-
Notifications
You must be signed in to change notification settings - Fork 2
/
gitsecret_diff.sh
executable file
·196 lines (165 loc) · 3.77 KB
/
gitsecret_diff.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
#!/usr/bin/env bash
PASSWORD=""
SHA1=""
SHA2=""
WORKING_DIR=""
FILENAMES=""
function die()
{
echo "$@" 1>&2
usage
exit 1
}
function usage()
{
printf "gitsecret_diff [secret files to compare] \n\
-a | --sha1 <first commit sha to compare> \n\
-b | --sha2 <second commit sha to compare> \n\
-p | --password <git secret password> \n\
-w | --working-dir <the working dir to run>\n\
-h | --help\n"
}
function reveal()
{
if [[ -z "$PASSWORD" ]]; then
git secret reveal
else
git secret reveal -p "$PASSWORD"
fi
}
function compare()
{
if [[ -z "$PASSWORD" ]]; then
git secret changes "$FILENAMES"
else
git secret changes -p "$PASSWORD" "$FILENAMES"
fi
}
function compare_with_local()
{
compare
}
function compare_with_sha()
{
git checkout "$1" > /dev/null 2>&1
compare
}
function compare_sha_with_local()
{
echo "Compare $SHA1 with local"
get_initial_state
compare_with_sha "$SHA1"
restore_state
}
function compare_with_other()
{
echo "comparing revision $SHA1 with $SHA2"
get_initial_state
git checkout "$SHA1" > /dev/null 2>&1
reveal
compare_with_sha "$SHA2"
restore_state
}
function do_compare()
{
if [[ -z "$SHA1" ]]; then
compare_with_local
elif [[ -z "$SHA2" ]]; then
check_modified_files
compare_sha_with_local
else
check_modified_files
compare_with_other
fi
}
function check_modified_files()
{
MODIFIED_FILES=$(git ls-files -m)
if [[ -n "$MODIFIED_FILES" ]]; then
printf "The following files are modified:\n%s\n\nPlease stash them or clean it in order to safely run this script." "$MODIFIED_FILES"
exit 1
fi
}
get_initial_state()
{
ACTUAL_SHA=$(git rev-parse --abbrev-ref HEAD)
if [[ "$ACTUAL_SHA" == "HEAD" ]]; then
ACTUAL_SHA=$(git rev-parse HEAD)
fi
if [[ -n "$WORKING_DIR" ]]; then
pushd "$WORKING_DIR"
fi
}
restore_state()
{
# Restore state
git checkout "$ACTUAL_SHA" > /dev/null 2>&1
reveal > /dev/null 2>&1
if [[ -n "$WORKING_DIR" ]]; then
popd
fi
}
function check_that_shas_are_valid()
{
SHA1_INFO="commit"
SHA2_INFO="commit"
if [[ -n "$SHA1" ]]; then
SHA1_INFO=$(git cat-file -t "$SHA1" 2>&1)
fi
if [[ -n "$SHA2" ]]; then
SHA2_INFO=$(git cat-file -t "$SHA2" 2>&1)
fi
if [[ "$SHA1_INFO" != "commit" || "$SHA2_INFO" != "commit" ]]; then
die "Check that commits SHAs are valid."
fi
}
check_arguments()
{
# Parse arguments
TEMP=$(getopt -n "$0" --options p:a:b:w:h --longoptions sha1:,sha2:,password:,working-dir:,help -- "$@")
eval set -- "$TEMP"
while true; do
case $1 in
-h|--help)
usage
exit 0
;;
-p|--password)
PASSWORD=$2; shift 2
;;
-a|--sha1)
SHA1=$2; shift 2
;;
-b|--sha2)
SHA2=$2; shift 2
;;
-w|--working-dir)
WORKING_DIR=$2; shift 2
;;
--)
# no more arguments to parse
break
;;
*)
printf "Unknown option %s\n" "$1"
usage
exit 1
;;
:)
echo "Option -$OPTARG requires an argument." >&2
usage
exit 1
;;
esac
done
if [[ -n "$SHA2" && -z "$SHA1" ]]; then
die "Please provide only SHA1 or SHA1 and SHA2"
fi
check_that_shas_are_valid
shift $((OPTIND-1))
[ "$1" = '--' ] && shift
FILENAMES=( $@ );shift
eval set -- "$@"
}
check_arguments "$@"
do_compare