Skip to content

Add git-conceal-unlock wrapper #195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AliSoftware merged 6 commits into from
Dec 5, 2025
Merged

Add git-conceal-unlock wrapper #195

AliSoftware merged 6 commits into from
Dec 5, 2025

Conversation

@AliSoftware
Copy link
Contributor

@AliSoftware AliSoftware commented Nov 15, 2025
edited
Loading

Closes AINFRA-1606

What?

This PR adds bin/git-conceal-unlock helper which takes care of downloading git-conceal (using the install.sh script from Automattic/git-conceal#3) if it's not installed on the CI machine first, then executing git-conceal unlock env:${1:-GIT_CONCEAL_SECRET_KEY} to unlock the repo.

Testing

This has been tested as part of woocommerce/woocommerce-android#14979

Changelog

  • I have considered if this change warrants release notes and have added them to the appropriate section in the CHANGELOG.md if necessary.

@AliSoftware AliSoftware mentioned this pull request Nov 16, 2025
Open
wzieba
wzieba reviewed Nov 17, 2025
View reviewed changes
@AliSoftware AliSoftware changed the title Add git-crypt-unlock helper Add git-crypt wrapper Nov 17, 2025
@AliSoftware
Copy link
Contributor Author

AliSoftware commented Nov 18, 2025

I believe the test failure on CI is unrelated to this PR and might instead be related to our recent changes to those scripts, or how the test tries to source those scripts for testing (especially as ./bin is not in the $PATH when we run the function under test in a testing context).

@mokagio Care to take a look to fix that unrelated part (in a separate PR)?

@iangmaia iangmaia mentioned this pull request Nov 19, 2025
Merged
@AliSoftware AliSoftware force-pushed the git-crypt-unlock branch 2 times, most recently from 4b2999c to 13e3bb6 Compare December 3, 2025 16:52
@AliSoftware AliSoftware changed the title Add git-crypt wrapper Add git-conceal-unlock wrapper Dec 3, 2025
@AliSoftware
Introduce git-conceal-unlock wrapper script
6b85f23 
That auto-downloads the binary from GitHub Release (using the `install.sh` script of the `git-conceal` repo) if it doesn't exist locally, before running `git-conceal unlock` on the current repo to decrypt the secrets
@AliSoftware
Add CHANGELOG entry
9ab2426
@AliSoftware AliSoftware marked this pull request as ready for review December 3, 2025 21:56
mokagio
mokagio reviewed Dec 4, 2025
View reviewed changes
AliSoftware and others added 4 commits December 4, 2025 18:21
@AliSoftware @mokagio
Update doc header
479ffd1 
Co-authored-by: Gio Lodi <[email protected]>
@AliSoftware @mokagio
Wording adjustment
31bc622 
Co-authored-by: Gio Lodi <[email protected]>
@AliSoftware @mokagio
Use exec instead of subprocess + exit $?
412544e 
Co-authored-by: Gio Lodi <[email protected]>
@AliSoftware
Add a note about the default env var
4f8cad6 
To indicate its name having the `_SECRET_KEY` suffix was chosen purposely so its value would be redacted in the Buildkite logs if it were accidentally leaked.
@AliSoftware AliSoftware requested a review from mokagio December 4, 2025 17:33
mokagio
mokagio approved these changes Dec 5, 2025
View reviewed changes
Copy link
Contributor

@mokagio mokagio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I pointed the guinea pig PR to the latest commit on this branch to confirm the latest worked as expected. All green other than the Dangermattic check, which is unrelated

image

:shipit:

@AliSoftware AliSoftware merged commit c096837 into trunk Dec 5, 2025
18 checks passed
@AliSoftware AliSoftware deleted the git-crypt-unlock branch December 5, 2025 02:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mokagio mokagio mokagio approved these changes

@wzieba wzieba Awaiting requested review from wzieba

@twstokes twstokes Awaiting requested review from twstokes

@iangmaia iangmaia Awaiting requested review from iangmaia

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@AliSoftware @mokagio @wzieba