make MagicDir un-stringable directly

coder · johnstcn · Sep 9, 2024 · Sep 6, 2024 · Sep 6, 2024 · Sep 9, 2024
commit 88051f87c3c6c532975bd37c95d7ee7b2167776e
diff --git a/constants/constants.go b/constants/constants.go
@@ -15,17 +15,21 @@ const (
 	// nothing going on... it's empty!
 	EmptyWorkspaceDir = WorkspacesDir + "/empty"
 
-	// defaultMagicDir is the default working location for envbuilder.
+	// defaultMagicDirBase is the default working location for envbuilder.
 	// This is a special directory that must not be modified by the user
 	// or images. This is intentionally unexported.
-	defaultMagicDir = "/.envbuilder"
+	defaultMagicDirBase = "/.envbuilder"
 
 	// MagicTempDir is a directory inside the build context inside which
 	// we place files referenced by MagicDirectives.
 	MagicTempDir = ".envbuilder.tmp"
 )
 
 var (
+	// DefaultMagicDir is the default working directory for Envbuilder.
+	// This defaults to /.envbuilder. It should only be used when Envbuilder
+	// is known to be running as root inside a container.
+	DefaultMagicDir MagicDir
 	// ErrNoFallbackImage is returned when no fallback image has been specified.
 	ErrNoFallbackImage = errors.New("no fallback image has been specified")
 	// MagicDirectives are directives automatically appended to Dockerfiles
@@ -37,34 +41,46 @@ COPY --chmod=0644 %[1]s/image %[2]s/image
 USER root
 WORKDIR /
 ENTRYPOINT ["%[2]s/bin/envbuilder"]
-`, MagicTempDir, defaultMagicDir)
+`, MagicTempDir, defaultMagicDirBase)
 )
 
 // MagicDir is a working directory for envbuilder. It
 // will also be present in images built by envbuilder.
-type MagicDir string
+type MagicDir struct {
+	base string
+}
+
+// MagicDirAt returns a MagicDir rooted at filepath.Join(paths...)
+func MagicDirAt(paths ...string) MagicDir {
+	return MagicDir{base: filepath.Join(paths...)}
+}
+
+// Join returns the result of filepath.Join([m.Path, paths...]).
+func (m MagicDir) Join(paths ...string) string {
+	return filepath.Join(append([]string{m.Path()}, paths...)...)
+}
 
 // String returns the string representation of the MagicDir.
 func (m MagicDir) Path() string {
-	if m == "" {
-		// Instead of the zero value, use defaultMagicDir.
-		return defaultMagicDir
+	// Instead of the zero value, use defaultMagicDir.
+	if m.base == "" {
+		return defaultMagicDirBase
 	}
-	return filepath.Join("/", string(m))
+	return m.base
 }
 
-// MagicFile is a file that is created in the workspace
+// Built is a file that is created in the workspace
 // when envbuilder has already been run. This is used
 // to skip building when a container is restarting.
 // e.g. docker stop -> docker start
 func (m MagicDir) Built() string {
-	return filepath.Join(m.Path(), "built")
+	return m.Join("built")
 }
 
-// MagicImage is a file that is created in the image when
+// Image is a file that is created in the image when
 // envbuilder has already been run. This is used to skip
 // the destructive initial build step when 'resuming' envbuilder
 // from a previously built image.
 func (m MagicDir) Image() string {
-	return filepath.Join(m.Path(), "image")
+	return m.Join("image")
 }
diff --git a/envbuilder.go b/envbuilder.go
@@ -335,7 +335,7 @@ func Run(ctx context.Context, opts options.Options) error {
 		if err := util.AddAllowedPathToDefaultIgnoreList(opts.MagicDir.Image()); err != nil {
 			return fmt.Errorf("add magic image file to ignore list: %w", err)
 		}
-		magicTempDir := constants.MagicDir(filepath.Join(buildParams.BuildContext, constants.MagicTempDir))
+		magicTempDir := constants.MagicDirAt(buildParams.BuildContext, constants.MagicTempDir)
 		if err := opts.Filesystem.MkdirAll(magicTempDir.Path(), 0o755); err != nil {
 			return fmt.Errorf("create magic temp dir in build context: %w", err)
 		}
@@ -1409,11 +1409,11 @@ func maybeDeleteFilesystem(logger log.Func, force bool) error {
 	// We always expect the magic directory to be set to the default, signifying that
 	// the user is running envbuilder in a container.
 	// If this is set to anything else we should bail out to prevent accidental data loss.
-	defaultMagicDir := constants.MagicDir("")
+	// defaultMagicDir := constants.MagicDir("")
 	kanikoDir, ok := os.LookupEnv("KANIKO_DIR")
-	if !ok || strings.TrimSpace(kanikoDir) != defaultMagicDir.Path() {
+	if !ok || strings.TrimSpace(kanikoDir) != constants.DefaultMagicDir.Path() {
 		if !force {
-			logger(log.LevelError, "KANIKO_DIR is not set to %s. Bailing!\n", defaultMagicDir.Path())
+			logger(log.LevelError, "KANIKO_DIR is not set to %s. Bailing!\n", constants.DefaultMagicDir.Path())
 			logger(log.LevelError, "To bypass this check, set FORCE_SAFE=true.")
 			return errors.New("safety check failed")
 		}

diff --git a/integration/integration_test.go b/integration/integration_test.go
@@ -365,7 +365,7 @@ func TestBuildFromDockerfile(t *testing.T) {
 	require.Equal(t, "hello", strings.TrimSpace(output))
 
 	// Verify that the Docker configuration secret file is removed
-	configJSONContainerPath := filepath.Join(constants.MagicDir("").Path(), "config.json")
+	configJSONContainerPath := constants.DefaultMagicDir.Join("config.json")
 	output = execContainer(t, ctr, "stat "+configJSONContainerPath)
 	require.Contains(t, output, "No such file or directory")
 }

diff --git a/options/options.go b/options/options.go
@@ -5,7 +5,6 @@ import (
 	"encoding/base64"
 	"fmt"
 	"os"
-	"path/filepath"
 	"strings"
 
 	"github.com/coder/envbuilder/constants"
@@ -465,7 +464,7 @@ func (o *Options) CLI() serpent.OptionSet {
 			Flag:        "remote-repo-dir",
 			Env:         WithEnvPrefix("REMOTE_REPO_DIR"),
 			Value:       serpent.StringOf(&o.RemoteRepoDir),
-			Default:     filepath.Join(constants.MagicDir("").Path(), "repo"),
+			Default:     constants.DefaultMagicDir.Join("repo"),
 			Hidden:      true,
 			Description: "Specify the destination directory for the cloned repo when using remote repo build mode.",
 		},