[!exec:age] skip 'age not found in $PATH'

mkhomedir
mkageconfig

# test that chezmoi add --encrypt encrypts
cp golden/.encrypted $HOME
chezmoi add --encrypt $HOME${/}.encrypted
exists $CHEZMOISOURCEDIR/encrypted_dot_encrypted.age
grep '-----BEGIN AGE ENCRYPTED FILE-----' $CHEZMOISOURCEDIR/encrypted_dot_encrypted.age
cp $CHEZMOISOURCEDIR/encrypted_dot_encrypted.age golden

# test that chezmoi apply decrypts
rm $HOME/.encrypted
chezmoi apply --force
cmp golden/.encrypted $HOME/.encrypted

# test that chezmoi apply --exclude=encrypted does not apply encrypted files
rm $HOME/.encrypted
chezmoi apply --exclude=encrypted --force
! exists $HOME/.encrypted
chezmoi apply --force
cmp $HOME/.encrypted golden/.encrypted

# test that chezmoi detects age encryption if age is configured but encryption = "age" is not set
removeline $CHEZMOICONFIGDIR/chezmoi.toml 'encryption = "age"'
chezmoi cat $HOME${/}.encrypted
cmp stdout golden/.encrypted

# test that chezmoi decrypt decrypts stdin
stdin $CHEZMOISOURCEDIR${/}encrypted_dot_encrypted.age
chezmoi decrypt
cmp stdout golden/.encrypted

# test that chezmoi decrypt decrypts a file
chezmoi decrypt $CHEZMOISOURCEDIR${/}encrypted_dot_encrypted.age
cmp stdout golden/.encrypted

# test chezmoi encrypt/chezmoi decrypt round trip
chezmoi encrypt golden/.encrypted
stdout '-----BEGIN AGE ENCRYPTED FILE-----'
stdin stdout
chezmoi decrypt
cmp stdout golden/.encrypted

# test that chezmoi --use-builtin-age=true decrypt decrypts a file encrypted by age
chezmoi --use-builtin-age=true decrypt $CHEZMOISOURCEDIR${/}encrypted_dot_encrypted.age
cmp stdout golden/.encrypted

# test that chezmoi --use-builtin-age=true encrypts a file than age then decrypts
chezmoi --use-builtin-age=true --output=$WORK${/}encrypted.age encrypt golden/.encrypted
chezmoi --use-builtin-age=false decrypt $WORK${/}encrypted.age
cmp stdout golden/.encrypted

# test that chezmoi edit --apply transparently decrypts and re-encrypts
chezmoi edit --apply --force $HOME${/}.encrypted
grep '# edited' $HOME/.encrypted

-- golden/.encrypted --
# contents of .encrypted
