From 981e35124a02858ab13b4b281d8f40245fadfa5f Mon Sep 17 00:00:00 2001 From: aleidk Date: Wed, 5 Feb 2025 11:59:43 -0300 Subject: [PATCH] chore: setup devfiles --- .devfiles/bin/.gitkeep | 0 .devfiles/hooks/.gitkeep | 0 .devfiles/hooks/commit-msg.sh | 5 ++++ .devfiles/hooks/pre-commit.sh | 14 +++++++++ .devfiles/justfile | 43 ++++++++++++++++++++++++++++ .devfiles/public_keys.txt | 2 ++ .devfiles/scripts/.gitkeep | 0 .devfiles/scripts/dependecy-check.sh | 30 +++++++++++++++++++ .gitignore | 21 +++----------- .justfile | 5 ++++ cog.toml | 6 ++++ 11 files changed, 109 insertions(+), 17 deletions(-) create mode 100644 .devfiles/bin/.gitkeep create mode 100644 .devfiles/hooks/.gitkeep create mode 100644 .devfiles/hooks/commit-msg.sh create mode 100644 .devfiles/hooks/pre-commit.sh create mode 100644 .devfiles/justfile create mode 100644 .devfiles/public_keys.txt create mode 100644 .devfiles/scripts/.gitkeep create mode 100755 .devfiles/scripts/dependecy-check.sh create mode 100644 .justfile diff --git a/.devfiles/bin/.gitkeep b/.devfiles/bin/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.devfiles/hooks/.gitkeep b/.devfiles/hooks/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.devfiles/hooks/commit-msg.sh b/.devfiles/hooks/commit-msg.sh new file mode 100644 index 0000000..1c54b90 --- /dev/null +++ b/.devfiles/hooks/commit-msg.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +set -euxo pipefail + +cog verify --file "$1" diff --git a/.devfiles/hooks/pre-commit.sh b/.devfiles/hooks/pre-commit.sh new file mode 100644 index 0000000..84e8fd4 --- /dev/null +++ b/.devfiles/hooks/pre-commit.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -euxo pipefail + +root="$(git rev-parse --show-toplevel)" + +cd "$root" + +gitleaks git + +# Only validate encrypted files if we are tracking any +if [[ -e .ageboxreg.yml ]]; then + agebox validate --no-decrypt +fi diff --git a/.devfiles/justfile b/.devfiles/justfile new file mode 100644 index 0000000..ae6f604 --- /dev/null +++ b/.devfiles/justfile @@ -0,0 +1,43 @@ +set dotenv-load := true + +export PATH := source_dir() + "/bin:" + source_dir() + "/scripts:" + env("PATH") +export AGEBOX_DEBUG := "0" +export AGEBOX_PUBLIC_KEYS := source_dir() + "/public_keys.txt" + +# Install agebox from the latest github realse +install-agebox: + curl -sSL "https://github.com/slok/agebox/releases/latest/download/agebox-linux-amd64" -o .devfiles/bin/agebox + chmod + x .devfiles/bin/agebox + +[no-cd] +install-hooks: + cog install-hook --all + +# Easy and simple file repository encryption tool based on Age. +agebox +ARGS="--help": + @.devfiles/bin/agebox {{ ARGS }} + +# Encrypt the provided files, relative to project root. +encrypt +FILES: (agebox "encrypt " + FILES) + +# Encrypt all the tracked files. +encrypt-all: (agebox "encrypt --all") + +# Decrypt the provided files, relative to project root. +decrypt +FILES: (agebox "decrypt " + FILES) + +# Decrypt all the tracked files. +decrypt-all: (agebox "decrypt --all --force") + +# Reencrypt all the tracked files with the new public keys. +reencrypt: (agebox "reencrypt") + +# Show the content of an encrypted file to stdout. +crypt-peek +FILES: (agebox "cat " + FILES) + +# Validate that all tracked files are encrypted. +crypt-check:(agebox "validate --no-decrypt ") + +# Validate no credentials are pushed to git +leaks: + @gitleaks git --verbose --redact diff --git a/.devfiles/public_keys.txt b/.devfiles/public_keys.txt new file mode 100644 index 0000000..17fe580 --- /dev/null +++ b/.devfiles/public_keys.txt @@ -0,0 +1,2 @@ +# anavarro +age1gj7hj894l0a0lvu3fsndlkdkyc0da7963kcqhpfe43reflx3gafqnm058u diff --git a/.devfiles/scripts/.gitkeep b/.devfiles/scripts/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.devfiles/scripts/dependecy-check.sh b/.devfiles/scripts/dependecy-check.sh new file mode 100755 index 0000000..684a14b --- /dev/null +++ b/.devfiles/scripts/dependecy-check.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +set -euo pipefail + +root="$(git rev-parse --show-toplevel)" + +export PATH=$root/.devfiles/bin:$root/.devfiles/scripts:$PATH + +devtools=( + age + agebox + cog + gitleaks +) + +missing_tools=() + +for cmd in "${devtools[@]}"; do + if ! command -v "$cmd" &>/dev/null; then + missing_tools+=("$cmd") + fi +done + +if [[ ${#missing_tools[@]} != 0 ]]; then + echo "The following tools where not found:" + printf "%s\n" "${missing_tools[@]}" + exit 1 +else + echo -e "All tools are installed!" +fi diff --git a/.gitignore b/.gitignore index c1c145d..cd4da0d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,18 +1,5 @@ -# ---> VirtualEnv -# Virtualenv -# http://iamzed.com/2009/05/07/a-primer-on-virtualenv/ -.Python -[Bb]in -[Ii]nclude -[Ll]ib -[Ll]ib64 -[Ll]ocal -[Ss]cripts -pyvenv.cfg -.venv -pip-selfcheck.json - -# ---> GPG -secring.* - +# Devfiles +.devfiles/bin/**/* +# Allow to presever folder structure in excluded folers, should be the last rule +!**/.gitkeep diff --git a/.justfile b/.justfile new file mode 100644 index 0000000..a442fcc --- /dev/null +++ b/.justfile @@ -0,0 +1,5 @@ +# Repo management tasks +mod repo ".devfiles/justfile" + +dev: + @echo "Edit the .justfile to setup the dev task!" diff --git a/cog.toml b/cog.toml index f258492..2f52731 100644 --- a/cog.toml +++ b/cog.toml @@ -14,6 +14,12 @@ post_package_bump_hooks = [] [git_hooks] +[git_hooks.pre-commit] +path = ".devfiles/hooks/pre-commit.sh" + +[git_hooks.commit-msg] +path = ".devfiles/hooks/commit-msg.sh" + [commit_types] [changelog]