Skip to content

Commit 6b85f23

Browse files
committed
Introduce git-conceal-unlock wrapper script
That auto-downloads the binary from GitHub Release (using the `install.sh` script of the `git-conceal` repo) if it doesn't exist locally, before running `git-conceal unlock` on the current repo to decrypt the secrets
1 parent 5dd4b6a commit 6b85f23

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed

bin/git-conceal-unlock

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
#!/bin/bash
2+
3+
# Description:
4+
# A wrapper script to run `git-conceal unlock` on CI
5+
# See https://github.com/Automattic/git-conceal
6+
#
7+
# The wrapper automatically runs the `install.sh` script of `git-conceal`
8+
# if it's not already installed locally before running `git-conceal unlock env:…`.
9+
#
10+
# By default, it uses the `GIT_CONCEAL_SECRET_KEY` environment variable as the key source.
11+
# You can override it by passing the environment variable name as the first argument.
12+
#
13+
14+
set -euo pipefail
15+
16+
env_var_name=${1:-GIT_CONCEAL_SECRET_KEY}
17+
18+
# If installed in the $PATH, execute it (replacing this current process)
19+
if command -v git-conceal &> /dev/null; then
20+
git-conceal unlock "env:${env_var_name}"
21+
exit $?
22+
fi
23+
24+
INSTALL_DIR="${PWD}"
25+
# If was already previously installed in INSTALL_DIR, execute it (replacing this current process)
26+
if [[ -x "${INSTALL_DIR}/git-conceal" ]]; then
27+
"${INSTALL_DIR}/git-conceal" unlock "env:${env_var_name}"
28+
exit $?
29+
fi
30+
31+
# Otherwise, install it locally and execute it
32+
echo "git-conceal binary not found. Installing it..."
33+
mkdir -p "${INSTALL_DIR}"
34+
curl -fsSL https://raw.githubusercontent.com/Automattic/git-conceal/trunk/install.sh | bash -s -- --prefix "${INSTALL_DIR}"
35+
"${INSTALL_DIR}/git-conceal" unlock "env:${env_var_name}"

0 commit comments

Comments
 (0)