chore: copier dependency bump to 9.0.1

.github/workflows/check-python.yaml

@@ -25,13 +25,14 @@ jobs:
       - name: Audit with pip-audit
         run: |
           # audit non dev dependencies, no exclusions
-          poetry export --without=dev > requirements.txt && poetry run pip-audit -r requirements.txt
+          # This is a temporary fix for PYSEC-2022-43059 as the vulnerability is withdrawn. See https://github.com/pypa/advisory-database/pull/169
+          poetry export --without=dev > requirements.txt && poetry run pip-audit -r requirements.txt --ignore-vuln "PYSEC-2022-43059"
 
           # audit all dependencies, with exclusions.
           # If a vulnerability is found in a dev dependency without an available fix,
           # it can be temporarily ignored by adding --ignore-vuln e.g.
           # --ignore-vuln "GHSA-hcpj-qp55-gfph" # GitPython vulnerability, dev only dependency
-          poetry run pip-audit --ignore-vuln "GHSA-wfm5-v35h-vwf4" --ignore-vuln "GHSA-cwvm-v4w8-q58c"
+          poetry run pip-audit --ignore-vuln "GHSA-wfm5-v35h-vwf4" --ignore-vuln "GHSA-cwvm-v4w8-q58c" --ignore-vuln "PYSEC-2022-43059"
 
       - name: Check formatting with Black
         run: |

pyproject.toml

@@ -10,15 +10,15 @@ readme = "README.md"
 python = "^3.10"
 click = "^8.1.3"
 httpx = "^0.23.1"
-copier = "^7.1.0"
+copier = "^9.0.0"
 questionary = "^1.10.0"
 pyclip = "^0.7.0"
 shellingham = "^1.5.0.post1"
 algokit-client-generator = "^1.0.3"
 tomli = { version = "^2.0.1", python = "<3.11" }
 python-dotenv = "^1.0.0"
 # workaround for issue with copier dependency spec allowing major upgrade to pydantic v2
-pydantic = "^1.10.2"
+pydantic = "^2.4.0"
 mslex = "^1.1.0"
 keyring = "^24.2.0"
 pyjwt = "^2.8.0"

src/algokit/cli/init.py

@@ -228,6 +228,7 @@ def init_command(  # noqa: PLR0913
         data=answers_dict,
         quiet=True,
         vcs_ref=template.commit,
+        unsafe=True,
     ) as copier_worker:
         if use_defaults:
             populate_default_answers(copier_worker)

src/algokit/core/init.py

@@ -8,7 +8,6 @@ def populate_default_answers(worker: Worker) -> None:
     Used as a work-around for the behaviour of Worker(default=True, ...) which in >=7.1 raises an error instead of
     prompting if no default is provided"""
     answers = AnswersMap(
-        default=worker.template.default_answers,
         user_defaults=worker.user_defaults,
         init=worker.data,
         last=worker.subproject.last_answers,

tests/init/test_init.py

@@ -488,7 +488,7 @@ def test_init_template_url_and_ref(tmp_path_factory: TempPathFactory, mocker: Mo
     ref = "abcdef123456"
     cwd = tmp_path_factory.mktemp("cwd")
     result = invoke(
-        "init --name myapp --no-git --no-bootstrap --defaults "
+        "init --name myapp --no-git --no-bootstrap "
         "--template-url gh:algorandfoundation/algokit-beaker-default-template "
         f"--template-url-ref {ref} "
         "--UNSAFE-SECURITY-accept-template-url",
@@ -499,6 +499,80 @@ def test_init_template_url_and_ref(tmp_path_factory: TempPathFactory, mocker: Mo
     assert mock_copier_worker_cls.call_args.kwargs["vcs_ref"] == ref
 
 
+def test_init_blessed_template_url_get_community_warning(
+    tmp_path_factory: TempPathFactory, mock_questionary_input: PipeInput
+) -> None:
+    cwd = tmp_path_factory.mktemp("cwd")
+
+    mock_questionary_input.send_text("N")  # community warning
+    result = invoke(
+        "init --name myapp --no-git "
+        "--template-url gh:algorandfoundation/algokit-beaker-default-template --defaults "
+        "-a author_name None -a author_email None ",
+        cwd=cwd,
+    )
+
+    assert result.exit_code == 1
+    verify(result.output, scrubber=make_output_scrubber())
+
+
+def test_init_with_any_template_url_get_community_warning(
+    tmp_path_factory: TempPathFactory, mock_questionary_input: PipeInput
+) -> None:
+    cwd = tmp_path_factory.mktemp("cwd")
+    mock_questionary_input.send_text("Y")
+    result = invoke(
+        "init --name myapp --no-git --no-bootstrap "
+        "--template-url gh:algorandfoundation/algokit-beaker-default-template --defaults "
+        "-a author_name None -a author_email None ",
+        cwd=cwd,
+    )
+
+    assert result.exit_code == 0
+    paths = {p.relative_to(cwd) for p in cwd.rglob("*")}
+    assert paths.issuperset(
+        {
+            Path("myapp"),
+            Path("myapp") / "README.md",
+            Path("myapp") / "smart_contracts",
+        }
+    )
+    env_template_file_contents = (cwd / "myapp" / ".env.template").read_text()
+    verify(
+        get_combined_verify_output(
+            result.output, additional_name=".env.template", additional_output=env_template_file_contents
+        ),
+        scrubber=make_output_scrubber(),
+    )
+
+
+def test_init_with_any_template_url_get_community_warning_with_unsafe_tag(tmp_path_factory: TempPathFactory) -> None:
+    cwd = tmp_path_factory.mktemp("cwd")
+    result = invoke(
+        "init --name myapp --no-git --no-bootstrap "
+        "--template-url gh:algorandfoundation/algokit-beaker-default-template --defaults "
+        "-a author_name None -a author_email None --UNSAFE-SECURITY-accept-template-url",
+        cwd=cwd,
+    )
+
+    assert result.exit_code == 0
+    paths = {p.relative_to(cwd) for p in cwd.rglob("*")}
+    assert paths.issuperset(
+        {
+            Path("myapp"),
+            Path("myapp") / "README.md",
+            Path("myapp") / "smart_contracts",
+        }
+    )
+    env_template_file_contents = (cwd / "myapp" / ".env.template").read_text()
+    verify(
+        get_combined_verify_output(
+            result.output, additional_name=".env.template", additional_output=env_template_file_contents
+        ),
+        scrubber=make_output_scrubber(),
+    )
+
+
 def test_init_no_community_template(tmp_path_factory: TempPathFactory, mock_questionary_input: PipeInput) -> None:
     cwd = tmp_path_factory.mktemp("cwd")
 
@@ -560,8 +634,8 @@ def test_init_with_official_template_name_and_hash(tmp_path_factory: TempPathFac
     cwd = tmp_path_factory.mktemp("cwd")
 
     result = invoke(
-        "init --name myapp --no-git --template beaker_with_version --defaults -a run_poetry_install False "
-        "-a author_name None -a author_email None ",
+        "init --name myapp --no-git --template beaker_with_version"
+        " --defaults -a run_poetry_install False -a author_name None -a author_email None ",
         cwd=cwd,
     )
 

tests/init/test_init.test_init_blessed_template_url_get_community_warning.approved.txt

@@ -0,0 +1,4 @@
+WARNING: Community templates have not been reviewed, and can execute arbitrary code.
+Please inspect the template repository, and pay particular attention to the values of _tasks, _migrations and _jinja_extensions in copier.yml
+? Continue anyway? (y/N)
+🛑 Bailing out... 👋

tests/init/test_init.test_init_with_any_template_url_get_community_warning.approved.txt

@@ -0,0 +1,16 @@
+WARNING: Community templates have not been reviewed, and can execute arbitrary code.
+Please inspect the template repository, and pay particular attention to the values of _tasks, _migrations and _jinja_extensions in copier.yml
+? Continue anyway? (y/N)
+DEBUG: template source = gh:algorandfoundation/algokit-beaker-default-template
+DEBUG: project path = {current_working_directory}/myapp
+Starting template copy and render...
+DEBUG: final clone URL = https://github.com/algorandfoundation/algokit-beaker-default-template.git
+Template render complete!
+🙌 Project initialized at `myapp`! For template specific next steps, consult the documentation of your selected template 🧐
+Your selected template comes from:
+➡️  https://github.com/algorandfoundation/algokit-beaker-default-template
+Your template includes a README.md file, you might want to review that as a next step.
+----
+.env.template:
+----
+# this file should contain environment variables common to all environments/networks

tests/init/test_init.test_init_with_any_template_url_get_community_warning_with_unsafe_tag.approved.txt

@@ -0,0 +1,15 @@
+WARNING: Community templates have not been reviewed, and can execute arbitrary code.
+Please inspect the template repository, and pay particular attention to the values of _tasks, _migrations and _jinja_extensions in copier.yml
+DEBUG: template source = gh:algorandfoundation/algokit-beaker-default-template
+DEBUG: project path = {current_working_directory}/myapp
+Starting template copy and render...
+DEBUG: final clone URL = https://github.com/algorandfoundation/algokit-beaker-default-template.git
+Template render complete!
+🙌 Project initialized at `myapp`! For template specific next steps, consult the documentation of your selected template 🧐
+Your selected template comes from:
+➡️  https://github.com/algorandfoundation/algokit-beaker-default-template
+Your template includes a README.md file, you might want to review that as a next step.
+----
+.env.template:
+----
+# this file should contain environment variables common to all environments/networks