From 7f268bb8914524b320fa34d8f0a56259807f5028 Mon Sep 17 00:00:00 2001
From: lse-odoo <lse@odoo.com>
Date: Fri, 14 Nov 2025 18:15:39 +0100
Subject: [PATCH] [IMP] quickstart: add an argument and config to avoid cloning
 the repository automatically

[IMP] quickstart: add an argument and config to avoid cloning the repository automatically

Locally running custom python code from an unknown author is a security risk. Users willing to easily download a database dump and restore it cannot currently do it in one command (would need to use `dump` then `restore`) which is inconvenient.

Introducing a new parameter for `quickstart` command called `--toggle_clone_repo` that will override the default quickstart behavior of always pulling the instance GitHub repository.

As certain users would rarely need to clone database custom code, we also introduced a configuration parameter:
`toggle_clone_repo` in (`quickstart` section) to avoid cloning the repository. If the config parameter is not set (so, the default behavior) is to always download the custom code

Adding `--toggle_clone_repo` will negate the config value.

Example:
 - User A: "I generally want to have databases repository custom code" ->
 `odev quickstart <db>`
   "but sometime not" ->
   `odev quickstart --toggle_clone_repo <db>`
 - User B: "I generally don't want to have the database custom code" -> first set the config
 `odev config quickstart.should_clone_repo False` (on the first time only!) then
 `odev quickstart <db>`
  "but this time I want the custom code" ->
  (assuming he already ran `odev config quickstart.should_clone_repo False`):
  `odev quickstart --toggle_clone_repo <db>`
---
 odev/_version.py                     |  2 +-
 odev/commands/database/quickstart.py | 16 +++++++++++++++-
 odev/common/config.py                | 19 +++++++++++++++++++
 3 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/odev/_version.py b/odev/_version.py
index 1335cae8..9ad61b93 100644
--- a/odev/_version.py
+++ b/odev/_version.py
@@ -22,4 +22,4 @@
 # or merged change.
 # ------------------------------------------------------------------------------
 
-__version__ = "4.19.1"
+__version__ = "4.19.2"
diff --git a/odev/commands/database/quickstart.py b/odev/commands/database/quickstart.py
index c014ee0b..116646f2 100644
--- a/odev/commands/database/quickstart.py
+++ b/odev/commands/database/quickstart.py
@@ -4,6 +4,10 @@
 from odev.common import args
 from odev.common.commands import DatabaseCommand
 from odev.common.databases import LocalDatabase, Repository
+from odev.common.logging import logging
+
+
+logger = logging.getLogger(__name__)
 
 
 class QuickStartCommand(DatabaseCommand):
@@ -37,6 +41,13 @@ class QuickStartCommand(DatabaseCommand):
         aliases=["-F", "--filestore"],
         description="Include the filestore when downloading a backup of the database.",
     )
+    toggle_clone_repo = args.Flag(
+        aliases=["-C", "--toggle_clone_repo"],
+        description="""Toggle to clone the repository containing code customization for the selected database.
+        If not given, default to `quickstart should_clone_repo` configuration value (`True` if unset).
+        If given, negate the configuration value
+        """,
+    )
 
     _database_allowed_platforms = []
 
@@ -51,7 +62,10 @@ def run(self):
         if self.args.version:
             self.odev.run_command("create", "--version", self.args.version, database=self._database)
         else:
-            self.odev.run_command("clone", *passthrough_args, database=self._database)
+            if self.args.toggle_clone_repo ^ self.odev.config.quickstart.should_clone_repo:
+                self.odev.run_command("clone", *passthrough_args, database=self._database)
+            else:
+                logger.info("Skipping repository cloning")
             dumped = self.odev.run_command(
                 "dump",
                 *(passthrough_args + (["--filestore"] if self.args.filestore else [])),
diff --git a/odev/common/config.py b/odev/common/config.py
index 55aa6302..0dec99d3 100644
--- a/odev/common/config.py
+++ b/odev/common/config.py
@@ -194,6 +194,22 @@ def date(self, value: str | datetime):
         self.set("date", value.strftime(DATETIME_FORMAT) if isinstance(value, datetime) else value)
 
 
+class QuickStartSection(Section):
+    """Quickstart configuration."""
+
+    @property
+    def should_clone_repo(self) -> bool:
+        """Wherever the repository should be cloned on quickstart"""
+        value = self.get("should_clone_repo", "True").capitalize()
+        if value not in ("True", "False"):
+            raise ValueError(f"'should_clone_repo' config must be one of 'True', 'False', got {value!r}")
+        return value == "True"
+
+    @should_clone_repo.setter
+    def should_clone_repo(self, value: str | bool):
+        self.set("should_clone_repo", str(value))
+
+
 class Config:
     """Odev configuration.
     Light wrapper around configparser to write and retrieve configuration values saved on disk.
@@ -217,6 +233,9 @@ class Config:
     repositories: RepositoriesSection
     """Configuration for Odoo repositories."""
 
+    quickstart: QuickStartSection
+    """Configuration for Odoo quickstart options."""
+
     def __init__(self, name: str = "odev"):
         self.name: str = name
         """Name of this config manager, also serves as the name of the file