From f7dc8dee7553797df413a779d998b35837d4d31a Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Tue, 28 Nov 2023 09:10:59 +0800
Subject: [PATCH] feat: add kubectl-sops task

---
 Taskfile.dist.yaml | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

diff --git a/Taskfile.dist.yaml b/Taskfile.dist.yaml
index 0457fefc..90eb81bf 100644
--- a/Taskfile.dist.yaml
+++ b/Taskfile.dist.yaml
@@ -20,9 +20,11 @@ includes:
   volsync:
     aliases: [vs]
     taskfile: .taskfiles/volsync/Taskfile.dist.yaml
-  cnpg:
-    aliases: [pg]
-    taskfile: .taskfiles/cnpg/Taskfile.dist.yaml
+  # cnpg:
+  #   aliases: [pg]
+  #   taskfile: .taskfiles/cnpg/Taskfile.dist.yaml
+  pg:
+    taskfile: .taskfiles/pg/Taskfile.dist.yaml
   rook:
     aliases: [r]
     taskfile: .taskfiles/rook
@@ -81,3 +83,25 @@ tasks:
     cmds:
       - htpasswd -bnBC 10 REMOVEME {{.USERPW}}
 
+  kubectl-sops:
+    silent: true
+    desc: Run kubectl commands with a SOPS encrypted $KUBECONFIG file
+    preconditions:
+      - sh: command -v sops
+    vars: &vars
+      KUBECONFIGSOPS: '{{ .KUBECONFIG | default "~/.kube/config.sops.yaml" }}'
+      KCMD:
+        sh: |-
+          [[ -n "{{.KUBECTL_CMD}}" ]] && echo "{{.KUBECTL_CMD}}" || [[ -n $(command -v kubecolor) ]] && command -v kubecolor && exit || [[ -n $(command -v kubectl) ]] && command -v kubectl && exit || exit 1
+      KUBETMPDIR:
+        sh: "mktemp -d"
+      KUBECONFIG: "{{.KUBETMPDIR}}/decrypted.yaml"
+    cmds:
+      # - echo "{{.KUBECTL_CMD}}"
+      - defer: "rm {{.KUBECONFIG}} && rmdir {{.KUBETMPDIR}}"
+      - |
+        mkfifo {{.KUBECONFIG}}
+        KUBECONFIG={{.KUBECONFIG}} {{.KCMD}} {{.CLI_ARGS}} &
+        KUBECTL_PID=$!
+        sops --decrypt --output {{.KUBECONFIG}} {{.KUBECONFIGSOPS}} >/dev/null 2>/dev/null
+        wait $KUBECTL_PID