Revise flow to what was described in 03e44f9

railties/lib/rails/commands/credentials/USAGE

@@ -35,14 +35,15 @@ You could prepend that to your server's start command like this:
 Rails provides `rails credentials:diff --enable` to instruct Git to call `rails credentials:diff`
 when `git diff` is run on a credentials file.
 
-Any credentials files are set to use the "rails_credentials" diff driver in .gitattributes.
+Running the command enrolls the project such that all credentials files use the
-Since Git requires the diff driver to be set up in a config file, the command uses
+"rails_credentials" diff driver in .gitattributes.
-the project local .git/config. Since that config isn't stored in Git each team member
-must enable separately.
 
-Or set up the "rails_credentials" diff driver globally with:
+Additionally since Git requires the driver itself to be set up in a config file
+that isn't tracked Rails automatically ensures it's configured when running
+`credentials:edit`.
 
-   git config --global diff.rails_credentials.textconv "bin/rails credentials:diff"
+Otherwise each co-worker would have to run enable manually, including on each new
+repo clone.
 
 === Editing Credentials
 

railties/lib/rails/commands/credentials/credentials_command.rb

@@ -32,6 +32,7 @@ def edit
 
         ensure_encryption_key_has_been_added if credentials.key.nil?
         ensure_credentials_have_been_added
+        ensure_rails_credentials_driver_is_set
 
         catch_editing_exceptions do
           change_credentials_in_system_editor
@@ -49,8 +50,8 @@ def show
         say credentials.read.presence || missing_credentials_message
       end
 
-      option :enable, type: :boolean, default: false,
+      option :enroll, type: :boolean, default: false,
-        desc: "Pass `--enable` to make credential files diffable with `git diff`"
+        desc: "Enrolls project in credential file diffing with `git diff`"
 
       def diff(content_path = nil)
         if @content_path = content_path
@@ -60,7 +61,7 @@ def diff(content_path = nil)
           say credentials.read.presence || credentials.content_path.read
         else
           require_application!
-          enable_diffing if options[:enable]
+          enroll_project_in_credentials_diffing if options[:enroll]
         end
       rescue ActiveSupport::MessageEncryptor::InvalidMessage
         say credentials.content_path.read

railties/lib/rails/commands/credentials/credentials_command/diffing.rb

@@ -1,30 +1,41 @@
 # frozen_string_literal: true
 
 module Rails::Command::CredentialsCommand::Diffing # :nodoc:
-  class Error < StandardError; end
+  def enroll_project_in_credentials_diffing
-
+    if enrolled?
-  def enable_diffing
+      true
-    if enabled?
-      say "Already enabled!"
     else
-      enable
+      gitattributes.write(<<~end_of_template, mode: "a")
-      say "Diffing enabled! Editing a credentials file will display a diff of what actually changed."
-    end
-  rescue Error
-    say "Couldn't setup Git to enable credentials diffing."
-  end
-
-  private
-    def enabled?
-      system "git config --get diff.rails_credentials.textconv", out: File::NULL
-    end
-
-    def enable
-      raise Error unless system("git config diff.rails_credentials.textconv 'bin/rails credentials:diff'")
-
-      Rails.root.join(".gitattributes").write(<<~end_of_template, mode: "a")
         config/credentials/*.yml.enc diff=rails_credentials
         config/credentials.yml.enc diff=rails_credentials
       end_of_template
+
+      say "Project successfully enrolled!"
+      say "Rails ensures the rails_credentials diff driver is set when running `credentials:edit`. See `credentials:help` for more."
+    end
+  end
+
+  def ensure_rails_credentials_driver_is_set
+    set_driver if enrolled? && !driver_configured?
+  end
+
+  private
+    def enrolled?
+      gitattributes.read.match?(/config\/credentials(\/\*)?\.yml\.enc diff=rails_credentials/)
+    rescue Errno::ENOENT
+      false
+    end
+
+    def driver_configured?
+      system "git config --get diff.rails_credentials.textconv", out: File::NULL
+    end
+
+    def set_driver
+      puts "running"
+      system "git config diff.rails_credentials.textconv 'bin/rails credentials:diff'"
+    end
+
+    def gitattributes
+      Rails.root.join(".gitattributes")
     end
 end

railties/test/commands/credentials_test.rb

@@ -123,28 +123,24 @@ class Rails::Command::CredentialsCommandTest < ActiveSupport::TestCase
   end
 
 
-  test "diff enable diffing" do
+  test "diff enroll diffing" do
-    run_diff_command(enable: true)
+    assert_match("successfully enrolled", run_diff_command(enroll: true))
 
     assert_equal <<~EOM, File.read(app_path(".gitattributes"))
       config/credentials/*.yml.enc diff=rails_credentials
       config/credentials.yml.enc diff=rails_credentials
     EOM
+  end
+
+  test "running edit after enrolling in diffing sets diff driver" do
+    run_diff_command(enroll: true)
+    run_edit_command
 
     Dir.chdir(app_path) do
       assert_equal "bin/rails credentials:diff", `git config --get 'diff.rails_credentials.textconv'`.strip
     end
   end
 
-  test "diff won't enable again if already enabled" do
-    app_file(".git/config", <<~EOM)
-      [diff "rails_credentials"]
-          textconv = bin/rails credentials:diff
-    EOM
-
-    assert_no_match(/Diffing enabled/, run_diff_command(enable: true))
-  end
-
   test "diff from git diff left file" do
     run_edit_command(environment: "development")
 
@@ -196,8 +192,8 @@ def run_show_command(environment: nil, **options)
       rails "credentials:show", args, **options
     end
 
-    def run_diff_command(path = nil, enable: nil, **options)
+    def run_diff_command(path = nil, enroll: nil, **options)
-      args = enable ? ["--enable"] : [path]
+      args = enroll ? ["--enroll"] : [path]
       rails "credentials:diff", args, **options
     end
 end