src-cli icon indicating copy to clipboard operation
src-cli copied to clipboard

Published 20 hours ago verified publisher icon sourcegraph

Allow mounting files/directories as RW instead of always RO

Open chrisdruta opened this issue 1 year ago • 1 comments

Use Case

Sometimes to speed up batch changes, its useful to use a cache directory (e.g. package manager repository) in-order to avoid hammering package repositories over and over again.

I accomplished this by recompiling the program and removing the ":ro" option for constructing the docker mount commands in run_steps.go which fixed issues I was having.

Security Implications

Looking at previous PR/discussions, I understand this feature was requested to work for remote environments where this ask might add a security risk.

To resolve any potential concerns, maybe only allow local src-cli to mount files in read-write?

Related

  • https://github.com/sourcegraph/src-cli/pull/816

chrisdruta avatar Jan 26 '24 21:01 chrisdruta

👍 to enabling rw mount on local runs.

I have an use case where i want to output some analysis files when running locally per repo so than i can summarize the output for all repos. Forcing a read-only mount drastically reduces the flexibility of the Batch Changes tool.

If the team doesn't want to enable this by default for security reasons, it'd be good to have an override in the spec or flag. Something like

steps:
  - run: ...
    mount:
    - path: ./changes
      mountpoint: /shared-volume
      mode: read-write            # new

Or

src batch preview -mount-mode=read-write

atishpatel avatar Jul 17 '24 19:07 atishpatel