Change 'add' to add to .gitignore by default. (#429)

* Change 'add' to add to .gitignore by default. Also add _message() function and improve output from 'git-secret-add', alter tests for new code behavior, and update docs. * change tests since 'add' always adds to .gitignore * improve output: prepend more message with 'git-secret:'. * update man page for git-secret-add
6 years ago · ce8c6b3ae0
parent 71f3d3a4ac
commit ce8c6b3ae0
14 changed files with 55 additions and 45 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,7 @@
 - Use gpg without --quiet when decrypting in verbose mode (#394)
 - Add -v 'verbose' option to 'tell', showing gpg output (#320)
 - Change 'init' to never ignore .secret files (#362)
+- 'add' appends filepaths to .gitignore by default (#225)

 ### Bugfixes

--- a/man/man1/git-secret-add.1
+++ b/man/man1/git-secret-add.1
@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "GIT\-SECRET\-ADD" "1" "February 2019" "sobolevn" "git-secret"
+.TH "GIT\-SECRET\-ADD" "1" "March 2019" "sobolevn" "git-secret"
 .
 .SH "NAME"
 \fBgit\-secret\-add\fR \- starts to track added files\.
@ -15,10 +15,10 @@ git secret add [\-i] <pathspec>\.\.\.
 .fi
 .
 .SH "DESCRIPTION"
-\fBgit\-secret\-add\fR adds a filepath(s) into \fB\.gitsecret/paths/mapping\.cfg\fR\.
+\fBgit\-secret\-add\fR adds a filepath(s) into \fB\.gitsecret/paths/mapping\.cfg\fR and ensures the filepath is mentioned \.gitignore\.
 .
 .P
-When adding files to encrypt, ensure that they are ignored by \fBgit\fR by mentioning them in \.gitignore, since they must be secure and not be committed into the remote repository unencrypted\.
+When adding files to encrypt, \fBgit\-secret\-add\fR (as of 0\.3\.0) will ensure that they are ignored by \fBgit\fR by mentioning them in \.gitignore, since they must be secure and not be committed into the remote repository unencrypted\.
 .
 .P
 If there\'s no users in the \fBgit\-secret\fR\'s keyring, when adding a file, an exception will be raised\.
@ -36,7 +36,7 @@ It is not recommended to add filenames directly into \fB\.gitsecret/paths/mappin
 .
 .nf

-\-i  \- adds given files to `\.gitignore` if they\'re not there already
+\-i  \- does nothing, adding paths to \.gitignore is now the default behavior\.
 \-h  \- shows this help\.
 .
 .fi
--- a/man/man1/git-secret-add.1.ronn
+++ b/man/man1/git-secret-add.1.ronn
@ -7,9 +7,10 @@ git-secret-add - starts to track added files.


 ## DESCRIPTION
-`git-secret-add` adds a filepath(s) into `.gitsecret/paths/mapping.cfg`. 
+`git-secret-add` adds a filepath(s) into `.gitsecret/paths/mapping.cfg`
+and ensures the filepath is mentioned .gitignore.

-When adding files to encrypt, ensure that they are ignored by `git` by mentioning 
+When adding files to encrypt, `git-secret-add` (as of 0.3.0) will ensure that they are ignored by `git` by mentioning 
 them in .gitignore, since they must be secure and not be committed into the remote repository unencrypted.

 If there's no users in the `git-secret`'s keyring, when adding a file, an exception will be raised.
@ -22,7 +23,7 @@ folder using the SECRETS_DIR environment variable.

 ## OPTIONS

-    -i  - adds given files to `.gitignore` if they're not there already
+    -i  - does nothing, adding paths to .gitignore is now the default behavior.
    -h  - shows this help.


--- a/src/_utils/_git_secret_tools.sh
+++ b/src/_utils/_git_secret_tools.sh
@ -196,7 +196,7 @@ function _temporary_file {
  # which will be removed on system exit.
  filename=$(_os_based __temp_file)  # is not `local` on purpose.

-  trap 'echo "cleaning up..."; rm -f "$filename";' EXIT
+  trap 'echo "git-secret: cleaning up..."; rm -f "$filename";' EXIT
 }


@ -417,6 +417,11 @@ function _get_secrets_dir_paths_mapping {

 # Logic:

+function _message {
+  local message="$1" # required
+  echo "git-secret: $message"
+}
+
 function _abort {
  local message="$1" # required
  local exit_code=${2:-"1"}     # defaults to 1
@ -471,7 +476,7 @@ function _find_and_clean_formatted {
  local pattern="$1" # can be any string pattern

  if [[ -n "$_SECRETS_VERBOSE" ]]; then
-    echo && echo "cleaning:"
+    echo && echo "git-secret: cleaning:"
  fi

  _find_and_clean "$pattern"
--- a/src/commands/git_secret_add.sh
+++ b/src/commands/git_secret_add.sh
@ -2,12 +2,12 @@


 function add {
-  local auto_ignore=0
+  local auto_ignore=1
  OPTIND=1

  while getopts "ih" opt; do
    case "$opt" in
-      i) auto_ignore=1;;
+      i) auto_ignore=1;;    # this doesn't change anything

      h) _show_manual_for "add";;

@ -64,12 +64,14 @@ function add {
    if [[ "$auto_ignore" -eq 0 ]]; then
      # This file is not ignored. user don't want it to be added automatically.
      # Raise the exception, since all files, which will be hidden, must be ignored.
+      # note that it is no longer possible to wind up in this code path as auto_ignore cannot be 0.
+      # code left here in case we want to restore/modify this path later
      _abort "$message"
    else
      # In this case these files should be added to the `.gitignore` automatically:
      # see https://github.com/sobolevn/git-secret/issues/18 for more.
-      echo "$message"
-      echo "auto adding them to .gitignore"
+      _message "$message"
+      _message "auto adding them to .gitignore"
      for item in "${not_ignored[@]}"; do
        _add_ignored_file "$item"
      done
@ -95,5 +97,5 @@ function add {
    fi
  done

-  echo "${#@} item(s) added."
+  _message "${#@} item(s) added."
 }
--- a/src/commands/git_secret_changes.sh
+++ b/src/commands/git_secret_changes.sh
@ -61,7 +61,7 @@ function changes {
    # we ignore the exit code because _decrypt will _abort if appropriate.


-    echo "changes in ${path}:"
+    _message "changes in ${path}:"
    # diff the result:
    # we have the '|| true' because `diff` returns error code if files differ.
    diff -u <(echo -n "$decrypted") "$path" || true
--- a/src/commands/git_secret_hide.sh
+++ b/src/commands/git_secret_hide.sh
@ -33,7 +33,7 @@ function _optional_delete {

    # We use custom formatting here:
    if [[ -n "$_SECRETS_VERBOSE" ]]; then
-      echo && echo 'removing unencrypted files:'
+      echo && _message 'removing unencrypted files:'
    fi

    while read -r line; do
@ -203,5 +203,5 @@ function hide {
  # after we have already hidden them.
  _optional_delete "$delete"

-  echo "done. $counter of $num_mappings files are hidden."
+  _message "done. $counter of $num_mappings files are hidden."
 }
--- a/src/commands/git_secret_init.sh
+++ b/src/commands/git_secret_init.sh
@ -69,7 +69,7 @@ function init {
  mkdir "$git_secret_dir" "$(_get_secrets_dir_keys)" "$(_get_secrets_dir_path)"
  touch "$(_get_secrets_dir_keys_mapping)" "$(_get_secrets_dir_paths_mapping)"

-  echo "'$git_secret_dir/' created."
+  _message "'$git_secret_dir/' created."

  local random_seed_file
  random_seed_file="${_SECRETS_DIR}/keys/random_seed"
--- a/src/commands/git_secret_killperson.sh
+++ b/src/commands/git_secret_killperson.sh
@ -38,7 +38,7 @@ function killperson {
    fi
  done

-  echo 'removed keys.'
-  echo "now [$*] do not have an access to the repository."
-  echo 'make sure to hide the existing secrets again.'
+  _message 'removed keys.'
+  _message "now [$*] do not have an access to the repository."
+  _message 'make sure to hide the existing secrets again.'
 }
--- a/src/commands/git_secret_list.sh
+++ b/src/commands/git_secret_list.sh
@ -22,6 +22,6 @@ function list {
  _list_all_added_files  # exports 'filenames' array
  local filename
  for filename in "${filenames[@]}"; do
-    echo "$filename"
+    echo "$filename"    # do not prepend 'git-secret: '
  done
 }
--- a/src/commands/git_secret_remove.sh
+++ b/src/commands/git_secret_remove.sh
@ -56,6 +56,6 @@ function remove {
    fi
  done

-  echo 'removed from index.'
-  echo "ensure that files: [$*] are now not ignored."
+  echo 'git-secret: removed from index.'
+  echo "git-secret: ensure that files: [$*] are now not ignored."
 }
--- a/src/commands/git_secret_reveal.sh
+++ b/src/commands/git_secret_reveal.sh
@ -71,5 +71,5 @@ function reveal {
  
  done

-  echo "done. $counter of ${#to_show[@]} files are revealed."
+  echo "git-secret: done. $counter of ${#to_show[@]} files are revealed."
 }
--- a/tests/test_add.bats
+++ b/tests/test_add.bats
@ -40,23 +40,24 @@ function teardown {
 }


-@test "run 'add' for unignored file" {
+@test "run 'add' for file ignored by default" {
  local test_file="$TEST_DEFAULT_FILENAME"
  touch "$test_file"
  echo "content" > "$test_file"

  run git secret add "$test_file"
-  [ "$status" -eq 1 ]
+  [ "$status" -eq 0 ]

  rm "$test_file"
 }


-@test "run 'add' for unignored file with '-i'" {
-  local test_file='test_file.auto_ignore'   # TODO - parameterize filename
+@test "run 'add' for file ignored with '-i'" {
+  local test_file="$TEST_DEFAULT_FILENAME"
  touch "$test_file"
  echo "content" > "$test_file"

+  # add -i is now a no-op (See #225) so this tests that -i does nothing.
  run git secret add -i "$test_file"
  [ "$status" -eq 0 ]

@ -67,7 +68,7 @@ function teardown {
 }


-@test "run 'add' for un-ignored file with '-i' in subfolder" {
+@test "run 'add' for file ignored by default and with '-i' in subfolder" {
  # This test covers this issue:
  # https://github.com/sobolevn/git-secret/issues/85 task 1

@ -127,7 +128,7 @@ function teardown {
  # Testing:
  run git secret add "../node/$TEST_DEFAULT_FILENAME"
  [ "$status" -eq 0 ]
-  [[ "$output" == *"1 item(s) added."* ]]
+  [[ "$output" == *"git-secret: 1 item(s) added."* ]]

  # Testing mappings content:
  local path_mappings
@ -160,7 +161,7 @@ function teardown {
  # Testing:
  run git secret add "$test_dir/$test_file"
  [ "$status" -eq 0 ]
-  [[ "$output" == *"1 item(s) added."* ]]
+  [[ "$output" == *"git-secret: 1 item(s) added."* ]]

  # Cleaning up:
  rm -r "$test_dir"
@ -177,7 +178,7 @@ function teardown {
  run git secret add "$filename"
  run git secret add "$filename"
  [ "$status" -eq 0 ]
-  [ "$output" = "1 item(s) added." ]
+  [ "$output" = "git-secret: 1 item(s) added." ]

  # Ensuring that path mappings was set correctly:
  local path_mappings
@ -204,7 +205,7 @@ function teardown {
  # Testing:
  run git secret add "$filename1" "$filename2"
  [ "$status" -eq 0 ]
-  [ "$output" = "2 item(s) added." ]
+  [ "$output" = "git-secret: 2 item(s) added." ]

  # Cleaning up:
  rm "$filename1" "$filename2" ".gitignore"
--- a/tests/test_hide.bats
+++ b/tests/test_hide.bats
@ -32,7 +32,7 @@ function teardown {

  # Command must execute normally:
  [ "$status" -eq 0 ]
-  [ "$output" = "done. 1 of 1 files are hidden." ]
+  [ "$output" = "git-secret: done. 1 of 1 files are hidden." ]

  # New files should be created:
  local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
@ -44,7 +44,7 @@ function teardown {

  # Command must execute normally. 
  [ "$status" -eq 0 ]
-  [[ "$output" == "done. 1 of 1 files are hidden." ]]
+  [[ "$output" == "git-secret: done. 1 of 1 files are hidden." ]]
 }

@test "run 'hide' with '-P'" {
@ -58,7 +58,7 @@ function teardown {

  # Command must execute normally:
  [ "$status" -eq 0 ]
-  [ "$output" = "done. 1 of 1 files are hidden." ]
+  [ "$output" = "git-secret: done. 1 of 1 files are hidden." ]

  # New files should be created:
  local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
@ -117,7 +117,7 @@ function teardown {
  # Now it should return an error because one file can't be found
  run git secret hide
  [ "$status" -ne 0 ]
-  [ "$output" != "done. 2 of 2 files are hidden." ]
+  [ "$output" != "git-secret: done. 2 of 2 files are hidden." ]
 }


@ -131,7 +131,7 @@ function teardown {
  run git secret hide
  #echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
  [ "$status" -eq 0 ]
-  [ "$output" = "done. 2 of 2 files are hidden." ]
+  [ "$output" = "git-secret: done. 2 of 2 files are hidden." ]

  # Cleaning up:
  rm "$second_file"
@ -145,8 +145,8 @@ function teardown {
  [ "$status" -eq 0 ]
  # git secret hide -m, use temp file so cleaning should take place
  [[ "${#lines[@]}" -eq 2 ]]
-  [ "${lines[0]}" = "done. 1 of 1 files are hidden." ]
-  [ "${lines[1]}" = "cleaning up..." ]
+  [ "${lines[0]}" = "git-secret: done. 1 of 1 files are hidden." ]
+  [ "${lines[1]}" = "git-secret: cleaning up..." ]

  # New files should be created:
  local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
@ -165,8 +165,8 @@ function teardown {
  [ "$status" -eq 0 ]
  # git secret hide -m, uses a temp file so cleaning should take place
  [[ "${#lines[@]}" -eq 2 ]]
-  [ "${lines[0]}" = "done. 1 of 1 files are hidden." ]
-  [ "${lines[1]}" = "cleaning up..." ]
+  [ "${lines[0]}" = "git-secret: done. 1 of 1 files are hidden." ]
+  [ "${lines[1]}" = "git-secret: cleaning up..." ]
  # back path mappings
  cp "${path_mappings}" "${path_mappings}.bak"
  # run hide again
@ -176,7 +176,7 @@ function teardown {
  [[ "${#lines[@]}" -eq 1 ]]
  
  # output says 0 of 1 files are hidden because checksum didn't change and we didn't need to hide it again.
-  [ "$output" = "done. 0 of 1 files are hidden." ]
+  [ "$output" = "git-secret: done. 0 of 1 files are hidden." ]
  # no changes should occur to path_mappings files
  cmp -s "${path_mappings}" "${path_mappings}.bak"

@ -257,5 +257,5 @@ function teardown {

  run git secret hide
  [ "$status" -eq 0 ]
-  [ "$output" = "done. 1 of 1 files are hidden." ]
+  [ "$output" = "git-secret: done. 1 of 1 files are hidden." ]
 }