Run tests directly on github runner instead of in the docker image

As this makes it possible to run the tests on different systems. Initially
ubuntu (20.04 and 24.04) and macOs (13 and 15).

.github/workflows/test.yml

@@ -36,7 +36,7 @@ jobs:
       - name: Install dependencies on macOS
         if: ${{ runner.os == 'macOS' }}
         run: |
-          brew install expect
+          command -v expect || brew install expect
 
       - name: Prepare tools directory
         run: |
@@ -81,7 +81,7 @@ jobs:
           done
 
       - name: Set up Python 3.11
-        if: ${{ runner.os == 'macOS' }}
+        if: ${{ runner.os == 'macOS' || matrix.os == 'ubuntu-20.04' }}
         uses: actions/setup-python@v5
         with:
           python-version: 3.11

test/test_unit_parse_encrypt.py

@@ -1,7 +1,5 @@
 """Unit tests: parse_encrypt"""
 
-import sys
-
 import pytest
 
 
@@ -107,7 +105,8 @@ def create_test_encrypt_data(paths):
     edata += "dirwild*\n"
     paths.work.join("dirwildcard/file1").write("", ensure=True)
     paths.work.join("dirwildcard/file2").write("", ensure=True)
-    expected.add("dirwildcard")
+    expected.add("dirwildcard/file1")
+    expected.add("dirwildcard/file2")
 
     # excludes
     edata += "exclude*\n"
@@ -125,17 +124,16 @@ def create_test_encrypt_data(paths):
     expected.add("ex ex/file4")
     expected.add("ex ex/file6.text")
 
-    # double star (not supported on bash 3 which is the default on macOS)
-    if sys.platform != "darwin":
-        edata += "doublestar/**/file*\n"
-        edata += "!**/file3\n"
-        paths.work.join("doublestar/a/b/file1").write("", ensure=True)
-        paths.work.join("doublestar/c/d/file2").write("", ensure=True)
-        paths.work.join("doublestar/e/f/file3").write("", ensure=True)
-        paths.work.join("doublestar/g/h/nomatch").write("", ensure=True)
-        expected.add("doublestar/a/b/file1")
-        expected.add("doublestar/c/d/file2")
-        # doublestar/e/f/file3 is excluded
+    # double star
+    edata += "doublestar/**/file*\n"
+    edata += "!**/file3\n"
+    paths.work.join("doublestar/a/b/file1").write("", ensure=True)
+    paths.work.join("doublestar/c/d/file2").write("", ensure=True)
+    paths.work.join("doublestar/e/f/file3").write("", ensure=True)
+    paths.work.join("doublestar/g/h/nomatch").write("", ensure=True)
+    expected.add("doublestar/a/b/file1")
+    expected.add("doublestar/c/d/file2")
+    # doublestar/e/f/file3 is excluded
 
     return edata, expected
 
@@ -189,9 +187,7 @@ def run_parse_encrypt(runner, paths, skip_parse=False, twice=False):
         YADM_WORK={paths.work}
         export YADM_WORK
         {parse_cmd}
-        export ENCRYPT_INCLUDE_FILES
-        export PARSE_ENCRYPT_SHORT
-        env
+        echo PARSE_ENCRYPT_SHORT=$PARSE_ENCRYPT_SHORT
         echo EIF_COUNT:${{#ENCRYPT_INCLUDE_FILES[@]}}
         for value in "${{ENCRYPT_INCLUDE_FILES[@]}}"; do
             echo "EIF:$value"

yadm

@@ -1940,65 +1940,30 @@ function parse_encrypt() {
   fi
 
   ENCRYPT_INCLUDE_FILES=()
-  ENCRYPT_EXCLUDE_FILES=()
-  FINAL_INCLUDE=()
 
   [ -f "$YADM_ENCRYPT" ] || return
 
   cd_work "Parsing encrypt" || return
 
-  # setting globstar to allow ** in encrypt patterns
-  # (only supported on Bash >= 4)
-  local unset_globstar
-  if ! shopt globstar &> /dev/null; then
-    unset_globstar=1
-  fi
-  shopt -s globstar &> /dev/null
+  local -a exclude
+  local -a include
 
-  exclude_pattern="^!(.+)"
-  # parse both included/excluded
-  while IFS='' read -r line || [ -n "$line" ]; do
-    if [[ ! $line =~ ^# && ! $line =~ ^[[:blank:]]*$ ]] ; then
-      local IFS=$'\n'
-      for pattern in $line; do
-        if [[ "$pattern" =~ $exclude_pattern ]]; then
-          for ex_file in ${BASH_REMATCH[1]}; do
-            if [ -e "$ex_file" ]; then
-              ENCRYPT_EXCLUDE_FILES+=("$ex_file")
-            fi
-          done
-        else
-          for in_file in $pattern; do
-            if [ -e "$in_file" ]; then
-              ENCRYPT_INCLUDE_FILES+=("$in_file")
-            fi
-          done
-        fi
-      done
-    fi
+  while IFS= read -r pattern; do
+      if [[ $pattern =~ ^# || $pattern =~ ^[[:blank:]]*$ ]]; then
+          continue
+      fi
+      if [[ $pattern =~ ^!(.*)$ ]]; then
+          exclude+=(--exclude "${pattern:1}")
+      else
+          include+=("$pattern")
+      fi
   done < "$YADM_ENCRYPT"
 
-  # remove excludes from the includes
-  #(SC2068 is disabled because in this case, we desire globbing)
-  #shellcheck disable=SC2068
-  for included in "${ENCRYPT_INCLUDE_FILES[@]}"; do
-    skip=
-    #shellcheck disable=SC2068
-    for ex_file in ${ENCRYPT_EXCLUDE_FILES[@]}; do
-      [ "$included" == "$ex_file" ] && { skip=1; break; }
-    done
-    [ -n "$skip" ] || FINAL_INCLUDE+=("$included")
-  done
-
-  # sort the encrypted files
-  #shellcheck disable=SC2207
-  IFS=$'\n' ENCRYPT_INCLUDE_FILES=($(LC_ALL=C sort <<<"${FINAL_INCLUDE[*]}"))
-  unset IFS
-
-  if [ "$unset_globstar" = "1" ]; then
-    shopt -u globstar &> /dev/null
+  if [[ ${#include} -gt 0 ]]; then
+      while IFS= read -r filename; do
+          ENCRYPT_INCLUDE_FILES+=("$filename")
+      done < <("$GIT_PROGRAM" ls-files --others "${exclude[@]}" -- "${include[@]}")
   fi
-
 }
 
 function builtin_dirname() {

yadm.1

@@ -129,15 +129,15 @@ By default,
 will be used as the
 .IR work-tree ,
 but this can be overridden with the
-.BR -w \ option.
+.BR \-w \ option.
 yadm can be forced to overwrite an existing repository by providing the
-.BR -f \ option.
+.BR \-f \ option.
 If you want to use a branch other than the remote HEAD branch
 you can specify it using the
-.BR -b \ option.
+.BR \-b \ option.
 By default yadm will ask the user if the bootstrap program should be run (if it
 exists). The options
-.BR --bootstrap " or " --no-bootstrap
+.BR \-\-bootstrap " or " \-\-no\-bootstrap
 will either force the bootstrap to be run, or prevent it from being run,
 without prompting the user.
 .TP
@@ -154,7 +154,7 @@ Decrypt all files stored in
 Files decrypted will be relative to the configured
 .IR work-tree \ (usually\  $HOME ).
 Using the
-.B -l
+.B \-l
 option will list the files stored without extracting them.
 .TP
 .B encrypt
@@ -230,13 +230,13 @@ By default,
 will be used as the
 .IR work-tree ,
 but this can be overridden with the
-.BR -w \ option.
+.BR \-w \ option.
 yadm can be forced to overwrite an existing repository by providing the
-.BR -f \ option.
+.BR \-f \ option.
 .TP
 .B list
 Print a list of files managed by yadm.
-.RB The \ -a
+.RB The \ \-a
 option will cause all managed files to be listed.
 Otherwise, the list will only include files from the current directory or below.
 .TP
@@ -281,7 +281,7 @@ your submodules cannot be de-initialized, the upgrade will fail. The most
 common reason submodules will fail to de-initialize is because they have local
 modifications. If you are willing to lose the local modifications to those
 submodules, you can use the
-.B -f
+.B \-f
 option with the "upgrade" command to force the de-initialization.
 
 After running "yadm upgrade", you should run "yadm status" to review changes
@@ -304,33 +304,33 @@ For example, the following alias could be used to override the repository
 directory.
 
 .RS
-alias yadm='yadm --yadm-repo /alternate/path/to/repo'
+alias yadm='yadm \-\-yadm\-repo /alternate/path/to/repo'
 .RE
 
 The following is the full list of universal options.
 Each option should be followed by a path.
 .TP
-.B -Y,--yadm-dir
+.B \-Y, \-\-yadm\-dir
 Override the yadm directory.
 yadm stores its configurations relative to this directory.
 .TP
-.B --yadm-data
+.B \-\-yadm\-data
 Override the yadm data directory.
 yadm stores its data relative to this directory.
 .TP
-.B --yadm-repo
+.B \-\-yadm\-repo
 Override the location of the yadm repository.
 .TP
-.B --yadm-config
+.B \-\-yadm\-config
 Override the location of the yadm configuration file.
 .TP
-.B --yadm-encrypt
+.B \-\-yadm\-encrypt
 Override the location of the yadm encryption configuration.
 .TP
-.B --yadm-archive
+.B \-\-yadm\-archive
 Override the location of the yadm encrypted files archive.
 .TP
-.B --yadm-bootstrap
+.B \-\-yadm\-bootstrap
 Override the location of the yadm bootstrap program.
 
 .SH CONFIGURATION
@@ -437,7 +437,7 @@ By default, no class will be matched.
 The local host can be assigned multiple classes using command:
 
 .RS
-yadm config --add local.class <additional-class>
+yadm config \-\-add local.class <additional-class>
 .RE
 .TP
 .B local.arch
@@ -483,12 +483,12 @@ See the TEMPLATES section for more details.
 .BR user ,\  u
 Valid if the value matches the current user.
 Current user is calculated by running
-.BR "id -u -n" .
+.BR "id \-u \-n" .
 .TP
 .BR hostname ,\  h
 Valid if the value matches the short hostname.
 Hostname is calculated by running
-.BR "uname -n" ,
+.BR "uname \-n" ,
 and trimming off any domain.
 .TP
 .BR class ,\  c
@@ -503,7 +503,7 @@ See the CONFIGURATION section for more details about setting
 .BR distro ,\  d
 Valid if the value matches the distro.
 Distro is calculated by running
-.B "lsb_release -si"
+.B "lsb_release \-si"
 or by inspecting the ID from
 .BR "/etc/os-release" .
 .TP
@@ -515,12 +515,12 @@ Distro family is calculated by inspecting the ID_LIKE line from
 .BR os ,\  o
 Valid if the value matches the OS.
 OS is calculated by running
-.BR "uname -s" .
+.BR "uname \-s" .
 .TP
 .BR arch ,\  a
 Valid if the value matches the architecture.
 Architecture is calculated by running
-.BR "uname -m" .
+.BR "uname \-m" .
 .TP
 .B default
 Valid when no other alternate is valid.
@@ -667,15 +667,15 @@ During processing, the following variables are available in the template:
 
  Default              Jinja or ESH         Description
  -------------        -------------        ----------------------------
- yadm.arch            YADM_ARCH            uname -m
+ yadm.arch            YADM_ARCH            uname \-m
  yadm.class           YADM_CLASS           Last locally defined class
  yadm.classes         YADM_CLASSES         All classes
- yadm.distro          YADM_DISTRO          lsb_release -si
+ yadm.distro          YADM_DISTRO          lsb_release \-si
  yadm.distro_family   YADM_DISTRO_FAMILY   ID_LIKE from /etc/os-release
- yadm.hostname        YADM_HOSTNAME        uname -n (without domain)
- yadm.os              YADM_OS              uname -s
+ yadm.hostname        YADM_HOSTNAME        uname \-n (without domain)
+ yadm.os              YADM_OS              uname \-s
  yadm.source          YADM_SOURCE          Template filename
- yadm.user            YADM_USER            id -u -n
+ yadm.user            YADM_USER            id \-u \-n
  env.VAR                                   Environment variable VAR
 
 .BR NOTE :
@@ -750,7 +750,8 @@ gpg is used by default, but openssl can be configured with the
 .I yadm.cipher
 configuration.
 
-To use this feature, a list of patterns must be created and saved as
+To use this feature, a list of patterns (one per line) must be created and
+saved as
 .IR $HOME/.config/yadm/encrypt .
 This list of patterns should be relative to the configured
 .IR work-tree \ (usually\  $HOME ).
@@ -761,11 +762,10 @@ For example:
     .gnupg/*.gpg
 .RE
 
-Standard filename expansions (*, ?, [) are supported.
-If you have Bash version 4, you may use "**" to match all subdirectories.
-Other shell expansions like brace and tilde are not supported.
-Spaces in paths are supported, and should not be quoted.
-If a directory is specified, its contents will be included, but not recursively.
+Standard filename expansions (*, ?, [) are supported. Two consecutive asterisks
+"**" can be used to match all subdirectories.  Other shell expansions like
+brace and tilde are not supported.  Spaces in paths are supported, and should
+not be quoted.  If a directory is specified, its contents will be included.
 Paths beginning with a "!" will be excluded.
 
 The
@@ -976,7 +976,7 @@ to the Git index and create a new commit
 .B yadm remote add origin <url>
 Add a remote origin to an existing repository
 .TP
-.B yadm push -u origin master
+.B yadm push \-u origin master
 Initial push of master to origin
 .TP
 .B echo ".ssh/*.key" >> $HOME/.config/yadm/encrypt