New project Structure

[jkroepke]

• moving *.sh to scripts
• moving test.sh to tests/
• moving examples to tests/assets/
• Migrate to bats
• Implement lint checks

[github-actions]

sh-checker report

shellcheck output

No errors or shellcheck is disabled

The files above have some shellcheck issues

shfmt output

--- scripts/install.sh.orig
+++ scripts/install.sh
@@ -1,67 +1,67 @@
 #!/usr/bin/env sh
 
 set -eu
 
 SOPS_VERSION="3.5.0"
 SOPS_LINUX_URL="https://github.com/mozilla/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux"
 SOPS_LINUX_SHA="610fca9687d1326ef2e1a66699a740f5dbd5ac8130190275959da737ec52f096"
 
 RED='\033[0;31m'
 #GREEN='\033[0;32m'
 #BLUE='\033[0;34m'
 #YELLOW='\033[1;33m'
 NOC='\033[0m'
 
 download() {
-  if command -v curl >/dev/null; then
-    curl -sSfL "$1"
-  elif command -v wget >/dev/null; then
-    wget -q -O- "$1"
-  else
-    return 1
-  fi
+	if command -v curl >/dev/null; then
+		curl -sSfL "$1"
+	elif command -v wget >/dev/null; then
+		wget -q -O- "$1"
+	else
+		return 1
+	fi
 }
 
 get_sha_256() {
-  if command -v sha256sum >/dev/null; then
-    res=$(sha256sum "$1")
-  elif command -v shasum >/dev/null; then
-    res=$(shasum -a 256 "$1")
-  else
-    res=''
-  fi
+	if command -v sha256sum >/dev/null; then
+		res=$(sha256sum "$1")
+	elif command -v shasum >/dev/null; then
+		res=$(shasum -a 256 "$1")
+	else
+		res=''
+	fi
 
-  echo "$res" | cut -d ' ' -f 1
+	echo "$res" | cut -d ' ' -f 1
 }
 
 if hash sops 2>/dev/null; then
-  echo "sops is already installed: "
-  sops --version
+	echo "sops is already installed: "
+	sops --version
 else
-  # Try to install sops.
-  if [ "$(uname)" = "Darwin" ]; then
-    brew install sops
-  elif [ "$(uname)" = "Linux" ]; then
-    if ! download "${SOPS_LINUX_URL}" >/tmp/sops; then
-      printf "${RED}%s${NOC}\n" "Can't download SOPS ..."
-    else
-      SOPS_SHA256="$(get_sha_256 /tmp/sops)"
-      if [ "${SOPS_SHA256}" = "${SOPS_LINUX_SHA}" ] || [ "${SOPS_SHA256}" = "" ]; then
-        chmod +x /tmp/sops
-        mv /tmp/sops /usr/local/bin/
-      else
-        printf "${RED}%s${NOC}\n" "Wrong SHA256"
-      fi
-      rm -f /tmp/sops
-    fi
-  else
-    printf "${RED}%s${NOC}\n" "No SOPS package available"
-    exit 1
-  fi
+	# Try to install sops.
+	if [ "$(uname)" = "Darwin" ]; then
+		brew install sops
+	elif [ "$(uname)" = "Linux" ]; then
+		if ! download "${SOPS_LINUX_URL}" >/tmp/sops; then
+			printf "${RED}%s${NOC}\n" "Can't download SOPS ..."
+		else
+			SOPS_SHA256="$(get_sha_256 /tmp/sops)"
+			if [ "${SOPS_SHA256}" = "${SOPS_LINUX_SHA}" ] || [ "${SOPS_SHA256}" = "" ]; then
+				chmod +x /tmp/sops
+				mv /tmp/sops /usr/local/bin/
+			else
+				printf "${RED}%s${NOC}\n" "Wrong SHA256"
+			fi
+			rm -f /tmp/sops
+		fi
+	else
+		printf "${RED}%s${NOC}\n" "No SOPS package available"
+		exit 1
+	fi
 fi
 
 # If git is no available, fail silent.
 if hash git 2>/dev/null; then
-  git config --global diff.sopsdiffer.textconv "sops -d"
+	git config --global diff.sopsdiffer.textconv "sops -d"
 fi
 
--- scripts/run.sh.orig
+++ scripts/run.sh
@@ -1,399 +1,399 @@
 #!/usr/bin/env sh
 
 set -eu
 
 # The suffix to use for decrypted files. The default can be overridden using
 # the HELM_SECRETS_DEC_SUFFIX environment variable.
 DEC_SUFFIX="${HELM_SECRETS_DEC_SUFFIX:-.yaml.dec}"
 
 # Make sure HELM_BIN is set (normally by the helm command)
 HELM_BIN="${HELM_BIN:-helm}"
 
 usage() {
-  cat <<EOF
+	cat <<EOF
 GnuPG secrets encryption in Helm Charts
 
 This plugin provides ability to encrypt/decrypt secrets files
 to store in less secure places, before they are installed using
 Helm.
 
 To decrypt/encrypt/edit you need to initialize/first encrypt secrets with
 sops - https://github.com/mozilla/sops
 
 Available Commands:
   enc     Encrypt secrets file
   dec     Decrypt secrets file
   view    Print secrets decrypted
   edit    Edit secrets file and encrypt afterwards
   clean   Remove all decrypted files in specified directory (recursively)
   <cmd>   wrapper that decrypts secrets[.*].yaml files before running helm <cmd>
 
 EOF
 }
 
 enc_usage() {
-  cat <<EOF
+	cat <<EOF
 Encrypt secrets
 
 It uses your gpg credentials to encrypt .yaml file. If the file is already
 encrypted, look for a decrypted ${DEC_SUFFIX} file and encrypt that to .yaml.
 This allows you to first decrypt the file, edit it, then encrypt it again.
 
 You can use plain sops to encrypt - https://github.com/mozilla/sops
 
 Example:
   $ ${HELM_BIN} secrets enc <SECRET_FILE_PATH>
   $ git add <SECRET_FILE_PATH>
   $ git commit
   $ git push
 
 EOF
 }
 
 dec_usage() {
-  cat <<EOF
+	cat <<EOF
 Decrypt secrets
 
 It uses your gpg credentials to decrypt previously encrypted .yaml file.
 Produces ${DEC_SUFFIX} file.
 
 You can use plain sops to decrypt specific files - https://github.com/mozilla/sops
 
 Example:
   $ ${HELM_BIN} secrets dec <SECRET_FILE_PATH>
 
 Typical usage:
   $ ${HELM_BIN} secrets dec secrets/myproject/secrets.yaml
   $ vim secrets/myproject/secrets.yaml.dec
 
 EOF
 }
 
 view_usage() {
-  cat <<EOF
+	cat <<EOF
 View specified secrets[.*].yaml file
 
 Example:
   $ ${HELM_BIN} secrets view <SECRET_FILE_PATH>
 
 Typical usage:
   $ ${HELM_BIN} secrets view secrets/myproject/nginx/secrets.yaml | grep basic_auth
 
 EOF
 }
 
 edit_usage() {
-  cat <<EOF
+	cat <<EOF
 Edit encrypted secrets
 
 Decrypt encrypted file, edit and then encrypt
 
 You can use plain sops to edit - https://github.com/mozilla/sops
 
 Example:
   $ ${HELM_BIN} secrets edit <SECRET_FILE_PATH>
   or $ sops <SECRET_FILE_PATH>
   $ git add <SECRET_FILE_PATH>
   $ git commit
   $ git push
 
 EOF
 }
 
 clean_usage() {
-  cat <<EOF
+	cat <<EOF
 Clean all decrypted files if any exist
 
 It removes all decrypted ${DEC_SUFFIX} files in the specified directory
 (recursively) if they exist.
 
 Example:
   $ ${HELM_BIN} secrets clean <dir with secrets>
 
 EOF
 }
 
 helm_command_usage() {
-  cat <<EOF
+	cat <<EOF
 helm secrets <args>
 
 This is a wrapper for "helm <args>". It will detect -f and
 --values options, and decrypt any secrets.*.yaml files before running "helm
 <args>".
 
 Example:
   $ ${HELM_BIN} secrets upgrade <HELM UPGRADE OPTIONS>
   $ ${HELM_BIN} secrets lint <HELM LINT OPTIONS>
 
 Typical usage:
   $ ${HELM_BIN} secrets upgrade i1 stable/nginx-ingress -f values.test.yaml -f secrets.test.yaml
   $ ${HELM_BIN} secrets lint ./my-chart -f values.test.yaml -f secrets.test.yaml
 
 EOF
 }
 
 is_help() {
-  case "$1" in
-  -h | --help | help)
-    return 0
-    ;;
-  *)
-    return 1
-    ;;
-  esac
+	case "$1" in
+	-h | --help | help)
+		return 0
+		;;
+	*)
+		return 1
+		;;
+	esac
 }
 
 is_file_encrypted() {
-  grep -q 'sops:' "${1}" && grep -q 'version:' "${1}"
+	grep -q 'sops:' "${1}" && grep -q 'version:' "${1}"
 }
 
 file_dec_name() {
-  echo "$(dirname "${1}")/$(basename "${1}" ".yaml")${DEC_SUFFIX}"
+	echo "$(dirname "${1}")/$(basename "${1}" ".yaml")${DEC_SUFFIX}"
 }
 
 encrypt_helper() {
-  dir=$(dirname "$1")
-  file=$(basename "$1")
+	dir=$(dirname "$1")
+	file=$(basename "$1")
 
-  cd "$dir"
+	cd "$dir"
 
-  if [ ! -f "${file}" ]; then
-    echo "File does not exist: $dir/${file}"
-    exit 1
-  fi
+	if [ ! -f "${file}" ]; then
+		echo "File does not exist: $dir/${file}"
+		exit 1
+	fi
 
-  file_dec="$(file_dec_name "${file}")"
+	file_dec="$(file_dec_name "${file}")"
 
-  if [ ! -f "${file_dec}" ]; then
-    file_dec="${file}"
-  fi
+	if [ ! -f "${file_dec}" ]; then
+		file_dec="${file}"
+	fi
 
-  if is_file_encrypted "${file_dec}"; then
-    echo "Already encrypted: ${file_dec}"
-    return
-  fi
+	if is_file_encrypted "${file_dec}"; then
+		echo "Already encrypted: ${file_dec}"
+		return
+	fi
 
-  if [ "${file}" = "${file_dec}" ]; then
-    sops --encrypt --input-type yaml --output-type yaml --in-place "${file}"
-    echo "Encrypted ${file}"
-  else
-    sops --encrypt --input-type yaml --output-type yaml "${file_dec}" >"${file}"
-    echo "Encrypted ${file_dec} to ${file}"
-  fi
+	if [ "${file}" = "${file_dec}" ]; then
+		sops --encrypt --input-type yaml --output-type yaml --in-place "${file}"
+		echo "Encrypted ${file}"
+	else
+		sops --encrypt --input-type yaml --output-type yaml "${file_dec}" >"${file}"
+		echo "Encrypted ${file_dec} to ${file}"
+	fi
 }
 
 enc() {
-  if is_help "$1"; then
-    enc_usage
-    return
-  fi
+	if is_help "$1"; then
+		enc_usage
+		return
+	fi
 
-  file="$1"
+	file="$1"
 
-  if [ ! -f "${file}" ]; then
-    echo "${file} doesn't exist."
-  else
-    echo "Encrypting ${file}"
-    encrypt_helper "${file}"
-  fi
+	if [ ! -f "${file}" ]; then
+		echo "${file} doesn't exist."
+	else
+		echo "Encrypting ${file}"
+		encrypt_helper "${file}"
+	fi
 }
 
 decrypt_helper() {
-  file="${1}"
+	file="${1}"
 
-  if [ ! -f "$file" ]; then
-    echo "File does not exist: ${file}"
-    exit 1
-  fi
+	if [ ! -f "$file" ]; then
+		echo "File does not exist: ${file}"
+		exit 1
+	fi
 
-  if ! is_file_encrypted "${file}"; then
-    return 1
-  fi
+	if ! is_file_encrypted "${file}"; then
+		return 1
+	fi
 
-  file_dec="$(file_dec_name "${file}")"
+	file_dec="$(file_dec_name "${file}")"
 
-  if ! sops --decrypt --input-type yaml --output-type yaml --output "${file_dec}" "${file}"; then
-    echo "Error while decrypting file: ${file}"
-    exit 1
-  fi
+	if ! sops --decrypt --input-type yaml --output-type yaml --output "${file_dec}" "${file}"; then
+		echo "Error while decrypting file: ${file}"
+		exit 1
+	fi
 
-  return 0
+	return 0
 }
 
 dec() {
-  if is_help "$1"; then
-    dec_usage
-    return
-  fi
+	if is_help "$1"; then
+		dec_usage
+		return
+	fi
 
-  file="$1"
+	file="$1"
 
-  if [ ! -f "${file}" ]; then
-    echo "${file} doesn't exist."
-  else
-    echo "Decrypting ${file}"
-    decrypt_helper "${file}"
-  fi
+	if [ ! -f "${file}" ]; then
+		echo "${file} doesn't exist."
+	else
+		echo "Decrypting ${file}"
+		decrypt_helper "${file}"
+	fi
 }
 
 view_helper() {
-  file="$1"
+	file="$1"
 
-  if [ ! -f "${file}" ]; then
-    echo "File does not exist: ${file}"
-    exit 1
-  fi
+	if [ ! -f "${file}" ]; then
+		echo "File does not exist: ${file}"
+		exit 1
+	fi
 
-  exec sops --decrypt --input-type yaml --output-type yaml "${file}"
+	exec sops --decrypt --input-type yaml --output-type yaml "${file}"
 }
 
 view() {
-  if is_help "$1"; then
-    view_usage
-    return
-  fi
+	if is_help "$1"; then
+		view_usage
+		return
+	fi
 
-  view_helper "$1"
+	view_helper "$1"
 }
 
 edit_helper() {
-  file="$1"
+	file="$1"
 
-  if [ ! -e "${file}" ]; then
-    echo "File does not exist: ${file}"
-    exit 1
-  fi
+	if [ ! -e "${file}" ]; then
+		echo "File does not exist: ${file}"
+		exit 1
+	fi
 
-  exec sops --input-type yaml --output-type yaml "${file}" </dev/tty
+	exec sops --input-type yaml --output-type yaml "${file}" </dev/tty
 }
 
 edit() {
-  file="$1"
-  edit_helper "${file}"
+	file="$1"
+	edit_helper "${file}"
 }
 
 clean() {
-  if is_help "$1"; then
-    clean_usage
-    return
-  fi
+	if is_help "$1"; then
+		clean_usage
+		return
+	fi
 
-  basedir="$1"
+	basedir="$1"
 
-  find "$basedir" -type f -name "secrets*${DEC_SUFFIX}" -exec rm -v {} \;
+	find "$basedir" -type f -name "secrets*${DEC_SUFFIX}" -exec rm -v {} \;
 }
 
 helm_wrapper() {
-  decrypted_files=$(mktemp)
+	decrypted_files=$(mktemp)
 
-  argc=$#
-  j=0
+	argc=$#
+	j=0
 
-  #cleanup on-the-fly decrypted files
-  trap 'xargs -0 rm -fv > /dev/stderr < "${decrypted_files}"; rm -f "${decrypted_files}"' EXIT
+	#cleanup on-the-fly decrypted files
+	trap 'xargs -0 rm -fv > /dev/stderr < "${decrypted_files}"; rm -f "${decrypted_files}"' EXIT
 
-  while [ $j -lt $argc ]; do
-    case "$1" in
-    --)
-      # skip --, and what remains are the cmd args
-      set -- "$1"
-      shift
-      break
-      ;;
-    -f | --values)
-      set -- "$@" "$1"
+	while [ $j -lt $argc ]; do
+		case "$1" in
+		--)
+			# skip --, and what remains are the cmd args
+			set -- "$1"
+			shift
+			break
+			;;
+		-f | --values)
+			set -- "$@" "$1"
 
-      file="${2}"
-      if decrypt_helper "${file}"; then
-        file_dec="$(file_dec_name "${file}")"
-        set -- "$@" "$file_dec"
-        echo "[helm-secrets] Decrypt: ${file}" >/dev/stderr
-        printf '%s\0' "${file_dec}" >>"${decrypted_files}"
-      else
-        set -- "$@" "$file"
-      fi
+			file="${2}"
+			if decrypt_helper "${file}"; then
+				file_dec="$(file_dec_name "${file}")"
+				set -- "$@" "$file_dec"
+				echo "[helm-secrets] Decrypt: ${file}" >/dev/stderr
+				printf '%s\0' "${file_dec}" >>"${decrypted_files}"
+			else
+				set -- "$@" "$file"
+			fi
 
-      shift
-      j=$((j + 1))
-      ;;
-    *)
-      set -- "$@" "$1"
-      ;;
-    esac
+			shift
+			j=$((j + 1))
+			;;
+		*)
+			set -- "$@" "$1"
+			;;
+		esac
 
-    shift
-    j=$((j + 1))
-  done
+		shift
+		j=$((j + 1))
+	done
 
-  echo
-  "${HELM_BIN}" ${TILLER_HOST:+--host "$TILLER_HOST"} "$@"
-  echo
-  echo "[helm-secrets] Remove decrypted files:" >/dev/stderr
+	echo
+	"${HELM_BIN}" ${TILLER_HOST:+--host "$TILLER_HOST"} "$@"
+	echo
+	echo "[helm-secrets] Remove decrypted files:" >/dev/stderr
 }
 
 helm_command() {
-  if [ $# -lt 2 ] || is_help "$2"; then
-    helm_command_usage
-    return
-  fi
+	if [ $# -lt 2 ] || is_help "$2"; then
+		helm_command_usage
+		return
+	fi
 
-  helm_wrapper "$@"
+	helm_wrapper "$@"
 }
 
 case "${1:-}" in
 enc)
-  if [ $# -lt 2 ]; then
-    enc_usage
-    echo "Error: secrets file required."
-    exit 1
-  fi
-  enc "$2"
-  shift
-  ;;
+	if [ $# -lt 2 ]; then
+		enc_usage
+		echo "Error: secrets file required."
+		exit 1
+	fi
+	enc "$2"
+	shift
+	;;
 dec)
-  if [ $# -lt 2 ]; then
-    dec_usage
-    echo "Error: secrets file required."
-    exit 1
-  fi
-  dec "$2"
-  ;;
+	if [ $# -lt 2 ]; then
+		dec_usage
+		echo "Error: secrets file required."
+		exit 1
+	fi
+	dec "$2"
+	;;
 view)
-  if [ $# -lt 2 ]; then
-    view_usage
-    echo "Error: secrets file required."
-    exit 1
-  fi
-  view "$2"
-  ;;
+	if [ $# -lt 2 ]; then
+		view_usage
+		echo "Error: secrets file required."
+		exit 1
+	fi
+	view "$2"
+	;;
 edit)
-  if [ $# -lt 2 ]; then
-    edit_usage
-    echo "Error: secrets file required."
-    exit 1
-  fi
-  edit "$2"
-  shift
-  ;;
+	if [ $# -lt 2 ]; then
+		edit_usage
+		echo "Error: secrets file required."
+		exit 1
+	fi
+	edit "$2"
+	shift
+	;;
 clean)
-  if [ $# -lt 2 ]; then
-    clean_usage
-    echo "Error: Chart package required."
-    exit 1
-  fi
-  clean "$2"
-  ;;
+	if [ $# -lt 2 ]; then
+		clean_usage
+		echo "Error: Chart package required."
+		exit 1
+	fi
+	clean "$2"
+	;;
 --help | -h | help)
-  usage
-  ;;
+	usage
+	;;
 "")
-  usage
-  exit 1
-  ;;
+	usage
+	exit 1
+	;;
 *)
-  helm_command "$@"
-  ;;
+	helm_command "$@"
+	;;
 esac
 
 exit 0
 

The files above have some formatting problems, you can use shfmt -w to fix them