Escaping shell substitution with `pixi run` requires multiple layers of quoting

[abey79]

Checks

• [X] I have checked that this issue has not already been reported.

• [X] I have confirmed this bug exists on the latest version of pixi, using pixi --version.

Reproducible example

$ cat script.sh
echo "$1"

$ ./script.sh '*'
*

$ pixi --version
pixi 0.25.0

$ pixi init
✔ Initialized project in /tmp/bug/.

$ pixi run script.sh '*'
pixi.lock

# ^ that is strange, there are actually 3 files in the current directory

$ pixi run script.sh "'*'"
*

# ^ expected output

$ pixi self-update --version 0.28.2
✔ Pixi will be updated from 0.25.0 to 0.28.2
✔ Pixi archive downloaded.
✔ Pixi archive uncompressed.
✔ Pixi has been updated to version 0.28.2.

$ pixi run script.sh "'*'"
pixi.lock

# ^ now that's wrong

$ pixi run script.sh ""'*'""
*

# ^ correct again, with 3 layers of quoting

Issue description

pixi requires several layers of quotes to avoid shell substitutions. The "correct" number of quote is 1 (e.g. when you directly call the target script). pixi 0.25.0 needs two. pixi 0.28.2 needs three.

Expected behavior

$ pixi run script.sh '*'
*

[baszalmstra]

Ah this is because of deno task shell. The first quotes are needed to escape the *wildcard in your own shell. But then the * is interpreted by deno task shell which will also use it as a wildcard which is why you see pixi.lock. That is the result of the wildcard expansion.

But the 3 quotes are strange to me.. That needs a little more investigation.