Add commands to more easily add file patterns to .gitattributes: transcrypt --add and git add-crypt #125

Author: jmurty

CHANGELOG.md

@@ -34,6 +34,11 @@ system, you must also run the `--upgrade` command in each repository:
 
 ## [Unreleased]
 
+### Added
+
+- New commands make it easier to add file patterns to .gitattributes:
+  `transcrypt --add` and `git add-crypt` (#125)
+
 ### Changed
 
 - Improve check for incorrect password to avoid false report when transcrypt

README.md

@@ -104,7 +104,7 @@ config. If that pattern matches a file in your repository, the file will be
 transparently encrypted once you stage and commit it:
 
     $ cd <path-to-your-repo>/
-    $ echo 'sensitive_file  filter=crypt diff=crypt merge=crypt' >> .gitattributes
+    $ transcrypt --add sensitive_file
     $ git add .gitattributes sensitive_file
     $ git commit -m 'Add encrypted version of a sensitive file'
 
@@ -210,6 +210,9 @@ directory.
       -y, --yes
              assume yes and accept defaults for non-specified options
 
+      --add, --add=pattern
+             add a file pattern to encrypt to the .gitattributes file
+
       -d, --display
              display the current repository's cipher and password
 
@@ -326,8 +329,7 @@ to encrypt a file \_top-secret* in a "super" context:
     $ transcrypt --context=super
 
     # Add a pattern to .gitattributes with "crypt-super" values
-    $ echo >> .gitattributes \\
-      'top-secret filter=crypt-super diff=crypt-super merge=crypt-super'
+    $ transcrypt --context=super --add=top-secret
 
     # Add and commit your top-secret and .gitattribute files
     $ git add .gitattributes top-secret

tests/test_crypt.bats

@@ -206,6 +206,46 @@ SECRET_CONTENT_ENC="U2FsdGVkX1/6ilR0PmJpAyCF7iG3+k4aBwbgVd48WaQXznsg42nXbQrlWsf/
   rm "$FILENAME"
 }
 
+@test "crypt: add file patterns to .gitattributes" {
+  # git add-crypt add file to gitattributes
+
+  # add file 1 via `add-crypt`
+  git add-crypt foobar
+  run cat .gitattributes
+  [[ "$status" -eq 0 ]]
+  [[ "${#lines[@]}" = "2" ]]
+  [[ "${lines[1]}" = "foobar  filter=crypt diff=crypt merge=crypt" ]]
+
+  # add pattern 2 via `add-crypt`
+  git add-crypt config/*.json
+  run cat .gitattributes
+  [[ "$status" -eq 0 ]]
+  [[ "${#lines[@]}" = "3" ]]
+  [[ "${lines[2]}" = "config/*.json  filter=crypt diff=crypt merge=crypt" ]]
+
+  # add patterns 3 & 4 via `transcrypt --add`
+  "$BATS_TEST_DIRNAME"/../transcrypt --add pattern2
+  "$BATS_TEST_DIRNAME"/../transcrypt --add=*.secret
+  run cat .gitattributes
+  [[ "$status" -eq 0 ]]
+  [[ "${#lines[@]}" = "5" ]]
+  [[ "${lines[3]}" = "pattern2  filter=crypt diff=crypt merge=crypt" ]]
+  [[ "${lines[4]}" = "*.secret  filter=crypt diff=crypt merge=crypt" ]]
+
+  # test ignore adding duplicate pattern
+  git add-crypt foobar
+  git add-crypt config/*.json
+  git add-crypt pattern2
+  git add-crypt *.secret
+  run cat .gitattributes
+  [[ "$status" -eq 0 ]]
+  [[ "${#lines[@]}" = "5" ]]  # no new line added
+  [[ "${lines[1]}" = "foobar  filter=crypt diff=crypt merge=crypt" ]]
+  [[ "${lines[2]}" = "config/*.json  filter=crypt diff=crypt merge=crypt" ]]
+  [[ "${lines[3]}" = "pattern2  filter=crypt diff=crypt merge=crypt" ]]
+  [[ "${lines[4]}" = "*.secret  filter=crypt diff=crypt merge=crypt" ]]
+}
+
 @test "crypt: transcrypt --upgrade applies new merge driver" {
   VERSION=$("$BATS_TEST_DIRNAME"/../transcrypt -v | awk '{print $2}')
 

tests/test_init.bats

@@ -50,6 +50,8 @@ SETUP_SKIP_INIT_TRANSCRYPT=1
   [ "$(git config --get merge.crypt.name)" = "Merge transcrypt secret files" ]
 
   [ "$(git config --get alias.ls-crypt)" = '!"$(git config transcrypt.crypt-dir 2>/dev/null || printf %s/crypt ""$(git rev-parse --git-dir)"")"/transcrypt --list' ]
+
+  [ "$(git config --get alias.add-crypt)" = '!"$(git config transcrypt.crypt-dir 2>/dev/null || printf %s/crypt ""$(git rev-parse --git-dir)"")"/transcrypt --add' ]
 }
 
 @test "init: show details for --display" {

transcrypt

@@ -426,6 +426,15 @@ git_pre_commit() {
 	unset IFS
 }
 
+# Add file patterns to .gitattributes
+add_pattern() {
+	for var in "$@"; do
+		line="$var  filter=crypt${CONTEXT_CRYPT_SUFFIX} diff=crypt${CONTEXT_CRYPT_SUFFIX} merge=crypt${CONTEXT_CRYPT_SUFFIX}"
+		grep -qxF "$line" "${GIT_ATTRIBUTES}" || echo "$line" >>"${GIT_ATTRIBUTES}"
+		sync
+	done
+}
+
 # verify that all requirements have been met
 run_safety_checks() {
 	# validate that we're in a git repository
@@ -722,6 +731,9 @@ save_configuration() {
 		# List files with gitattribute 'filter=crypt-<CONTEXT>'
 		git config "alias.ls-crypt-${CONTEXT}" "!$transcrypt_path --context=${CONTEXT} --list"
 	fi
+
+	# Add git alias `add-crypt` to add file pattern to .gitattributes
+	git config alias.add-crypt "!$transcrypt_path --add"
 }
 
 # display the current configuration settings
@@ -895,6 +907,9 @@ uninstall_transcrypt() {
 		fi
 		[[ -f "$pre_commit_hook_installed" ]] && rm "$pre_commit_hook_installed"
 
+		# remove the `git add-crypt` alias.
+		git config --unset alias.add-crypt 2>/dev/null || true
+
 		# remove context settings: cipher & password config, ls-crypt alias variant,
 		# crypt filter/diff/merge attributes. We do it here instead of `clean_gitconfig`
 		# to avoid interfering with flushing of credentials
@@ -1263,6 +1278,9 @@ help() {
 		     -d, --display
 		            display the current repository's cipher and password
 
+		     --add, --add=pattern
+		            add a file pattern to encrypt to the .gitattributes file
+
 		     -r, --rekey
 		            re-encrypt all encrypted files using new credentials
 
@@ -1328,8 +1346,10 @@ help() {
 		     matches  a file in your  repository,  the file  will  be  transparently
 		     encrypted once you stage and commit it:
 
-		         $ echo >> .gitattributes \\
-		         'sensitive_file  filter=crypt diff=crypt merge=crypt'
+		         $ transcrypt --add sensitive_file
+
+		         $ cat .gitattributes
+		         sensitive_file  filter=crypt diff=crypt merge=crypt
 
 		         $ git add .gitattributes sensitive_file
 		         $ git commit -m 'Add encrypted version of a sensitive file'
@@ -1360,8 +1380,10 @@ help() {
 		         $ transcrypt --context=super
 
 		         # Add a pattern to .gitattributes with "crypt-super" values
-		         $ echo >> .gitattributes \\
-		           'top-secret filter=crypt-super diff=crypt-super merge=crypt-super'
+		         $ transcrypt --context=super --add=top-secret
+
+		         $ cat .gitattributes
+		         top-secret filter=crypt-super diff=crypt-super merge=crypt-super
 
 		         # Add and commit your top-secret and .gitattribute files
 		         $ git add .gitattributes top-secret
@@ -1390,6 +1412,7 @@ help() {
 context=''
 cipher=''
 display_config=''
+add_pattern=''
 list_contexts_command=''
 flush_creds=''
 gpg_import_file=''
@@ -1451,6 +1474,17 @@ while [[ "${1:-}" != '' ]]; do
 		password=${1#*=}
 		[[ $password ]] || die 1 'empty password'
 		;;
+	--add)
+		add_pattern=$2
+		[[ $add_pattern ]] || die 1 'empty pattern'
+		requires_clean_repo=''
+		shift
+		;;
+	--add=*)
+		add_pattern=${1#*=}
+		[[ $add_pattern ]] || die 1 'empty pattern'
+		requires_clean_repo=''
+		;;
 	-C | --context)
 		context=$2
 		shift
@@ -1583,6 +1617,9 @@ if [[ $list ]]; then
 elif [[ $uninstall ]]; then
 	uninstall_transcrypt
 	exit 0
+elif [[ $add_pattern ]]; then
+	add_pattern "$add_pattern"
+	exit 0
 elif [[ $upgrade ]]; then
 	upgrade_transcrypt
 	exit 0