Closed jamesward closed 4 years ago
I'm supportive of this (both pre/post scripts). It would be good to gather more data/use-cases. It seems like the Heroku’s support is a bit open for shortcomings like:
how do you provide multiple cmds
Most often there is a shell script in the repo that those go into.
how do you effectively let users escape complex commands with quotes etc in json
For debugability the external script is easiest so I think we encourage that route.
where does the output/artifact of the command go? can it be factored in to the build/deploy procedure and/or to the deployed app?
STDOUT in Cloud Shell.
user agrees to clone/deploy an app, but if the free-form commands contain malicious exfiltration steps, it probably needs extra approval from the user in our case.
The build is already running arbitrary code that can do whatever it wants. So this doesn't open any new attack angles.
Here is an example project / script where'd I'd use this: https://github.com/jamesward/nodebars/blob/master/.gcloud/setup.sh
Note that it needs to know the project & Cloud Run service.
Add support for: https://devcenter.heroku.com/articles/app-json-schema#scripts