ripsecrets 0.1.11

A command-line tool to prevent committing secret keys into your source code
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

set -e

if [ ! -z "$(git diff)" ]; then
    echo 'Outstanding changes. Stash or commit them to release'    
    exit 1
fi

if [ ! -z "$(git diff origin/main)" ]; then
    echo 'Unpushed changes. Push them to release'
    exit 1
fi

if head -1 CHANGELOG.md | grep -i 'Not yet released'; then
    echo 'Set release date of latest version'
    exit 1
fi

RELEASE_DATE=`head -n 1 CHANGELOG.md | grep -oE '[-0-9]{10}'`
TODAYS_DATE=`date "+%Y-%m-%d"`
if [ "$TODAYS_DATE" != "$RELEASE_DATE" ]; then
    echo "Release date ($RELEASE_DATE) doesn't match today's date ($TODAYS_DATE)"
    exit 1
fi

VERSION=`head -n 1 CHANGELOG.md | awk '{ print $2 }'`

CARGO_VERSION=`rg -m 1 -r '$1' 'version = "([^"]*)"' Cargo.toml`
if [ $CARGO_VERSION != $VERSION ]; then
    echo "Cargo.toml version ($CARGO_VERSION) doesn't match the CHANGELOG version ($VERSION)"
    exit 1
fi

# build

cargo build --release
cargo build --target x86_64-apple-darwin --release
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER=x86_64-unknown-linux-gnu-gcc cargo build --target x86_64-unknown-linux-gnu --release

# notarize

function notarize() {
    codesign -s "Developer ID Application: Brian Smith" -f -v --timestamp --options runtime $1
    if [ -d /tmp/ripsecrets-build/ripsecrets-notarize ]; then
        rm -r /tmp/ripsecrets-build/ripsecrets-notarize
    fi
    mkdir -p /tmp/ripsecrets-build/ripsecrets-notarize
    cp "$1" /tmp/ripsecrets-build/ripsecrets-notarize
    pushd /tmp/ripsecrets-build
    zip -r ripsecrets-notarize.zip ripsecrets-notarize
    xcrun notarytool submit ripsecrets-notarize.zip --keychain-profile secrets --wait
    popd
}

if ! spctl -vvv --assess --type exec target/release/ripsecrets 2>&1 | grep 'Brian Smith' > /dev/null; then
    notarize target/release/ripsecrets
fi

if ! spctl -vvv --assess --type exec target/x86_64-apple-darwin/release/ripsecrets 2>&1 | grep 'Brian Smith' > /dev/null; then
    notarize target/x86_64-apple-darwin/release/ripsecrets
fi

# package

ARTIFACT_NAME=ripsecrets-$VERSION-aarch64-apple-darwin
mkdir -p target/release/$ARTIFACT_NAME
cp target/release/ripsecrets target/release/$ARTIFACT_NAME
tar -C target/release -czf target/releases/$ARTIFACT_NAME.tar.gz $ARTIFACT_NAME

ARTIFACT_NAME=ripsecrets-$VERSION-x86_64-apple-darwin
mkdir -p target/x86_64-apple-darwin/release/$ARTIFACT_NAME
cp target/x86_64-apple-darwin/release/ripsecrets target/x86_64-apple-darwin/release/$ARTIFACT_NAME
tar -C target/x86_64-apple-darwin/release -czf target/releases/$ARTIFACT_NAME.tar.gz $ARTIFACT_NAME

ARTIFACT_NAME=ripsecrets-$VERSION-x86_64-unknown-linux-gnu
mkdir -p target/x86_64-unknown-linux-gnu/release/$ARTIFACT_NAME
cp target/x86_64-unknown-linux-gnu/release/ripsecrets target/x86_64-unknown-linux-gnu/release/$ARTIFACT_NAME
tar -C target/x86_64-unknown-linux-gnu/release -czf target/releases/$ARTIFACT_NAME.tar.gz $ARTIFACT_NAME

cargo publish --allow-dirty