Some of my builds and plugins make use of private deployment credentials (sometimes read from the file system, sometimes entered and retained in memory via the InteractionService
).
Though perhaps it is overparanoid, I try to be careful to minimize the attack surface of software that uses private information, and it feels like bad hygiene to run a server, even on localhost or a UNIX socket, unnecessarily in these builds.
I've looked for a setting I could set in a plugin that would disable server startup unless overridden by the build. So far have not found anything like this. Is there such a setting?
Many thanks!
Update: With the help of Eugene Yokota, as of sbt 1.1.1 there is now a boolean autoStartServer
setting. Builds and plugins can prevent the server from starting up automatically by setting autoStartServer := false
. (Users can still manually start-up the server by running startServer
if they wish.)
As of sbt 1.1.0 at least, the server won't start unless you start the sbt shell, which means that if you're running sbt in batch mode (for example sbt test
) in CI environment, it won't have server.
To stop server even in the shell automatically, I've added a JVM flag sbt.server.autostart
. So running sbt as sbt -Dsbt.server.autostart=false
would do it. You can globally set that by putting that into your SBT_OPTS
.
To manually opt-in for server, you can then run:
> startServer
Update: Now that autoStartServer
is a setting, you can write the following in ~/.sbt/1.0/global.sbt
:
// This is so it works on sbt 1.x prior to 1.1.1
SettingKey[Boolean]("autoStartServer", "") := false