jdx/mise

Templates in TOML tasks are processed even in commented-out sections

Closed this issue · 1 comments

Describe the bug
In TOML tasks, templates are applied to comments within the task scripts. This behavior makes debugging difficult because commenting out parts of the task containing templates does not stop them from being processed. Instead, the templates are still evaluated as if they were part of the active task.

To Reproduce

  1. Define a task with a template and try to comment out parts of the script for debugging:
    run = """
    {% set policy_name = arg(name='policy-name') %}
    {% set plugin_dir = env.___POLICIES_DIR ~ '/' ~ policy_name %}
    
    #{% if not plugin_dir is exists %}
    #{{ throw(message=plugin_dir ~ " doesn't exist") }}
    #{% endif %}
    """
  2. Run the task, expecting the commented-out code to be ignored.

Expected behavior
Commented-out parts of the task should be ignored entirely during execution, and no templates within the comments should be evaluated.

Actual behavior
Templates within the comments are still processed, resulting in errors like this:

[generate:policy] panic in task: panicked at src/task/task_script_parser.rs:281:59:
called `Result::unwrap()` on an `Err` value: Error { kind: Msg("Failed to render '__tera_one_off'"), source: Some(Error { kind: CallFunction("throw"), source: Some(Error { kind: Msg("pkg/plugins/policies/MISE_TASK_ARG:policy-name:MISE_TASK_ARG doesn't exist"), source: None }) }) }

mise doctor output

version: 2024.12.17 macos-arm64 (6abef71 2024-12-21)
activated: yes
shims_on_path: no

build_info:
  Target: aarch64-apple-darwin
  Features: DEFAULT, NATIVE_TLS, OPENSSL
  Built: Sat, 21 Dec 2024 16:00:07 +0000
  Rust Version: rustc 1.83.0 (90b35a623 2024-11-26)
  Profile: release

shell:
  /opt/homebrew/bin/fish
  fish, version 3.7.1

dirs:
  cache: ~/Library/Caches/mise
  config: ~/.config/mise
  data: ~/.local/share/mise
  shims: ~/.local/share/mise/shims
  state: ~/.local/state/mise

config_files:
  ~/.config/mise/config.toml
  ~/foo/mise.toml

ignored_config_files: (none)

backends:
  aqua
  asdf
  cargo
  core
  dotnet
  gem
  go
  npm
  pipx
  spm
  ubi
  vfox

plugins:
  clang-format           git@github.com:higebu/asdf-llvm.git#c527fd9
  kube-controller-tools  git@github.com:jimmidyson/asdf-kube-controller-tools.git#37526dc
  oapi-codegen           git@github.com:dylanrayboss/asdf-oapi-codegen.git#a988840

toolset:
  aqua:GoogleContainerTools/container-structure-test@1.19.3
  aqua:etcd-io/etcd@3.5.17
  aqua:golangci/golangci-lint@1.62.0
  aqua:helm/helm@3.16.4
  aqua:jqlang/jq@1.7.1
  aqua:koalaman/shellcheck@0.10.0
  aqua:kubernetes-sigs/kubebuilder@4.3.1
  aqua:kubernetes/kubectl@1.32.0
  aqua:norwoodj/helm-docs@1.11.0
  aqua:protocolbuffers/protobuf-go/protoc-gen-go@1.28.1
  aqua:protocolbuffers/protobuf/protoc@3.20.0
  aqua:stackrox/kube-linter@0.6.5
  asdf:kube-controller-tools@0.16.5
  asdf:oapi-codegen@2.4.1
  core:go@1.23.4
  go:github.com/envoyproxy/protoc-gen-validate@v1.1.0
  go:github.com/google/osv-scanner/cmd/osv-scanner@1.9.1
  go:github.com/onsi/ginkgo/v2/ginkgo@2.22.0
  go:github.com/pubg/protoc-gen-jsonschema@0.6.2
  go:google.golang.org/grpc/cmd/protoc-gen-go-grpc@1.1.0
  ubi:hadolint/hadolint@2.12.0
  ubi:jdx/usage@1.7.2
  ubi:k3d-io/k3d@5.7.5
  ubi:kubernetes-sigs/kind@0.26.0
  ubi:mikefarah/yq@4.30.8

path:
  ~/.local/share/mise/installs/container-structure-test/1.19.3
  ~/.local/share/mise/installs/etcd/3.5.17/etcd-v3.5.17-darwin-amd64
  ~/.local/share/mise/installs/go/1.23.4/bin
  ~/.local/share/mise/installs/ginkgo/2.22.0/bin
  ~/.local/share/mise/installs/golangci-lint/1.62.0/golangci-lint-1.62.0-darwin-arm64
  ~/.local/share/mise/installs/hadolint/2.12.0/bin
  ~/.local/share/mise/installs/helm/3.16.4/darwin-arm64
  ~/.local/share/mise/installs/helm-docs/1.11.0
  ~/.local/share/mise/installs/jq/1.7.1
  ~/.local/share/mise/installs/k3d/5.7.5/bin
  ~/.local/share/mise/installs/kind/0.26.0/bin
  ~/.local/share/mise/installs/kube-controller-tools/0.16.5/bin
  ~/.local/share/mise/installs/kube-linter/0.6.5
  ~/.local/share/mise/installs/kubebuilder/4.3.1
  ~/.local/share/mise/installs/kubectl/1.32.0
  ~/.local/share/mise/installs/oapi-codegen/2.4.1/bin
  ~/.local/share/mise/installs/osv-scanner/1.9.1/bin
  ~/.local/share/mise/installs/protoc/3.20.0/bin
  ~/.local/share/mise/installs/protoc-gen-go/1.28.1
  ~/.local/share/mise/installs/protoc-gen-go-grpc/1.1.0/bin
  ~/.local/share/mise/installs/protoc-gen-jsonschema/0.6.2/bin
  ~/.local/share/mise/installs/protoc-gen-validate/v1.1.0/bin
  ~/.local/share/mise/installs/shellcheck/0.10.0/shellcheck-v0.10.0
  ~/.local/share/mise/installs/yq/4.30.8/bin
  ~/.local/share/mise/installs/usage/1.7.2/bin
  ~/.local/share/mise/installs/go/1.23.4/bin
  ~/.local/bin
  /opt/homebrew/bin
  /opt/homebrew/sbin
  /opt/homebrew/opt/make/libexec/gnubin
  /opt/homebrew/opt/coreutils/libexec/gnubin
  ~/.cargo/bin
  /bin
  ~/go/bin
  ~/bin
  /usr/local/opt/libiconv/bin
  /usr/local/sbin
  /usr/local/opt/ruby/bin
  /usr/local/opt/curl/bin
  /usr/local/opt/fzf/bin
  /opt/homebrew/opt/fzf/bin
  /usr/local/bin
  /System/Cryptexes/App/usr/bin
  /usr/bin
  /usr/sbin
  /sbin
  /Library/Apple/usr/bin
  /usr/local/MacGPG2/bin
  /Applications/Wireshark.app/Contents/MacOS

env_vars:
  MISE_SHELL=fish

settings:
  experimental  true ~/.config/mise/config.toml
  experimental  true ~/foo/mise.toml

No problems found

Actually, I think using https://keats.github.io/tera/docs/#comments is the way to go