mirror of
https://github.com/sobolevn/git-secret
synced 2024-10-31 21:20:29 +00:00
parent
57903b9e75
commit
10879e2253
@ -65,7 +65,7 @@ function _get_file_hash {
|
||||
echo "$file_hash"
|
||||
}
|
||||
|
||||
function _optional_fsdb_update_hash {
|
||||
function _fsdb_update_hash {
|
||||
local key="$1"
|
||||
local hash="$2"
|
||||
local fsdb # path_mappings
|
||||
@ -80,7 +80,7 @@ function hide {
|
||||
local clean=0
|
||||
local preserve=0
|
||||
local delete=0
|
||||
local fsdb_update_hash=0 # add checksum hashes to fsdb
|
||||
local update_only_modified=0
|
||||
local force_continue=0
|
||||
|
||||
OPTIND=1
|
||||
@ -95,7 +95,7 @@ function hide {
|
||||
|
||||
d) delete=1;;
|
||||
|
||||
m) fsdb_update_hash=1;;
|
||||
m) update_only_modified=1;;
|
||||
|
||||
v) _SECRETS_VERBOSE=1;;
|
||||
|
||||
@ -160,7 +160,7 @@ function hide {
|
||||
file_hash=$(_get_file_hash "$input_path")
|
||||
|
||||
# encrypt file only if required
|
||||
if [[ "$fsdb_file_hash" != "$file_hash" ]]; then
|
||||
if [[ "$update_only_modified" -eq 0 ]] || [[ "$fsdb_file_hash" != "$file_hash" ]]; then
|
||||
|
||||
local args=( --homedir "$secrets_dir_keys" "--no-permission-warning" --use-agent --yes "--trust-model=always" --encrypt )
|
||||
|
||||
@ -193,12 +193,10 @@ function hide {
|
||||
fi
|
||||
fi
|
||||
|
||||
# If -m option was provided, it will update unencrypted file hash
|
||||
# Update file hash for future use of -m
|
||||
local key="$filename"
|
||||
local hash="$file_hash"
|
||||
# Update file hash if required in fsdb
|
||||
[[ "$fsdb_update_hash" -gt 0 ]] && \
|
||||
_optional_fsdb_update_hash "$key" "$hash"
|
||||
_fsdb_update_hash "$key" "$hash"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
@ -32,7 +32,7 @@ function teardown {
|
||||
|
||||
# Command must execute normally:
|
||||
[ "$status" -eq 0 ]
|
||||
[ "$output" = "git-secret: done. 1 of 1 files are hidden." ]
|
||||
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
|
||||
|
||||
# New files should be created:
|
||||
local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
|
||||
@ -50,11 +50,11 @@ function teardown {
|
||||
}
|
||||
|
||||
@test "run 'hide' normally with SECRETS_VERBOSE=1" {
|
||||
SECRETS_VERBOSE=1 run git secret hide
|
||||
SECRETS_VERBOSE=1 run git secret hide
|
||||
|
||||
# Command must execute normally.
|
||||
[ "$status" -eq 0 ]
|
||||
[[ "$output" == "git-secret: done. 1 of 1 files are hidden." ]]
|
||||
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
|
||||
}
|
||||
|
||||
@test "run 'hide' with '-P'" {
|
||||
@ -68,7 +68,7 @@ function teardown {
|
||||
|
||||
# Command must execute normally:
|
||||
[ "$status" -eq 0 ]
|
||||
[ "$output" = "git-secret: done. 1 of 1 files are hidden." ]
|
||||
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
|
||||
|
||||
# New files should be created:
|
||||
local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
|
||||
@ -141,7 +141,7 @@ function teardown {
|
||||
run git secret hide
|
||||
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
|
||||
[ "$status" -eq 0 ]
|
||||
[ "$output" = "git-secret: done. 2 of 2 files are hidden." ]
|
||||
[[ "$output" == *"git-secret: done. 2 of 2 files are hidden."* ]]
|
||||
|
||||
# Cleaning up:
|
||||
rm "$second_file"
|
||||
@ -172,7 +172,7 @@ function teardown {
|
||||
# Command must execute normally:
|
||||
[ "$status" -eq 0 ]
|
||||
# git secret hide -m: uses temp file so cleaning should take place, but we only show tmp file cleanup in VERBOSE mode
|
||||
[ "${lines[0]}" = "git-secret: done. 1 of 1 files are hidden." ]
|
||||
[[ "${lines[0]}" == *"git-secret: done. 1 of 1 files are hidden."* ]]
|
||||
|
||||
# back path mappings
|
||||
cp "${path_mappings}" "${path_mappings}.bak"
|
||||
@ -183,7 +183,38 @@ function teardown {
|
||||
[[ "${#lines[@]}" -eq 1 ]]
|
||||
|
||||
# output says 0 of 1 files are hidden because checksum didn't change and we didn't need to hide it again.
|
||||
[ "$output" = "git-secret: done. 0 of 1 files are hidden." ]
|
||||
[[ "$output" == *"git-secret: done. 0 of 1 files are hidden."* ]]
|
||||
# no changes should occur to path_mappings files
|
||||
cmp -s "${path_mappings}" "${path_mappings}.bak"
|
||||
|
||||
# New files should be created:
|
||||
local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
|
||||
[ -f "$encrypted_file" ]
|
||||
}
|
||||
|
||||
|
||||
@test "run 'hide' without then with '-m'" {
|
||||
local path_mappings
|
||||
path_mappings=$(_get_secrets_dir_paths_mapping)
|
||||
run git secret hide
|
||||
|
||||
#echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
|
||||
|
||||
# Command must execute normally:
|
||||
[ "$status" -eq 0 ]
|
||||
# git secret hide -m: uses temp file so cleaning should take place, but we only show tmp file cleanup in VERBOSE mode
|
||||
[[ "${lines[0]}" == *"git-secret: done. 1 of 1 files are hidden."* ]]
|
||||
|
||||
# back path mappings
|
||||
cp "${path_mappings}" "${path_mappings}.bak"
|
||||
# run hide again
|
||||
run git secret hide -m
|
||||
# compare
|
||||
[ "$status" -eq 0 ]
|
||||
[[ "${#lines[@]}" -eq 1 ]]
|
||||
|
||||
# output says 0 of 1 files are hidden because checksum didn't change and we didn't need to hide it again.
|
||||
[[ "$output" == *"git-secret: done. 0 of 1 files are hidden."* ]]
|
||||
# no changes should occur to path_mappings files
|
||||
cmp -s "${path_mappings}" "${path_mappings}.bak"
|
||||
|
||||
@ -264,5 +295,5 @@ function teardown {
|
||||
|
||||
run git secret hide
|
||||
[ "$status" -eq 0 ]
|
||||
[ "$output" = "git-secret: done. 1 of 1 files are hidden." ]
|
||||
[[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user