feat: Add support syncing extra config paths

[iHildy]

Summary

Introduce extraConfigPaths to sync extra configuration files and directories alongside secrets. This propagates through init, config normalization, sync planning, manifest handling, and apply logic, plus updates to tests and docs.

Changes

• Add extraConfigPaths to CLI/config plumbing and default to empty
• Introduce ExtraPathPlan and related types; add extraConfigs to SyncPlan
• Implement encodeExtraPath and alias for compatibility
• Extend buildSyncPlan to generate extraConfigs plan alongside extraSecrets
• Improve manifest handling to support nested extra path items (files/dirs) with per-item modes
• Apply extra paths during sync; write and manage extra path manifests
• Update tests to cover extraConfigPaths flow
• Update README and sync-init.md to reference extraConfigPaths

[gemini-code-assist]

Summary of Changes

Hello @iHildy, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the configuration synchronization capabilities by introducing extraConfigPaths. This new feature allows users to specify arbitrary configuration files and entire directories to be managed and synchronized alongside existing secrets. The changes involve a comprehensive refactoring of the underlying sync mechanism to generically handle both extra secrets and extra configurations, including support for nested file structures and their permissions, thereby providing greater flexibility and control over synchronized data.

Highlights

• New Feature: extraConfigPaths: Introduced the ability to synchronize additional configuration files and directories using a new extraConfigPaths option, mirroring the functionality of extraSecretPaths.
• Generic Path Handling Refactoring: Refactored the underlying manifest and apply logic to generically handle both extraConfigPaths and extraSecretPaths. This includes support for nested files and directories, along with their individual file modes.
• Comprehensive Integration: The new extraConfigPaths functionality has been integrated across the system, including CLI command definitions, configuration parsing and normalization, sync plan generation, and the core apply/write operations.
• Documentation and Test Coverage: Updated documentation (README and sync-init guide) and expanded test coverage to ensure the new feature is well-documented and robust.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a valuable feature for syncing extra configuration paths, mirroring existing functionality for secrets, and includes support for syncing entire directories. However, it contains two critical path traversal vulnerabilities in the manifest handling logic. These vulnerabilities could allow a malicious or compromised repository to read arbitrary files or modify file permissions outside the intended sync directories, due to a lack of proper validation for repoPath and relativePath fields in the sync manifest against directory traversal sequences or absolute paths. While the implementation is otherwise robust, featuring a clean refactoring and good structure, there is one minor suggestion to improve the clarity of a generalized function. Strict path validation is recommended to confine all operations within the repository and designated local configuration paths.