如何解决 git 与 PyCharm 中由 ansible-vault 加密的文件的冲突

How to resolve git conflicts with files encrypted by ansible-vault in PyCharm

是否可以在 PyCharm 的 GUI 中解决由 ansbile-vault 加密的文件中的冲突?

我已尝试按照 上接受的答案中提供的说明进行操作。 我将 ansible-vault 密码放在 .vault_password 文件中,在 .gitattributes 和 运行

中设置特定文件路径
git config --global diff.ansible-vault.textconv "ansible-vault view --vault-id .vault_password"

然而,这似乎只适用于从命令行显示差异。

是否可以在比较冲突文件时使其适用于 PyCharm? 我希望它们被解密,因此它们的内容就像普通文件一样可见,这样我就可以轻松解决冲突。

如果解决的冲突文件在处理结束时加密就更完美了。

我发现了一个 script 可以解决您的问题。

#!/bin/sh

# vault-merge
# Benjamin Ragheb <ben@benzado.com>

# This shell script handles conflicts generated by attempts to merge encrypted
# Ansible Vault files. Run `git merge` as usual; when git warns of a merge
# conflict, run this command to attempt a merge on the unencrypted versions of
# the file. If there are conflicts, you will be given a chance to correct them
# in $EDITOR.

# First, we ensure we are inside the working directory of a git repo.

GIT_ROOT=`git rev-parse --show-toplevel`
if [ $? != 0 ]; then
    exit $?
fi

# Next, we set a default location for a vault password file, and allow the user
# to override it if desired.

VAULT_PASSWORD_FILE="$GIT_ROOT/.ansible-vault-password"

while getopts "p:" opt; do
    case $opt in
        p)
            VAULT_PASSWORD_FILE=$OPTARG
            ;;
        \?)
            # Invalid option (e.g., -p without an argument)
            exit 1
            ;;
    esac
done
shift $(($OPTIND - 1))

VAULT_OPT="--vault-password-file=$VAULT_PASSWORD_FILE"
VAULT_FILE=

# If no vault has been provided, abort!

if [ -z $VAULT_FILE ]; then
    echo "Usage: [=10=] [-p PASSWORD_FILE] VAULT_FILE"
    exit 1
fi

# If the password file doesn't exist, we prompt for the password and save it.

if [ ! -e $VAULT_PASSWORD_FILE ]; then
    read -s -p "Vault Password: " VAULT_PASSWORD
    echo
    echo "Remembering password in $VAULT_PASSWORD_FILE"
    echo $VAULT_PASSWORD > $VAULT_PASSWORD_FILE
else
    echo "Using password saved in $VAULT_PASSWORD_FILE"
fi

# Fetch the base (common ancestor) version of the encrypted vault file, save
# it to a temporary location, and decrypt it. (Hat Tip to the git-merge manual
# page for tipping me off to the `git show :1:path` notation.)

BASE=`mktemp ${VAULT_FILE}.base.XXXX`
git show :1:${VAULT_FILE} > $BASE 2> /dev/null
if [ $? != 0 ]; then
    echo "Path '${VAULT_FILE}' does not have any conflicts."
    rm $BASE
    exit 1
fi
ansible-vault decrypt $VAULT_OPT $BASE || exit $?

# Do the same with the current (branch we are merging INTO) version of the vault
# file.

CURRENT=`mktemp ${VAULT_FILE}.current.XXXX`
git show :2:${VAULT_FILE} > $CURRENT 2> /dev/null
ansible-vault decrypt $VAULT_OPT $CURRENT || exit $?

# And finally, with the other (branch we a merging FROM) version of the vault.

OTHER=`mktemp ${VAULT_FILE}.other.XXXX`
git show :3:${VAULT_FILE} > $OTHER 2> /dev/null
ansible-vault decrypt $VAULT_OPT $OTHER || exit $?

# Now that we have all three versions decrypted, ask git to attempt the merge
# again. If it fails again due to a conflict, open $EDITOR and let the user
# perform a manual merge.

git merge-file $CURRENT $BASE $OTHER
if [ $? == 0 ]; then
    echo "Merge OK"
else
    echo "Merge conflict; opening editor to resolve."
    $EDITOR $CURRENT
fi

# Now that we're done, encrypt the file and move it into the repo, and clean up
# the temporary files (they contain secrets!).

ansible-vault encrypt $VAULT_OPT $CURRENT
cp $CURRENT $VAULT_FILE
rm $BASE $CURRENT $OTHER

echo "$VAULT_FILE has been updated."
echo "    (use \"git add $VAULT_FILE\" to mark as resolved)"
echo "    (or re-run this command to retry the merge)"
exit 0