# # Copyright © 2022 Maestro Creativescape # # SPDX-License-Identifier: AGPL-3.0-or-later # # Imports from git import Repo import os from shutil import copytree from glob import glob import subprocess from time import time # Blacklist, prevents handling these files altogether BLACKLIST = [ ".git", ".obsidian", ".idea", ".gitlab-ci.yml", ".encrypt.py", ".trigger.py", ] # Env vars to handle creds enc_path = os.environ.get("ENCRYPTED_PATH") enc_repo = os.environ.get("ENCRYPTED_REPO") enc_repo_user = os.environ.get("ENCRYPTED_REPO_USERNAME") enc_repo_pass = os.environ.get("ENCRYPTED_REPO_PASSWORD") enc_key = os.environ.get("ENCRYPTION_KEY") # Create our encrypted directory base base_dir = os.getcwd() current_time = str(int(time())) os.mkdir(enc_path) os.chdir(enc_path) # Initialise the repo for our encrypted directory and add the remote repo = Repo.init(enc_path) repo.create_remote( "origin", f"https://{enc_repo_user}:{enc_repo_pass}@github.com/baalajimaestro/{enc_repo}.git", ) # Glob the file list of "." starting files and non "." starting files file_list = glob(base_dir + "/**/.*", recursive=True) + glob( base_dir + "/**/*", recursive=True ) # Start going through the file list, and create all directories for i in file_list: if os.path.isdir(i): rel_path = i.split(base_dir + "/")[1] for j in BLACKLIST: if rel_path in j: break else: os.mkdir(enc_path + "/" + rel_path) # Use a subprocess to chacha20 encrypt everything, and push it to the requested directory for i in file_list: rel_path = i.split(base_dir + "/")[1] if not os.path.isdir(i): for j in BLACKLIST: if rel_path in j: break else: process = subprocess.run( [ "openssl", "enc", "-chacha20", "-base64", "-salt", "-iter", "1000", "-pass", f"pass:{enc_key}", "-md", "sha512", "-in", i, "-out", enc_path + "/" + rel_path, ] ) # Add, commit and push it all repo.git.add(".") repo.index.commit(f"Commit as of {current_time}") repo.git.push("origin", "master", force=True)