Switch init_pre hook to Deno (typescript)

home/.chezmoi.toml.tmpl

@@ -64,7 +64,7 @@ encryption = "age"
 	config = "production"
 
 [hooks.init.pre]
-	command = "{{ .chezmoi.sourceDir }}/hooks/.init_pre.sh"
+	command = "{{ .chezmoi.sourceDir }}/hooks/.init_pre.ts"
 [hooks.update.pre]
 	command = "{{ .chezmoi.sourceDir }}/hooks/.update_pre.sh"
 [hooks.read-source-state.pre]

home/hooks/.init_pre.sh

@@ -1,11 +0,0 @@
-#!/bin/bash
-
-# note: CHEZMOI_UPDATE will be set if this was invoked indirectly by 'chezmoi update --init'
-set -eu
-
-# While key.txt is managed by Chezmoi, it's required for encrypted operations and needed to bootstrap other operations.
-if [ ! -f ~/key.txt ]; then
-    rbw get "key.txt (age)" --field notes >>~/key.txt
-    rbw get "key.txt (age)" --field password >>~/key.txt
-    echo "key.txt bootstrapped"
-fi

home/hooks/.init_pre.ts

@@ -0,0 +1,28 @@
+#!/usr/bin/env -S deno run -A
+
+import { resolve } from "https://deno.land/std/path/mod.ts";
+import { exists } from "jsr:@std/fs";
+import { join } from "node:path";
+import { $, os } from "npm:zx@8.3.2";
+
+const { exit } = Deno;
+const filePath = join(os.homedir(), "key.txt");
+
+
+if (await exists(resolve(filePath))) {
+  console.log("key.txt already exists");
+  Deno.exit(0);
+}
+
+// Acquire the secret from Doppler
+const result = await $`doppler secrets get KEY_TXT --plain`;
+
+// Check if the command was successful
+if (result.exitCode !== 0) {
+  console.error("Failed to get secret KEY_TXT");
+  exit(1);
+}
+
+// Write the secret to a file
+await Deno.writeTextFile(resolve(filePath), result.stdout);
+console.log("key.txt bootstrapped");

home/hooks/.update_pre.sh

@@ -3,5 +3,5 @@
 # chezmoi update --init does not invoke the 'hooks.init.pre' hook, so we do it ourselves
 if grep -q 'init' <<<$CHEZMOI_ARGS; then
     # CHEZMOI_UPDATE is just a hint in case we need to know if we're updating
-    CHEZMOI_UPDATE=1 $(dirname $0)/.init_pre.sh
+    CHEZMOI_UPDATE=1 $(dirname $0)/.init_pre.ts
 fi