chore: setup devfiles

.devfiles/hooks/commit-msg.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+cog verify --file "$1"

.devfiles/hooks/pre-commit.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+root="$(git rev-parse --show-toplevel)"
+
+cd "$root"
+
+gitleaks git
+
+# Only validate encrypted files if we are tracking any
+if [[ -e .ageboxreg.yml ]]; then
+  agebox validate --no-decrypt
+fi

.devfiles/justfile

@@ -0,0 +1,43 @@
+set dotenv-load := true
+
+export PATH := source_dir() + "/bin:" + source_dir() + "/scripts:" + env("PATH")
+export AGEBOX_DEBUG := "0"
+export AGEBOX_PUBLIC_KEYS := source_dir() + "/public_keys.txt"
+
+# Install agebox from the latest github realse
+install-agebox:
+  curl -sSL "https://github.com/slok/agebox/releases/latest/download/agebox-linux-amd64" -o .devfiles/bin/agebox
+  chmod + x .devfiles/bin/agebox
+
+[no-cd]
+install-hooks:
+  cog install-hook --all
+
+# Easy and simple file repository encryption tool based on Age.
+agebox +ARGS="--help":
+  @.devfiles/bin/agebox  {{ ARGS }}
+
+# Encrypt the provided files, relative to project root.
+encrypt +FILES: (agebox "encrypt " + FILES)
+
+# Encrypt all the tracked files.
+encrypt-all: (agebox "encrypt --all")
+
+# Decrypt the provided files, relative to project root.
+decrypt +FILES: (agebox "decrypt " + FILES)
+
+# Decrypt all the tracked files.
+decrypt-all: (agebox "decrypt --all --force")
+
+# Reencrypt all the tracked files with the new public keys.
+reencrypt: (agebox "reencrypt")
+
+# Show the content of an encrypted file to stdout.
+crypt-peek +FILES: (agebox "cat " + FILES)
+
+# Validate that all tracked files are encrypted.
+crypt-check:(agebox "validate --no-decrypt ")
+
+# Validate no credentials are pushed to git
+leaks:
+  @gitleaks git --verbose --redact

.devfiles/public_keys.txt

@@ -0,0 +1,2 @@
+# anavarro
+age1gj7hj894l0a0lvu3fsndlkdkyc0da7963kcqhpfe43reflx3gafqnm058u

.devfiles/scripts/dependecy-check.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+root="$(git rev-parse --show-toplevel)"
+
+export PATH=$root/.devfiles/bin:$root/.devfiles/scripts:$PATH
+
+devtools=(
+  age
+  agebox
+  cog
+  gitleaks
+)
+
+missing_tools=()
+
+for cmd in "${devtools[@]}"; do
+  if ! command -v "$cmd" &>/dev/null; then
+    missing_tools+=("$cmd")
+  fi
+done
+
+if [[ ${#missing_tools[@]} != 0 ]]; then
+  echo "The following tools where not found:"
+  printf "%s\n" "${missing_tools[@]}"
+  exit 1
+else
+  echo -e "All tools are installed!"
+fi

.gitignore

@@ -1,18 +1,5 @@
-# ---> VirtualEnv
+# Devfiles
-# Virtualenv
+.devfiles/bin/**/*
-# http://iamzed.com/2009/05/07/a-primer-on-virtualenv/
-.Python
-[Bb]in
-[Ii]nclude
-[Ll]ib
-[Ll]ib64
-[Ll]ocal
-[Ss]cripts
-pyvenv.cfg
-.venv
-pip-selfcheck.json
-
-# ---> GPG
-secring.*
-
 
+# Allow to presever folder structure in excluded folers, should be the last rule
+!**/.gitkeep

.justfile

@@ -0,0 +1,5 @@
+# Repo management tasks
+mod repo ".devfiles/justfile"
+
+dev:
+  @echo "Edit the .justfile to setup the dev task!"

cog.toml

@@ -14,6 +14,12 @@ post_package_bump_hooks = []
 
 [git_hooks]
 
+[git_hooks.pre-commit]
+path = ".devfiles/hooks/pre-commit.sh"
+
+[git_hooks.commit-msg]
+path = ".devfiles/hooks/commit-msg.sh"
+
 [commit_types]
 
 [changelog]