feat: remove deprecated shell scripts and add Python alternatives for all of them

2025-03-10 15:48:33 +01:00
parent a1e145871b
commit 62954eb986
17 changed files with 652 additions and 641 deletions
--- a/bin/actions/secrets.py
+++ b/bin/actions/secrets.py
@@ -0,0 +1,168 @@
+#!/usr/bin/env python3
+
+import os
+import sys
+import subprocess
+import hashlib
+import glob
+
+# Import helper functions
+sys.path.append(os.path.join(os.path.expanduser("~/.dotfiles"), "bin"))
+from helpers.functions import printfe, run_command
+
+def is_wsl():
+    """Check if running under WSL"""
+    try:
+        with open('/proc/version', 'r') as f:
+            return 'microsoft' in f.read().lower()
+    except:
+        return False
+
+def get_password():
+    """Get password from 1Password"""
+    # Choose the appropriate op command based on WSL status
+    op_cmd = "op.exe" if is_wsl() else "op"
+    
+    # Try to get the password
+    success, output = run_command([op_cmd, "item", "get", "Dotfiles Secrets", "--fields", "password"])
+    
+    if not success:
+        printfe("red", "Failed to fetch password from 1Password.")
+        return None
+    
+    # Check if we need to use a token
+    if "use 'op item get" in output:
+        # Extract the token
+        token = output.split("use 'op item get ")[1].split(" --")[0]
+        printfe("cyan", f"Got fetch token: {token}")
+        
+        # Use the token to get the actual password
+        success, password = run_command(
+            [op_cmd, "item", "get", token, "--reveal", "--fields", "password"]
+        )
+        if not success:
+            return None
+        return password
+    else:
+        # We already got the password
+        return output
+    
+def prompt_for_password():
+    """Ask for password manually"""
+    import getpass
+    printfe("cyan", "Enter the password manually: ")
+    password = getpass.getpass("")
+    
+    if not password:
+        printfe("red", "Password cannot be empty.")
+        sys.exit(1)
+        
+    printfe("green", "Password entered successfully.")
+    return password
+
+def calculate_checksum(file_path):
+    """Calculate SHA256 checksum of a file"""
+    sha256_hash = hashlib.sha256()
+    with open(file_path, "rb") as f:
+        for byte_block in iter(lambda: f.read(4096), b""):
+            sha256_hash.update(byte_block)
+    return sha256_hash.hexdigest()
+
+def encrypt_folder(folder_path, password):
+    """Recursively encrypt files in a folder"""
+    for item in glob.glob(os.path.join(folder_path, "*")):
+        # Skip .gpg and .sha256 files
+        if item.endswith(".gpg") or item.endswith(".sha256"):
+            continue
+            
+        # Handle directories recursively
+        if os.path.isdir(item):
+            encrypt_folder(item, password)
+            continue
+            
+        # Calculate current checksum
+        current_checksum = calculate_checksum(item)
+        checksum_file = f"{item}.sha256"
+        
+        # Check if file changed since last encryption
+        if os.path.exists(checksum_file):
+            with open(checksum_file, 'r') as f:
+                previous_checksum = f.read().strip()
+                
+            if current_checksum == previous_checksum:
+                continue
+                
+        # Remove existing .gpg file if it exists
+        gpg_file = f"{item}.gpg"
+        if os.path.exists(gpg_file):
+            os.remove(gpg_file)
+            
+        # Encrypt the file
+        printfe("cyan", f"Encrypting {item}...")
+        cmd = [
+            "gpg", "--quiet", "--batch", "--yes", "--symmetric",
+            "--cipher-algo", "AES256", "--armor",
+            "--passphrase", password,
+            "--output", gpg_file, item
+        ]
+        
+        success, _ = run_command(cmd)
+        if success:
+            printfe("cyan", f"Staging {item} for commit...")
+            run_command(["git", "add", "-f", gpg_file])
+            
+            # Update checksum file
+            with open(checksum_file, 'w') as f:
+                f.write(current_checksum)
+        else:
+            printfe("red", f"Failed to encrypt {item}")
+
+def decrypt_folder(folder_path, password):
+    """Recursively decrypt files in a folder"""
+    for item in glob.glob(os.path.join(folder_path, "*")):
+        # Handle .gpg files
+        if item.endswith(".gpg"):
+            output_file = item[:-4]  # Remove .gpg extension
+            printfe("cyan", f"Decrypting {item}...")
+            
+            cmd = [
+                "gpg", "--quiet", "--batch", "--yes", "--decrypt",
+                "--passphrase", password,
+                "--output", output_file, item
+            ]
+            
+            success, _ = run_command(cmd)
+            if not success:
+                printfe("red", f"Failed to decrypt {item}")
+                
+        # Process directories recursively
+        elif os.path.isdir(item):
+            printfe("cyan", f"Decrypting folder {item}...")
+            decrypt_folder(item, password)
+
+def main():
+    if len(sys.argv) != 2 or sys.argv[1] not in ["encrypt", "decrypt"]:
+        printfe("red", "Usage: secrets.py [encrypt|decrypt]")
+        return 1
+        
+    # Get the dotfiles path
+    dotfiles_path = os.environ.get("DOTFILES_PATH", os.path.expanduser("~/.dotfiles"))
+    secrets_path = os.path.join(dotfiles_path, "secrets")
+    
+    # Get the password
+    password = get_password()
+    if not password:
+        password = prompt_for_password()
+        
+    # Perform the requested action
+    if sys.argv[1] == "encrypt":
+        printfe("cyan", "Encrypting secrets...")
+        encrypt_folder(secrets_path, password)
+    else:  # decrypt
+        printfe("cyan", "Decrypting secrets...")
+        decrypt_folder(secrets_path, password)
+        
+    return 0
+
+if __name__ == "__main__":
+    sys.exit(main())