`--set` always sets `lastmodified`, even when no change made

[scalen]

Context

I am trying to make automated changes to a large YAML file encrypted with SOPS stored in Git. Often, these changes are essentially No-Ops, i.e. the data I am setting is the same as the data already present. In order to prevent the file changing on every write due to rotating data keys, I am using --set to update the values in place.

Problem

Even when none of the raw keys has been changed, the sops->lastmodified field is updated to the time at which sops --set was called. This means there is always a delta for this file, albeit much smaller than it would be if I were writing it fresh each time. However, any delta will cause Git to store a new copy of the whole file, still leading to a massively bloated repository.

Proposed Solution

The behaviour of --set should be the same as that of interactive editing: If no material change has been made, do not re-encrypt or write the file. This will implicitly prevent the updating of the lastmodified field.

[GuillaumeDesforges]

Also makes it harder in git blame.

[KoljaKrueckmeyer]

any update on this issue?

[felixfontein]

I decided against changing set, but added an option --idempotent to the set subcommand that prevents writing the file if no change happened.

One problem is that there are some details, like you could override the input or output type to something else, whence even if set would not change values, it would reformat the file. So to avoid having to care about all such things, I've gone for adding a simple option --idempotent with a clear meaning (only write result if data was changed).