f "$CRED_FILE" ]]; then - PASS="$(cat "$CRED_FILE")" + PASS="$(tr -d '\r\n' < "$CRED_FILE")" if [[ -z "${PASS}" ]]; then echo "ERROR: ${CRED_FILE} exists but is empty" >&2 exit 1 diff --git a/tests/runtime.test.ts b/tests/runtime.test.ts index 1a6aaed..c62de38 100644 --- a/tests/runtime.test.ts +++ b/tests/runtime.test.ts @@ -562,10 +562,11 @@ describe("ensurePathIgnored", () => { run(["git", "-C", repoDir, "add", "README.md"]); run(["git", "-C", repoDir, "commit", "-m", "init"]); - const credFilePath = path.join(repoDir, ".devbox", "ssh", "credentials"); + const devboxDir = path.join(repoDir, ".devbox"); + const credFilePath = path.join(devboxDir, "ssh", "credentials"); await mkdir(path.dirname(credFilePath), { recursive: true }); await writeFile(credFilePath, "user=devbox\npassword=secret\n", "utf8"); - await ensurePathIgnored(repoDir, credFilePath); + await ensurePathIgnored(repoDir, devboxDir); const excludePathResult = Bun.spawnSync( ["git", "-C", repoDir, "rev-parse", "--path-format=absolute", "--git-path", "info/exclude"],