Rakefile in rake_npm-0.1.0.pre.13 vs Rakefile in rake_npm-0.1.0.pre.14

- old
+ new

@@ -1,34 +1,61 @@
 # frozen_string_literal: true
 
-require 'yaml'
 require 'rake_circle_ci'
+require 'rake_git'
+require 'rake_git_crypt'
 require 'rake_github'
-require 'rake_ssh'
 require 'rake_gpg'
-require 'securerandom'
+require 'rake_ssh'
 require 'rspec/core/rake_task'
 require 'rubocop/rake_task'
+require 'securerandom'
+require 'yaml'
 
 task default: %i[
   library:fix
   test:unit
 ]
 
+RakeGitCrypt.define_standard_tasks(
+  namespace: :git_crypt,
+
+  provision_secrets_task_name: :'secrets:provision',
+  destroy_secrets_task_name: :'secrets:destroy',
+
+  install_commit_task_name: :'git:commit',
+  uninstall_commit_task_name: :'git:commit',
+
+  gpg_user_key_paths: %w[
+    config/gpg
+    config/secrets/ci/gpg.public
+  ]
+)
+
+namespace :git do
+  RakeGit.define_commit_task(
+    argument_names: [:message]
+  ) do |t, args|
+    t.message = args.message
+  end
+end
+
 namespace :encryption do
   namespace :directory do
     desc 'Ensure CI secrets directory exists.'
     task :ensure do
       FileUtils.mkdir_p('config/secrets/ci')
     end
   end
 
   namespace :passphrase do
-    desc 'Generate encryption passphrase used by CI.'
+    desc 'Generate encryption passphrase for CI GPG key'
     task generate: ['directory:ensure'] do
-      File.write('config/secrets/ci/encryption.passphrase',
-                 SecureRandom.base64(36))
+      File.write(
+        'config/secrets/ci/encryption.passphrase',
+        SecureRandom.base64(36)
+      )
     end
   end
 end
 
 namespace :keys do
@@ -49,15 +76,36 @@
     )
   end
 end
 
 namespace :secrets do
-  desc 'Regenerate all generatable secrets.'
-  task regenerate: %w[
+  namespace :directory do
+    desc 'Ensure secrets directory exists and is set up correctly'
+    task :ensure do
+      FileUtils.mkdir_p('config/secrets')
+      unless File.exist?('config/secrets/.unlocked')
+        File.write('config/secrets/.unlocked', 'true')
+      end
+    end
+  end
+
+  desc 'Generate all generatable secrets.'
+  task generate: %w[
     encryption:passphrase:generate
     keys:deploy:generate
     keys:gpg:generate
   ]
+
+  desc 'Provision all secrets.'
+  task provision: [:generate]
+
+  desc 'Delete all secrets.'
+  task :destroy do
+    rm_rf 'config/secrets'
+  end
+
+  desc 'Rotate all secrets.'
+  task rotate: [:'git_crypt:reinstall']
 end
 
 RuboCop::RakeTask.new
 
 namespace :library do