├── CHANGELOG.md ├── README.md └── gitsecret_diff.sh /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | ## Version 2.0.0 4 | ### Added 5 | * Allow to make diffs beetween specific files 6 | * Some safety verifiers 7 | * Possibility to make diffs only with local files. Between encrypted and decrypted local files. 8 | * Possibility to make diffs between local files and other commit 9 | * \[-a | --sha1] option 10 | * \[files to compare] 11 | 12 | ### Changed 13 | * Instead of \[-s | --sha2] now is \[-b | --sha2] 14 | * First sha to compare is not mandatory 15 | * Silence git checkout command 16 | 17 | ## Version 1.0.0 18 | * Initial Release 19 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # git-secret-diff 2 | A diff tool for [git secret](https://github.com/sobolevn/git-secret) 3 | 4 | ## What is git-secret-diff 5 | [git secret](https://github.com/sobolevn/git-secret) already has a changes option. But it does not make diffs with other commits. 6 | git-secret-diff allows you to compare encrypted files beetween specific commits or beetween a specific commit and your local changes. 7 | It makes use of the already existing [git secret changes](https://sobolevn.github.io/git-secret/git-secret-changes). 8 | 9 | ## Prerequesites 10 | [git secret](https://github.com/sobolevn/git-secret) should be installed. 11 | 12 | ## Command 13 | gitsecret_diff \[files to compare] \[-a | --sha1] \[-b | --sha2] \[-w | --working-dir] \[-p | --password] \[-h | --help] 14 | 15 | ## Options 16 | ``` 17 | files to compare - If you want to make diff only on certain files of git secret 18 | -a | --sha1 - First commit sha. 19 | If only sha1 is provided then git-secret-diff will make a diff beetween sha1 and local. 20 | If no sha is provided git-secret-dif will make a diff beetween local decrypted files and the encrypted ones. 21 | -b | --sha2 - Second commit sha. If sha2 is provided then git-secret-diff will make a diff beetween sha1 and sha2 22 | If Sha2 is provided then sha1 must also exist 23 | -w | --working-dir - The working dir for the script to work. 24 | -p | --password - The password for git secret reveal 25 | -h | --help - Print help screen 26 | ``` 27 | 28 | ## Limitations 29 | 30 | Due to a bug on git secret changes if various files are provided on \[files to compare] only the first one will be compared. 31 | There's already this issue on git secret project. 32 | 33 | ## Notes 34 | Only tested on macOS. If you are using macOS please install [gnu getopt](http://brewformulas.org/gnu-getopt), otherwise it might not work. 35 | 36 | ## Contributors 37 | 38 | * [Miguel Silvestre](https://github.com/msilvestre) 39 | -------------------------------------------------------------------------------- /gitsecret_diff.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | PASSWORD="" 4 | SHA1="" 5 | SHA2="" 6 | WORKING_DIR="" 7 | FILENAMES="" 8 | 9 | function die() 10 | { 11 | echo "$@" 1>&2 12 | usage 13 | exit 1 14 | } 15 | 16 | function usage() 17 | { 18 | printf "gitsecret_diff [secret files to compare] \n\ 19 | -a | --sha1 \n\ 20 | -b | --sha2 \n\ 21 | -p | --password \n\ 22 | -w | --working-dir \n\ 23 | -h | --help\n" 24 | } 25 | 26 | function reveal() 27 | { 28 | if [[ -z "$PASSWORD" ]]; then 29 | git secret reveal 30 | else 31 | git secret reveal -p "$PASSWORD" 32 | fi 33 | } 34 | 35 | function compare() 36 | { 37 | if [[ -z "$PASSWORD" ]]; then 38 | git secret changes "$FILENAMES" 39 | else 40 | git secret changes -p "$PASSWORD" "$FILENAMES" 41 | fi 42 | } 43 | 44 | function compare_with_local() 45 | { 46 | compare 47 | } 48 | 49 | function compare_with_sha() 50 | { 51 | git checkout "$1" > /dev/null 2>&1 52 | 53 | compare 54 | } 55 | 56 | function compare_sha_with_local() 57 | { 58 | echo "Compare $SHA1 with local" 59 | get_initial_state 60 | compare_with_sha "$SHA1" 61 | restore_state 62 | } 63 | 64 | function compare_with_other() 65 | { 66 | echo "comparing revision $SHA1 with $SHA2" 67 | 68 | get_initial_state 69 | 70 | git checkout "$SHA1" > /dev/null 2>&1 71 | reveal 72 | compare_with_sha "$SHA2" 73 | 74 | restore_state 75 | } 76 | 77 | function do_compare() 78 | { 79 | if [[ -z "$SHA1" ]]; then 80 | compare_with_local 81 | elif [[ -z "$SHA2" ]]; then 82 | check_modified_files 83 | compare_sha_with_local 84 | else 85 | check_modified_files 86 | compare_with_other 87 | fi 88 | } 89 | 90 | function check_modified_files() 91 | { 92 | MODIFIED_FILES=$(git ls-files -m) 93 | if [[ -n "$MODIFIED_FILES" ]]; then 94 | printf "The following files are modified:\n%s\n\nPlease stash them or clean it in order to safely run this script." "$MODIFIED_FILES" 95 | exit 1 96 | fi 97 | } 98 | 99 | get_initial_state() 100 | { 101 | ACTUAL_SHA=$(git rev-parse --abbrev-ref HEAD) 102 | 103 | if [[ "$ACTUAL_SHA" == "HEAD" ]]; then 104 | ACTUAL_SHA=$(git rev-parse HEAD) 105 | fi 106 | 107 | if [[ -n "$WORKING_DIR" ]]; then 108 | pushd "$WORKING_DIR" 109 | fi 110 | } 111 | 112 | restore_state() 113 | { 114 | # Restore state 115 | git checkout "$ACTUAL_SHA" > /dev/null 2>&1 116 | reveal > /dev/null 2>&1 117 | if [[ -n "$WORKING_DIR" ]]; then 118 | popd 119 | fi 120 | } 121 | 122 | function check_that_shas_are_valid() 123 | { 124 | SHA1_INFO="commit" 125 | SHA2_INFO="commit" 126 | 127 | if [[ -n "$SHA1" ]]; then 128 | SHA1_INFO=$(git cat-file -t "$SHA1" 2>&1) 129 | fi 130 | 131 | if [[ -n "$SHA2" ]]; then 132 | SHA2_INFO=$(git cat-file -t "$SHA2" 2>&1) 133 | fi 134 | 135 | if [[ "$SHA1_INFO" != "commit" || "$SHA2_INFO" != "commit" ]]; then 136 | die "Check that commits SHAs are valid." 137 | fi 138 | } 139 | 140 | check_arguments() 141 | { 142 | # Parse arguments 143 | TEMP=$(getopt -n "$0" --options p:a:b:w:h --longoptions sha1:,sha2:,password:,working-dir:,help -- "$@") 144 | 145 | eval set -- "$TEMP" 146 | while true; do 147 | case $1 in 148 | -h|--help) 149 | usage 150 | exit 0 151 | ;; 152 | -p|--password) 153 | PASSWORD=$2; shift 2 154 | ;; 155 | -a|--sha1) 156 | SHA1=$2; shift 2 157 | ;; 158 | -b|--sha2) 159 | SHA2=$2; shift 2 160 | ;; 161 | -w|--working-dir) 162 | WORKING_DIR=$2; shift 2 163 | ;; 164 | --) 165 | # no more arguments to parse 166 | break 167 | ;; 168 | *) 169 | printf "Unknown option %s\n" "$1" 170 | usage 171 | exit 1 172 | ;; 173 | :) 174 | echo "Option -$OPTARG requires an argument." >&2 175 | usage 176 | exit 1 177 | ;; 178 | esac 179 | done 180 | 181 | if [[ -n "$SHA2" && -z "$SHA1" ]]; then 182 | die "Please provide only SHA1 or SHA1 and SHA2" 183 | fi 184 | 185 | check_that_shas_are_valid 186 | 187 | shift $((OPTIND-1)) 188 | [ "$1" = '--' ] && shift 189 | 190 | FILENAMES=( $@ );shift 191 | 192 | eval set -- "$@" 193 | } 194 | 195 | check_arguments "$@" 196 | do_compare 197 | --------------------------------------------------------------------------------