-
Notifications
You must be signed in to change notification settings - Fork 353
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add confirmation prompts to unsafe cli commands #6878
base: main
Are you sure you want to change the base?
Conversation
Will prompt the user if scope and/or context is not provided Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Will <[email protected]>
Co-authored-by: Will <[email protected]>
Co-authored-by: Will <[email protected]>
Co-authored-by: Will <[email protected]>
…nantly across contexts Co-authored-by: Will <[email protected]>
Created several tests to check env:test prompts
created a new directory in utils called prompts, to store all future prompts. rewrote the prompts to only check for destructive actions. added tests for each of the destructive prompts Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
for blobl:set and blob:delete Co-authored-by: Thomas Lane <[email protected]>
updated the documentation Co-authored-by: Thomas Lane <[email protected]>
updated error handeling Co-authored-by: Thomas Lane <[email protected]> Co-authored-by: Thomas Lane <[email protected]>
updated prompts spacing for consistencey Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome, thank you for you doing this! Just a couple suggestions!
refactored messages in env-set to a function that exports an object to be reused Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]> Co-authored-by: Thomas Lane <[email protected]>
env and blob commands Co-authored-by: Thomas Lane <[email protected]> Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]> Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]> Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
Updates (w/ @wconrad265 )
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Just have a request to clean up the prompt files a little bit!
Co-authored-by: Thomas Lane <[email protected]>
scripted commands automatically given the force flag Co-authored-by: Will <[email protected]>
…r scritped commands Co-authored-by: Will <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
fixed lint issue that was casuing test in ci enviroment to fail Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
Co-authored-by: Thomas Lane <[email protected]>
All of the tests now pass, and we are ready for a re-review. Big Thanks to @tlane25 for working on this with me.
The commands that had the |
src/commands/addons/addons.ts
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the old --force
option, the -f
option no longer works. Do we want to add -f
for just this option. Is this ok?
src/commands/init/index.ts
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is another spot, where the message will be changed from this message to a more generic message, for --force
@@ -33,7 +33,7 @@ and configures your Git environment with the right credentials.`, | |||
.command('lm:setup', { hidden: true }) | |||
.description('Configures your site to use Netlify Large Media') | |||
.option('-s, --skip-install', 'Skip the credentials helper installation check') | |||
.option('-f, --force-install', 'Force the credentials helper installation') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is another location where we use --force-install
, and -f
. In the new update, it is a unified command of --force
@@ -23,7 +23,7 @@ export const createLmCommand = (program: BaseCommand) => { | |||
It installs the required credentials helper for Git, | |||
and configures your Git environment with the right credentials.`, | |||
) | |||
.option('-f, --force', 'Force the credentials helper installation') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is another place as well, the -f option no longer works. It is now just --force
with a generic message
@@ -81,7 +81,7 @@ export const createSitesCommand = (program: BaseCommand) => { | |||
.command('sites:delete') | |||
.description('Delete a site\nThis command will permanently delete the site on Netlify. Use with caution.') | |||
.argument('<siteId>', 'Site ID to delete.') | |||
.option('-f, --force', 'delete without prompting (useful for CI)') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another place where just --force
will now work
@@ -230,5 +242,11 @@ export const createMainCommand = () => { | |||
}) | |||
.action(mainCommand) | |||
|
|||
program.commands.forEach((cmd) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is where we add the --force
option to each command that is in the set above. This allows the --force
option to be unified across all commands, for adding the --force
flag in ci/cd environments.
Co-authored-by: Thomas Lane <[email protected]>
Problem
Several CLI commands currently allow users to perform actions that may accidentally modify production environments. Some actions, like setting environment variables without specifying context (or scope) can inadvertently affect all contexts (or scopes) leading to unintended consequences.
Worked on this with @tlane25
Solution
To address this, we added confirmation prompts to critical commands. These prompts inform users of potentially unsafe changes and give them a chance to cancel the operation. The prompts can be bypassed using the
-f
or--force
flag for advanced users who understand the risks.Additionally, we refactored the codebase to improve prompt management by:
prompts
folder under theutils
directory to store logic and messages for each command. Each command with prompts now has a corresponding file (e.g.,env-set-prompts.ts
forenv:set
) to keep the code modular and organized.inquirer
package for prompts, since it was already installed in the project.Commands Updated with Prompts
env:set
The current code already checks if the environment variable exists. If it does, and the user does not pass the
--force
or-f
flag, a prompt now displays, informing the user that they are about to modify the existing variable.before
after
env:unset
The user will be prompted to confirm deletion if they don’t pass the
--force
flagbefore
after
env:clone
The original code already checks, if there are environment variables of the same in name in the target site. If an environment variable with the same name already exists on the target site, a prompt informs the user that variables will be overwritten.
The
-f
flag is already used for the--from
flag, so users can only bypass it with the--force
flag.before
after
blob:set
Will check to see if a key in the store exists. If the key does exist, the user will be prompted with a warning message.
Also a confirmation message has been added, letting the user know the operation was successful, as there was not one before.
before
after
blob:delete
A prompt now displays to the user if they are deleting a key of a store.
Also a confirmation message was added.
before
after
Testing and Validation
env:set
, the prompt only appears if the environment variable already exists.-force
flag correctly skips the prompt where applicable.-force
flag bypasses the confirmation prompt as intended.Testing and Setup Explanation
In the test setups using
setupFixtureTests('empty-project')
, we needed to ensure that commands likeblobs:set
function as expected. However, sincecallCli
spins up a separate Node.js process for each test and interacts with the command-line interface, we encountered issues withinquirer
prompts that require user input.Issues
inquirer
confirmation prompts that expect user interaction. When running tests withcallCli
, these prompts cause the tests to hang and eventually time out, as no input is provided to the prompts.-force
flag to all tests invoking commands with confirmation prompts. This bypasses the interactive prompts, ensuring the tests proceed without waiting for user input.This setup allows us to validate command behavior without requiring manual input or causing test timeouts.
I wanted to mention this here, because I had to add to
--force
flag to several test files. This might be good to add to the documentation somewhere. I wasn’t sure where to add it.Testing the
inquirer
promptsWe used
withMockApi
, which spins up a local Express server to simulate the API for testing. Then, we mockedinquirer.prompt
to simulate user interaction, ensuring the correct prompts and messages were displayed.This is consistent with other tests that mock inquirer prompts as well.
Each of these commands has tests in their corresponding test files. If a command did not have a test file that corresponded to it, it was created.
Documentation
Documentation has been updated to reflect the new prompts and the option to use the force flag for bypassing.
Looking forward to comments!
Also here is some dog pictures of my dogs!
Looking forward to comments!
Also here is some dog pictures of my dogs!
For us to review and ship your PR efficiently, please perform the following steps:
passes our tests.
A picture of a cute animal (not mandatory, but encouraged)