refactor project runner code into new package

- this compiles, but not tested at all and I don't expect it to work at
  all yet, of course

Author: williamstein

src/packages/pnpm-lock.yaml

@@ -0,0 +1,34 @@
+{
+  "name": "@cocalc/project-runner",
+  "version": "0.1.0",
+  "description": "CoCalc Project Runner",
+  "exports": {
+    "./run": "./dist/run/index.js"
+  },
+  "scripts": {
+    "preinstall": "npx only-allow pnpm",
+    "build": "pnpm exec tsc --build",
+    "tsc": "pnpm exec tsc  --pretty --preserveWatchOutput",
+    "depcheck": "pnpx depcheck",
+    "clean": "rm -rf node_modules dist"
+  },
+  "files": ["dist/**", "README.md", "package.json"],
+  "author": "SageMath, Inc.",
+  "keywords": ["utilities", "btrfs", "cocalc"],
+  "license": "SEE LICENSE.md",
+  "dependencies": {
+    "@cocalc/backend": "workspace:*",
+    "@cocalc/conat": "workspace:*",
+    "@cocalc/util": "workspace:*",
+    "package-directory": "^8.1.0"
+  },
+  "devDependencies": {
+    "@types/jest": "^30.0.0",
+    "@types/node": "^18.16.14"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/sagemathinc/cocalc"
+  },
+  "homepage": "https://github.com/sagemathinc/cocalc/tree/master/src/packages/project-runner"
+}

src/packages/project-runner/package.json

@@ -0,0 +1,98 @@
+import { conatServer } from "@cocalc/backend/data";
+import { join } from "node:path";
+
+export function dataPath(HOME: string): string {
+  return join(HOME, ".cache", "cocalc");
+}
+
+// see also packages/project/secret-token.ts
+export function secretTokenPath(HOME: string) {
+  const data = dataPath(HOME);
+  return join(data, "secret-token");
+}
+
+const ENV_VARS_DELETE = [
+  "PGDATA",
+  "PGHOST",
+  "PGUSER",
+  "PGDATABASE",
+  "PROJECTS",
+  "BASE_PATH",
+  "PORT",
+  "DATA",
+  "LOGS",
+  "PWD",
+  "LINES",
+  "COLUMNS",
+  "LS_COLORS",
+  "INIT_CWD",
+  "DEBUG_FILE",
+  "SECRETS",
+] as const;
+
+function sanitizedEnv(env: { [key: string]: string | undefined }): {
+  [key: string]: string;
+} {
+  const env2 = { ...env };
+  // Remove some potentially confusing env variables
+  for (const key of ENV_VARS_DELETE) {
+    delete env2[key];
+  }
+  // Comment about stripping things starting with /root:
+  // These tend to creep in as npm changes, e.g., 'npm_config_userconfig' is
+  // suddenly /root/.npmrc, and due to permissions this will break starting
+  // projects with a mysterious "exit code 243" and no further info, which
+  // is really hard to track down.
+  for (const key in env2) {
+    if (
+      key.startsWith("npm_") ||
+      key.startsWith("COCALC_") ||
+      key.startsWith("CONAT_") ||
+      key.startsWith("PNPM_") ||
+      key.startsWith("__NEXT") ||
+      key.startsWith("NODE_") ||
+      env2[key]?.startsWith("/root") ||
+      env2[key] == null
+    ) {
+      delete env2[key];
+    }
+  }
+  return env2 as { [key: string]: string };
+}
+
+export function getEnvironment({
+  HOME,
+  project_id,
+  env: extra,
+}: {
+  HOME: string;
+  project_id: string;
+  env?: { [key: string]: string };
+}): { [key: string]: string } {
+  const extra_env: string = Buffer.from(JSON.stringify(extra ?? {})).toString(
+    "base64",
+  );
+
+  // we only support "user" as the username here:
+  const USER = "user";
+  const DATA = dataPath(HOME);
+
+  return {
+    ...sanitizedEnv(process.env),
+    ...{
+      HOME,
+      DATA,
+      LOGS: DATA,
+      // DEBUG: so interesting stuff gets logged, but not too much unless we really need it.
+      DEBUG: "cocalc:*,-cocalc:silly:*",
+      // important to explicitly set the COCALC_ vars since server env has own in a project
+      COCALC_PROJECT_ID: project_id,
+      COCALC_USERNAME: USER,
+      USER,
+      COCALC_EXTRA_ENV: extra_env,
+      PATH: `${HOME}/bin:${HOME}/.local/bin:${process.env.PATH}`,
+      CONAT_SERVER: conatServer,
+      COCALC_SECRET_TOKEN: secretTokenPath(HOME),
+    },
+  };
+}