refactor: improve directory handling and tofu validate logic

Deduplicate directories in tofu_docs_replace.py by using a set of real paths, ensuring each directory is processed only once. Refactor tofu_validate.sh to use command substitution with proper exit code handling, improving reliability and clarity. Signed-off-by: Michael Rosenfeld <michael@rosesecurity.com>
2026-06-02 15:16:54 +02:00 · 2026-05-29 14:48:02 -04:00 · 2026-05-29 14:48:02 -04:00 · 9316d2989c
commit 9316d2989c
parent b766f82b08
2 changed files with 22 additions and 12 deletions
--- a/hooks/tofu_docs_replace.py
+++ b/hooks/tofu_docs_replace.py
@ -36,13 +36,14 @@ def main(argv=None):
    args = parser.parse_args(argv)

    dirs = []
+    seen_dirs = set()
    for filename in args.filenames:
-        if os.path.realpath(filename) not in dirs and (
-            filename.endswith(".tf")
-            or filename.endswith(".tofu")
-            or filename.endswith(".tfvars")
-        ):
-            dirs.append(os.path.dirname(filename))
+        if filename.endswith((".tf", ".tofu", ".tfvars")):
+            dir_path = os.path.dirname(filename)
+            dir_key = os.path.realpath(dir_path)
+            if dir_key not in seen_dirs:
+                seen_dirs.add(dir_key)
+                dirs.append(dir_path)

    retval = 0

--- a/hooks/tofu_validate.sh
+++ b/hooks/tofu_validate.sh
@ -128,12 +128,18 @@ function per_dir_hook_unique_part {

  if [ "$retry_once_with_cleanup" != "true" ]; then
    # tofu validate only
-    validate_output=$(tofu validate "${args[@]}" 2>&1)
-    exit_code=$?
+    if validate_output=$(tofu validate "${args[@]}" 2>&1); then
+      exit_code=0
+    else
+      exit_code=$?
+    fi
  else
    # tofu validate, plus capture possible errors
-    validate_output=$(tofu validate -json "${args[@]}" 2>&1)
-    exit_code=$?
+    if validate_output=$(tofu validate -json "${args[@]}" 2>&1); then
+      exit_code=0
+    else
+      exit_code=$?
+    fi

    # Match specific validation errors
    local -i validate_errors_matched
@ -155,8 +161,11 @@ function per_dir_hook_unique_part {
        return $exit_code
      }

-      validate_output=$(tofu validate "${args[@]}" 2>&1)
-      exit_code=$?
+      if validate_output=$(tofu validate "${args[@]}" 2>&1); then
+        exit_code=0
+      else
+        exit_code=$?
+      fi
    fi
  fi