Add CI (#14)

* Add CI config and refactor scripts to include an unattended setup * Fix github actions trigger condition * Fix chezmoi installation * Fix chezmoi init command * Fix email prompt on CI * Fix typo * Fix template common references * Fix env var * fix ci command * fix ci script * fix env var declaration * fix templates * fix unbound variable error * fix unbound variable error * make some improvements to the passwordless sudo logic and add cache to github actions * refactor passwordless sudo script to make it a bit more clear * Check if asdf dir exists * Fix typo * Add quiet flag to commands to reduce output noise * Reduce more output noise * Reduce noise from starship installation * Fix asdf installation
mmena1 · Mar 15, 2024 · 05cd2d2 · 05cd2d2
1 parent 2f9b3ef
commit 05cd2d2
Show file tree

Hide file tree

Showing 23 changed files with 208 additions and 131 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,32 @@
+name: Chezmoi Setup Validation
+
+on:
+  push:
+    paths-ignore:
+      - 'LICENSE'
+      - 'README.md'
+
+env:
+  dev: "false"
+
+jobs:
+  validate-chezmoi-setup:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
+        id: extract_branch
+
+      - name: Cache asdf tools
+        uses: actions/cache@v2
+        with:
+          path: |
+            ~/.asdf
+          key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
+          restore-keys: |
+            ${{ runner.os }}-asdf-
+      
+
+      - name: Initialize chezmoi with the current branch content
+        run: sh -c "$(curl -fsLS chezmoi.io/get)" -- init --apply ${{ github.repository_owner }} --branch ${{ steps.extract_branch.outputs.branch }}
diff --git a/.gitignore b/.gitignore
@@ -1,9 +1,9 @@
 **/fish_variables
 home/bundle/cache
-config/gtk-3.0/bookmarks
+**/gtk-3.0/bookmarks
 
 ### Python ###
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
-*$py.class
+*$py.class
diff --git a/README.md b/README.md
@@ -1,5 +1,7 @@
 # Martin Mena's Dotfiles
 
+![main workflow](https://github.com/mmena1/dotfiles/actions/workflows/main.yml/badge.svg?event=push)
+
 Welcome to my personal dotfiles repository, tailored for the 🐟 [Fish shell](https://fishshell.com/). These configurations are designed to streamline your development environment, integrating seamlessly with VSCode, Docker, and various programming languages via [.tool-versions](home/dot_tool-versions) through asdf. Dive into a setup that's both efficient and enjoyable to use, regardless of your expertise level.
 
 <p align="center">

diff --git a/home/.chezmoi.toml.tmpl b/home/.chezmoi.toml.tmpl
@@ -1,4 +1,7 @@
-{{- $email := promptStringOnce . "email" "Email address" -}}
+{{- $email := "example@email.com" -}}
+{{- if eq (env "dev") "true" -}}
+{{-   $email = promptStringOnce . "email" "Email address" -}}
+{{- end -}}
 {{- $osid := .chezmoi.os -}}
 
 {{- if hasKey .chezmoi.osRelease "idLike" -}}

diff --git a/home/.chezmoiscripts/run_after_99-finish.sh.tmpl b/home/.chezmoiscripts/run_after_99-finish.sh.tmpl
@@ -1,4 +1,4 @@
-{{ template "common" }}
+{{ template "common" . -}}
 
 bot "Setup was successfully done!"
 echo "Happy Coding!"

diff --git a/home/.chezmoiscripts/run_before_00-intro.sh.tmpl b/home/.chezmoiscripts/run_before_00-intro.sh.tmpl
@@ -1,20 +1,21 @@
-{{ template "common" }}
-
+{{ if eq (env "dev") "true" -}}
+{{ template "common" . -}}
 {{ template "dotfile" }}
 
 bot "This script will guide you through the dofiles setup as well as installing required system packages."
 echo "It will not install anything without your direct agreement!"
 echo
-read -p "Do you want to proceed with the installation? [y/N] " -n 1 -r -s answer
+answer=$(prompt "Do you want to proceed with the installation?")
 echo
 if [[ ! $answer =~ ^[Yy]$ ]];then
   exit 1
 fi
 
 bot "Setting dotfiles up on the home folder."
 echo
-read -p "Proceed? [y/N] " -n 1 -r -s answer
-echo
+answer=$(prompt "Proceed?")
 if [[ ! $answer =~ ^[Yy]$ ]];then
   exit 1
 fi
+
+{{ end -}}
diff --git a/home/.chezmoiscripts/run_once_after_00-passwordless_sudo.sh.tmpl b/home/.chezmoiscripts/run_once_after_00-passwordless_sudo.sh.tmpl
@@ -0,0 +1,57 @@
+{{ if eq (env "dev") "true" }}
+{{ template "common" . }}
+
+validate_logname() {
+  if [[ ! "$LOGNAME" =~ ^[a-zA-Z0-9][a-zA-Z0-9_-]*$ ]]; then
+    echo "Error: LOGNAME contains invalid characters."
+    exit 1
+  fi
+}
+
+prompt_for_sudo_if_needed() {
+  if ! sudo -nv > /dev/null 2>&1; then
+    echo "Please provide your sudo password:"
+    sudo -v
+  fi
+  # Keep-alive: update existing sudo time stamp until the script has finished
+  while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null &
+}
+
+setup_passwordless_sudo() {
+  # Determine sudoers.d directory based on OS
+  local sudoers_d_dir="{{ if eq .osid "darwin" }}/private/etc/sudoers.d{{ else }}/etc/sudoers.d{{ end }}"
+  local includedir_line="{{ if eq .osid "darwin" }}#includedir /private/etc/sudoers.d{{ else }}@includedir /etc/sudoers.d{{ end }}"
+
+  # Check if NOPASSWD entry already exists for the user
+  if ! sudo grep -q "NOPASSWD:     ALL" "$sudoers_d_dir/$LOGNAME" > /dev/null 2>&1; then
+    echo "No sudoer file found for passwordless operation."
+    bot "Enabling passwordless sudo can reduce security. Are you sure you want to proceed?"
+    answer=$(prompt "Make sudo passwordless? [y/N]")
+
+    if [[ $answer =~ ^[Yy]$ ]]; then
+      # Ensure sudoers.d is included and directory exists
+      if ! sudo grep -q "$includedir_line" /etc/sudoers; then
+        echo "$includedir_line" | sudo tee -a /etc/sudoers > /dev/null
+      fi
+      [[ ! -d "$sudoers_d_dir" ]] && sudo mkdir -p "$sudoers_d_dir"
+
+      # Add NOPASSWD entry for the user
+      local tmpfile=$(mktemp)
+      echo "Defaults:$LOGNAME !requiretty\n$LOGNAME ALL=(ALL) NOPASSWD: ALL" > "$tmpfile"
+      if sudo visudo -cf "$tmpfile" && sudo mv "$tmpfile" "$sudoers_d_dir/$LOGNAME"; then
+        echo "You can now run sudo commands without a password!"
+      else
+        echo "Error in sudoers file"
+        rm "$tmpfile"
+        exit 1
+      fi
+    fi
+  else
+    echo "Passwordless sudo already configured for $LOGNAME."
+  fi
+fi
+
+validate_logname
+prompt_for_sudo_if_needed
+setup_passwordless_sudo
+{{ end }}
diff --git a/home/.chezmoiscripts/run_once_after_01-tmux-conf.sh.tmpl b/home/.chezmoiscripts/run_once_after_01-tmux-conf.sh.tmpl
@@ -1,15 +1,14 @@
-{{ template "common" }}
+{{ template "common" . -}}
 
 bot "Configuring tmux"
 echo
-if [ ! -d "$HOME/.tmux" ] ; then
+if [ ! -d "$HOME/.tmux" ]; then
   if ! _exists git ; then
     warn "git is not installed. Please install git first."
     exit 1
   fi
-  read -p "Would you like to install the awesome tmux configuration from https://github.com/gpakosz/.tmux.git? (I recommend it) [y/N]" -n 1 -r -s answer
-  echo
-  if [[ $answer =~ ^[Yy]$ ]];then
+  answer=$(prompt "Would you like to install the awesome tmux configuration from https://github.com/gpakosz/.tmux.git?")
+  if [[ $answer =~ ^[Yy]$ ]]; then
     action "git clone https://github.com/gpakosz/.tmux.git"
     git clone https://github.com/gpakosz/.tmux.git $HOME/.tmux
     ok

diff --git a/home/.chezmoiscripts/run_once_after_02-asdf-install.sh.tmpl b/home/.chezmoiscripts/run_once_after_02-asdf-install.sh.tmpl
@@ -1,14 +1,18 @@
-{{ template "common" }}
+{{ template "common" . -}}
 
 install_asdf() {
   bot "Checking asdf..."
   echo
   if ! _exists asdf ; then
-    read -rp "Would you like to install asdf? [y/N]" -n 1 -r -s answer
-    echo
-    if [[ $answer =~ ^[Yy]$ ]] ;then
-      action "Cloning git repo..."
-      git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.14.0 && source ~/.asdf/asdf.sh || { echo "Failed to clone asdf repository"; exit 1; }
+    answer=$(prompt "Would you like to install asdf?")
+    if [[ $answer =~ ^[Yy]$ ]]; then
+      if [[ ! -d ~/.asdf ]]; then
+        action "Cloning git repo..."
+        git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.14.0 || { echo "Failed to clone asdf repository"; exit 1; }
+      else
+        ok "asdf dir already exists, skipping cloning"
+        source ~/.asdf/asdf.sh
+      fi
     else
       ok "Skipping"
     fi
@@ -29,8 +33,7 @@ configure_asdf() {
 
 install_asdf_tools() {
   echo
-  read -rp "Would you like to install the languages defined in .tool-versions? [y/N]" -n 1 -r -s answer
-  echo
+  answer=$(prompt "Would you like to install the languages defined in .tool-versions?")
   if [[ $answer =~ ^[Yy]$ ]];then
     if cat ~/.tool-versions > /dev/null 2>&1 ;then
       while read -r line; do

diff --git a/home/.chezmoiscripts/run_once_after_03-docker-setup.sh.tmpl b/home/.chezmoiscripts/run_once_after_03-docker-setup.sh.tmpl
@@ -1,14 +1,10 @@
-{{ template "common" }}
+{{ if eq (env "dev") "true" -}}
+{{ template "common" . -}}
 
 bot "Docker"
 echo
-if [ "$(id -u)" != "0" ]; then
-  echo "This script must be run as root" 1>&2
-  exit 1
-fi
 if _exists docker && ! systemctl is-enabled --quiet docker ;then
-  read -p "Enable docker and add your user to the docker group? [y/N]" -n 1 -r -s answer
-  echo
+  answer=$(prompt "Enable docker and add your user to the docker group?")
   if [[ $answer =~ ^[Yy]$ ]];then
     action "Enabling docker"
     sudo systemctl enable --now docker.service
@@ -26,3 +22,4 @@ if _exists docker && ! systemctl is-enabled --quiet docker ;then
 else
   ok "Docker already enabled!"
 fi
+{{ end -}}
diff --git a/home/.chezmoiscripts/run_once_after_04-ssh-keys.sh.tmpl b/home/.chezmoiscripts/run_once_after_04-ssh-keys.sh.tmpl
@@ -1,10 +1,11 @@
-{{ template "common" }}
+{{ if eq (env "dev") "true" -}}
+{{ template "common" . -}}
 
 set_ssh_keys() {
   bot "Checking ssh keys..."
   echo
   if [ ! -f ~/.ssh/id_ed25519 ] ; then
-    read -p "Would you like to set ssh keys now? [y/N]" -n 1 -r -s answer
+    answer=$(prompt "Would you like to set ssh keys now?")
     if [[ $answer =~ ^[Yy]$ ]] ; then
       echo "Setting ssh keys using the ed25519 algorithm."
       read -rp "Enter the passphrase: (empty for no passphrase)" passphrase
@@ -20,7 +21,7 @@ set_ssh_keys() {
 
 set_github_ssh_key() {
   if [ -f ~/.ssh/id_ed25519 ] && _exists gh ; then
-    read -p "Would you like to set your public ssh key to your gh account? [y/N]" -n 1 -r -s answer
+    answer=$(prompt "Would you like to set your public ssh key to your gh account?")
     if [[ $answer =~ ^[Yy]$ ]] ; then
       action "Adding SSH key to GitHub account"
       gh ssh-key add ~/.ssh/id_ed25519.pub -t "$(hostname)"
@@ -36,3 +37,5 @@ main() {
 }
 
 main "$*"
+
+{{ end -}}
diff --git a/home/.chezmoiscripts/run_once_after_06_1password-setup.sh.tmpl b/home/.chezmoiscripts/run_once_after_06_1password-setup.sh.tmpl
@@ -1,13 +1,11 @@
 {{ if eq .chezmoi.os "linux" -}}
 
-{{ template "common" }}
+{{ template "common" . -}}
 
 bot "Checking 1password..."
 echo
 if ! _exists 1password ; then
-  sudo -v
-  read -rp "Would you like to install 1password? [y/N]" -n 1 -r -s answer
-  echo
+  answer=$(prompt "Would you like to install 1password?")
   if [[ $answer =~ ^[Yy]$ ]] ;then
     {{ if eq .osid "linux-debian" }}
     action "Adding key for apt repo..."
@@ -21,7 +19,7 @@ if ! _exists 1password ; then
     sudo mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22
     curl -sS https://downloads.1password.com/linux/keys/1password.asc | sudo gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg
     action "Installing 1password..."
-    sudo apt update && sudo apt install -y 1password
+    sudo apt -qq update > /dev/null && sudo apt -qq install -y 1password > /dev/null
     {{ end }}
   else
     ok "Skipping"

diff --git a/home/.chezmoiscripts/run_once_after_07_vscode-setup.sh.tmpl b/home/.chezmoiscripts/run_once_after_07_vscode-setup.sh.tmpl
@@ -1,12 +1,11 @@
 {{ if eq .chezmoi.os "linux" -}}
 
-{{ template "common" }}
+{{ template "common" . -}}
 
 bot "Checking VSCode..."
 echo
 if ! _exists code ; then
-  read -p "Would you like to install vscode? [y/N]" -n 1 -r -s answer
-  echo
+  answer=$(prompt "Would you like to install vscode?")
   if [[ $answer =~ ^[Yy]$ ]] ;then
     action "checking if snapd is enabled"
     if systemctl is-active --quiet snapd ;then

diff --git a/home/.chezmoiscripts/run_once_after_08-starship-setup.sh.tmpl b/home/.chezmoiscripts/run_once_after_08-starship-setup.sh.tmpl
@@ -1,11 +1,11 @@
 {{ if eq .chezmoi.os "linux" -}}
 
-{{ template "common" }}
+{{ template "common" . -}}
 
 bot "Checking starship prompt..."
 if ! _exists starship ; then
   action "curl -sS https://starship.rs/install.sh | sh -s -- -y"
-  curl -sS https://starship.rs/install.sh | sh -s -- -y
+  curl -sS https://starship.rs/install.sh | sh -s -- -y > /dev/null
 else
   ok "Starship already installed!"
 fi

diff --git a/home/.chezmoiscripts/run_once_after_09-font-fira-code-setup.sh.tmpl b/home/.chezmoiscripts/run_once_after_09-font-fira-code-setup.sh.tmpl
@@ -1,25 +1,29 @@
-{{ if eq .chezmoi.os "linux" -}}
+{{- if eq .chezmoi.os "linux" -}}
 
-{{ template "common" }}
+{{ template "common" . }}
 
 bot "Fira Code setup."
-read -p "Would you like to install Fira Code NerdFont to get cool icons on the terminal? [y/N]" -n 1 -r -s answer
-echo
-if [[ $answer =~ ^[Yy]$ ]] ;then
-  action "Downloading from https://github.com/ryanoasis/nerd-fonts/releases/download/v3.0.2/FiraCode.zip"
-  wget https://github.com/ryanoasis/nerd-fonts/releases/download/v3.0.2/FiraCode.zip
-  if [ -f "FiraCode.zip" ]; then
-    action "Unzipping and adding to ~/.fonts..."
-    unzip FiraCode.zip -d ~/.fonts
-    fc-cache -fv
-    action "rm -rf FiraCode.zip"
-    rm -rf FiraCode.zip
+
+if ! fc-list | grep -qi "Fira Code" > /dev/null 2>&1; then
+  answer=$(prompt "Would you like to install Fira Code NerdFont to get cool icons on the terminal?")
+  if [[ $answer =~ ^[Yy]$ ]]; then
+    action "Downloading from https://github.com/ryanoasis/nerd-fonts/releases/download/v3.0.2/FiraCode.zip"
+    wget -q https://github.com/ryanoasis/nerd-fonts/releases/download/v3.0.2/FiraCode.zip && \
+    if [ -f "FiraCode.zip" ]; then
+      action "Unzipping and adding to ~/.fonts..."
+      unzip -q FiraCode.zip -d ~/.fonts && \
+      fc-cache -f > /dev/null
+      action "Cleaning up..."
+      rm -f FiraCode.zip
+    else
+      error "Download failed. FiraCode.zip not found."
+      exit 1
+    fi
   else
-    error "Download failed. FiraCode.zip not found."
-    exit 1
+    ok "Skipping"
   fi
 else
-  ok "Skipping"
+  ok "Fira Code already installed!"
 fi
 
-{{ end -}}
+{{- end -}}
diff --git a/home/.chezmoiscripts/run_once_after_10-gh-cli-setup.sh.tmpl b/home/.chezmoiscripts/run_once_after_10-gh-cli-setup.sh.tmpl
@@ -1,19 +1,19 @@
 {{ if eq .chezmoi.os "linux" -}}
 
-{{ template "common" }}
+{{ template "common" . -}}
 
 bot "Checking GitHub CLI..."
 echo
 if ! _exists gh ; then
-  read -p "Would you like to install GitHub cli? [y/N]" -n 1 -r -s answer
+  answer=$(prompt "Would you like to install GitHub cli?")
   if [[ $answer =~ ^[Yy]$ ]] ;then
     {{ if eq .osid "linux-debian" -}}
-    type -p curl >/dev/null || (sudo apt update && sudo apt install curl -y)
+    type -p curl >/dev/null || (sudo apt -qq update && sudo apt -qq install curl -y)
     curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
     && sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
     && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
-    && sudo apt update \
-    && sudo apt install gh -y
+    && sudo apt -qq update \
+    && sudo apt -qq install gh -y
     {{ end -}}
   else
     ok "Skipping"