mise bootstrap does not discover config files on first run

[hverlin]

Trying out the new mise g bootstrap command, which works great.

Here is one issue I have faced when running the localized version on the first run.

Describe the bug

❯ mise g bootstrap -l  -w
Wrote to ./bin/mise

Run it for the first time

❯ bin/mise -vv ls
mise: installing mise...
############################################################################################################### 100.0%
mise: installed successfully to .mise/mise-2024.12.20
TRACE  1 [src/cli/mod.rs:327] logger done
TRACE  1 [src/cli/mod.rs:328] migrate start
TRACE  1 [src/cli/mod.rs:328] migrate done
DEBUG  1 [src/cli/mod.rs:333] ARGS: .mise/mise-2024.12.20 -vv ls
TRACE  1 [src/cli/mod.rs:339] run ls start
TRACE  1 [src/config/mod.rs:96] load start
TRACE  1 [src/backend/mod.rs:57] load_tools start
TRACE  1 [src/registry.rs:41] disable_backends
TRACE  1 [src/registry.rs:45] disable_backends
TRACE  1 [src/backend/mod.rs:67] load_tools core
TRACE  1 [src/backend/mod.rs:78] load_tools install_state
TRACE  1 [src/backend/mod.rs:92] load_tools done
TRACE  1 [src/config/mod.rs:98] load idiomatic_files
TRACE  1 [src/config/mod.rs:104] load config_filenames
TRACE  1 [src/config/mod.rs:106] load config_paths
TRACE  1 [src/config/mod.rs:107] config_paths: []
TRACE  1 [src/config/mod.rs:109] load config_files
TRACE  1 [src/config/mod.rs:1126] load_vars start
TRACE  1 [src/config/mod.rs:1147] load_vars done
TRACE  1 [src/config/mod.rs:1149] EnvResults
TRACE  1 [src/config/mod.rs:1109] load_aliases: 0
TRACE  1 [src/config/mod.rs:751] project_root: None
TRACE  1 [src/config/mod.rs:1121] load_plugins: 0
TRACE  1 [src/config/mod.rs:136] load build
TRACE  1 [src/config/mod.rs:139] load validate
TRACE  1 [src/config/mod.rs:142] load all aliases
TRACE  1 [src/config/mod.rs:145] load redactions
TRACE  1 [src/config/mod.rs:148] config: Config {
    Config Files: [],
}
TRACE  1 [src/config/mod.rs:155] load done
TRACE  1 [src/toolset/tool_request_set.rs:166] tool_request_set::build
Tool  Version  Source  Requested 
TRACE  1 [src/cli/mod.rs:339] run ls done
TRACE  1 [src/main.rs:85] main done

If I now run it a second time, it will load the mise config files and I will need to trust them.

❯ bin/mise -vv ls
TRACE  1 [src/cli/mod.rs:327] logger done
TRACE  1 [src/cli/mod.rs:328] migrate start
TRACE  1 [src/cli/mod.rs:328] migrate done
DEBUG  1 [src/cli/mod.rs:333] ARGS:  .mise/mise-2024.12.20 -vv ls
TRACE  1 [src/cli/mod.rs:339] run ls start
TRACE  1 [src/config/mod.rs:96] load start
TRACE  1 [src/backend/mod.rs:57] load_tools start
TRACE  1 [src/registry.rs:41] disable_backends
TRACE  1 [src/registry.rs:45] disable_backends
TRACE  1 [src/backend/mod.rs:67] load_tools core
TRACE  1 [src/backend/mod.rs:78] load_tools install_state
TRACE  1 [src/backend/mod.rs:92] load_tools done
TRACE  1 [src/config/mod.rs:98] load idiomatic_files
TRACE  1 [src/config/mod.rs:104] load config_filenames
TRACE  1 [src/config/mod.rs:106] load config_paths
TRACE  1 [src/config/mod.rs:107] config_paths: ["<...>/mise.toml", "~/.config/mise/config.toml",]
mise config files in ~ are not trusted. Trust them?

Expected behavior
I would expect the first run to ask me to trust the configuration files.

Additional context
I am also wondering if it would make sense for a localized installation to only load tools within the current directory?

I guess that one could add MISE_IGNORED_CONFIG_PATHS as well as config files to always trust, but the localized install should maybe do it by default?

[jdx]

I'm wondering if a localized setup even needs to be trusted. Seems the user would be explicitly executing the bootstrap shim so they're implicitly trusting it.

Trusting generally is needed because entering a directory could run malicious code, but this won't execute on cd

[hverlin]

Another issue is that the generated script is using BASH_SOURCE but the shebang is using sh

#!/bin/sh
#...
local script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )

[hverlin]

So the issue is that it should cd back to the root of the repo once the script is done.

#     ...
        install_mise
        cd "$project_dir"

Also added

export MISE_TRUSTED_CONFIG_PATHS="$project_dir/mise.toml"
export MISE_IGNORED_CONFIG_PATHS="$HOME/.config/"

and it works well 👍