Run script after initial clone


#1

I have a rails repo that can be cloned into cloud9 and setups a basic rails app.

I want to run a script right after the repo is first cloned, and the workspace created.

Currently I instruct users to run bin/setup, which is okay, but it would be nice to fully automate this.


#2

Doing this would allow people to create malicious script (which for instance steals the ssh key), and run it on users workspaces by tricking them to click on a link.


#3

Ok, so thanks for citing one security concern (that’s unlikely to occur), and now perhaps we could brainstorm a creative solution to this common request?

Perhaps there’s way for users to confirm the automatic script before it’s executed, etc.?


#4

It is indeed not very likely to occur, since the same could be done by running npm install. But it is something that would be listed as a vulnerability by users who have something valuable in their ide, and by people doing security audit.

Also i don’t think this is a very common request, since it didn’t get any likes and has two comments in support, so in addition to creative solutions we need more reasoning showing why this is a good idea, and why it should be implemented before other requests.

It seems the benefit of running setup scripts automatically is not that large, cloud9 opens the readme after cloning, and opens a terminal bellow it, so copying ./bin/setup from top pane to bottom and pressing enter is not much more difficult than clicking a dialog button.

That said we could add an unobtrusive, non-modal notification, that the repository author asks to run these commands.
Or we could make markdown notebooks, similar to R Markdown notebooks in R studio, which would allow users to run scripts in readme with one click (of course, after accepting a scary warning dialog:)


#5

This would be useful for Java as well; see for example my https://github.com/Pr0methean/BetterRandom/blob/master/prepare-workspace.sh