Add git-crypt merge driver

.gitattributes

@@ -1,10 +1,10 @@
-secretfile filter=git-crypt diff=git-crypt
-*.tfvars filter=git-crypt diff=git-crypt
-k8s-resources/grafana/config.yml filter=git-crypt diff=git-crypt
-k8s-resources/kibana-auth-proxy/envs/**/* filter=git-crypt diff=git-crypt
-k8s-resources/fluentd/envs/**/* filter=git-crypt diff=git-crypt
-k8s-resources/jenkins/envs/**/* filter=git-crypt diff=git-crypt
-k8s-resources/prometheus/envs/**/* filter=git-crypt diff=git-crypt
-infra/kops/clusters/**/* filter=git-crypt diff=git-crypt
-chart-env-config/**/* filter=git-crypt diff=git-crypt
-infra/terraform/modules/federated_identity/saml/**/* filter=git-crypt diff=git-crypt
+secretfile filter=git-crypt diff=git-crypt merge=git-crypt
+*.tfvars filter=git-crypt diff=git-crypt merge=git-crypt
+k8s-resources/grafana/config.yml filter=git-crypt diff=git-crypt merge=git-crypt
+k8s-resources/kibana-auth-proxy/envs/**/* filter=git-crypt diff=git-crypt merge=git-crypt
+k8s-resources/fluentd/envs/**/* filter=git-crypt diff=git-crypt merge=git-crypt
+k8s-resources/jenkins/envs/**/* filter=git-crypt diff=git-crypt merge=git-crypt
+k8s-resources/prometheus/envs/**/* filter=git-crypt diff=git-crypt merge=git-crypt
+infra/kops/clusters/**/* filter=git-crypt diff=git-crypt merge=git-crypt
+chart-env-config/**/* filter=git-crypt diff=git-crypt merge=git-crypt
+infra/terraform/modules/federated_identity/saml/**/* filter=git-crypt diff=git-crypt merge=git-crypt

README.md

@@ -38,6 +38,15 @@ Because both Terraform and Kops create AWS resources in two different phases, th
 
 Terraform `terraform.tfvars` files contain sensitive information, so are encrypted using `git-crypt`. To work with this repository you must ask a repo member or admin to add your GPG key.
 
+If you get merge conflicts on gitcrypted files then by default it will not put the <<< ---- >>> sections to show you the different versions. You can fix this behaviour by specifying this custom merge driver in your .git/config:
+```
+[merge "git-crypt"]
+       name = A custom merge driver used to merge git-crypted files.
+       driver = ./gitcrypt-merge-tool.sh %O %A %B
+       recursive = binary
+```
+See: https://github.com/AGWA/git-crypt/issues/140#issuecomment-361031719
+
 ## Kubernetes resource management
 
 All [Kubernetes][kubernetes] resources are managed as [Helm][helm] charts, the Kubernetes package manager. Analytics-specific charts are served via our [Helm repository](http://moj-analytics-helm-repo.s3-website-eu-west-1.amazonaws.com) - source code is in the [ministryofjustice/analytics-platform-helm-charts](https://github.com/ministryofjustice/analytics-platform-helm-charts) repository, and chart values for each environment are stored in the [ministryofjustice/analytics-platform-config](https://github.com/ministryofjustice/analytics-platform-config) repository.

gitcrypt-merge-tool.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+# See: https://github.com/AGWA/git-crypt/issues/140#issuecomment-361031719
+ancestor_decrypted="$1__decrypt"
+current_decrypted="$2__decrypt"
+other_decrypted="$3__decrypt"
+echo ""
+echo "###########################"
+echo "# Git crypt driver called #"
+echo "###########################"
+echo ""
+
+echo "Decrypting ancestor file..."
+cat $1 | git-crypt smudge > "${ancestor_decrypted}"
+echo "Decrypting current file..."
+cat $2 | git-crypt smudge > "${current_decrypted}"
+echo "Decrypting other file..."
+cat $3 | git-crypt smudge > "${other_decrypted}"
+echo ""
+
+echo "Merging ..."
+git merge-file -L "current branch" -L "ancestor branch" -L "other branch" "${current_decrypted}" "${ancestor_decrypted}" "${other_decrypted}"
+exit_code=$?
+cat "${current_decrypted}" | git-crypt clean > $2
+
+echo "Removing temporary files..."
+rm "${other_decrypted}" "${ancestor_decrypted}" "${current_decrypted}"
+
+if [ "$exit_code" -eq "0" ]
+then
+    echo "@@@ No conflict!"
+else
+    echo "@@@ You need to solve some conflicts..."
+fi
+
+exit $exit_code
+