Skip to content

[IMP] quickstart: add an argument and config to avoid cloning the repository automatically#105

Open
lse-odoo wants to merge 1 commit intomainfrom
no_auto_clone_on_qs-lse
Open

[IMP] quickstart: add an argument and config to avoid cloning the repository automatically#105
lse-odoo wants to merge 1 commit intomainfrom
no_auto_clone_on_qs-lse

Conversation

@lse-odoo
Copy link
Contributor

@lse-odoo lse-odoo commented Nov 14, 2025
edited
Loading

Description

Locally running custom python code from an unknown author is a security risk. Users willing to easily download a database dump and restore it cannot currently do it in one command (would need to use dump then restore) which is inconvenient.

Introducing a new parameter for quickstart command called --toggle_clone_repo that will override the default quickstart behavior of always pulling the instance GitHub repository.

As certain users would rarely need to clone database custom code, we also introduced a configuration parameter:
toggle_clone_repo in (quickstart section) to avoid cloning the repository. If the config parameter is not set (so, the default behavior) is to always download the custom code

Adding --toggle_clone_repo will negate the config value.

Example:

  • User A: "I generally want to have databases repository custom code" ->
    odev quickstart <db>
    "but sometime not" ->
    odev quickstart --toggle_clone_repo <db>
  • User B: "I generally don't want to have the database custom code" -> first set the config
    odev config quickstart.should_clone_repo False (on the first time only!) then
    odev quickstart <db>
    "but this time I want the custom code" ->
    (assuming he already ran odev config quickstart.should_clone_repo False):
    odev quickstart --toggle_clone_repo <db>

Linked Issues

None

Compliance

  • I have read the contribution guide
  • I made sure the documentation is up-to-date both in doctrings and the docs directory
  • I have added or modified unit tests where necessary (there is none on quickstart :( )
  • I have added new libraries to the requirements.txt file, if any
  • I have incremented the version number according the versioning guide
  • The PR contains my changes only and no other external commit

@lse-odoo
Copy link
Contributor Author

lse-odoo commented Nov 14, 2025

@brinkflew may I have your opinion on the idea please ? If your are okay with it I'll see if I can add tests etc.
One point on which I am very skeptical is the call to Config() in the default value computation. I like the idea like this so that the value is always overridable despite the config value if given explicitly in the command line

brinkflew
brinkflew reviewed Nov 18, 2025
View reviewed changes
@lse-odoo lse-odoo force-pushed the no_auto_clone_on_qs-lse branch from 5977328 to 2ce6cbb Compare November 20, 2025 16:25
@lse-odoo
[IMP] quickstart: add an argument and config to avoid cloning the rep…
7f268bb 
…ository automatically

[IMP] quickstart: add an argument and config to avoid cloning the repository automatically

Locally running custom python code from an unknown author is a security risk. Users willing to easily download a database dump and restore it cannot currently do it in one command (would need to use `dump` then `restore`) which is inconvenient.

Introducing a new parameter for `quickstart` command called `--toggle_clone_repo` that will override the default quickstart behavior of always pulling the instance GitHub repository.

As certain users would rarely need to clone database custom code, we also introduced a configuration parameter:
`toggle_clone_repo` in (`quickstart` section) to avoid cloning the repository. If the config parameter is not set (so, the default behavior) is to always download the custom code

Adding `--toggle_clone_repo` will negate the config value.

Example:
 - User A: "I generally want to have databases repository custom code" ->
 `odev quickstart <db>`
   "but sometime not" ->
   `odev quickstart --toggle_clone_repo <db>`
 - User B: "I generally don't want to have the database custom code" -> first set the config
 `odev config quickstart.should_clone_repo False` (on the first time only!) then
 `odev quickstart <db>`
  "but this time I want the custom code" ->
  (assuming he already ran `odev config quickstart.should_clone_repo False`):
  `odev quickstart --toggle_clone_repo <db>`
@lse-odoo lse-odoo force-pushed the no_auto_clone_on_qs-lse branch from 2ce6cbb to 7f268bb Compare November 20, 2025 17:44
@lse-odoo lse-odoo marked this pull request as ready for review November 20, 2025 17:44
@lse-odoo lse-odoo requested a review from brinkflew November 20, 2025 17:45
@brinkflew
Copy link
Contributor

brinkflew commented Nov 24, 2025

@sea-odoo is also looking at implementing a "no dump" feature for this command so I think there is something at play here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brinkflew brinkflew Awaiting requested review from brinkflew

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lse-odoo @brinkflew