Fix local changes detection

Do not use diff as this only detects modified files, but not added ones.
Run status --porcelain instead and check if there is any output.

README.md

@@ -8,6 +8,8 @@ the clone base for one campaign and a simple crontab script to pull data from th
 - base_setup.sh: setup for the folder structure, users, etc
 - new_clone.sh: Basic clone script
 - git_sync.sh: The script to run in crontab, to sync the changes
+- switch_branch.sh: Switch from one branch to the other
+- create_ssh_config.sh: setup ssh key and ssh config entry
 
 ## Run commands
 
@@ -30,17 +32,30 @@ as is, if the folder exists it will only copy the scripts, will not alter or cha
 
 Planned to get auto fixes for wrong ACL, etc or missing config settings
 
+### SSH Key generation
+
+A SSH Key has to be generated for each git respository that will be synced and the configuration has to be added to the ssh config file
+
+```sh
+create_ssh_config.sh [repo url full] ([jump proxy])
+```
+
+> [!notice]
+> This will currently output the command to create the SSH key and the host config to add to the ssh config file
+
 ### new_clone.sh
 
 Create a new clone
 
 ```sh
-new_clone.sh [repository] [branch] ([host]) ([remote name])
+new_clone.sh -r <Repository URL> -b <Branch Name> [-H <Host name>] [-f <Folder name>] [-n <Remote name>]
 ```
 
-The [host] is the SSH Host name entry, this sill repalce any "[host]:" in the [repository]. If the [host] is not set the host set in the [repository] will be used. If nothing found the script will abort
+The [host (-H)] is the SSH Host name entry, this will replace any "[host]:" in the [repository]. If the [host (-H)] is not set the host set in the [repository] will be used. If nothing found the script will abort. Note that if [host (-H)] is not set the host name will be the Repository name which has to match the SSH config setting.
 
-A [branch] name must be set all the time.
+A [branch (-B)] name must be set all the time.
+
+An override folder naem can be set with `-f`
 
 An optional [remote name] can be set, if not set "origin" will be used.
 
@@ -69,6 +84,23 @@ Sample
 [2025-07-04 16:06:31] [<uniq id>] [END]
 ```
 
+#### What happens to local changes
+
+Any local changes are stored in a backup branch and then reset and cleaned up. No local changes should be commited or synced up, this would break the pull only flow.
+
+If there are changes and they have been reset it will show up in the log like this
+
+```log
+...
+[2026-01-22 14:31:02] [F4222EC4] [!] Local or cached changes detected, creating backup branch and resetting changes
+[2026-01-22 14:31:02] [F4222EC4] Reset log: HEAD is now at 633f6de Uppdate 14
+...
+```
+
+If a clean up was run too it will show up as "Clean log" after the Reset log.
+
+The reset will only reset local or cached changs (added) but not changed that have been commited. If changes have been commited a manual reset has to be done.
+
 ## TODO
 
 Future versions will hold an incoming webhook handler and a polling scripts (systemd based)

src/bin/base_setup.sh

@@ -90,6 +90,7 @@ if [ -d "${GIT_WEBHOOK_BASE_FOLDER}" ]; then
 		"${BASE_FOLDER}init.sh" \
 		"${BASE_FOLDER}git_sync.sh" \
 		"${BASE_FOLDER}switch_branch.sh" \
+		"${BASE_FOLDER}create_ssh_config.sh" \
 		"${GIT_WEBHOOK_BASE_FOLDER}${CLONE_SCRIPTS_FOLDER}";
 	cp "${CONFIG_BASE}/webhook.default.cfg" \
 		"${GIT_WEBHOOK_BASE_FOLDER}${CONFIG_FOLDER}";
@@ -99,6 +100,7 @@ if [ -d "${GIT_WEBHOOK_BASE_FOLDER}" ]; then
 		"${BASE_FOLDER}init.sh" \
 		"${BASE_FOLDER}git_sync.sh" \
 		"${BASE_FOLDER}switch_branch.sh" \
+		"${BASE_FOLDER}create_ssh_config.sh" \
 		"${CONFIG_BASE}/webhook.default.cfg";
 	# check config entries missing
 	exit;
@@ -180,6 +182,7 @@ EOF
 		"${BASE_FOLDER}init.sh" \
 		"${BASE_FOLDER}git_sync.sh" \
 		"${BASE_FOLDER}switch_branch.sh" \
+		"${BASE_FOLDER}create_ssh_config.sh" \
 		"${GIT_WEBHOOK_BASE_FOLDER}${CLONE_SCRIPTS_FOLDER}";
 	cp \
 		"${CONFIG_BASE}/webhook.cfg" \
@@ -191,6 +194,7 @@ EOF
 		"${BASE_FOLDER}init.sh" \
 		"${BASE_FOLDER}git_sync.sh" \
 		"${BASE_FOLDER}switch_branch.sh" \
+		"${BASE_FOLDER}create_ssh_config.sh" \
 		"${CONFIG_BASE}/webhook.cfg" \
 		"${CONFIG_BASE}/webhook.default.cfg";
 fi;

src/bin/create_ssh_config.sh

@@ -0,0 +1,91 @@
+#!/usr/bin/env bash
+
+# <s> [SSH Key name] [repo url] ([Jump Proxy])
+
+# ssh-keygen -t ed25519 -N "" -C "${repo_url}" -f "${ssh_key_name}"
+
+# CONFIG
+# Host <Repo name flattened>
+# 	Hostname <host name>
+# 	User git
+# 	IdentityFile ~/.ssh/<pem key name>
+# 	[ProxyJump <jump proxy>]
+
+REPOSITORY="$1";
+JUMP_PROXY="$2";
+if [ "${REPOSITORY}" == "--help" ]; then
+	echo "$0 <Repo.git> [<Jump Proxy>]";
+	exit;
+fi;
+# below are only to skip error
+BRANCH="-"
+
+BASE_FOLDER=$(dirname "$(readlink -f "$0")")"/";
+# shellcheck source=init.sh
+. "${BASE_FOLDER}init.sh";
+
+# base folder for ssh config
+SSH_CONFIG_BASE="${GIT_WEBHOOK_BASE_FOLDER}.ssh/";
+if [ ! -f "${SSH_CONFIG_BASE}config" ]; then
+	echo "[!] SSH config file does not exist: ${SSH_CONFIG_BASE}";
+	error=1;
+fi;
+
+if [[ "${REPOSITORY}" == *":"* ]]; then
+	REMOTE_USER_HOST=$(echo "${REPOSITORY}" | cut -d ":" -f 1);
+	REMOTE_HOST=$(echo "${REMOTE_USER_HOST}" | cut -d "@" -f 2);
+	REMOTE_USER=$(echo "${REMOTE_USER_HOST}" | cut -d "@" -f 1);
+else
+	echo "[!] Must set a full repository path with remote host for the repository";
+	error=1;
+fi;
+# if we have an ":" in the repository, split by it and replace it with the remote host
+if [[ "${REPOSITORY}" == *":"* ]]; then
+	REPOSITORY=$(echo "${REPOSITORY}" | cut -d ":" -f 2);
+fi;
+GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git);
+
+if [ -f "${SSH_CONFIG_BASE}${GIT_REPOSITORY_NAME}.pem" ]; then
+	echo "SSH Key: ${SSH_KEY_NAME} already exists";
+	error=1
+fi;
+
+if
+	[ -f "${SSH_CONFIG_BASE}config" ] &&
+	[ -n "${GIT_REPOSITORY_NAME}" ] &&
+	grep "Host ${GIT_REPOSITORY_NAME}" "${SSH_CONFIG_BASE}config";
+then
+	echo "[!] ssh config entry for Host '${GIT_REPOSITORY_NAME}' already exists";
+	error=1
+fi;
+if [ $error -eq 1 ]; then
+	exit;
+fi;
+
+# SUDO_COMMAND= as base
+# ssh-keygen -t ed25519 -N "" -C "${GIT_REPOSITORY_NAME}" -f "${SSH_CONFIG_BASE}${SSH_KEY_NAME}"
+# must add ".pem" if key name does not end in .pem
+SSH_COMMAND=("${SUDO_COMMAND[@]}" "ssh-keygen" "-t" "ed25519" "-N" "\"\"" "-C" "${GIT_REPOSITORY_NAME}" "-f" "${SSH_CONFIG_BASE}${GIT_REPOSITORY_NAME}.pem")
+SSH_CONFIG_COMMAND=("${SUDO_COMMAND[@]}" "vim" "${SSH_CONFIG_BASE}config")
+
+# debug output for now
+echo "";
+echo "* SSH-KEYGEN:"
+echo "";
+echo "${SSH_COMMAND[*]}";
+echo "";
+echo "* ADD TO: ${SSH_CONFIG_BASE}config";
+echo "";
+echo "${SSH_CONFIG_COMMAND[*]}";
+echo "";
+echo "Host ${GIT_REPOSITORY_NAME}"
+echo "    Hostname ${REMOTE_HOST}";
+echo "    User ${REMOTE_USER}";
+echo "    PreferredAuthentications publickey";
+echo "    IdentityFile ~/.ssh/${GIT_REPOSITORY_NAME}.pem";
+if [ -n "${JUMP_PROXY}" ]; then
+	echo "    ProxyJump ${JUMP_PROXY}";
+fi;
+echo "";
+
+# __END__

src/bin/git_sync.sh

@@ -7,6 +7,10 @@
 REPOSITORY="$1";
 BRANCH="$2";
 REMOTE_NAME="$3";
+if [ "${REPOSITORY}" == "--help" ]; then
+	echo "$0 <Repo.git> <branch> [<remote name, defaults to origin>]";
+	exit;
+fi;
 if [ -z "${REMOTE_NAME}" ]; then
 	REMOTE_NAME="origin"
 fi;
@@ -29,9 +33,27 @@ GIT_COMMAND=("${GIT_COMMAND_BASE[@]}" "-C" "${GIT_REPOSITORY_FOLDER}" "fetch" "-
 "${GIT_COMMAND[@]}"
 # check diff for if we need to update
 GIT_COMMAND=("${GIT_COMMAND_BASE[@]}" "-C" "${GIT_REPOSITORY_FOLDER}" "diff" "--stat" "HEAD" "${REMOTE_NAME}/${BRANCH}")
+# In general all data that should not be checked in should be in the .gitignore file
 changes=$("${GIT_COMMAND[@]}" 2>&1)
 if [ -n "${changes}" ]; then
 	echo "[$(date +"%Y-%m-%d %H:%M:%S")] [${unique_id}] [START] git merge ${GIT_REPOSITORY_FOLDER} ${REMOTE_NAME}/${BRANCH}" &>> "$LOG_FILE";
+	# check if there are local changes, make a backup branch and reset them
+	changes=$("${GIT_COMMAND_BASE[@]}" "-C" "${GIT_REPOSITORY_FOLDER}" "status" "--porcelain");
+	if [ -n "$changes" ]; then
+		echo "[$(date +"%Y-%m-%d %H:%M:%S")] [${unique_id}] [!] Changes detected, creating backup branch and resetting changes" &>> "$LOG_FILE";
+		GIT_COMMAND=("${GIT_COMMAND_BASE[@]}" "-C" "${GIT_REPOSITORY_FOLDER}" "branch" "backup-$(date +%Y%m%d-%H%M%S)")
+		"${GIT_COMMAND[@]}";
+		# Reset everything
+		GIT_COMMAND=("${GIT_COMMAND_BASE[@]}" "-C" "${GIT_REPOSITORY_FOLDER}" "reset" "--hard" "HEAD")
+		log_data=$("${GIT_COMMAND[@]}" 2>&1);
+		echo "[$(date +"%Y-%m-%d %H:%M:%S")] [${unique_id}] Reset log: ${log_data}" &>> "$LOG_FILE";
+		GIT_COMMAND=("${GIT_COMMAND_BASE[@]}" "-C" "${GIT_REPOSITORY_FOLDER}" "clean" "-fd")
+		log_data=$("${GIT_COMMAND[@]}" 2>&1);
+		if [ -n "${log_data}" ]; then
+			echo "[$(date +"%Y-%m-%d %H:%M:%S")] [${unique_id}] Clean log: ${log_data}" &>> "$LOG_FILE";
+		fi;
+	fi;
+	# MERGE
 	GIT_COMMAND=("${GIT_COMMAND_BASE[@]}" "-C" "${GIT_REPOSITORY_FOLDER}" merge "${REMOTE_NAME}/${BRANCH}")
 	log_data=$("${GIT_COMMAND[@]}" 2>&1);
 	echo "[$(date +"%Y-%m-%d %H:%M:%S")] [${unique_id}] ${log_data}" &>> "$LOG_FILE";

src/bin/init.sh

@@ -23,7 +23,7 @@ if [ -z "$(command -v git)" ]; then
 fi;
 GIT_COMMAND_BASE=("git");
 SUDO_COMMAND=()
-if [ -n "${USE_SUDO}" ]; then
+if [ "${USE_SUDO}" == 1 ]; then
 	# if we are root -> ok, else we must be SUDO USER
 	if [ "$(whoami)" = "root" ]; then
 		SUDO_COMMAND=("sudo" "-u" "${SUDO_USER}");

src/bin/new_clone.sh

@@ -4,10 +4,101 @@
 # DATE: 2025/6/27
 # DESC: create a new basic clone
 
-REPOSITORY="$1";
+# COMMAND: new_clone.sh <Repo.git> <branch> [<host>] [<Repo Target Name>] [<remote name>]
-BRANCH="$2";
+
-REMOTE_HOST="$3";
+
-REMOTE_NAME="$4";
+function error() {
+	if [ -t 1 ]; then echo "[MAK] ERROR: $*" >&2; fi; exit 0;
+}
+
+usage() {
+	cat <<EOF
+Usage: $(basename "${BASH_SOURCE[0]}") [-h | --help] -r | --repository <Repository URL> -b | --branch <Branch Name> [-H | --host <Host name>] [-f | --folder <Folder name>] [-n | --remote <Remote name>]
+
+New clone a git repository via ssh into the clone folder.
+
+Available options:
+
+-h, --help                        Print this help and exit
+-r, --repository <Repository URL> Repository path (e.g. user/repo.git)
+-b, --branch <Branch Name>        Branch to clone (e.g. main)
+-H, --host <Host name>            Override SSH host from ssh config (e.g. my-ssh-host)
+-f, --folder <Folder name>        Target folder name for the repository (e.g. repo-name)
+-n, --remote <Remote name>        Remote name (defaults to origin)
+
+EOF
+	exit
+}
+
+# REPOSITORY="$1";
+# BRANCH="$2";
+# REMOTE_HOST="$3";
+# REPOSITORY_FOLDER="$4"
+# REMOTE_NAME="$5";
+# if [ "${REPOSITORY}" == "--help" ]; then
+# 	echo "$0 <Repo.git> <branch> [<override host>] [<target folder>] [<remote name, defaults to origin>]";
+# 	exit;
+# fi;
+REPOSITORY="";
+BRANCH="";
+REMOTE_HOST="";
+REPOSITORY_FOLDER="";
+REMOTE_NAME="origin";
+while [ -n "${1-}" ]; do
+	case "${1}" in
+		-r | --repository)
+			REPOSITORY="${2-}";
+			shift
+			;;
+		-b | --branch)
+			BRANCH="${2-}";
+			shift
+			;;
+		-H | --host)
+			REMOTE_HOST="${2-}";
+			shift
+			;;
+		-f | --folder)
+			REPOSITORY_FOLDER="${2-}";
+			shift
+			;;
+		-n | --remote)
+			REMOTE_NAME="${2-}";
+			shift
+			;;
+		-h | --help)
+			usage
+			;;
+		# invalid option
+		-?*)
+			error "[!] Unknown option: '$1'."
+			;;
+	esac
+	shift;
+done;
+
+# if no repository or banch name given, show error
+error=0
+if [ -z "${REPOSITORY}" ]; then
+	echo "[!] Must set a repository full url, ssh only";
+	error=1;
+fi;
+if [ -z "${BRANCH}" ]; then
+	echo "[!] Must set a branch name";
+	error=1;
+fi;
+# further checks that repository folder if set can only by alphanumeric, -, _ or .
+if [ -n "${REPOSITORY_FOLDER}" ]; then
+	if ! [[ "${REPOSITORY_FOLDER}" =~ ^[a-zA-Z0-9._-]+$ ]]; then
+		echo "[!] Repository folder name can only contain alphanumeric characters, dots, dashes or underscores";
+		error=1;
+	fi;
+fi;
+
+if [ $error -eq 1 ]; then
+	exit;
+fi;
+
 if [ -z "${REMOTE_NAME}" ]; then
 	REMOTE_NAME="origin"
 fi;
@@ -19,19 +110,20 @@ if [ -z "${REPOSITORY}" ]; then
 	echo "[!] Must set a repository path";
 	error=1;
 fi;
-# if remote host is empty try to set from repository
-if [ -z "${REMOTE_HOST}" ]; then
-	if [[ "${REPOSITORY}" == *":"* ]]; then
-		REMOTE_HOST=$(echo "${REPOSITORY}" | cut -d ":" -f 1);
-	else
-		echo "[!] Must set a remote host for the repository";
-		error=1;
-	fi;
-fi;
 # if we have an ":" in the repository, split by it and replace it with the remote host
 if [[ "${REPOSITORY}" == *":"* ]]; then
 	REPOSITORY=$(echo "${REPOSITORY}" | cut -d ":" -f 2);
 fi;
+# strip .git from the repository path, this is folder and ssh key Host name
+if [ -z "${REPOSITORY_FOLDER}" ]; then
+	GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git);
+else
+	GIT_REPOSITORY_NAME="${REPOSITORY_FOLDER}";
+fi;
+# set remote host if not set to the ssh config name
+if [ -z "${REMOTE_HOST}" ]; then
+	REMOTE_HOST="$(basename "${REPOSITORY}" .git)";
+fi;
 if [ $error -eq 1 ]; then
 	exit;
 fi;
@@ -39,7 +131,7 @@ fi;
 error=0
 echo "* Validate SSH PEM Key exist and SSH config";
 if ! grep "Host ${REMOTE_HOST}" "${GIT_WEBHOOK_BASE_FOLDER}"/.ssh/config; then
-	echo "ssh config entry for Host ${REMOTE_HOST} is missing";
+	echo "[!] ssh config entry for Host ${REMOTE_HOST} is missing in ${GIT_WEBHOOK_BASE_FOLDER}/.ssh/config";
 	error=1;
 else
 	# make sure the identiy file is there
@@ -60,8 +152,6 @@ fi;
 
 unique_id=$(uuidgen | tr -d '-' | head -c 8);
 
-# strip .git from the repository path
-GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git);
 # log folder target
 LOG_FILE="${GIT_WEBHOOK_BASE_FOLDER}${LOG_FOLDER}${GIT_REPOSITORY_NAME}.log";
 # from the repository get the last path without the .git so we have the target folder

src/bin/switch_branch.sh

@@ -8,6 +8,10 @@
 REPOSITORY="$1";
 BRANCH="$2";
 REMOTE_NAME="$3";
+if [ "${REPOSITORY}" == "--help" ]; then
+	echo "$0 <Repo.git> <branch> [<remote name, defaults to origin>]";
+	exit;
+fi;
 if [ -z "${REMOTE_NAME}" ]; then
 	REMOTE_NAME="origin"
 fi;