chore: initial commit

.devfiles/hooks/commit-msg.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+cog verify --file "$1"

.devfiles/hooks/pre-commit.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+root="$(git rev-parse --show-toplevel)"
+
+cd "$root"
+
+gitleaks git
+
+# Only validate encrypted files if we are tracking any
+if [[ -e .ageboxreg.yml ]]; then
+  agebox validate --no-decrypt
+fi

.devfiles/justfile

@@ -0,0 +1,43 @@
+set dotenv-load := true
+
+export PATH := source_dir() + "/bin:" + source_dir() + "/scripts:" + env("PATH")
+export AGEBOX_DEBUG := "0"
+export AGEBOX_PUBLIC_KEYS := source_dir() + "/public_keys.txt"
+
+# Install agebox from the latest github realse
+install-agebox:
+  curl -sSL "https://github.com/slok/agebox/releases/latest/download/agebox-linux-amd64" -o .devfiles/bin/agebox
+  chmod + x .devfiles/bin/agebox
+
+[no-cd]
+install-hooks:
+  cog install-hook --all
+
+# Easy and simple file repository encryption tool based on Age.
+agebox +ARGS="--help":
+  @.devfiles/bin/agebox  {{ ARGS }}
+
+# Encrypt the provided files, relative to project root.
+encrypt +FILES: (agebox "encrypt " + FILES)
+
+# Encrypt all the tracked files.
+encrypt-all: (agebox "encrypt --all")
+
+# Decrypt the provided files, relative to project root.
+decrypt +FILES: (agebox "decrypt " + FILES)
+
+# Decrypt all the tracked files.
+decrypt-all: (agebox "decrypt --all --force")
+
+# Reencrypt all the tracked files with the new public keys.
+reencrypt: (agebox "reencrypt")
+
+# Show the content of an encrypted file to stdout.
+crypt-peek +FILES: (agebox "cat " + FILES)
+
+# Validate that all tracked files are encrypted.
+crypt-check:(agebox "validate --no-decrypt ")
+
+# Validate no credentials are pushed to git
+leaks:
+  @gitleaks git --verbose --redact

.devfiles/public_keys.txt

@@ -0,0 +1,2 @@
+# anavarro
+age1gj7hj894l0a0lvu3fsndlkdkyc0da7963kcqhpfe43reflx3gafqnm058u

.devfiles/scripts/dependecy-check.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+root="$(git rev-parse --show-toplevel)"
+
+export PATH=$root/.devfiles/bin:$root/.devfiles/scripts:$PATH
+
+devtools=(
+  age
+  agebox
+  cog
+  gitleaks
+)
+
+missing_tools=()
+
+for cmd in "${devtools[@]}"; do
+  if ! command -v "$cmd" &>/dev/null; then
+    missing_tools+=("$cmd")
+  fi
+done
+
+if [[ ${#missing_tools[@]} != 0 ]]; then
+  echo "The following tools where not found:"
+  printf "%s\n" "${missing_tools[@]}"
+  exit 1
+else
+  echo -e "All tools are installed!"
+fi

.devfiles/scripts/gitignore.sh

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+root="$(git rev-parse --show-toplevel)"
+
+base_url="https://git.alecodes.page/api/v1/gitignore/templates"
+
+query="$*"
+
+list_available() {
+  curl -Ssl $base_url | jq -r '.[]'
+}
+
+if [[ -z $query ]]; then
+  list_available
+  exit 0
+fi
+
+tmp_file="$(mktemp)"
+
+for template in $query; do
+  # Capitalize the string
+  template=${template,,}
+  template=${template^}
+
+  response="$(curl -Ssl "$base_url/$template")"
+  name="$(echo "$response" | jq -r '.name')"
+  content="$(echo "$response" | jq -r '.source')"
+
+  if [[ "$content" == "null" ]]; then
+    echo "Template not found, available options:"
+    list_available
+    exit 1
+  fi
+
+  printf "\n### %s\n\n%s\n\n" "$name" "$content" >>"$tmp_file"
+done
+
+sed -i -ne "/#### -- TEMPLATES BEGIN -- ####/ {p; r $tmp_file" -e ':a; n; /#### -- TEMPLATES END -- ####/ {p; b}; ba}; p' "$root/.gitignore"
+
+rm "$tmp_file"