turbo

6f413d4b - feat: port task execution env restriction (#6184)

feat: port task execution env restriction (#6184) ### Description Ports the environment variable restriction behavior from Go and plumbs it through to the actual child process. Fairly straight forward port from Go with two callouts: - I combine [`env` and `passThroughEnv`](https://github.com/vercel/turbo/blob/main/cli/internal/run/real_run.go#L502-L503) into a single map in `run/mod.rs`. These two maps are only read once in Go and they immediately get union/d. - We calculate the environment variable map eagerly now on the main thread as opposed to right before task execution starts in a separate `goroutine`. We have to do that since the `TaskHasher` contains a lifetime making it `!Send + !Sync`. In the future we should see if we can restructure things to avoid blocking the main thread. ### Testing Instructions Existing integration tests that test env var restrictions: ``` [0 olszewski@chriss-mbp] /Users/olszewski/code/vercel/turborepo/turborepo-tests/integration $ EXPERIMENTAL_RUST_CODEPATH=true .cram_env/bin/prysk --shell=bash tests/strict_env_vars/*.t ! --- tests/strict_env_vars/dry_json.t +++ tests/strict_env_vars/dry_json.t.err @@ -4,15 +4,17 @@ Empty passthroughs are null $ ${TURBO} build --dry=json | jq -r '.tasks[0].environmentVariables | { passthrough, globalPassthrough }' - { - "passthrough": null, - "globalPassthrough": null - } + parse error: Invalid numeric literal at line 1, column 7 + thread 'main' panicked at library/std/src/io/stdio.rs:1019:9: + failed printing to stdout: Broken pipe (os error 32) + note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace + [4] Make sure that we populate the JSON output $ cp "$TESTDIR/../_fixtures/strict_env_vars_configs/all.json" "$(pwd)/turbo.json" && git commit -am "no comment" --quiet $ ${TURBO} build --dry=json | jq -r '.tasks[0].environmentVariables | { passthrough, globalPassthrough }' - { - "passthrough": [], - "globalPassthrough": null - } + parse error: Invalid numeric literal at line 1, column 7 + thread 'main' panicked at library/std/src/io/stdio.rs:1019:9: + failed printing to stdout: Broken pipe (os error 32) + note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace + [4] ....... # Ran 8 tests, 0 skipped, 1 failed. ``` The test that fails is expected due to `--dry=JSON` not being hooked up yet. Closes TURBO-1473 --------- Co-authored-by: Chris Olszewski <Chris Olszewski>