adds function to locate sops config

bin/update_sops.sh

@@ -86,6 +86,32 @@ function fn_gpg_extract_uid(){
   echo "${uid}"
 }
 
+function fn_sops_locate_config_in_git_repo(){
+  # Returns path sops config to be updated; defaults to returning "$(git rev-parse --show-toplevel)/.sops.yaml"
+  # sops locates config by recursively walking _up_ the tree from the execeution dir context,
+  # + _but_ does not have a mechanism to update the sops config
+  # This function does the same in order to locate the correct sops config to update
+
+  # starting dir, default: PWD. Note: 'realpath' to normalise the dir
+  start_dir="$(realpath "${1:-"${PWD}"}")";
+  stop_dir="$(git rev-parse --show-toplevel)"
+
+  # sops_filepath=""
+  # being
+  search_dir="${start_dir}"
+  # stopping condition
+  # while [[ "${search_dir}" != "${stop_dir}" ]]; do
+    contender="${search_dir}/.sops.yaml"
+    if [[ -e "${contender}" ]]; then
+      >&2 echo "# BASE CASE"
+      echo "${contender}"
+    else
+      # walk up one dir
+      >&2 echo "# walk up one dir"
+      fn_sops_locate_config_in_git_repo "$(dirname "${search_dir}")"
+    fi
+}
+
 function fn_sops_generate_config(){
   # sops.yaml doc: https://github.com/getsops/sops?tab=readme-ov-file#using-sops-yaml-conf-to-select-kms-pgp-and-age-for-new-files
   # CAVEAT: dirty hacks, as DRY as feasible within bash
@@ -144,6 +170,13 @@ if [[ "${opt_list_roles}" -eq 1 ]]; then
 fi
 
 # UPDATE SOPS CONFIG
+# locate sops config
+if [[ ! -e "${sops_config}" ]]; then
+  # dev note: '2> /dev/null' to disable debug output
+  sops_config="$(fn_sops_locate_config_in_git_repo 2> /dev/null)"
+fi
+
+# update sops config
 # TODO: remove the 'pushd;popd' workaround and make the functions aware of the dir being read
 pushd "${keyfiles_dir}" > /dev/null 2>&1
 (fn_sops_generate_config) > "${sops_config}"