chore: snapshot current workspace changes

setup/env_to_bitwarden.sh

@@ -0,0 +1,121 @@
+#!/usr/bin/env bash
+set -euo pipefail
+# Convert .env to Bitwarden JSON import format (secure note with custom fields).
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+source "$PROJECT_ROOT/lib/common.sh"
+
+ITEM_NAME="gitea-migration-env"
+ENV_FILE="$PROJECT_ROOT/.env"
+OUTPUT_FILE=""
+
+usage() {
+    cat >&2 <<EOF
+Usage: $(basename "$0") [-o FILE] [-n NAME]
+
+Convert .env to Bitwarden-importable JSON (secure note with custom fields).
+
+Options:
+  -o FILE   Write to file instead of stdout
+  -n NAME   Bitwarden item name (default: $ITEM_NAME)
+  -h        Show this help
+
+Import the output via:
+  Bitwarden Web Vault → Tools → Import Data → Format: Bitwarden (json) → Upload
+EOF
+    exit 1
+}
+
+while getopts "o:n:h" opt; do
+    case $opt in
+        o) OUTPUT_FILE="$OPTARG" ;;
+        n) ITEM_NAME="$OPTARG" ;;
+        h) usage ;;
+        *) usage ;;
+    esac
+done
+
+if [[ ! -f "$ENV_FILE" ]]; then
+    log_error ".env not found at $ENV_FILE"
+    exit 1
+fi
+
+if ! command -v jq &>/dev/null; then
+    log_error "jq is required but not installed"
+    exit 1
+fi
+
+# Patterns for fields that should be hidden (type=1) in Bitwarden
+sensitive_re="PASSWORD|TOKEN|SECRET|_KEY"
+
+# Build a TSV of key\tvalue\ttype lines, then convert to JSON in one jq call.
+# This avoids calling jq in a loop.
+tsv=""
+while IFS= read -r line || [[ -n "$line" ]]; do
+    # Skip comments and blank lines
+    [[ -z "$line" || "$line" =~ ^[[:space:]]*# ]] && continue
+
+    key="${line%%=*}"
+    value="${line#*=}"
+
+    # Strip surrounding quotes
+    if [[ "$value" =~ ^\"(.*)\"$ ]]; then
+        value="${BASH_REMATCH[1]}"
+    elif [[ "$value" =~ ^\'(.*)\'$ ]]; then
+        value="${BASH_REMATCH[1]}"
+    fi
+
+    # Strip inline comments (space + #)
+    value="${value%%[[:space:]]#*}"
+    # Trim trailing whitespace
+    value="${value%"${value##*[![:space:]]}"}"
+
+    field_type=0
+    if [[ "$key" =~ $sensitive_re ]]; then
+        field_type=1
+    fi
+
+    # Append as null-delimited triple (safe for any value content)
+    tsv+="${key}"$'\x00'"${value}"$'\x00'"${field_type}"$'\x00'
+done < "$ENV_FILE"
+
+# Convert null-delimited triples into JSON fields array
+fields_json=$(printf '%s' "$tsv" | \
+    jq -Rs '
+        split("\u0000") |
+        # drop trailing empty element from final delimiter
+        if .[-1] == "" then .[:-1] else . end |
+        [ range(0; length; 3) as $i |
+            { name: .[$i], value: .[$i+1], type: (.[$i+2] | tonumber) }
+        ]
+    ')
+
+field_count=$(printf '%s' "$fields_json" | jq 'length')
+
+# Build the complete Bitwarden import envelope
+import_json=$(jq -n \
+    --arg name "$ITEM_NAME" \
+    --argjson fields "$fields_json" \
+    '{
+        encrypted: false,
+        folders: [],
+        items: [
+            {
+                type: 2,
+                name: $name,
+                notes: "Gitea migration .env — exported by env_to_bitwarden.sh",
+                favorite: false,
+                secureNote: { type: 0 },
+                fields: $fields
+            }
+        ]
+    }')
+
+if [[ -n "$OUTPUT_FILE" ]]; then
+    printf '%s\n' "$import_json" > "$OUTPUT_FILE"
+    log_success "Wrote $field_count fields to $OUTPUT_FILE"
+    log_info "Import via: Bitwarden → Tools → Import Data → Bitwarden (json)"
+else
+    printf '%s\n' "$import_json"
+fi