89 lines
2.5 KiB
Bash
Executable File
89 lines
2.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Exit on first error and verify variables have been set/passed via CLI
|
|
#set -eu
|
|
set -v
|
|
set -x
|
|
|
|
# Rename our variables to friendlier equivalents
|
|
# https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver
|
|
base="$1"
|
|
local_="$2"
|
|
remote="$3"
|
|
merged="$4"
|
|
|
|
echo "$base"
|
|
echo "$local_"
|
|
echo "$remote"
|
|
echo "$merged"
|
|
|
|
# Resolve our default mergetool
|
|
# https://github.com/git/git/blob/v2.8.2/git-mergetool--lib.sh#L3
|
|
mergetool="$(git config --get merge.tool)"
|
|
GIT_DIR="$(git --exec-path)"
|
|
if test "$mergetool" = ""; then
|
|
echo 'No default `merge.tool` was set for `git`. Please set one via `git config --set merge.tool <tool>`' 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
# Create file names for our decrypted contents
|
|
# example_LOCAL_2823.yaml -> example_LOCAL_2823.decrypted.yaml
|
|
extension=".${base##*.}"
|
|
base_decrypted="${base/$extension/.decrypted$extension}"
|
|
local_decrypted="${local_/$extension/.decrypted$extension}"
|
|
remote_decrypted="${remote/$extension/.decrypted$extension}"
|
|
merged_decrypted="${base_decrypted/_BASE_/_MERGED_}"
|
|
backup_decrypted="${base_decrypted/_BASE_/_BACKUP_}"
|
|
|
|
# If anything goes wrong, then delete our decrypted files
|
|
handle_trap_exit() {
|
|
rm $base_decrypted || true
|
|
rm $local_decrypted || true
|
|
rm $remote_decrypted || true
|
|
rm $merged_decrypted || true
|
|
rm $backup_decrypted || true
|
|
}
|
|
trap handle_trap_exit EXIT
|
|
|
|
# Decrypt our file contents
|
|
sops --decrypt --show-master-keys "$base" >"$base_decrypted"
|
|
sops --decrypt --show-master-keys "$local_" >"$local_decrypted"
|
|
sops --decrypt --show-master-keys "$remote" >"$remote_decrypted"
|
|
|
|
# Create a merge-diff to compare against
|
|
set +e
|
|
git merge-file -p "$local_decrypted" "$base_decrypted" "$remote_decrypted" >"$merged_decrypted"
|
|
set -e
|
|
cp "$merged_decrypted" "$backup_decrypted"
|
|
|
|
# Set up variables for our mergetool
|
|
# https://github.com/git/git/blob/v2.8.2/mergetools/meld
|
|
# https://github.com/git/git/blob/v2.8.2/git-mergetool--lib.sh#L95-L111
|
|
export LOCAL="$local_decrypted"
|
|
export BASE="$base_decrypted"
|
|
export REMOTE="$remote_decrypted"
|
|
export MERGED="$merged_decrypted"
|
|
export BACKUP="$backup_decrypted"
|
|
|
|
# Load our mergetool scripts
|
|
source "$GIT_DIR/git-mergetool--lib"
|
|
source "$GIT_DIR/mergetools/$mergetool"
|
|
|
|
# Override `check_unchanged` with a custom script
|
|
check_unchanged() {
|
|
# If the contents haven't changed, then fail
|
|
if test "$MERGED" -nt "$BACKUP"; then
|
|
return 0
|
|
else
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# Run our mergetool
|
|
set +eu
|
|
export merge_tool_path="$(get_merge_tool_path "$mergetool")"
|
|
merge_cmd
|
|
set -eu
|
|
|
|
# Re-encrypt content
|
|
sops --encrypt "$merged_decrypted" >"$merged"
|