diff --git a/pkgs/clan-cli/clan_cli/secrets/secrets.py b/pkgs/clan-cli/clan_cli/secrets/secrets.py index 54a38529e..7cb7d6c8c 100644 --- a/pkgs/clan-cli/clan_cli/secrets/secrets.py +++ b/pkgs/clan-cli/clan_cli/secrets/secrets.py @@ -88,6 +88,7 @@ def encrypt_secret( add_users: list[str] | None = None, add_machines: list[str] | None = None, add_groups: list[str] | None = None, + git_commit: bool = True, ) -> None: if add_groups is None: add_groups = [] @@ -145,11 +146,12 @@ def encrypt_secret( secret_path = secret_path / "secret" encrypt_file(secret_path, value, sorted(recipient_keys)) files_to_commit.append(secret_path) - commit_files( - files_to_commit, - flake_dir, - f"Update secret {secret_path.name}", - ) + if git_commit: + commit_files( + files_to_commit, + flake_dir, + f"Update secret {secret_path.parent.name}", + ) def remove_secret(flake_dir: Path, secret: str) -> None: diff --git a/pkgs/clan-cli/clan_cli/vars/generate.py b/pkgs/clan-cli/clan_cli/vars/generate.py index f486d1897..9acbc7ae2 100644 --- a/pkgs/clan-cli/clan_cli/vars/generate.py +++ b/pkgs/clan-cli/clan_cli/vars/generate.py @@ -181,7 +181,7 @@ def execute_generator( commit_files( files_to_commit, machine.flake_dir, - f"Update facts/secrets for service {generator_name} in machine {machine.name}", + f"Update vars via generator {generator_name} for machine {machine.name}", ) diff --git a/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py b/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py index bd7184705..228a10a35 100644 --- a/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py +++ b/pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py @@ -60,6 +60,7 @@ class SecretStore(SecretStoreBase): value, add_machines=[self.machine.name], add_groups=self.machine.deployment["sops"]["defaultGroups"], + git_commit=False, ) return path diff --git a/pkgs/clan-cli/tests/test_vars.py b/pkgs/clan-cli/tests/test_vars.py index fc9ea9115..378b32f40 100644 --- a/pkgs/clan-cli/tests/test_vars.py +++ b/pkgs/clan-cli/tests/test_vars.py @@ -535,3 +535,63 @@ def test_api_set_prompts( ], ) assert store.get("my_generator", "prompt1").decode() == "input2" + + +@pytest.mark.impure +def test_commit_message( + monkeypatch: pytest.MonkeyPatch, + temporary_home: Path, +) -> None: + config = nested_dict() + my_generator = config["clan"]["core"]["vars"]["generators"]["my_generator"] + my_generator["files"]["my_value"]["secret"] = False + my_generator["script"] = "echo hello > $out/my_value" + my_secret_generator = config["clan"]["core"]["vars"]["generators"][ + "my_secret_generator" + ] + my_secret_generator["files"]["my_secret"]["secret"] = True + my_secret_generator["script"] = "echo hello > $out/my_secret" + flake = generate_flake( + temporary_home, + flake_template=CLAN_CORE / "templates" / "minimal", + machine_configs={"my_machine": config}, + monkeypatch=monkeypatch, + ) + monkeypatch.chdir(flake.path) + cli.run( + [ + "vars", + "generate", + "--flake", + str(flake.path), + "my_machine", + "--service", + "my_generator", + ] + ) + # get last commit message + commit_message = run( + ["git", "log", "-1", "--pretty=%B"], + ).stdout.strip() + assert ( + commit_message + == "Update vars via generator my_generator for machine my_machine" + ) + cli.run( + [ + "vars", + "generate", + "--flake", + str(flake.path), + "my_machine", + "--service", + "my_secret_generator", + ] + ) + commit_message = run( + ["git", "log", "-1", "--pretty=%B"], + ).stdout.strip() + assert ( + commit_message + == "Update vars via generator my_secret_generator for machine my_machine" + )