fix: deno runtime permission not compatible with current_working_directory feature

[levibostian]

Related GitHub Issues

Problem

Deploying 0.11.0 with the new current_working_directory feature is failing. The Deno code that checks if current_working_directory is a valid input needs read permission I guess. Kinda sucks but I get it.

Solution

I looked into a few different solutions and tried some things out, but ultimately, I think the solution that offers the best developer experience is to simply expand the deno runtime permissions to allow reading of all files.

I don't want to give decaf more permissions than it needs. However, I've made this decision because:

• decaf already has permission to all environment variables and executing commands. With this permission, it can do about anything already, including reading all files.
• I have some ideas for how we can refactor decaf to allow it to require less permissions. But, that will have to come later. Enable this for now to unblock us and improve it later.

Testing

• Added automated tests.
• Manually tested. If you check this box, provide instructions for others to test, too.

Running a deployment is the only way to test this unfortunately.

Notes for reviewers

[github-actions]

decaf

Running deployments in test mode. Results will appear below.
If this pull request and all of it's parent pull requests are merged using the...

...🟩 squash 🟩 merge method... 🚢 The next version of the project will be: 0.11.0

Learn more

Latest release: 0.10.0
Commit of latest release: 8c5744c

Commits since last release:
- fix: deno runtime permission not compatible with current_working_directory feature

Been trying to deploy 0.11.0, but it keeps failing. Want to try this solution? We can make the environment similar and then go from there. We might need to make some other changes to actually make it work, but at least we want to make the testing similar.

Related GitHub Issues

Problem

Solution

Testing

• Added automated tests.
• Manually tested. If you check this box, provide instructions for others to test, too.

Notes for reviewers

- feat: specify current_working_directory where to run your scripts from (#131)

Related GitHub Issues

Problem

This is a feature that is mostly intended for people who want to
separate their deployment code from their application code and be able
to use dependencies, a package manager, or whatever language they want.
Everything is encapsulated in a directory.

Solution

The solution is that you can change the working directory that Decaf is
running from, which then allows package managers, for example, to
reference their files in that directory, like the package.json or
deno.json file.

You do have to make sure to change your directory to go back to the
parent directory where your code probably exists. But hey, at least this
is a nice little feature for you.

Testing

• Added automated tests.
• Manually tested. If you check this box, provide instructions for
  others to test, too.

Testing the feature in this pull request by using it in our CI setup.

Notes for reviewers

...🟩 rebase 🟩 merge method... 🚢 The next version of the project will be: 0.11.0

Learn more

Latest release: 0.10.0
Commit of latest release: 8c5744c

Commits since last release:
- Revert "test: test mode isolated git environments are subdirectories to have more similar environment to real deployments"

This reverts commit 571f828.

Reverting because of the commit, d93032f, we no longer need to do this and using a temp directory for isolated environments has some nice benefits.
- fix: cannot validate is current_working_directory is valid input

the 0.11.0 deployment failed when we called new code that tries to check if current_working_directory is a valid option. After considering many different options. I'm opting for this one because, in the end, the validation of this input is giving a better user experience to the developer.

There is always a risk that we're going to introduce more and more issues over time. I think, actually, this permissions thing just needs an overhaul anyway, so I think it's okay to allow reading.

I think this is actually the easiest option that still provides the best developer experience.
- test: test mode isolated git environments are subdirectories to have more similar environment to real deployments

Been trying to deploy 0.11.0, but it keeps failing. Want to try this solution? We can make the environment similar and then go from there. We might need to make some other changes to actually make it work, but at least we want to make the testing similar.
- feat: specify current_working_directory where to run your scripts from (#131)

Related GitHub Issues

Problem

This is a feature that is mostly intended for people who want to
separate their deployment code from their application code and be able
to use dependencies, a package manager, or whatever language they want.
Everything is encapsulated in a directory.

Solution

The solution is that you can change the working directory that Decaf is
running from, which then allows package managers, for example, to
reference their files in that directory, like the package.json or
deno.json file.

You do have to make sure to change your directory to go back to the
parent directory where your code probably exists. But hey, at least this
is a nice little feature for you.

Testing

• Added automated tests.
• Manually tested. If you check this box, provide instructions for
  others to test, too.

Testing the feature in this pull request by using it in our CI setup.

Notes for reviewers

[coveralls]

Pull Request Test Coverage Report for Build 21334076485

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 81.519%

---

Totals
Change from base Build 21333337102:	0.0%
Covered Lines:	1294
Relevant Lines:	1623

---

💛 - Coveralls