[Idea] tea --strain mode

[davdroman]

I'd like to pitch an idea for improving the resilience of tea for deployments in remote environments.

---

Most scriptable deployment systems (e.g. GitHub Actions, Heroku, Render) have a set of pre-installed, arbitrarily versioned binaries (e.g. Python 3.10.9).

Maybe it makes sense for tea to offer a mode where the execution environment only contains the specified packages and nothing else. No locally installed binaries allowed as a fallback.

So if I'm deploying to a remote server that comes with Python 3.10.2 preinstalled, but I'd like to ensure Python 3.11.x is used throughout my deployment process without falling back on 3.10.2, I should be able to do so by --straining my tea:

tea --strain +python.org~3.11 make # only tea's Python allowed

I recognize this might be a bit overly cautious or even unnecessary, but I do worry about my deployment environments getting muddied by mistake and breaking later on without knowing why.

[jhheider]

This is an interesting idea. tea's computed $PATH should have all injected tea binaries before the rest of the $PATH, so that should be the effect in any case.

Here's one trick that approximates your idea today:

PATH= tea "+python.org~3.11" /bin/sh -c 'echo $PATH'
/Users/jacob/.tea/invisible-island.net/ncurses/v6.3.0/bin:/Users/jacob/.tea/gnu.org/readline/v8.1.0/bin:/Users/jacob/.tea/sourceware.org/bzip2/v1.0.8/bin:/Users/jacob/.tea/openssl.org/v1.1.1s/bin:/Users/jacob/.tea/libexpat.github.io/v2.5.0/bin:/Users/jacob/.tea/tukaani.org/xz/v5.2.7/bin:/Users/jacob/.tea/sqlite.org/v3.39.4/bin:/Users/jacob/.tea/python.org/v3.11.0/bin:/Users/jacob/.tea/tea.xyz/v0.21.4/bin

[mxcl]

If we are to continue “emulating env” then env has -u for this.

And in the vein, PR welcome! Or we’ll add sometime soonish.

[mxcl]

Beware that you’ll be surprised how often things you don’t expect break if there isn’t POSIX in PATH. Though losing /usr/bin may be enough to get what you want.

obv. longer term we will presumably provide all of POSIX, so…

If we are going to get more “clever” than just clearing the existing env then it would be better suited IMO as “porcelain” type features that use libtea (currently bundled in cli sources). An example of what I'm talking about is our build infrastructure in pantry.core which is all built on top of the primitives that tea/cli vends.

[mxcl]

Also this is a lovely suggestion, thank you.