yesod-mirror/tools/sops.bzl

def _sops_decrypt_impl(ctx):
    output_file = ctx.actions.declare_file(ctx.attr.out)
    
    inputs = [ctx.file.src]
    tools = [ctx.executable.sops_tool]
    env = {}

    if ctx.file.age_key_file:
        inputs.append(ctx.file.age_key_file)
        env["SOPS_AGE_KEY_FILE"] = ctx.file.age_key_file.path

    command = ctx.attr.command.format(
        sops = ctx.executable.sops_tool.path,
        src = ctx.file.src.path,
        out = output_file.path,
    )

    ctx.actions.run_shell(
        outputs = [output_file],
        inputs = inputs,
        tools = tools,
        env = env,
        command = command,
        mnemonic = "SopsDecrypt",
        progress_message = "Processing %s" % ctx.file.src.short_path,
    )

    return [DefaultInfo(files = depset([output_file]))]

_sops_decrypt = rule(
    implementation = _sops_decrypt_impl,
    attrs = {
        "src": attr.label(allow_single_file = True, mandatory = True),
        "out": attr.string(mandatory = True),
        "sops_tool": attr.label(
            executable = True,
            cfg = "exec",
        ),
        "command": attr.string(mandatory = True),
        "age_key_file": attr.label(allow_single_file = True),
    },
)

def sops_decrypt(name, src, out, **kwargs):
    """
    Decrypts a SOPS encrypted file.

    Args:
        name: The name of the target.
        src: The source SOPS encrypted file.
        out: The output decrypted file (usually JSON).
        **kwargs: Additional arguments to pass to the rule.
    """
    _sops_decrypt(
        name = name,
        src = src,
        out = out,
        age_key_file = select({
            "//:ci": None,
            "//conditions:default": "//:key.txt",
        }),
        sops_tool = select({
            "//:ci": "//tools:fake_sops",
            "//conditions:default": "//tools:sops_bin",
        }),
        command = select({
            "//:ci": "{sops} {src} {out}",
            "//conditions:default": "{sops} -d --output-type json {src} > {out}",
        }),
        **kwargs
    )
Project import generated by Copybara. GitOrigin-RevId: 6370f6ea785709295b6abcf9c60717cacf3ac432 2026-01-20 13:24:59 -08:00			`def _sops_decrypt_impl(ctx):`
			`output_file = ctx.actions.declare_file(ctx.attr.out)`

			`inputs = [ctx.file.src]`
			`tools = [ctx.executable.sops_tool]`
			`env = {}`

			`if ctx.file.age_key_file:`
			`inputs.append(ctx.file.age_key_file)`
			`env["SOPS_AGE_KEY_FILE"] = ctx.file.age_key_file.path`

			`command = ctx.attr.command.format(`
			`sops = ctx.executable.sops_tool.path,`
			`src = ctx.file.src.path,`
			`out = output_file.path,`
			`)`

			`ctx.actions.run_shell(`
			`outputs = [output_file],`
			`inputs = inputs,`
			`tools = tools,`
			`env = env,`
			`command = command,`
			`mnemonic = "SopsDecrypt",`
			`progress_message = "Processing %s" % ctx.file.src.short_path,`
			`)`

			`return [DefaultInfo(files = depset([output_file]))]`

			`_sops_decrypt = rule(`
			`implementation = _sops_decrypt_impl,`
			`attrs = {`
			`"src": attr.label(allow_single_file = True, mandatory = True),`
			`"out": attr.string(mandatory = True),`
			`"sops_tool": attr.label(`
			`executable = True,`
			`cfg = "exec",`
			`),`
			`"command": attr.string(mandatory = True),`
			`"age_key_file": attr.label(allow_single_file = True),`
			`},`
			`)`

			`def sops_decrypt(name, src, out, **kwargs):`
			`"""`
			`Decrypts a SOPS encrypted file.`

			`Args:`
			`name: The name of the target.`
			`src: The source SOPS encrypted file.`
			`out: The output decrypted file (usually JSON).`
			`**kwargs: Additional arguments to pass to the rule.`
			`"""`
			`_sops_decrypt(`
			`name = name,`
			`src = src,`
			`out = out,`
			`age_key_file = select({`
			`"//:ci": None,`
			`"//conditions:default": "//:key.txt",`
			`}),`
			`sops_tool = select({`
			`"//:ci": "//tools:fake_sops",`
			`"//conditions:default": "//tools:sops_bin",`
			`}),`
			`command = select({`
			`"//:ci": "{sops} {src} {out}",`
			`"//conditions:default": "{sops} -d --output-type json {src} > {out}",`
			`}),`
			`**kwargs`
			`)`