github.com/StackExchange/blackbox/v2@v2.0.1-0.20220331193400-d84e904973ab/bin/blackbox_register_new_file

github.com/StackExchange/blackbox/v2@v2.0.1-0.20220331193400-d84e904973ab/bin/blackbox_register_new_file (about)

     1  #!/usr/bin/env bash
     2  
     3  #
     4  # blackbox_register_new_file -- Enroll new file(s) in the blackbox system.
     5  #
     6  # Takes previously unencrypted file(s) and enrolls them into the blackbox
     7  # system.  Each file will be kept in the repo as an encrypted file.  On deployment
     8  # to systems that need the plaintext (unencrypted) versions, run
     9  # blackbox_postdeploy.sh to decrypt all the files.
    10  
    11  set -e
    12  source "${0%/*}/_blackbox_common.sh"
    13  
    14  function register_new_file() {
    15    unencrypted_file=$(get_unencrypted_filename "$1")
    16    encrypted_file=$(get_encrypted_filename "$1")
    17  
    18    if [[ "$1" == "$encrypted_file" ]]; then
    19      echo ERROR: Please only register unencrypted files.
    20      exit 1
    21    fi
    22  
    23    echo "========== PLAINFILE $unencrypted_file"
    24    echo "========== ENCRYPTED $encrypted_file"
    25  
    26    fail_if_not_exists "$unencrypted_file" "Please specify an existing file."
    27    fail_if_exists "$encrypted_file" "Will not overwrite."
    28  
    29    prepare_keychain
    30    encrypt_file "$unencrypted_file" "$encrypted_file"
    31    add_filename_to_cryptlist "$unencrypted_file"
    32    vcs_ignore "$unencrypted_file"
    33  
    34    # Is the unencrypted file already in HG? (ie. are we correcting a bad situation)
    35    SECRETSEXPOSED=$(is_in_vcs "${unencrypted_file}")
    36    echo "========== CREATED: ${encrypted_file}"
    37    echo "========== UPDATING REPO:"
    38    shred_file "$unencrypted_file"
    39  
    40    if [[ "$SECRETSEXPOSED" == "true" ]] ; then
    41      vcs_remove "$unencrypted_file"
    42      vcs_add "$encrypted_file"
    43    fi
    44  
    45    echo 'NOTE: "already tracked!" messages are safe to ignore.'
    46    vcs_add "$BB_FILES" "$encrypted_file"
    47    vcs_commit "registered in blackbox: ${unencrypted_file}" "$BB_FILES" "$encrypted_file" "$(vcs_ignore_file_path)"
    48  }
    49  
    50  for target in "$@"; do
    51    register_new_file "$target"
    52  done
    53  
    54  echo "========== UPDATING VCS: DONE"
    55  if [[ $VCS_TYPE = "svn" ]]; then
    56  	echo "Local repo updated and file pushed to source control (unless an error was displayed)."
    57  else
    58  	echo "Local repo updated.  Please push when ready."
    59  	echo "    $VCS_TYPE push"
    60  fi