Support building packages in containers

[suzuki-shunsuke]

I note an interesting idea.
Unfortunately, I think we can't adopt this idea because this idea has an issue.
But I want to note the idea here. I hope this idea will be helpful in future.

Background

Basically, aqua doesn't support executing external commands except for some commands such as go install to install packages.
This restriction is important for security and maintainability.

• https://aquaproj.github.io/docs/reference/restriction/#aqua-doesnt-support-running-any-external-commands-to-install-tools
• https://aquaproj.github.io/docs/reference/security/#features

This is not necessarily a draw back, but aqua can't support some tools due to this restriction.
This is one of the reasons some people don't use aqua, so ideally we'd like to resolve the restriction.

Proposal

Then I thought maybe we could resolve the restriction by running external commands in containers.
By restricting the access to host file system and environment variables, we can execute external commands safely.
And containers ensure the reproducibility.

The issue of the proposal

I thought the idea is interesting, but I found issues of this idea.

1. Even if we compile tools in Linux containers, they don't necessarily work on Windows and macOS
2. aqua can't support some tools we want to support even if aqua supports this feature

aqua can't support some tools we want to support even if aqua supports this feature

For example, even if aqua supports this feature, aqua can't support Node.js.
To support Node.js, I guess aqua need to support changing environment variables dynamically with shell scripts.

This feature is technically exciting, but I'm concerned that this feature may not be so helpful.

Why is the feature needed?

To execute external commands securely and reproducibly.

Example Code

Reference