Fix helm protocol handler on windows

.editorconfig

@@ -4,7 +4,7 @@ root = true
 end_of_line = lf
 insert_final_newline = true
 
-[*.cmd]
+[sh.cmd]
 end_of_line = crlf
 
 [*.{sh,bats,bash}]

.gitattributes

@@ -1,2 +1,4 @@
 * text=auto
 *.sh text eol=lf
+sh.cmd text eol=crlf
+run.cmd text eol=lf

.github/workflows/ci.yaml

@@ -34,6 +34,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     container: ${{ matrix.container }}
     if: "!contains(github.event.head_commit.message, '[ci skip]')"
+    timeout-minutes: 20
     strategy:
       fail-fast: false
       matrix:

CHANGELOG.md

@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 - Added error handling in case `curl` or `wget` is not installed.
+- Enable protocol handling on Windows. Requires the command `helm secrets patch windows` once.
 
 ### Changes
 - Check detection of sops encrypted files

README.md

@@ -17,7 +17,7 @@ See [Installation](https://github.com/jkroepke/helm-secrets/wiki/Installation) f
 
 ### Decrypt secrets via protocol handler
 
-Run decrypted command on specific value files. This is method is preferred over the plugin command below.
+Run decrypted command on specific value files. This is method is preferred over the plugin command below. On Windows, the command `helm secrets patch windows` needs to be run first.
 
 ```bash
 helm upgrade name . -f secrets://secrets.yaml

docker-compose.yaml

@@ -0,0 +1,13 @@
+version: '3'
+services:
+  helm-secrets:
+    image: ubuntu:20.04
+    working_dir: /opt
+    volumes:
+      - ./:/work/helm-secrets
+      - ./tests/.tmp/.bin/:/usr/local/sbin/
+    command:
+      - bash
+      - -c
+      - apt update && apt install git gnupg ruby -y && cp -r /work/helm-secrets/ /opt && sleep inf
+

docs/Usage.md

@@ -2,12 +2,15 @@
 
 ```
 $ helm secrets help
-GnuPG secrets encryption in Helm Charts
+
+Secrets encryption in Helm Charts
 
 This plugin provides ability to encrypt/decrypt secrets files
 to store in less secure places, before they are installed using
 Helm.
 
+For more information, see the README at github.com/jkroepke/helm-secrets
+
 To decrypt/encrypt/edit you need to initialize/first encrypt secrets with
 sops - https://github.com/mozilla/sops
 
@@ -17,7 +20,17 @@ Available Commands:
   view    Print secrets decrypted
   edit    Edit secrets file and encrypt afterwards
   clean   Remove all decrypted files in specified directory (recursively)
-  <cmd>   wrapper that decrypts secrets[.*].yaml files before running helm <cmd>
+  dir     Get plugin directory
+  patch   Enables windows specific adjustments
+  <cmd>   wrapper that decrypts encrypted yaml files before running helm <cmd>
+
+Available Options:
+  --quiet                    -q  Suppress info messages (env: $HELM_SECRETS_QUIET)
+  --driver                   -d  Secret driver to use for decryption or encryption (env: $HELM_SECRETS_DRIVER)
+  --driver-args              -a  Additional args for secret driver (env: $HELM_SECRETS_DRIVER_ARGS)
+  --help                     -h  Show help
+  --version                  -v  Display version of helm-secrets
+  --output-decrypt-file-path     Output the path of decrypted file
 ```
 
 By convention, files containing secrets are named `secrets.yaml`, or anything beginning with "secrets" and ending with ".yaml". E.g. `secrets.test.yaml`, `secrets.prod.yaml` `secretsCOOL.yaml`.

scripts/commands/enc.sh

@@ -32,6 +32,7 @@ encrypt_helper() {
     if [ ! -f "${file}" ]; then
         fatal 'File does not exist: %s' "${dir}/${file}"
     fi
+
     file_dec="$(_file_dec_name "${file}")"
 
     if [ ! -f "${file_dec}" ]; then

scripts/commands/help.sh

@@ -22,6 +22,7 @@ Available Commands:
   edit    Edit secrets file and encrypt afterwards
   clean   Remove all decrypted files in specified directory (recursively)
   dir     Get plugin directory
+  patch   Enables windows specific adjustments
   <cmd>   wrapper that decrypts encrypted yaml files before running helm <cmd>
 
 Available Options:

scripts/commands/patch.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env sh
+
+set -euf
+
+patch_usage() {
+    cat <<EOF
+helm secrets patch [unix|windows]
+
+This enables windows specific options to increase the helm-secrets compatibility with windows.
+
+If unix is selected, it reverts the windows specific options.
+
+EOF
+}
+
+patch() {
+    if is_help "$1"; then
+        install_usage
+        return
+    fi
+
+    case "$1" in
+    windows)
+        _sed_i 's!  - command: .*!  - command: "scripts/wrapper/run.cmd scripts/run.sh downloader"!' "${HELM_PLUGIN_DIR}/plugin.yaml"
+        ;;
+    unix)
+        _sed_i 's!  - command: .*!  - command: "scripts/run.sh downloader"!' "${HELM_PLUGIN_DIR}/plugin.yaml"
+        ;;
+    *)
+        fatal 'Unknown enable option %s' "$1"
+        ;;
+    esac
+}

scripts/drivers/sops.sh

@@ -44,11 +44,11 @@ driver_decrypt_file() {
         input="$(_convert_path "${input}")"
     fi
 
-    if _sops_windows_path_required "${output}"; then
-        output="$(_convert_path "${output}")"
-    fi
-
     if [ "${output}" != "" ]; then
+        if _sops_windows_path_required "${output}"; then
+            output="$(_convert_path "${output}")"
+        fi
+
         _sops --decrypt --input-type "${type}" --output-type "${type}" --output "${output}" "${input}"
     else
         _sops --decrypt --input-type "${type}" --output-type "${type}" "${input}"

scripts/lib/common.sh

@@ -96,15 +96,20 @@ _convert_path() {
 
 # MacOS syntax is different for in-place
 # https://unix.stackexchange.com/a/92907/433641
-case $(sed --help 2>&1) in
-*BusyBox* | *GNU*) _sed_i() { sed -i "$@"; } ;;
-*) _sed_i() { sed -i '' "$@"; } ;;
-esac
+_sed_i() { sed -i "$@"; }
 
 on_cygwin() { false; }
 
 case "$(uname -s)" in
-CYGWIN*) on_cygwin() { true; } ;;
+CYGWIN*)
+    on_cygwin() { true; }
+    ;;
+Darwin)
+    case $(sed --help 2>&1) in
+    *BusyBox* | *GNU*) ;;
+    *) _sed_i() { sed -i '' "$@"; } ;;
+    esac
+    ;;
 esac
 
 if [ -f /proc/version ] && grep -qi microsoft /proc/version; then

scripts/lib/file/custom.sh

@@ -9,7 +9,13 @@ _file_custom_exists() {
 _file_custom_get() {
     _tmp_file=$(_mktemp)
 
-    if ! "${HELM_BIN}" template "${SCRIPT_DIR}/lib/file/helm-values-getter" -f "${1}" >"${_tmp_file}"; then
+    GETTER_CHART_PATH="${SCRIPT_DIR}/lib/file/helm-values-getter"
+
+    if on_wsl; then
+        GETTER_CHART_PATH="$(_convert_path "${GETTER_CHART_PATH}")"
+    fi
+
+    if ! "${HELM_BIN}" template "${GETTER_CHART_PATH}" -f "${1}" >"${_tmp_file}"; then
         exit 1
     fi
 

scripts/run.sh

@@ -2,7 +2,7 @@
 
 set -euf
 
-if [ -n "${HELM_SECRETS_DEBUG+x}" ]; then
+if [ -n "${HELM_DEBUG+x}" ] && [ "${HELM_DEBUG}" = "1" ] || [ -n "${HELM_SECRETS_DEBUG+x}" ]; then
     set -x
 fi
 
@@ -139,6 +139,13 @@ while true; do
         downloader "$2" "$3" "$4" "$5"
         break
         ;;
+    patch)
+        # shellcheck source=scripts/commands/patch.sh
+        . "${SCRIPT_DIR}/commands/patch.sh"
+
+        patch "$2"
+        break
+        ;;
     terraform)
         # shellcheck source=scripts/commands/downloader.sh
         . "${SCRIPT_DIR}/commands/terraform.sh"

scripts/wrapper/run.cmd

@@ -1,9 +1,13 @@
-:; exec "$@" #
-:; exit $? #
+:<<BATCH
+    @echo off
+    "%~dp0\sh.cmd" "%HELM_PLUGIN_DIR%"/%*
+    exit /b %errorlevel%
+BATCH
 
-:: .bat bash hybrid script
-:: https://stackoverflow.com/a/17623721
+cmd="$1"
+shift
+"$HELM_PLUGIN_DIR/$cmd" "$@"
+exit $?
 
-@echo off
-%HELM_PLUGIN_DIR%\scripts\wrapper\sh.cmd %*
-exit /b %errorlevel%
+:: .bat bash hybrid script
+:: https://stackoverflow.com/a/17510832/8087167

scripts/wrapper/sh.cmd

@@ -1,5 +1,10 @@
 @setlocal enableextensions enabledelayedexpansion
 @echo off
+IF DEFINED HELM_DEBUG (
+    IF HELM_DEBUG EQU 1 (
+        @echo on
+    )
+)
 
 :: If HELM_SECRETS_WINDOWS_SHELL is provided, use it.
 if not [%HELM_SECRETS_WINDOWS_SHELL%]==[] GOTO :ENVSH
@@ -98,11 +103,11 @@ if "%1"=="" goto ENDLOOP
 SET STR1="%1"
 if not "x%STR1:\=%"=="x%STR1%" (
     :: CMD output to variable - https://stackoverflow.com/a/6362922/8087167
-    FOR /F "tokens=* USEBACKQ" %%F IN (`wsl wslpath "%1"`) DO (
+    FOR /F "tokens=* USEBACKQ" %%F IN (`wsl wslpath "%STR1:\=/%"`) DO (
       SET WSLPATH="%%F"
     )
 ) else (
-    SET WSLPATH=%1
+    SET WSLPATH=%STR1%
 )
 SET ARGS=%ARGS% %WSLPATH%
 
@@ -133,7 +138,7 @@ IF NOT DEFINED HELM_SECRETS_CURL_PATH (
 )
 
 :: https://devblogs.microsoft.com/commandline/share-environment-vars-between-wsl-and-windows/
-SET WSLENV=TEMP:%WSLENV%
+SET WSLENV=SOPS_AGE_KEY:SOPS_AGE_KEY_FILE:TEMP:%WSLENV%
 IF DEFINED HELM_SECRETS_DEC_SUFFIX (
     SET WSLENV=HELM_SECRETS_DEC_SUFFIX:%WSLENV%
 )
@@ -155,6 +160,18 @@ IF DEFINED HELM_SECRETS_DEC_DIR (
 IF DEFINED HELM_SECRETS_OUTPUT_DECRYPTED_FILE_PATH (
     SET WSLENV=HELM_SECRETS_OUTPUT_DECRYPTED_FILE_PATH:%WSLENV%
 )
+IF DEFINED HELM_SECRETS_URL_VARIABLE_EXPANSION (
+    SET WSLENV=HELM_SECRETS_URL_VARIABLE_EXPANSION:%WSLENV%
+)
+IF DEFINED HELM_DEBUG (
+    SET WSLENV=HELM_DEBUG:%WSLENV%
+)
+
+if not "x%HELM_PLUGIN_DIR:\=%"=="x%HELM_PLUGIN_DIR%" (
+    SET WSLENV=HELM_PLUGIN_DIR/p:%WSLENV%
+) else (
+    SET WSLENV=HELM_PLUGIN_DIR:%WSLENV%
+)
 
 if not "x%HELM_SECRETS_HELM_PATH:\=%"=="x%HELM_SECRETS_HELM_PATH%" (
     SET WSLENV=HELM_SECRETS_HELM_PATH/p:%WSLENV%

tests/lib/helper.bash

@@ -87,6 +87,12 @@ initiate() {
         if [[ "${BATS_TEST_FILENAME}" = *"/it/"* ]]; then
             helm_plugin_install "diff" --version 3.1.3
         fi
+
+        if on_windows || on_wsl; then
+            "${HELM_BIN}" secrets patch windows
+        else
+            "${HELM_BIN}" secrets patch unix
+        fi
     } >&2
 }
 
@@ -153,7 +159,7 @@ setup() {
     cp -a "${TEST_DIR}/assets" "${TEST_TEMP_DIR}/"
     if ! on_windows; then
         # shellcheck disable=SC2016
-        SPECIAL_CHAR_DIR="${TEST_TEMP_DIR}/$(printf '%s' 'a@b§c!d\$e\f(g)h=i^j😀')"
+        SPECIAL_CHAR_DIR="${TEST_TEMP_DIR}/$(printf '%s' 'a@b§c!d\$e \f(g)h=i^j😀')"
         mkdir "${SPECIAL_CHAR_DIR}"
         cp -a "${TEST_DIR}/assets" "${SPECIAL_CHAR_DIR}/"
     fi