diff --git a/.github/ISSUE_TEMPLTE.md b/.github/ISSUE_TEMPLTE.md new file mode 100644 index 00000000..985707f7 --- /dev/null +++ b/.github/ISSUE_TEMPLTE.md @@ -0,0 +1,32 @@ +Thanks for reporting an issue! Please make sure you click the link above to view the issue guidelines, then fill out the blanks below. + +What are the steps to reproduce this issue? +------------------------------------------- +1. … +2. … +3. … + +What happens? +------------- +… + +What were you expecting to happen? +---------------------------------- +… + +Any logs, error output, etc? +---------------------------- +(If it’s long, please paste to https://ghostbin.com/ and insert the link here.) + + +Any other comments? +------------------- +… + +What versions of software are you using? +---------------------------------------- +**Operating system:** … + +**`git-secret` version:** … + +**Shell type and version:** … diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..b713e315 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,33 @@ +Thanks for sending a pull request! + +Here's how it's done: +1. Make sure that you open your pull-request to the `develop` branch (master branch is protected, since some plugins use it when installed) +2. Make sure that tests pass +3. Make sure that your code has the same style + +Please make sure you click the link above to view the contribution guidelines, then fill out the blanks below. + +What does this implement/fix? Explain your changes. +--------------------------------------------------- +… + +Does this close any currently open issues? +------------------------------------------ +… + + +Any relevant logs, error output, etc? +------------------------------------- +(If it’s long, please paste to https://ghostbin.com/ and insert the link here.) + +Any other comments? +------------------- +… + +Where has this been tested? +--------------------------- +**Operating system:** … + +**`git-secret` version:** … + +**Shell type and version:** … diff --git a/CHANGELOG.md b/CHANGELOG.md index ba5bff49..65ac3019 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## Version 0.1.2 + +- Added `-i` option to the `git-secret-add` command, which auto adds unignored files to the `.gitignore` +- Documentation improved with `Configuration` section +- Added extra tests: for custom filenames and new features +- `Makefile` improvements with `.PHONY` and `install` target +- `.github` templates added + ## Version 0.1.1 - Added `--dry-run` option to the `git secret` command, which prevents any actions. diff --git a/Makefile b/Makefile index dfb771dc..f6b305c5 100644 --- a/Makefile +++ b/Makefile @@ -5,24 +5,34 @@ PREFIX?="/usr" # Building: # +.PHONY: all all: build git-secret: src/_utils/* src/commands/* src/main.sh @cat $^ > "$@" @chmod +x git-secret +.PHONY: clean clean: @rm -f git-secret +.PHONY: build build: git-secret +.PHONY: install +install: + @chmod +x "./utils/install.sh" + @"./utils/install.sh" "${PREFIX}" + # # Testing: # +.PHONY: install-test install-test: git clone https://github.com/sstephenson/bats.git vendor/bats +.PHONY: test test: @if [ ! -d "vendor/bats" ]; then make install-test; fi @export SECRET_PROJECT_ROOT="${PWD}"; export PATH="${PWD}/vendor/bats/bin:${PWD}:${PATH}"; \ @@ -34,13 +44,16 @@ test: # Manuals: # +.PHONY: install-ronn install-ronn: @if [ ! `gem list ronn -i` == "true" ]; then gem install ronn; fi +.PHONY: build-man build-man: @make install-ronn ronn --roff man/*/*.ronn +.PHONY: build-gh-pages build-gh-pages: @chmod +x "./utils/gh-branch.sh" @"./utils/gh-branch.sh" @@ -49,6 +62,7 @@ build-gh-pages: # Development: # +.PHONY: install-hooks install-hooks: @# pre-commit: @ln -fs "${PWD}/utils/pre-commit.sh" "${PWD}/.git/hooks/pre-commit" @@ -57,15 +71,18 @@ install-hooks: @ln -fs "${PWD}/utils/post-commit.sh" "${PWD}/.git/hooks/post-commit" @chmod +x "${PWD}/.git/hooks/post-commit" +.PHONY: develop develop: clean build install-hooks # # Packaging: # +.PHONY: install-fpm install-fpm: @if [ ! `gem list fpm -i` == "true" ]; then gem install fpm; fi +.PHONY: build-deb build-deb: clean build @make install-fpm @chmod +x "./utils/build-deb.sh" diff --git a/README.md b/README.md index 1890b3cf..73eadafb 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ See the [installation section](https://sobolevn.github.io/git-secret/#installati This project is still under development. Current objectives: - add `trust-model` parameter to `git-secret-hide` +- translate manuals for popular languages - autocomplete for `zsh` plugin - extra tests - precompiled distribution for `RPM`, add dependencies for `.deb` package diff --git a/man/man1/git-secret-add.1.ronn b/man/man1/git-secret-add.1.ronn index bf208bc9..0ba41f3e 100644 --- a/man/man1/git-secret-add.1.ronn +++ b/man/man1/git-secret-add.1.ronn @@ -3,7 +3,7 @@ git-secret-add - starts to track added files. ## SYNOPSIS - git secret add ... + git secret add [-i] ... ## DESCRIPTION @@ -16,6 +16,7 @@ It is not recommened to add filenames directly into the `.gitsecret/paths/mappin ## OPTIONS + -i - auto adds given files to the `.gitignore` if they are unignored at the moment. -h - shows this help. diff --git a/man/man7/git-secret.7.ronn b/man/man7/git-secret.7.ronn index d7a9e61a..a027d8f6 100644 --- a/man/man7/git-secret.7.ronn +++ b/man/man7/git-secret.7.ronn @@ -3,6 +3,7 @@ 1. [Intro](#intro) 2. [Installation](#installation) 3. [Usage](#usage) +4. [Configuration](#configuration) ## Intro @@ -43,6 +44,11 @@ There are several ways to install `git-secret`: 1. Run `brew install sobolevn/tap/git-secret` +**Manual** + +1. Clone the repository first: `git clone https://github.com/sobolevn/git-secret.git git-secret` +2. Run `PREFIX="/usr/local" make install`, note that you can install to any prefix in your `PATH` + **`antigen` plugin (or any other `oh-my-zsh`-styled plugin-systems)** 1. Add line `antigen bundle sobolevn/git-secret` to your `.zshrc` @@ -78,5 +84,13 @@ These steps cover the basic process of using `git-secret`: Note, that it is possible to add yourself to the system without decrypting existing files. It will be possible to decrypt them after reencrypting them with the new keyring. So, if you don't want unexpected keys added, make sure to configure some server-side security policy with the `pre-receive` hook. +## Configuration +You can configure several things to suit your workflow better. To do so, just set the required variable to the value you need. This can be done in your shell environment file or with the each `git-secret` command. + +These settings are available to be changed: + +* `$SECRETS_GPG_COMMAND` - sets the `gpg` alternatives, defaults to `gpg`. It can be changed to `gpg`, `gpg2`, `pgp`, `/usr/local/gpg` or any other value. After doing so rerun tests to be sure, that it won't break anything. Tested to be working with: `gpg`, `gpg2`. +* `$SECRETS_EXTENSION` - sets the secret files extension, defaults to `.secret`. It can be changed to any valid file extension. + [1]: https://git-scm.com/ [2]: https://www.gnupg.org/ diff --git a/src/_utils/_git_secret_tools.sh b/src/_utils/_git_secret_tools.sh index 175fb782..4542621b 100644 --- a/src/_utils/_git_secret_tools.sh +++ b/src/_utils/_git_secret_tools.sh @@ -1,10 +1,10 @@ #!/usr/bin/env bash -GITSECRET_VERSION="0.1.1" +GITSECRET_VERSION="0.1.2" # Global variables: - WORKING_DIRECTORY="$PWD" + # Folders: SECRETS_DIR=".gitsecret" SECRETS_DIR_KEYS="$SECRETS_DIR/keys" @@ -12,16 +12,16 @@ SECRETS_DIR_PATHS="$SECRETS_DIR/paths" # Files: SECRETS_DIR_KEYS_MAPPING="$SECRETS_DIR_KEYS/mapping.cfg" -SECRETS_DIR_KEYS_PUBRING="$SECRETS_DIR_KEYS/pubring.gpg" SECRETS_DIR_KEYS_TRUSTDB="$SECRETS_DIR_KEYS/trustdb.gpg" SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg" +: ${SECRETS_EXTENSION:=".secret"} + +# Commands: : ${SECRETS_GPG_COMMAND:="gpg"} GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning" -: ${SECRETS_EXTENSION:=".secret"} - # Inner bash : @@ -117,7 +117,7 @@ function _unique_filename { # Manuals: function _show_manual_for { local function_name="$1" - man git-secret-$function_name + man "git-secret-${function_name}" exit 0 } @@ -130,6 +130,15 @@ function _check_ignore { } +function _add_ignored_file { + if [[ ! -f ".gitignore" ]]; then + touch ".gitignore" + fi + + echo "$1" >> ".gitignore" +} + + # Logic : function _abort { @@ -139,7 +148,7 @@ function _abort { function _secrets_dir_exists { - if [[ ! -d $SECRETS_DIR ]]; then + if [[ ! -d "$SECRETS_DIR" ]]; then _abort "$SECRETS_DIR does not exist." fi } @@ -149,13 +158,12 @@ function _user_required { _secrets_dir_exists local error_message="no users found. run 'git secret tell' before adding files." - if [[ ! -f "$SECRETS_DIR_KEYS_PUBRING" ]] || - [[ ! -f "$SECRETS_DIR_KEYS_TRUSTDB" ]]; then + if [[ ! -f "$SECRETS_DIR_KEYS_TRUSTDB" ]]; then _abort "$error_message" fi local keys_exist=$($GPGLOCAL -n --list-keys --with-colon) - if [[ -z $keys_exist ]]; then + if [[ -z "$keys_exist" ]]; then _abort "$error_message" fi } diff --git a/src/_utils/_git_secret_tools_osx.sh b/src/_utils/_git_secret_tools_osx.sh index 63f9646a..06aaaa9a 100644 --- a/src/_utils/_git_secret_tools_osx.sh +++ b/src/_utils/_git_secret_tools_osx.sh @@ -13,6 +13,6 @@ function __delete_line_osx { function __temp_file_osx { : "${TMPDIR:=/tmp}" - local filename=$(mktemp -t _gitsecrets_ ) + local filename=$(mktemp -t _gitsecrets_XXX ) echo "$filename"; } diff --git a/src/commands/git_secret_add.sh b/src/commands/git_secret_add.sh index 135cafe9..69714ba1 100644 --- a/src/commands/git_secret_add.sh +++ b/src/commands/git_secret_add.sh @@ -2,14 +2,19 @@ function add { + local auto_add=0 OPTIND=1 - while getopts "h" opt; do + while getopts "ih" opt; do case "$opt" in + i) auto_add=1;; h) _show_manaul_for "add";; esac done + shift $((OPTIND-1)) + [ "$1" = "--" ] && shift + _user_required local not_ignored=() @@ -29,7 +34,20 @@ function add { if [[ ! "${#not_ignored[@]}" -eq 0 ]]; then # and show them all at once. - _abort "these files are not ignored: ${not_ignored[@]} ;" + local message="these files are not ignored: ${not_ignored[@]} ;" + if [[ "$auto_add" -eq 0 ]]; then + # this file is not ignored. user don't want it to be added automatically. + # raise the exception, since all files, which will be hidden, must be ignored. + _abort "$message" + else + # in this case these files should be added to the `.gitignore` automatically: + # see https://github.com/sobolevn/git-secret/issues/18 for more. + echo "$message" + echo "auto adding them to .gitignore" + for item in "${not_ignored[@]}"; do + _add_ignored_file "$item" + done + fi fi for item in $@; do diff --git a/src/commands/git_secret_init.sh b/src/commands/git_secret_init.sh index ad038aba..d49f4583 100644 --- a/src/commands/git_secret_init.sh +++ b/src/commands/git_secret_init.sh @@ -10,6 +10,9 @@ function init { esac done + shift $((OPTIND-1)) + [ "$1" = "--" ] && shift + if [[ -d "$SECRETS_DIR" ]]; then _abort "already inited." fi diff --git a/src/commands/git_secret_killperson.sh b/src/commands/git_secret_killperson.sh index df8606e9..c3b3909b 100644 --- a/src/commands/git_secret_killperson.sh +++ b/src/commands/git_secret_killperson.sh @@ -10,6 +10,9 @@ function killperson { esac done + shift $((OPTIND-1)) + [ "$1" = "--" ] && shift + _user_required if [[ ${#@} -eq 0 ]]; then diff --git a/src/commands/git_secret_list.sh b/src/commands/git_secret_list.sh index 6adba6d6..8dd6154b 100644 --- a/src/commands/git_secret_list.sh +++ b/src/commands/git_secret_list.sh @@ -10,6 +10,9 @@ function list { esac done + shift $((OPTIND-1)) + [ "$1" = "--" ] && shift + _user_required if [[ ! -s "$SECRETS_DIR_PATHS_MAPPING" ]]; then diff --git a/src/commands/git_secret_usage.sh b/src/commands/git_secret_usage.sh index 1ad28920..0e468771 100644 --- a/src/commands/git_secret_usage.sh +++ b/src/commands/git_secret_usage.sh @@ -23,6 +23,9 @@ function usage { esac done + shift $((OPTIND-1)) + [ "$1" = "--" ] && shift + local commands="" local separator="|" diff --git a/src/commands/git_secret_whoknows.sh b/src/commands/git_secret_whoknows.sh index 8f9fb5ab..66a8267b 100644 --- a/src/commands/git_secret_whoknows.sh +++ b/src/commands/git_secret_whoknows.sh @@ -10,6 +10,9 @@ function whoknows { esac done + shift $((OPTIND-1)) + [ "$1" = "--" ] && shift + _user_required local keys=$(_get_users_in_keyring) diff --git a/tests/test_add.bats b/tests/test_add.bats index 420f7a60..b65944d3 100644 --- a/tests/test_add.bats +++ b/tests/test_add.bats @@ -29,6 +29,21 @@ function teardown { } +@test "run 'add' for unignored file with '-i' option" { + local TEST_FILE='test_file.auto_ignore' + touch "$TEST_FILE" + echo "content" > "$TEST_FILE" + + run git secret add -i "$TEST_FILE" + [ "$status" -eq 0 ] + + run _file_has_line "$TEST_FILE" ".gitignore" + [ "$status" -eq 0 ] + + rm -f "$TEST_FILE" +} + + @test "run 'add' normally" { local filename="local_file" echo "content" > "$filename" diff --git a/tests/test_reveal_filename.bats b/tests/test_reveal_filename.bats new file mode 100644 index 00000000..279a19f3 --- /dev/null +++ b/tests/test_reveal_filename.bats @@ -0,0 +1,48 @@ +#!/usr/bin/env bats + +load _test_base + +FILE_TO_HIDE="file_to_hide" +FILE_CONTENTS="hidden content юникод" + +FINGERPRINT="" +OLD_SECRETS_EXTENSION="" + + +function setup { + FINGERPRINT=$(install_fixture_full_key "$TEST_DEFAULT_USER") + + set_state_git + set_state_secret_init + set_state_secret_tell "$TEST_DEFAULT_USER" + set_state_secret_add "$FILE_TO_HIDE" "$FILE_CONTENTS" + + OLD_SECRETS_EXTENSION="$SECRETS_EXTENSION" + export SECRETS_EXTENSION=".new_secret" + + set_state_secret_hide +} + + +function teardown { + uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT" + unset_current_state + rm -f "$FILE_TO_HIDE" + export SECRETS_EXTENSION="$OLD_SECRETS_EXTENSION" +} + + +@test "run 'reveal' with different file extension" { + cp "$FILE_TO_HIDE" "${FILE_TO_HIDE}2" + rm -f "$FILE_TO_HIDE" + + local password=$(test_user_password "$TEST_DEFAULT_USER") + run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password" + + [ "$status" -eq 0 ] + [ -f "$FILE_TO_HIDE" ] + + cmp --silent "$FILE_TO_HIDE" "${FILE_TO_HIDE}2" + + rm -f "${FILE_TO_HIDE}2" +} diff --git a/utils/install.sh b/utils/install.sh index 89e006d0..b328704b 100755 --- a/utils/install.sh +++ b/utils/install.sh @@ -34,4 +34,4 @@ cp "$SCRIPT_ROOT"/git-secret "$PREFIX"/bin/git-secret cp -R "$SCRIPT_ROOT"/man/man1/* "$PREFIX"/share/man/man1 cp "$SCRIPT_ROOT"/man/man7/git-secret.7 "$PREFIX"/share/man/man7/git-secret.7 -echo "Installed git-secret to $PREFIX/bin/git-secret" +echo "Installed git-secret to ${PREFIX}/bin/git-secret"