Add encrypt script

github/encrypt.sh

+#!/usr/bin/env bash
+set -euo pipefail
+
+function print_verbose() {
+  if [ "${VERBOSE}" = true ]; then
+    echo $1
+  fi
+}
+
+function print_error() {
+  echo "$@" 1>&2;
+}
+
+function download() {
+  local URL=$1
+  local OUTPUT_FILE=$2
+  local TMP_FILE=$(mktemp)
+  local HTTP_CODE=$(curl --silent --output ${TMP_FILE} --write-out "%{http_code}" -L "${URL}")
+  if [[ ${HTTP_CODE} -lt 200 || ${HTTP_CODE} -gt 299 ]]; then
+    rm ${TMP_FILE}
+    return 1
+  fi
+  cp ${TMP_FILE} ${OUTPUT_FILE}
+  rm -f ${TMP_FILE}
+  return 0
+}
+
+function download_public_key_from_github() {
+  local USER="$1"
+  local KEY_FILE="$2"
+
+  if ! download "https://github.com/${USER}.keys" ${KEY_FILE}; then
+    return 1
+  else
+    return 0
+  fi
+}
+
+function get_github_handle() {
+  local USER=$1
+  local TMP_FILE=$(mktemp)
+
+  if download "https://api.eclipse.org/account/profile/${USER}" ${TMP_FILE}; then
+    local GITHUB_HANDLE=$(cat "${TMP_FILE}" | jq -r ".github_handle")
+    echo ${GITHUB_HANDLE}
+  fi
+
+  rm -f ${TMP_FILE}
+}
+
+function encrypt_content() {
+  local KEY_FILE=$1
+  local INPUT=$2
+  local OUTPUT=$3
+
+  if [ -z $OUTPUT ]; then
+    age -R "${KEY_FILE}" -a "${INPUT}"
+  else
+    age -R "${KEY_FILE}" -a -o "${OUTPUT}" "${INPUT}"
+  fi
+}
+
+function cleanup() {
+  rm -f ${KEY_FILE}
+}
+
+usage() {
+  local USAGE
+  USAGE="
+Usage: $(basename "${0}") [OPTIONS] [INPUT]
+
+"${0}" encrypts INPUT to OUTPUT. The INPUT argument is optional and defaults to standard input.
+Only a single INPUT file may be specified. If -o is not specified, OUTPUT defaults to standard output.
+
+Options:
+  -e user        Encrypt for a recipient identified by an Eclipse user id
+  -g user        Encrypt for a recipient identified by a GitHub user id
+  -o filename    Write encrypted or decrypted file to OUTPUT instead of standard output.
+                 If OUTPUT already exists it will be overwritten.
+  -v             Enable verbose output
+  -h             Show this help
+
+"
+  echo "$USAGE"
+  exit 1
+}
+
+if ! command -v age &> /dev/null
+then
+    echo "age could not be found, installation instructions can be found at: https://github.com/FiloSottile/age"
+    exit 1
+fi
+
+if ! command -v jq &> /dev/null
+then
+    echo "jq could not be found, installation instructions can be found: https://github.com/jqlang/jq"
+    exit 1
+fi
+
+VERBOSE=false
+
+while getopts ":e:g:i:o:v" o; do
+    case "${o}" in
+        e)
+            ECLIPSE_USER=${OPTARG}
+            ;;
+        g)
+            GITHUB_USER=${OPTARG}
+            ;;
+        i)
+            INPUT_FILE=${OPTARG}
+            ;;
+        o)
+            OUTPUT_FILE=${OPTARG}
+            ;;
+        v)
+            VERBOSE=true
+            ;;
+        *)
+            usage
+            ;;
+    esac
+done
+
+shift $((OPTIND-1))
+
+if [ ! -z ${ECLIPSE_USER-} ] && [ ! -z ${GITHUB_USER-} ]; then
+  echo "Can not specify an Eclipse user id and a GitHub user id at the same time"
+  exit 1
+elif [ -z ${ECLIPSE_USER-} ] && [ -z ${GITHUB_USER-} ]; then
+  echo "Need to specify either an Eclipse user id or a GitHub user id"
+  exit 1
+fi
+
+trap cleanup EXIT
+
+if [ ! -z ${ECLIPSE_USER-} ]; then
+  print_verbose "Encrypting for Eclipse user with id '${ECLIPSE_USER}'"
+  GITHUB_USER=$(get_github_handle "${ECLIPSE_USER}")
+  if [ -z ${ECLIPSE_USER} ]; then
+    echo "Failed to get GitHub handle from Eclipse user ${ECLIPSE_USER}"
+    exit 1
+  fi
+else
+  print_verbose "Encrypting for GitHub user with id '${GITHUB_USER}'"
+fi
+
+KEY_FILE=$(mktemp)
+if ! download_public_key_from_github "${GITHUB_USER}" "${KEY_FILE}"; then
+  print_error "Failed to download keys from GitHub for user '${GITHUB_USER}'"
+  exit 1
+else
+  print_verbose "Downloaded keys for user '${GITHUB_USER}'"
+fi
+
+INPUT=${1--}
+
+if [ -z ${OUTPUT_FILE-} ]; then
+  print_verbose "Encrypting to standard output"
+else
+  print_verbose "Encrypting to '${OUTPUT_FILE}'"
+fi
+
+encrypt_content "${KEY_FILE}" "${INPUT}" "${OUTPUT_FILE-}"