Archives
/
git-secret
mirror of https://github.com/sobolevn/git-secret
2
1
Fork 0
Code Issues Projects Releases Wiki Activity

Merges develop, removes staging, refs #76

Browse Source
pull/42/merge
sobolevn 7 years ago
parent d6f01b8ee6 12d4b9f6de
commit c85d482ec6
No known key found for this signature in database
GPG Key ID: FF672D568AE3C73E
35 changed files with 786 additions and 209 deletions
Show Stats Download Patch File Download Diff File

15
.ci/after_deploy.sh
Unescape Escape View File

@ -0,0 +1,15 @@
#!/usr/bin/env bash
set -e
# This file is required, because for some reason
# travis deploys do not trigger metadata calculation.
# See: https://github.com/sobolevn/git-secret/issues/89
# This file is only called after successful deploy.
# We need to execute custom call to the Bintray API:
curl -X POST \
--user "sobolevn:$BINTRAY_API_KEY" \
-H "X-GPG-PASSPHRASE: $BINTRAY_GPG_PASS" \
"https://api.bintray.com/calc_metadata/sobolevn/$GITSECRET_DIST"

11
.github/ISSUE_TEMPLATE.md vendored
Unescape Escape View File

@ -24,8 +24,13 @@ Any other comments?
What versions of software are you using?
----------------------------------------
**Operating system:** …
**Operating system:** (`uname -a`)
**`git-secret` version:** …
**`git-secret` path:** (`which git-secret`) …
**`git-secret` version:** (`git secret --version`) …
**Shell type and version:** (`$SHELL --version`) …
**`gpg` version:** (`gpg --version`) …
**Shell type and version:** …

3
.github/PULL_REQUEST_TEMPLATE.md vendored
Unescape Escape View File

@ -1,7 +1,8 @@
<!-- Thanks for sending a pull request!
Here's how it's done:
1. Make sure that you open your pull-request to the `develop` branch (master branch is protected, since some plugins use it when installed)
0. If you are planing a large feature, please, discuss it first in the separate issue
1. Make sure that you open your pull-request to the `develop` branch (master branch is protected anyways)
2. Make sure that tests pass
3. Make sure that your code has the same style

5
.travis.yml
Unescape Escape View File

@ -23,7 +23,7 @@ matrix:
language: ruby
- os: linux
env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg"; SECRETS_GPG_COMMAND="gpg"
sudo: required
sudo: false
language: ruby
- os: linux
env: GITSECRET_DIST="none"; GITSECRET_GPG_DEP="gnupg2"; SECRETS_GPG_COMMAND="gpg2"
@ -71,6 +71,9 @@ deploy:
key: "$BINTRAY_API_KEY"
passphrase: "$BINTRAY_GPG_PASS"
after_deploy:
- chmod +x ".ci/after_deploy.sh" && ".ci/after_deploy.sh"
notifications:
email:
on_success: never

11
CONTRIBUTING.md
Unescape Escape View File

@ -35,14 +35,13 @@ Only required if dealing with manuals, `gh-pages` or releases:
### Branches
We have three long-live branches: `master`, `staging` and `develop` (and `gh-pages` for static site).
We have three long-live branches: `master`, `develop` and `gh-pages` for static site.
It basically looks like that:
> `your-branch` -> `develop` -> `staging` -> `master`
> `your-branch` -> `develop` -> `master`
- `master` branch is protected, since `antigen` and tools like it install the app from the main branch directly. So only fully tested code goes there
- `staging` - this branch is used to create a new `git` tag and a `github` release, then it gets merged into `master`
- `master` branch is protected. So only fully tested code goes there. It is also used to create a new `git` tag and a `github` release
- `develop` is where the development is done and the branch you should send your pull-requests to
### Continuous integration
@ -57,7 +56,7 @@ CI is done with the help of `travis`. `travis` handles multiple environments:
The release process is defined in the `git`-hooks and `.travis.yml`.
When creating a commit inside the `staging` branch (it is usually a documentation and changelog update with the version bump inside `src/version.sh`) it will trigger two main events.
When creating a commit inside the `master` branch (it is usually a documentation and changelog update with the version bump inside `src/version.sh`) it will trigger two main events.
Firstly, new manuals will be created and added to the current commit with `make build-man` on `pre-commit` hook.
@ -69,8 +68,6 @@ if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then
fi
```
Then it will be merged inside `master` when ready.
#### Travis releases
When creating a commit inside `master` branch, `travis` on successful build will publish new `deb` and `rpm` packages to [`bintray`][bintray].

5
git-secret.plugin.zsh
Unescape Escape View File

@ -10,6 +10,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# Deprecation warning:
(>&2 echo "warning: this installation method is deprecated since version 0.2.3")
(>&2 echo "warning: it will be completely removed by the version 0.3.0")
(>&2 echo "warning: use binary installation instead")
# Create binary:
PLUGIN_DIR="$(dirname "$0")"

2
man/man7/git-secret.7
Unescape Escape View File

@ -1,7 +1,7 @@
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "GIT\-SECRET" "7" "February 2017" "sobolevn" "git-secret"
.TH "GIT\-SECRET" "7" "March 2017" "sobolevn" "git-secret"
.
.SH "NAME"
\fBgit\-secret\fR

264
src/_utils/_git_secret_tools.sh
Unescape Escape View File

@ -1,30 +1,28 @@
#!/usr/bin/env bash
# Global variables:
WORKING_DIRECTORY="$PWD" # shellcheck disable=2034
# Folders:
SECRETS_DIR=".gitsecret"
SECRETS_DIR_KEYS="$SECRETS_DIR/keys"
SECRETS_DIR_PATHS="$SECRETS_DIR/paths"
_SECRETS_DIR=".gitsecret"
_SECRETS_DIR_KEYS="${_SECRETS_DIR}/keys"
_SECRETS_DIR_PATHS="${_SECRETS_DIR}/paths"
# Files:
SECRETS_DIR_KEYS_MAPPING="$SECRETS_DIR_KEYS/mapping.cfg" # shellcheck disable=2034
SECRETS_DIR_KEYS_TRUSTDB="$SECRETS_DIR_KEYS/trustdb.gpg" # shellcheck disable=2034
_SECRETS_DIR_KEYS_MAPPING="${_SECRETS_DIR_KEYS}/mapping.cfg"
_SECRETS_DIR_KEYS_TRUSTDB="${_SECRETS_DIR_KEYS}/trustdb.gpg"
SECRETS_DIR_PATHS_MAPPING="$SECRETS_DIR_PATHS/mapping.cfg" # shellcheck disable=2034
_SECRETS_DIR_PATHS_MAPPING="${_SECRETS_DIR_PATHS}/mapping.cfg"
: "${SECRETS_EXTENSION:=".secret"}"
# Commands:
: "${SECRETS_GPG_COMMAND:="gpg"}"
GPGLOCAL="$SECRETS_GPG_COMMAND --homedir=$SECRETS_DIR_KEYS --no-permission-warning"
# Inner bash:
# Bash:
function _function_exists {
declare -f -F "$1" > /dev/null 2>&1
local function_name="$1" # required
declare -f -F "$function_name" > /dev/null 2>&1
echo $?
}
@ -60,34 +58,46 @@ function _os_based {
# File System:
function _set_config {
# First parameter is the KEY, second is VALUE, third is filename.
# This function creates a line in the config, or alters it.
local key="$1" # required
local value="$2" # required
local filename="$3" # required
# The exit status is 0 (true) if the name was found, 1 (false) if not:
local contains
contains=$(grep -Fq "$1" "$3"; echo "$?")
contains=$(grep -Fq "$key" "$filename"; echo "$?")
# Append or alter?
if [[ "$contains" -eq 0 ]]; then
_os_based __replace_in_file "$@"
elif [[ "$contains" -eq 1 ]]; then
echo "$1 = $2" >> "$3"
echo "${key} = ${value}" >> "$filename"
fi
}
function _file_has_line {
# First parameter is the KEY, second is the filename.
# First parameter is the key, second is the filename.
local key="$1" # required
local filename="$2" # required
local contains
contains=$(grep -qw "$1" "$2"; echo $?)
contains=$(grep -qw "$key" "$filename"; echo $?)
# 0 on contains, 1 for error.
echo "$contains";
echo "$contains"
}
function _delete_line {
local escaped_path
escaped_path=$(echo "$1" | sed -e 's/[\/&]/\\&/g')
sed -i.bak "/$escaped_path/d" "$2"
escaped_path=$(echo "$1" | sed -e 's/[\/&]/\\&/g') # required
local line="$2" # required
sed -i.bak "/$escaped_path/d" "$line"
}
@ -103,14 +113,17 @@ function _temporary_file {
function _unique_filename {
# First parameter is base-path, second is filename,
# third is optional extension.
local n=0 result=$2
local n=0
local base_path="$1"
local result="$2"
while true; do
if [[ ! -f "$1/$result" ]]; then
if [[ ! -f "$base_path/$result" ]]; then
break
fi
n=$(( n + 1 ))
result="${2}-${n}"
result="${2}-${n}" # calling to the original "$2"
done
echo "$result"
}
@ -119,7 +132,8 @@ function _unique_filename {
# Manuals:
function _show_manual_for {
local function_name="$1"
local function_name="$1" # required
man "git-secret-${function_name}"
exit 0
}
@ -128,39 +142,132 @@ function _show_manual_for {
# VCS:
function _check_ignore {
git check-ignore --no-index -q "$1";
echo $?
local filename="$1" # required
local result
result="$(git check-ignore --no-index -q "$filename" > /dev/null 2>&1; echo $?)"
echo "$result"
}
function _add_ignored_file {
if [[ ! -f ".gitignore" ]]; then
touch ".gitignore"
function _git_normalize_filename {
local filename="$1" # required
local result
result=$(git ls-files --full-name -o "$filename")
echo "$result"
}
function _maybe_create_gitignore {
# This function creates '.gitignore' if it was missing.
local full_path
full_path=$(_append_root_path '.gitignore')
if [[ ! -f "$full_path" ]]; then
touch "$full_path"
fi
}
echo "$1" >> ".gitignore"
function _add_ignored_file {
# This function adds a line with the filename into the '.gitgnore' file.
# It also creates '.gitignore' if it's not there
local filename="$1" # required
_maybe_create_gitignore
local full_path
full_path=$(_append_root_path '.gitignore')
echo "$filename" >> "$full_path"
}
function _is_inside_git_tree {
git rev-parse --is-inside-work-tree >/dev/null 2>&1
echo $?
# Checks if we are working inside the `git` tree.
local result
result=$(git rev-parse --is-inside-work-tree > /dev/null 2>&1; echo $?)
echo "$result"
}
function _get_git_root_path {
# We need this function to get the location of the `.git` folder,
# since `.gitsecret` must be on the same level.
local result
result=$(git rev-parse --show-toplevel)
echo "$result"
}
# Relative paths:
function _append_root_path {
# This function adds root path to any other path.
local path="$1" # required
local root_path
root_path=$(_get_git_root_path)
echo "$root_path/$path"
}
function _get_secrets_dir {
_append_root_path "${_SECRETS_DIR}"
}
function _get_secrets_dir_keys {
_append_root_path "${_SECRETS_DIR_KEYS}"
}
function _get_secrets_dir_path {
_append_root_path "${_SECRETS_DIR_PATHS}"
}
function _get_secrets_dir_keys_mapping {
_append_root_path "${_SECRETS_DIR_KEYS_MAPPING}"
}
function _get_secrets_dir_keys_trustdb {
_append_root_path "${_SECRETS_DIR_KEYS_TRUSTDB}"
}
function _get_secrets_dir_paths_mapping {
_append_root_path "${_SECRETS_DIR_PATHS_MAPPING}"
}
# Logic:
function _get_gpg_local {
# This function is required to return proper `gpg` command.
# This function was created due to this bug:
# https://github.com/sobolevn/git-secret/issues/85
local homedir
homedir=$(_get_secrets_dir_keys)
local gpg_local="$SECRETS_GPG_COMMAND --homedir=$homedir --no-permission-warning"
echo "$gpg_local"
}
function _abort {
>&2 echo "$1 abort."
local message="$1" # required
>&2 echo "$message abort."
exit 1
}
@ -171,8 +278,11 @@ function _find_and_clean {
# optional:
local verbose=${2:-""} # can be empty or should be equal to "v"
local root
root=$(_get_git_root_path)
# shellcheck disable=2086
find . -name "$pattern" -type f -print0 | xargs -0 rm -f$verbose
find "$root" -path "$pattern" -type f -print0 | xargs -0 rm -f$verbose
}
@ -196,11 +306,25 @@ function _find_and_clean_formated {
}
function _list_all_added_files {
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
if [[ ! -s "$path_mappings" ]]; then
_abort "$path_mappings is missing."
fi
while read -r line; do
echo "$line"
done < "$path_mappings"
}
function _secrets_dir_exists {
local root_path
root_path=$(_get_git_root_path)
# This function checks if "$_SECRETS_DIR" exists and.
local full_path="$root_path/$SECRETS_DIR"
local full_path
full_path=$(_get_secrets_dir)
if [[ ! -d "$full_path" ]]; then
_abort "$full_path does not exist."
@ -208,16 +332,42 @@ function _secrets_dir_exists {
}
function _secrets_dir_is_not_ignored {
# This function checks that "${_SECRETS_DIR}" is not ignored.
local git_secret_dir
git_secret_dir=$(_get_secrets_dir)
local ignores
ignores=$(_check_ignore "${_SECRETS_DIR}/")
if [[ ! $ignores -eq 1 ]]; then
_abort "'$git_secret_dir/' is ignored."
fi
}
function _user_required {
# This function does a bunch of validations:
# 1. It calls `_secrets_dir_exists` to verify that "$_SECRETS_DIR" exists.
# 2. It ensures that "$_SECRETS_DIR_KEYS_TRUSTDB" exists.
# 3. It ensures that there are added public keys.
_secrets_dir_exists
local error_message="no users found. run 'git secret tell' before adding files."
if [[ ! -f "$SECRETS_DIR_KEYS_TRUSTDB" ]]; then
local trustdb
trustdb=$(_get_secrets_dir_keys_trustdb)
local error_message="no users found. run 'git secret tell'."
if [[ ! -f "$trustdb" ]]; then
_abort "$error_message"
fi
local gpg_local
gpg_local=$(_get_gpg_local)
local keys_exist
keys_exist=$($GPGLOCAL -n --list-keys)
keys_exist=$($gpg_local -n --list-keys)
if [[ -z "$keys_exist" ]]; then
_abort "$error_message"
fi
@ -236,17 +386,35 @@ function _get_encrypted_filename {
}
function _get_users_in_keyring {
function _parse_keyring_users {
# First argument must be a `sed` pattern
local sed_pattern="$1"
local result
result=$($GPGLOCAL --list-public-keys --with-colon | sed -n 's/.*<\(.*\)>.*/\1/p')
local gpg_local
gpg_local=$(_get_gpg_local)
result=$($gpg_local --list-public-keys --with-colon | sed -n "$sed_pattern")
echo "$result"
}
function _get_users_in_keyring {
# This function is required to show the users in the keyring.
# `whoknows` command uses it internally.
# It basically just parses the `gpg` public keys
_parse_keyring_users 's/.*<\(.*\)>.*/\1/p'
}
function _get_recepients {
local result
result=$($GPGLOCAL --list-public-keys --with-colon | sed -n 's/.*<\(.*\)>.*/-r\1/p')
echo "$result"
# This function is required to create an encrypted file for different users.
# These users are called 'recepients' in the `gpg` terms.
# It basically just parses the `gpg` public keys
_parse_keyring_users 's/.*<\(.*\)>.*/-r\1/p'
}
@ -278,9 +446,9 @@ function _decrypt {
fi
if [[ ! -z "$passphrase" ]]; then
echo "$passphrase" | $base --batch --yes --no-tty --passphrase-fd 0 \
"$encrypted_filename" > /dev/null 2>&1
echo "$passphrase" | $base --quiet --batch --yes --no-tty --passphrase-fd 0 \
"$encrypted_filename"
else
$base "$encrypted_filename" > /dev/null 2>&1
$base --quiet "$encrypted_filename"
fi
}

44
src/commands/git_secret_add.sh
Unescape Escape View File

@ -2,12 +2,12 @@
function add {
local auto_add=0
local auto_ignore=0
OPTIND=1
while getopts "ih" opt; do
case "$opt" in
i) auto_add=1;;
i) auto_ignore=1;;
h) _show_manual_for "add";;
esac
@ -18,29 +18,41 @@ function add {
_user_required
# Checking if all files are correct (ignored and inside the repo):
local not_ignored=()
local items=( "$@" )
# Checking if all files in options are ignored:
for item in "${items[@]}"; do
# Checking if all files in options are ignored:
if [[ ! -f "$item" ]]; then
local path # absolute path
local normalized_path # relative to the .git dir
normalized_path=$(_git_normalize_filename "$item")
path=$(_append_root_path "$normalized_path")
# Checking that file is valid:
if [[ ! -f "$path" ]]; then
_abort "$item is not a file."
fi
# Checking that it is ignored:
local ignored
ignored=$(_check_ignore "$item")
if [[ ! "$ignored" -eq 0 ]]; then
# Collect unignored files.
not_ignored+=("$item")
ignored=$(_check_ignore "$path")
if [[ "$ignored" -ne 0 ]]; then
# Collect unignored files:
not_ignored+=("$normalized_path")
fi
done
# Are there any uningnored files?
if [[ ! "${#not_ignored[@]}" -eq 0 ]]; then
# And show them all at once.
local message
message="these files are not ignored: $* ;"
if [[ "$auto_add" -eq 0 ]]; then
if [[ "$auto_ignore" -eq 0 ]]; then
# This file is not ignored. user don't want it to be added automatically.
# Raise the exception, since all files, which will be hidden, must be ignored.
_abort "$message"
@ -55,14 +67,22 @@ function add {
fi
fi
# Adding files to path mappings:
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
for item in "${items[@]}"; do
local path
path=$(_git_normalize_filename "$item")
# Adding files into system, skipping duplicates.
local already_in
already_in=$(_file_has_line "$item" "$SECRETS_DIR_PATHS_MAPPING")
already_in=$(_file_has_line "$path" "$path_mappings")
if [[ "$already_in" -eq 1 ]]; then
echo "$item" >> "$SECRETS_DIR_PATHS_MAPPING"
echo "$path" >> "$path_mappings"
fi
done
echo "${#@} items added."
echo "${#@} item(s) added."
}

24
src/commands/git_secret_changes.sh
Unescape Escape View File

@ -21,9 +21,9 @@ function changes {
_user_required
local filenames="$*"
if [[ -z $filenames ]]; then
if [[ -z "$filenames" ]]; then
# Checking if no filenames are passed, show diff for all files.
filenames=$(git secret list)
filenames=$(_list_all_added_files)
fi
IFS='
@ -31,17 +31,27 @@ function changes {
for filename in $filenames; do
local decrypted
local content
local diff_result
local path # absolute path
local normalized_path # relative to the .git dir
normalized_path=$(_git_normalize_filename "$filename")
if [[ ! -z "$normalized_path" ]]; then
path=$(_append_root_path "$normalized_path")
else
# Path was already normalized
path=$(_append_root_path "$filename")
fi
# Now we have all the data required:
decrypted=$(_decrypt "$filename" "0" "0" "$homedir" "$passphrase")
content=$(cat "$filename")
decrypted=$(_decrypt "$path" "0" "0" "$homedir" "$passphrase")
# Let's diff the result:
diff_result=$(diff <(echo "$decrypted") <(echo "$content")) || true
diff_result=$(diff -u <(echo "$decrypted") "$path") || true
# There was a bug in the previous version, since `diff` returns
# exit code `1` when the files are different.
echo "changes in ${filename}: ${diff_result}"
echo "changes in ${path}:"
echo "${diff_result}"
done
}

25
src/commands/git_secret_hide.sh
Unescape Escape View File

@ -16,6 +16,9 @@ function _optional_delete {
local verbose=${2:-""}
if [[ $delete -eq 1 ]]; then
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
# We use custom formating here:
if [[ ! -z "$verbose" ]]; then
echo && echo 'removing unencrypted files:'
@ -24,13 +27,12 @@ function _optional_delete {
while read -r line; do
# So the formating would not be repeated several times here:
_find_and_clean "*$line" "$verbose"
done < "$SECRETS_DIR_PATHS_MAPPING"
done < "$path_mappings"
if [[ ! -z "$verbose" ]]; then
echo
fi
fi
}
@ -63,6 +65,11 @@ function hide {
# before creating new ones.
_optional_clean "$clean" "$verbose"
# Encrypting files:
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
local counter=0
while read -r line; do
local encrypted_filename
@ -71,12 +78,20 @@ function hide {
local recipients
recipients=$(_get_recepients)
local gpg_local
gpg_local=$(_get_gpg_local)
local input_path
local output_path
input_path=$(_append_root_path "$line")
output_path=$(_append_root_path "$encrypted_filename")
# shellcheck disable=2086
$GPGLOCAL --use-agent --yes --trust-model=always --encrypt \
$recipients -o "$encrypted_filename" "$line"
$gpg_local --use-agent --yes --trust-model=always --encrypt \
$recipients -o "$output_path" "$input_path"
counter=$((counter+1))
done < "$SECRETS_DIR_PATHS_MAPPING"
done < "$path_mappings"
# If -d option was provided, it would delete the source files
# after we have already hidden them.

20
src/commands/git_secret_init.sh
Unescape Escape View File

@ -13,19 +13,21 @@ function init {
shift $((OPTIND-1))
[ "$1" = '--' ] && shift
if [[ -d "$SECRETS_DIR" ]]; then
# Check if '.gitsecret/' already exists:
local git_secret_dir
git_secret_dir=$(_get_secrets_dir)
if [[ -d "$git_secret_dir" ]]; then
_abort 'already inited.'
fi
local ignores
ignores=$(_check_ignore "$SECRETS_DIR"/)
# Check if it is ignored:
_secrets_dir_is_not_ignored
if [[ ! $ignores -eq 1 ]]; then
_abort "'${SECRETS_DIR}/' is ignored."
fi
# Create internal files:
mkdir "$SECRETS_DIR" "$SECRETS_DIR_KEYS" "$SECRETS_DIR_PATHS"
touch "$SECRETS_DIR_KEYS_MAPPING" "$SECRETS_DIR_PATHS_MAPPING"
mkdir "$git_secret_dir" "$(_get_secrets_dir_keys)" "$(_get_secrets_dir_path)"
touch "$(_get_secrets_dir_keys_mapping)" "$(_get_secrets_dir_paths_mapping)"
echo "'${SECRETS_DIR}/' created."
echo "'$git_secret_dir/' created."
}

12
src/commands/git_secret_killperson.sh
Unescape Escape View File

@ -15,13 +15,23 @@ function killperson {
_user_required
# Command logic:
local emails=( "$@" )
if [[ ${#emails[@]} -eq 0 ]]; then
_abort "at least one email is required."
fi
# Getting the local `gpg` command:
local gpg_local
gpg_local=$(_get_gpg_local)
for email in "${emails[@]}"; do
$GPGLOCAL --batch --yes --delete-key "$email"
$gpg_local --batch --yes --delete-key "$email"
done
echo 'removed keys.'
echo "now [$*] do not have an access to the repository."
echo 'make sure to hide the existing secrets again.'
}

9
src/commands/git_secret_list.sh
Unescape Escape View File

@ -15,11 +15,6 @@ function list {
_user_required
if [[ ! -s "$SECRETS_DIR_PATHS_MAPPING" ]]; then
_abort "$SECRETS_DIR_PATHS_MAPPING is missing."
fi
while read -r line; do
echo "$line"
done < "$SECRETS_DIR_PATHS_MAPPING"
# Command logic:
_list_all_added_files
}

28
src/commands/git_secret_remove.sh
Unescape Escape View File

@ -20,21 +20,35 @@ function remove {
# Validate if user exists:
_user_required
# Command logic:
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
for item in "$@"; do
if [[ ! -f "$item" ]]; then
local path # absolute path
local normalized_path # relative to .git folder
normalized_path=$(_git_normalize_filename "$item")
path=$(_append_root_path "$normalized_path")
echo "$item -> $normalized_path -> $path"
# Checking if file exists:
if [[ ! -f "$path" ]]; then
_abort "$item is not a file."
fi
_delete_line "$item" "$SECRETS_DIR_PATHS_MAPPING"
rm -f "${SECRETS_DIR_PATHS_MAPPING}.bak" # not all systems create '.bak'
# Deleting it from path mappings:
_delete_line "$normalized_path" "$path_mappings"
rm -f "${path_mappings}.bak" # not all systems create '.bak'
if [[ "$clean" == 1 ]]; then
# Optional clean:
if [[ "$clean" -eq 1 ]]; then
local encrypted_filename
encrypted_filename=$(_get_encrypted_filename "$item")
encrypted_filename=$(_get_encrypted_filename "$path")
rm -f "$encrypted_filename"
rm "$encrypted_filename" # fail on error
fi
done
echo 'removed from index.'

12
src/commands/git_secret_reveal.sh
Unescape Escape View File

@ -25,13 +25,21 @@ function reveal {
_user_required
# Command logic:
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
local counter=0
while read -r line; do
local path
path=$(_append_root_path "$line")
# The parameters are: filename, write-to-file, force, homedir, passphrase
_decrypt "$line" "1" "$force" "$homedir" "$passphrase"
_decrypt "$path" "1" "$force" "$homedir" "$passphrase"
counter=$((counter+1))
done < "$SECRETS_DIR_PATHS_MAPPING"
done < "$path_mappings"
echo "done. all $counter files are revealed."
}

5
src/commands/git_secret_tell.sh
Unescape Escape View File

@ -26,6 +26,7 @@ function tell {
# Validates that application is inited:
_secrets_dir_exists
# Command logic:
emails=( "$@" )
local git_email
@ -64,7 +65,9 @@ function tell {
fi
# Importing public key to the local keychain:
$GPGLOCAL --import "$keyfile" > /dev/null 2>&1
local gpg_local
gpg_local=$(_get_gpg_local)
$gpg_local --import "$keyfile" > /dev/null 2>&1
done
echo "done. ${emails[*]} added as someone who know(s) the secret."

18
src/main.sh
Unescape Escape View File

@ -6,19 +6,18 @@ function _check_setup {
# Checking git and secret-plugin setup:
local is_tree
is_tree=$(_is_inside_git_tree)
if [[ ! $is_tree -eq 0 ]]; then
if [[ "$is_tree" -ne 0 ]]; then
_abort "repository is broken. try running 'git init' or 'git clone'."
fi
# Checking if the '.gitsecret' is not ignored:
local ignored
ignored=$(_check_ignore ".gitsecret/")
if [[ ! $ignored -eq 1 ]]; then
_abort '.gitsecret folder is ignored.'
fi
_secrets_dir_is_not_ignored
# Checking gpg setup:
local secring="$SECRETS_DIR_KEYS/secring.gpg"
local keys_dir
keys_dir=$(_get_secrets_dir_keys)
local secring="$keys_dir/secring.gpg"
if [[ -f $secring ]] && [[ -s $secring ]]; then
# secring.gpg is not empty, someone has imported a private key.
_abort 'it seems that someone has imported a secret key.'
@ -67,7 +66,10 @@ function _init_script {
_check_setup
# Routing the input command:
if [[ $(_function_exists "$1") == 0 ]] && [[ ! $1 == _* ]]; then
local function_exists
function_exists=$(_function_exists "$1")
if [[ "$function_exists" == 0 ]] && [[ ! $1 == _* ]]; then
$1 "${@:2}"
else # TODO: elif [[ $(_plugin_exists $1) == 0 ]]; then
_incorrect_usage "command $1 not found." 126

10
tests/_test_base.bash
Unescape Escape View File

@ -15,6 +15,8 @@ TEST_GPG_HOMEDIR="$BATS_TMPDIR"
# GPG-based stuff:
: "${SECRETS_GPG_COMMAND:="gpg"}"
# This command is used with absolute homedir set and disabled warnings:
GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warning"
@ -153,6 +155,7 @@ function remove_git_repository {
function set_state_initial {
cd "$BATS_TMPDIR" || exit 1
rm -rf "${BATS_TMPDIR:?}/*"
}
@ -197,8 +200,11 @@ function unset_current_state {
# removes .secret files:
git secret clean > /dev/null 2>&1
# unsets `secret_add`, `secret_tell` and `secret_init`
rm -rf "$SECRETS_DIR"
# unsets `secret_add`, `secret_tell` and `secret_init` by removing $_SECRETS_DIR
local secrets_dir
secrets_dir=$(_get_secrets_dir)
rm -rf "$secrets_dir"
rm -rf ".gitignore"
# unsets `git` state

161
tests/test_add.bats
Unescape Escape View File

@ -19,83 +19,174 @@ function teardown {
}
@test "run 'add' normally" {
# Preparations:
local filename="local_file"
echo "content" > "$filename"
echo "$filename" > ".gitignore"
run git secret add "$filename"
[ "$status" -eq 0 ]
# Ensuring that path mappings was set correctly:
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
local files_list=$(cat "$path_mappings")
[ "$files_list" = "$filename" ]
# Cleaning up:
rm "$filename" ".gitignore"
}
@test "run 'add' for unignored file" {
local TEST_FILE='test_file'
touch "$TEST_FILE"
echo "content" > "$TEST_FILE"
local test_file='test_file'
touch "$test_file"
echo "content" > "$test_file"
run git secret add "$TEST_FILE"
run git secret add "$test_file"
[ "$status" -eq 1 ]
rm -f "$TEST_FILE"
rm "$test_file"
}
@test "run 'add' for unignored file with '-i'" {
local TEST_FILE='test_file.auto_ignore'
touch "$TEST_FILE"
echo "content" > "$TEST_FILE"
local test_file='test_file.auto_ignore'
touch "$test_file"
echo "content" > "$test_file"
run git secret add -i "$TEST_FILE"
run git secret add -i "$test_file"
[ "$status" -eq 0 ]
run _file_has_line "$TEST_FILE" ".gitignore"
run _file_has_line "$test_file" ".gitignore"
[ "$status" -eq 0 ]
rm -f "$TEST_FILE"
rm "$test_file"
}
@test "run 'add' normally" {
local filename="local_file"
echo "content" > "$filename"
echo "$filename" > ".gitignore"
@test "run 'add' for unignored file with '-i' in subfolder" {
# This test covers this issue:
# https://github.com/sobolevn/git-secret/issues/85 task 1
run git secret add "$filename"
if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then
skip "this test is skiped while 'git commmit'"
fi
# Preparations:
local test_dir='test_dir'
local nested_dir="$test_dir/adding"
local current_dir=$(pwd)
mkdir -p "$nested_dir"
cd "$nested_dir"
local test_file='test_file.auto_ignore'
touch "$test_file"
echo "content" > "$test_file"
# Test commands:
run git secret add -i "$test_file"
[ "$status" -eq 0 ]
rm -f "$filename" ".gitignore"
run _file_has_line "$test_file" "../.gitignore"
[ "$status" -eq 0 ]
local files_list=$(cat "$SECRETS_DIR_PATHS_MAPPING")
[ "$files_list" = "$filename" ]
# .gitignore was not created:
[[ ! -f ".gitignore" ]]
# Cleaning up:
cd "$current_dir"
rm -r "$test_dir"
}
@test "run 'add' for file in subdirectory" {
local TEST_FILE='test_file'
local TEST_DIR='test_dir'
@test "run 'add' for relative path" {
if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then
skip "this test is skiped while 'git commmit'"
fi
# Prepations:
local root='test_dir'
local node="$root/node"
local sibling="$root/sibling"
local test_file="$node/test_file"
local current_dir=$(pwd)
mkdir -p "$node"
mkdir -p "$sibling"
mkdir -p "$TEST_DIR"
touch "$TEST_DIR/$TEST_FILE"
echo "content" > "$TEST_DIR/$TEST_FILE"
echo "$TEST_DIR/$TEST_FILE" > ".gitignore"
echo "content" > "$test_file"
echo "$test_file" > ".gitignore"
run git secret add "$TEST_DIR/$TEST_FILE"
cd "$sibling"
# Testing:
run git secret add "../node/test_file"
[ "$status" -eq 0 ]
[[ "$output" == *"1 items added."* ]]
[[ "$output" == *"1 item(s) added."* ]]
# Testing mappings content:
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
rm -rf "$TEST_DIR"
local files_list=$(cat "$path_mappings")
[ "$files_list" = "$test_file" ]
# Cleaning up:
cd "$current_dir"
rm -r "$root"
}
@test "run 'add' for file in subfolder" {
# Preparations:
local test_file='test_file'
local test_dir='test_dir'
mkdir -p "$test_dir"
touch "$test_dir/$test_file"
echo "content" > "$test_dir/$test_file"
echo "$test_dir/$test_file" > ".gitignore"
# Testing:
run git secret add "$test_dir/$test_file"
[ "$status" -eq 0 ]
[[ "$output" == *"1 item(s) added."* ]]
# Cleaning up:
rm -r "$test_dir"
}
@test "run 'add' twice for one file" {
# Preparations:
local filename="local_file"
echo "content" > "$filename"
echo "$filename" > ".gitignore"
# Testing:
run git secret add "$filename"
run git secret add "$filename"
[ "$status" -eq 0 ]
[ "$output" = "1 items added." ]
[ "$output" = "1 item(s) added." ]
rm -f "$filename" ".gitignore"
# Ensuring that path mappings was set correctly:
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
local files_list=`cat "$SECRETS_DIR_PATHS_MAPPING"`
local files_list=$(cat "$path_mappings")
[ "$files_list" = "$filename" ]
# Cleaning up:
rm "$filename" ".gitignore"
}
@test "run 'add' for multiple files" {
# Preparations:
local filename1="local_file1"
echo "content1" > "$filename1"
echo "$filename1" > ".gitignore"
@ -104,9 +195,11 @@ function teardown {
echo "content2" > "$filename2"
echo "$filename2" >> ".gitignore"
# Testing:
run git secret add "$filename1" "$filename2"
[ "$status" -eq 0 ]
[ "$output" = "2 items added." ]
[ "$output" = "2 item(s) added." ]
rm -f "$filename1" "$filename2" ".gitignore"
# Cleaning up:
rm "$filename1" "$filename2" ".gitignore"
}

46
tests/test_changes.bats
Unescape Escape View File

@ -23,9 +23,10 @@ function setup {
function teardown {
rm "$FILE_TO_HIDE" "$SECOND_FILE_TO_HIDE"
uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT"
unset_current_state
rm -f "$FILE_TO_HIDE"
}
@ -38,13 +39,31 @@ function teardown {
[ "$status" -eq 0 ]
# Testing that output has both filename and changes:
[[ "$output" == *"changes in $FILE_TO_HIDE"* ]]
[[ "$output" == *"$new_content"* ]]
local fullpath=$(_append_root_path "$FILE_TO_HIDE")
[[ "$output" == *"changes in $fullpath"* ]]
[[ "$output" == *"+$new_content"* ]]
}
@test "run 'changes' with one file changed (with deletions)" {
local password=$(test_user_password "$TEST_DEFAULT_USER")
local new_content="replace"
echo "$new_content" > "$FILE_TO_HIDE"
run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password" "$FILE_TO_HIDE"
[ "$status" -eq 0 ]
# Testing that output has both filename and changes:
local fullpath=$(_append_root_path "$FILE_TO_HIDE")
[[ "$output" == *"changes in $fullpath"* ]]
[[ "$output" == *"-$FILE_CONTENTS"* ]]
[[ "$output" == *"+$new_content"* ]]
}
@test "run 'changes' without changes" {
local password=$(test_user_password "$TEST_DEFAULT_USER")
run git secret changes -d "$TEST_GPG_HOMEDIR" -p "$password"
[ "$status" -eq 0 ]
}
@ -61,13 +80,16 @@ function teardown {
[ "$status" -eq 0 ]
# Testing that output has both filename and changes:
[[ "$output" == *"changes in $FILE_TO_HIDE"* ]]
[[ "$output" == *"$new_content"* ]]
local fullpath=$(_append_root_path "$FILE_TO_HIDE")
[[ "$output" == *"changes in $fullpath"* ]]
[[ "$output" == *"+$new_content"* ]]
[[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]]
[[ "$output" == *"$second_file_to_hide"* ]]
local second_path=$(_append_root_path "$SECOND_FILE_TO_HIDE")
[[ "$output" == *"changes in $second_path"* ]]
[[ "$output" == *"+$second_new_content"* ]]
}
@test "run 'changes' with multiple selected files changed" {
local password=$(test_user_password "$TEST_DEFAULT_USER")
local new_content="new content"
@ -81,9 +103,11 @@ function teardown {
[ "$status" -eq 0 ]
# Testing that output has both filename and changes:
[[ "$output" == *"changes in $FILE_TO_HIDE"* ]]
[[ "$output" == *"$new_content"* ]]
local fullpath=$(_append_root_path "$FILE_TO_HIDE")
[[ "$output" == *"changes in $fullpath"* ]]
[[ "$output" == *"+$new_content"* ]]
[[ "$output" == *"changes in $SECOND_FILE_TO_HIDE"* ]]
[[ "$output" == *"$second_file_to_hide"* ]]
local second_path=$(_append_root_path "$SECOND_FILE_TO_HIDE")
[[ "$output" == *"changes in $second_path"* ]]
[[ "$output" == *"+$second_new_content"* ]]
}

8
tests/test_clean.bats
Unescape Escape View File

@ -23,12 +23,12 @@ function setup {
function teardown {
# This also needs to be cleaned:
rm "$FIRST_FILE" "$SECOND_FILE"
rm -r "$FOLDER"
uninstall_fixture_key "$TEST_DEFAULT_USER"
unset_current_state
# This also needs to be cleaned:
rm -f "$FIRST_FILE" "$SECOND_FILE"
rm -rf "$FOLDER"
}

37
tests/test_hide.bats
Unescape Escape View File

@ -18,10 +18,10 @@ function setup {
function teardown {
rm "$FILE_TO_HIDE"
uninstall_fixture_key $TEST_DEFAULT_USER
unset_current_state
rm -f "$FILE_TO_HIDE"
}
@ -48,6 +48,9 @@ function teardown {
run git secret hide
[ "$status" -eq 0 ]
[ "$output" = "done. all 2 files are hidden." ]
# Cleaning up:
rm "$second_file"
}
@ -72,6 +75,8 @@ function teardown {
run git secret hide -d
[ "$status" -eq 0 ]
ls && pwd
# File must be removed:
[ ! -f "$FILE_TO_HIDE" ]
}
@ -81,12 +86,40 @@ function teardown {
run git secret hide -v -d
[ "$status" -eq 0 ]
ls && pwd
# File must be removed:
[ ! -f "$FILE_TO_HIDE" ]
# It should be verbose:
[[ "$output" == *"removing unencrypted files"* ]]
[[ "$output" == *"$FILE_TO_HIDE"* ]]
}
@test "run 'hide' with '-d' and '-v' and files in subdirectories" {
# Preparations:
local root_dir='test_sub_dir'
mkdir -p "$root_dir"
local second_file="$root_dir/second_file.txt"
local second_content="some content"
set_state_secret_add "$second_file" "$second_content"
# Verify that the second file is there:
[ -f "$second_file" ]
# Now it should hide 2 files:
run git secret hide -v -d
[ "$status" -eq 0 ]
# File must be removed:
[ ! -f "$FILE_TO_HIDE" ]
[ ! -f "$second_file" ]
# It should be verbose:
[[ "$output" == *"removing unencrypted files"* ]]
[[ "$output" == *"$FILE_TO_HIDE"* ]]
[[ "$output" == *"$second_file"* ]]
}

41
tests/test_init.bats
Unescape Escape View File

@ -25,11 +25,50 @@ function teardown {
@test "run 'init' normally" {
run git secret init
[ "$status" -eq 0 ]
[[ -d "${_SECRETS_DIR}" ]]
}
@test "run 'init' in subfolder" {
# This test covers this issue:
# https://github.com/sobolevn/git-secret/issues/83
if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then
skip "this test is skiped while 'git commmit'"
fi
# Preparations
local test_dir='test_dir'
local nested_dir="$test_dir/nested/dirs"
local current_dir=$(pwd)
mkdir -p "$nested_dir"
cd "$nested_dir"
# Test:
run git secret init
[ "$status" -eq 0 ]
# It should not be created in the current folder:
[[ ! -d "${_SECRETS_DIR}" ]]
# It should be created here:
local secrets_dir
secrets_dir=$(_get_secrets_dir)
[[ -d "$secrets_dir" ]]
# Cleaning up:
cd "$current_dir"
rm -r "$test_dir"
}
@test "run 'init' with '.gitsecret' already inited" {
mkdir "$SECRETS_DIR"
local secrets_dir
secrets_dir=$(_get_secrets_dir)
mkdir "$secrets_dir"
run git secret init
[ "$output" = "already inited. abort." ]

29
tests/test_killperson.bats
Unescape Escape View File

@ -25,10 +25,28 @@ function teardown {
}
@test "run 'killperson' normally" {
@test "run 'killperson' with key name" {
run git secret killperson "$TEST_DEFAULT_USER"
[ "$status" -eq 0 ]
# Testing output:
[[ "$output" == *"$TEST_DEFAULT_USER"* ]]
# Then whoknows must return an error with status code 1:
run git secret whoknows
[ "$status" -eq 1 ]
}
@test "run 'killperson' with email" {
local email=$(test_user_email "$TEST_DEFAULT_USER")
run git secret killperson "$email"
[ "$status" -eq 0 ]
# Testing output:
[[ "$output" == *"$email"* ]]
# Then whoknows must return an error with status code 1:
run git secret whoknows
[ "$status" -eq 1 ]
@ -40,9 +58,16 @@ function teardown {
install_fixture_key "$TEST_SECOND_USER"
set_state_secret_tell "$TEST_SECOND_USER"
run git secret killperson "$TEST_DEFAULT_USER" "$TEST_SECOND_USER"
local default_email=$(test_user_email "$TEST_DEFAULT_USER")
local second_email=$(test_user_email "$TEST_SECOND_USER")
run git secret killperson "$default_email" "$second_email"
[ "$status" -eq 0 ]
# Testing output:
[[ "$output" == *"$default_email"* ]]
[[ "$output" == *"$second_email"* ]]
# Nothing to show:
run git secret whoknows
[ "$status" -eq 1 ]

6
tests/test_list.bats
Unescape Escape View File

@ -18,10 +18,10 @@ function setup {
function teardown {
rm "$FILE_TO_HIDE"
uninstall_fixture_key $TEST_DEFAULT_USER
unset_current_state
rm -f "$FILE_TO_HIDE"
}
@ -45,7 +45,7 @@ function teardown {
[[ "$output" == *"$second_file"* ]]
# Cleaning up:
rm -f "$second_file"
rm "$second_file"
}

2
tests/test_main.bats
Unescape Escape View File

@ -34,7 +34,7 @@ function teardown {
@test "run 'git secret --dry-run'" {
# We will break things apart, so normally it won't run:
rm -rf ".git"
rm -r "./.git"
# This must fail:
run git secret usage

41
tests/test_remove.bats
Unescape Escape View File

@ -5,9 +5,6 @@ load _test_base
FIRST_FILE="file_to_hide1"
SECOND_FILE="file_to_hide2"
FOLDER="somedir"
FILE_IN_FOLDER="${FOLDER}/file_to_hide3"
function setup {
install_fixture_key "$TEST_DEFAULT_USER"
@ -23,17 +20,20 @@ function setup {
function teardown {
rm "$FIRST_FILE" "$SECOND_FILE"
uninstall_fixture_key "$TEST_DEFAULT_USER"
unset_current_state
# This also needs to be cleaned:
rm -f "$FIRST_FILE" "$SECOND_FILE"
rm -rf "$FOLDER"
}
function _has_line {
local result=$(grep -q "$1" "$SECRETS_DIR_PATHS_MAPPING"; echo $?)
local line="$1"
local path_mappings
path_mappings=$(_get_secrets_dir_paths_mapping)
local result=$(grep -q "$line" "$path_mappings"; echo $?)
echo "$result"
}
@ -42,6 +42,10 @@ function _has_line {
run git secret remove "$SECOND_FILE"
[ "$status" -eq 0 ]
# Test output:
[[ "$output" == *"removed from index."* ]]
[[ "$output" == *"ensure that files: [$SECOND_FILE] are now not ignored."* ]]
# Mapping should not contain the second file:
local mapping_contains=$(_has_line "$SECOND_FILE")
[ "$mapping_contains" -eq 1 ]
@ -83,27 +87,32 @@ function _has_line {
# see https://github.com/sobolevn/git-secret/issues/23
# Prepartions:
mkdir -p "$FOLDER"
set_state_secret_add "$FILE_IN_FOLDER" "somecontent3"
local folder="somedir"
local file_in_folder="$folder/file_to_hide3"
mkdir -p "$folder"
set_state_secret_add "$file_in_folder" "somecontent3"
set_state_secret_hide # runing hide again to hide new data
# Now it should remove filename with slashes from the mapping:
run git secret remove "$FILE_IN_FOLDER"
run git secret remove "$file_in_folder"
[ "$status" -eq 0 ]
local mapping_contains=$(_has_line "$FILE_IN_FOLDER")
local mapping_contains=$(_has_line "$file_in_folder")
[ "$mapping_contains" -eq 1 ]
local enctypted_file=$(_get_encrypted_filename $FILE_IN_FOLDER)
local enctypted_file=$(_get_encrypted_filename $file_in_folder)
[ -f "$enctypted_file" ]
# Cleaning up:
rm -r "$folder"
}
@test "run 'remove' with '-c'" {
git secret hide
set_state_secret_hide
run git secret remove -c "$SECOND_FILE"
echo "$output"
[ "$status" -eq 0 ]
local mapping_contains=$(_has_line "$SECOND_FILE")
@ -111,6 +120,8 @@ function _has_line {
local first_enctypted_file=$(_get_encrypted_filename $FIRST_FILE)
local second_enctypted_file=$(_get_encrypted_filename $SECOND_FILE)
echo "$output"
echo "$first_enctypted_file and $second_enctypted_file"
[ -f "$first_enctypted_file" ]
[ ! -f "$second_enctypted_file" ]

12
tests/test_reveal.bats
Unescape Escape View File

@ -21,10 +21,10 @@ function setup {
function teardown {
rm "$FILE_TO_HIDE"
uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT"
unset_current_state
rm -f "$FILE_TO_HIDE"
}
@ -40,12 +40,12 @@ function teardown {
cmp --silent "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
rm -f "${FILE_TO_HIDE}2"
rm "${FILE_TO_HIDE}2"
}
@test "run 'reveal' with '-f'" {
rm -f "$FILE_TO_HIDE"
rm "$FILE_TO_HIDE"
local password=$(test_user_password "$TEST_DEFAULT_USER")
run git secret reveal -f -d "$TEST_GPG_HOMEDIR" -p "$password"
@ -56,7 +56,7 @@ function teardown {
@test "run 'reveal' with wrong password" {
rm -f "$FILE_TO_HIDE"
rm "$FILE_TO_HIDE"
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "WRONG"
[ "$status" -eq 2 ]
@ -66,7 +66,7 @@ function teardown {
@test "run 'reveal' for attacker" {
# Preparations
rm -f "$FILE_TO_HIDE"
rm "$FILE_TO_HIDE"
local atacker_fingerprint=$(install_fixture_full_key "$TEST_ATTACKER_USER")
local password=$(test_user_password "$TEST_ATTACKER_USER")

8
tests/test_reveal_filename.bats
Unescape Escape View File

@ -26,16 +26,18 @@ function setup {
function teardown {
rm "$FILE_TO_HIDE"
uninstall_fixture_full_key "$TEST_DEFAULT_USER" "$FINGERPRINT"
unset_current_state
rm -f "$FILE_TO_HIDE"
export SECRETS_EXTENSION="$OLD_SECRETS_EXTENSION"
}
@test "run 'reveal' with different file extension" {
cp "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
rm -f "$FILE_TO_HIDE"
rm "$FILE_TO_HIDE"
local password=$(test_user_password "$TEST_DEFAULT_USER")
run git secret reveal -d "$TEST_GPG_HOMEDIR" -p "$password"
@ -45,5 +47,5 @@ function teardown {
cmp --silent "$FILE_TO_HIDE" "${FILE_TO_HIDE}2"
rm -f "${FILE_TO_HIDE}2"
rm "${FILE_TO_HIDE}2"
}

41
tests/test_tell.bats
Unescape Escape View File

@ -41,7 +41,10 @@ function teardown {
@test "run 'tell' with secret-key imported" {
local private_key="$SECRETS_DIR_KEYS/secring.gpg"
local secrets_dir_keys
secrets_dir_keys=$(_get_secrets_dir_keys)
local private_key="$secrets_dir_keys/secring.gpg"
echo "private key" > "$private_key"
[ -s "$private_key" ]
@ -51,7 +54,10 @@ function teardown {
@test "run 'tell' without '.gitsecret'" {
rm -rf "$SECRETS_DIR"
local secrets_dir
secrets_dir=$(_get_secrets_dir)
rm -r "$secrets_dir"
run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
[ "$status" -eq 1 ]
@ -116,3 +122,34 @@ function teardown {
# Cleaning up:
uninstall_fixture_key "$TEST_SECOND_USER"
}
@test "run 'tell' in subfolder" {
if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then
skip "this test is skiped while 'git commmit'"
fi
# Preparations
local root_dir='test_dir'
local test_dir="$root_dir/telling"
local current_dir=$(pwd)
mkdir -p "$test_dir"
cd "$test_dir"
# Test:
run git secret tell -d "$TEST_GPG_HOMEDIR" "$TEST_DEFAULT_USER"
[ "$status" -eq 0 ]
# Testing that now user is found:
run _user_required
[ "$status" -eq 0 ]
# Testing that now user is in the list of people who knows the secret:
run git secret whoknows
[[ "$output" == *"$TEST_DEFAULT_USER"* ]]
# Cleaning up:
cd "$current_dir"
rm -r "$root_dir"
}

1
tests/test_usage.bats
Unescape Escape View File

@ -30,6 +30,7 @@ function teardown {
@test "run 'usage' with ignored '.gitsecret/'" {
echo ".gitsecret/" >> ".gitignore"
run git secret usage
[ "$status" -eq 1 ]
}

27
tests/test_whoknows.bats
Unescape Escape View File

@ -32,6 +32,33 @@ function teardown {
}
@test "run 'whoknows' in subfolder" {
if [[ "$BATS_RUNNING_FROM_GIT" -eq 1 ]]; then
skip "this test is skiped while 'git commmit'"
fi
# Preparations:
local current_dir=$(pwd)
local root_dir='test_dir'
local test_dir="$root_dir/subfolders/case"
mkdir -p "$test_dir"
cd "$test_dir"
# Test:
run git secret whoknows
[ "$status" -eq 0 ]
# Now test the output, both users should be present:
[[ "$output" == *"$TEST_DEFAULT_USER"* ]]
[[ "$output" == *"$TEST_SECOND_USER"* ]]
# Cleaning up:
cd "$current_dir"
rm -r "$root_dir"
}
@test "run 'whoknows' without any users" {
# Preparations, removing users:
local email1=$(test_user_email "$TEST_DEFAULT_USER")

5
utils/hooks/post-commit.sh
Unescape Escape View File

@ -4,10 +4,10 @@ set -e
BRANCH_NAME=$(git branch | grep '\*' | sed 's/* //')
if [[ "$BRANCH_NAME" == 'staging' ]]; then
if [[ "$BRANCH_NAME" == 'master' ]]; then
# Build new web documentation:
make build-gh-pages
# Compare script version and the latest tag:
NEWEST_TAG=$(git describe --abbrev=0 --tags)
SCRIPT_VERSION=$(bash "${PWD}/git-secret" --version)
@ -15,5 +15,6 @@ if [[ "$BRANCH_NAME" == 'staging' ]]; then
if [[ "$NEWEST_TAG" != "v${SCRIPT_VERSION}" ]]; then
# Create new release:
git tag -a "v${SCRIPT_VERSION}" -m "version $SCRIPT_VERSION"
echo "Created new tag 'v${SCRIPT_VERSION}'"
fi
fi

7
utils/hooks/pre-commit.sh
Unescape Escape View File

@ -7,10 +7,15 @@ BRANCH_NAME=$(git branch | grep '\*' | sed 's/* //')
if [[ "$BRANCH_NAME" != '(no branch)' ]]; then
unset GIT_WORK_TREE
# Set marker, that we running tests from `git commit`,
# so some tests will be skiped. It is done, because `git rev-parse`
# is not working when running from pre-commit hook.
export BATS_RUNNING_FROM_GIT=1
# Run tests:
make test
if [[ "$BRANCH_NAME" == "staging" ]]; then
if [[ "$BRANCH_NAME" == "master" ]]; then
# Build new manuals:
make build-man

Write Preview
Loading…
Cancel
Save