chore: drop dead code, fix doc drift, widen lint coverage#5
Merged
Conversation
…erage Applies a few principle-driven cleanups: YAGNI — repo is macOS-only: - home/.chezmoi.yaml.tmpl: drop the `edwinhern-personal-windows` branch from machine detection. There are no Windows scripts under home/.chezmoiscripts/ to act on a Windows context. - home/.chezmoidata/packages.yaml: drop the `windows.winget` block for the same reason — no script ever reads it. Dead template data: - home/.chezmoi.yaml.tmpl: drop `font.mono` and `editor.default` — no template references either field. Pointless template: - Rename home/dot_zshenv.tmpl -> home/dot_zshenv. The file contains only `export ZDOTDIR="$HOME/.config/zsh"` with zero template syntax; the .tmpl suffix forces a needless render pass. Deprecated flag: - home/.chezmoiscripts/darwin/run_onchange_02_install-packages.sh.tmpl: drop `--no-lock` from `brew bundle`. Homebrew Bundle 4 removed lockfiles entirely; the flag is a no-op. Documentation drift: - README.md: `Edwins-MacBook-Pro` -> `edwinhern-personal-mac` to match the actual hostname check, and `chezmoi.toml.tmpl` -> `chezmoi.yaml.tmpl` to match the file that actually exists. Coverage gap: - scripts/lint.sh, scripts/format.sh: prettier glob extended to `**/*.yaml`. The repo has several .yaml files (packages.yaml, dependabot.yaml, the chezmoiexternal partial) that the .yml-only glob silently skipped.
edwinhern
added a commit
that referenced
this pull request
May 8, 2026
* feat: declarative apply via run_onchange_after_ scripts - brew-bundle: re-runs brew bundle when Brewfile.tmpl content changes - mise-install: re-runs mise install when mise/config.toml.tmpl changes - macos-defaults: scaffold keyed off sw_vers --buildVersion; re-runs after every macOS update so defaults write commands can be added incrementally All three short-circuit cleanly when their target tool isn't on PATH (covers the bootstrap window before mise/brew are installed). * feat: wire age encryption framework (inactive until recipient set) Personal-only encryption pipeline; nothing is encrypted yet because the recipient public key is empty. Edwin pastes it into the .chezmoi.toml.tmpl $ageRecipient line after running keygen. - home/.chezmoi.toml.tmpl: conditional encryption block, gated on context==personal AND recipient!="" - home/.chezmoiignore.tmpl: always ignore key.txt.age (source state, not a target). On non-personal contexts, also ignore .secrets.local and the decrypt script (defense-in-depth alongside the script's own context check) - home/run_onchange_before_decrypt-private-key.sh.tmpl: on first apply, decrypts key.txt.age to ~/.config/chezmoi/key.txt with prompted passphrase; no-ops on subsequent applies and on non-personal contexts - home/dot_config/zsh/exports.zsh: source ~/.secrets.local instead of ~/.secrets (universal runtime path; personal materializes via chezmoi, work via hand) * docs: simplify README around install + commands + secrets - Drop the layering-model section (per Edwin's preference) - Tighten install to a single paragraph - Add common commands cheatsheet incl. chezmoi re-add (the bidirectional loop callout from Sayz Lim's article) - Document the personal-only age encryption flow and the work-machine manual ~/.secrets.local pattern explicitly * feat: enable age-encrypted personal secrets - home/key.txt.age: passphrase-protected age private key (committed safely — requires the passphrase to decrypt) - home/encrypted_private_dot_secrets.local.age: GitHub PAT + Context7 API key, encrypted to the recipient public key in .chezmoi.toml.tmpl - home/.chezmoi.toml.tmpl: render sourceDir = repo path, plus the inline age recipient (committed safely — public keys are public). The conditional encryption block now activates because both context==personal and recipient!="" are true. - home/.chezmoidata/defaults.toml: editor.default = nano (nvim not installed) - README: encrypt-direct workflow via mktemp + chezmoi encrypt — no plaintext ever lands at ~/.secrets.local; the temp file is shredded after encrypt * feat: update age recipient key and add script for decrypting private key * feat: add comprehensive documentation and scripts for dotfiles management * refactor: Restructure dotfiles management and enhance context handling - Removed GitHub Copilot instructions document to streamline repository. - Updated README to clarify hostname-aware context management for personal and work machines. - Deleted old .chezmoi.toml.tmpl and replaced it with a new .chezmoi.yaml.tmpl for improved configuration. - Consolidated package management into a single packages.yaml file for better organization. - Removed deprecated external plugin configurations and migrated to a new chezmoiexternal.yaml.tmpl. - Added new run_once and run_onchange scripts for Homebrew and mise tool installations. - Cleaned up unnecessary scripts and configurations, ensuring a more efficient setup process. - Updated Git configuration templates to align with new data structure. - Removed obsolete files and configurations to maintain repository cleanliness. * feat: add comprehensive dotfiles configuration for various tools and environments * feat: migrate AGENTS.md content to CLAUDE.md and update mise.toml for chezmoi version Co-authored-by: Copilot <copilot@github.com> * fix: update path for shell targets in format and lint scripts * fix: clean up stale paths, docs, and script consistency (#3) - run_onchange_03_install-mise-tools.sh.tmpl: fix include path (private_dot_config -> dot_config) so the hash trigger actually re-runs when the mise config changes. - run_onchange_02_install-packages.sh.tmpl: drop the deprecated homebrew/cask-fonts tap (fonts moved into homebrew/cask in 2024). - CLAUDE.md: update the title and response rule to reference edwinhern/dotfiles-public; remove the bats Test Policy section (no bats files exist in the repo). - README.md: rewrite the install + apply paragraphs to match what scripts/install.sh and the run_onchange_* scripts actually do (no Brewfile.tmpl, no mise x chezmoi); fix the work-secrets paragraph to describe the actual mechanism (no .chezmoiignore.tmpl exists). - makefile: invoke scripts directly instead of via sh/bash so each script's shebang is respected and the targets are consistent. - scripts/install.sh: standardize shebang on /usr/bin/env sh to match the other scripts. * docs: drop age-encryption sections from README (#4) The age-encryption framework was removed in 1fd1d57 (refactor: Restructure dotfiles management). The README still described the old setup in detail, including a "Work machine secrets" section that referenced a non-existent home/.chezmoiignore.tmpl. Replace both sections with a short "Local secrets" note that matches what the repo actually does: each machine maintains its own ~/.secrets.local by hand and zsh sources it from home/dot_config/zsh/exports.zsh. Drop the chezmoi encryption FAQ link from References since it's no longer relevant. * chore: tighten config — drop dead code, fix doc drift, widen lint coverage (#5) Applies a few principle-driven cleanups: YAGNI — repo is macOS-only: - home/.chezmoi.yaml.tmpl: drop the `edwinhern-personal-windows` branch from machine detection. There are no Windows scripts under home/.chezmoiscripts/ to act on a Windows context. - home/.chezmoidata/packages.yaml: drop the `windows.winget` block for the same reason — no script ever reads it. Dead template data: - home/.chezmoi.yaml.tmpl: drop `font.mono` and `editor.default` — no template references either field. Pointless template: - Rename home/dot_zshenv.tmpl -> home/dot_zshenv. The file contains only `export ZDOTDIR="$HOME/.config/zsh"` with zero template syntax; the .tmpl suffix forces a needless render pass. Deprecated flag: - home/.chezmoiscripts/darwin/run_onchange_02_install-packages.sh.tmpl: drop `--no-lock` from `brew bundle`. Homebrew Bundle 4 removed lockfiles entirely; the flag is a no-op. Documentation drift: - README.md: `Edwins-MacBook-Pro` -> `edwinhern-personal-mac` to match the actual hostname check, and `chezmoi.toml.tmpl` -> `chezmoi.yaml.tmpl` to match the file that actually exists. Coverage gap: - scripts/lint.sh, scripts/format.sh: prettier glob extended to `**/*.yaml`. The repo has several .yaml files (packages.yaml, dependabot.yaml, the chezmoiexternal partial) that the .yml-only glob silently skipped. * feat: add CI workflow and APM configuration files for personal, business, and development packages Co-authored-by: Copilot <copilot@github.com> * feat: add vscode extensions configuration and macOS defaults script Co-authored-by: Copilot <copilot@github.com> * docs: update README for clarity and remove obsolete sections * feat: add macOS defaults + tmux mouse/vi-keys; fix silent template bug run_onchange_05_defaults.sh.tmpl (renamed from run_onchange_after_10-defaults.sh.tmpl to slot into the existing 02/03/04 sequence): - Sets Finder, Dock, Screenshots, and misc system defaults. - Dock pinned apps now declarative via dockutil — added dockutil to packages.yaml shared formulas. Each app entry is guarded by `[ -d "$app" ]` so a missing app silently skips instead of crashing the apply. - Removed `sudo nvram StartupMute=%01` (would block unattended apply on machines without TouchID-for-sudo). - Brave default-browser check now actually works — the previous draft captured awk's empty stdout into a variable and ran it as a command, so the guard was always a no-op. Pipeline goes directly into `if !`. - Screenshot location uses "$HOME/..." instead of literal "~/..." (defaults doesn't expand tilde inside quotes). - Deduped a double LSQuarantine write. - Dropped empty `## ` placeholder comments per CLAUDE.md's shdoc-compatible-English-comments rule. - Header comment fixed to reference the new filename. home/.chezmoiexternal.yaml.tmpl: - {{ template "chezmoiexternal.d/darwin.yaml.tmpl" . }} → {{ template "chezmoiexternal.d/darwin.yaml" . }}. The partial in .chezmoitemplates/ is registered by its on-disk name (darwin.yaml), not its target name. The .tmpl-suffixed invocation has been silently failing — chezmoi reported `template "chezmoiexternal.d/darwin.yaml.tmpl" not defined` on every apply, which means the zsh plugin externals (autosuggestions, syntax-highlighting, etc.) haven't been refreshed by chezmoi for an unknown stretch. home/dot_config/tmux/tmux.conf: - Enable mouse mode and vi-style copy-mode keybindings. * feat: add voiceink to the list of applications in packages.yaml * fix(mise): bump chezmoi pin from v2.0.0 to v2.70.2 The "2.0.0" pin was added thinking it was a stable major version, but chezmoi v2.0.0 is the very first 2.x release from March 2021. It predates `stdinIsATTY` (added in v2.16.0, July 2022), which home/.chezmoi.yaml.tmpl depends on for non-interactive fallback. When mise activates this project's tool versions, `chezmoi init` runs the pinned v2.0.0 binary and fails with: template: chezmoi.yaml:23: function "stdinIsATTY" not defined Pin to v2.70.2 to match what the system already has installed and what we've validated against in this branch. Also incorporate the staged doc-comment fix in run_onchange_04_install-vscode-extensions.sh.tmpl (header now references extensions.yaml, matching the include path). * fix(vscode): drop built-in copilot-chat; tolerate per-extension failures VS Code 1.95+ ships GitHub Copilot Chat as a built-in extension (currently v0.46.2 on this machine). The marketplace version is older (v0.45.1), so `code --install-extension github.copilot-chat` errors with "cannot be downgraded" and aborts the whole apply under `set -euo pipefail`, preventing run_onchange_05_defaults from running. Two changes: - extensions.yaml: drop github.copilot-chat from shared extensions. It's installed automatically with VS Code now and managed via VS Code's update channel, not the marketplace install path. - run_onchange_04_install-vscode-extensions.sh.tmpl: catch per-extension failures into a `failed` array and log them at the end instead of letting one bad extension halt apply. Future cases (a marketplace listing yanked, a corporate policy block, etc.) will warn but not break the apply chain. * fix(dock): update dock tile size and autohide timing settings * fix(mise): update apm version from 0.8.11 to 0.12.2 * fix(apm): update apm version to 0.12.4 and add business and development configurations --------- Co-authored-by: Copilot <copilot@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Principle-driven cleanups surfaced in a deeper review of the repo.
YAGNI — repo is macOS-only
Every
home/.chezmoiscripts/is darwin-scoped,.chezmoirootpoints athome/, and the README scopes the project to macOS. The Windows config paths can therefore never trigger any work:home/.chezmoi.yaml.tmpl— drop theedwinhern-personal-windowsarm of the machine-detection conditional.home/.chezmoidata/packages.yaml— drop thewindows.wingetblock.If Windows support is ever needed, both pieces are trivial to reintroduce alongside actual
home/.chezmoiscripts/windows/*scripts.Dead template data
home/.chezmoi.yaml.tmpl— dropfont.mono: \"Monaspace Argon\"andeditor.default: \"nano\".grepacross all templates and zsh files turned up zero readers.Pointless template
home/dot_zshenv.tmpl→home/dot_zshenv— the file is one line (export ZDOTDIR=\"\$HOME/.config/zsh\") with no template syntax. The.tmplsuffix forces chezmoi to render it on every apply for no reason.Deprecated flag
home/.chezmoiscripts/darwin/run_onchange_02_install-packages.sh.tmpl— drop--no-lockfrombrew bundle. Homebrew Bundle 4 removed lockfiles entirely; the flag is a no-op (or warning) on current Brew.Documentation drift
README.md—Edwins-MacBook-Pro→edwinhern-personal-mac(matches the actual hostname check in.chezmoi.yaml.tmpl), andchezmoi.toml.tmpl→chezmoi.yaml.tmpl(the file that actually exists).Coverage gap
scripts/lint.sh,scripts/format.sh— extend prettier's glob to**/*.yaml. The previous**/*.yml-only glob silently skippedhome/.chezmoidata/packages.yaml,home/.chezmoitemplates/chezmoiexternal.d/darwin.yaml, and.github/dependabot.yaml. Verified all currently pass — no formatting drift introduced.Considered and rejected
command -v Xguards into a.chezmoitemplates/partial. Only 2 of 3 chezmoi scripts share the same fail-fast semantics (the VS Code script is warn-and-skip), so a shared partial would be premature abstraction.scripts/install.sh. Not a real bug — the chezmoi script guards already gate every action byeq .chezmoi.os \"darwin\". A non-darwin run would just be a no-op.masfrom packages.yaml. Installed but never invoked declaratively. Left in because it's a fairly common interactive tool — easier for the user to keep around than to re-add later.Test plan
make lintpasses locally (verified after every edit)make fmtagainst the wider yaml glob produced zero changes (good — no drift)