weeheavy/pre-commit-opentofu
1
0
Fork 0
forked from github/pre-commit-opentofu
Code Pull requests Activity

chore: Improved code structure (moved hooks into a separate dir) (#316)

Browse source
This commit is contained in:
Maksym Vlasov 2022-01-06 17:09:51 +02:00 committed by GitHub
commit c5f2a618a8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
27 changed files with 1066 additions and 1591 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hooks/__init__.py Normal file
View file

@ -0,0 +1,4 @@
print(
'`terraform_docs_replace` hook is DEPRECATED.'
'For details, see https://github.com/antonbabenko/pre-commit-terraform/issues/248'
)

105
hooks/_common.sh Normal file
View file

@ -0,0 +1,105 @@
#!/usr/bin/env bash
set -eo pipefail
function common::initialize {
local -r script_dir=$1
# source getopt function
# shellcheck source=lib_getopt
. "$script_dir/../lib_getopt"
}
function common::parse_cmdline {
# common global arrays.
# Populated via `common::parse_cmdline` and can be used inside hooks' functions
declare -g -a ARGS=() HOOK_CONFIG=() FILES=()
local argv
argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return
eval "set -- $argv"
for argv; do
case $argv in
-a | --args)
shift
ARGS+=("$1")
shift
;;
-h | --hook-config)
shift
HOOK_CONFIG+=("$1;")
shift
;;
--)
shift
# shellcheck disable=SC2034 # Variable is used
FILES=("$@")
break
;;
esac
done
}
function common::per_dir_hook {
local -r args="$1"
shift 1
local -a -r files=("$@")
# consume modified files passed from pre-commit so that
# hook runs against only those relevant directories
local index=0
for file_with_path in "${files[@]}"; do
file_with_path="${file_with_path// /__REPLACED__SPACE__}"
dir_paths[index]=$(dirname "$file_with_path")
((index += 1))
done
# preserve errexit status
shopt -qo errexit && ERREXIT_IS_SET=true
# allow hook to continue if exit_code is greater than 0
set +e
local final_exit_code=0
# run hook for each path
for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do
dir_path="${dir_path//__REPLACED__SPACE__/ }"
pushd "$dir_path" > /dev/null || continue
per_dir_hook_unique_part "$args" "$dir_path"
local exit_code=$?
if [ $exit_code -ne 0 ]; then
final_exit_code=$exit_code
fi
popd > /dev/null
done
# restore errexit if it was set before the "for" loop
[[ $ERREXIT_IS_SET ]] && set -e
# return the hook final exit_code
exit $final_exit_code
}
function common::colorify {
# shellcheck disable=SC2034
local -r red="\e[0m\e[31m"
# shellcheck disable=SC2034
local -r green="\e[0m\e[32m"
# shellcheck disable=SC2034
local -r yellow="\e[0m\e[33m"
# Color reset
local -r RESET="\e[0m"
# Params start #
local COLOR="${!1}"
local -r TEXT=$2
# Params end #
if [ "$PRE_COMMIT_COLOR" = "never" ]; then
COLOR=$RESET
fi
echo -e "${COLOR}${TEXT}${RESET}"
}

126
hooks/infracost_breakdown.sh Executable file
View file

@ -0,0 +1,126 @@
#!/usr/bin/env bash
set -eo pipefail
# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines
readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
# shellcheck source=_common.sh
. "$SCRIPT_DIR/_common.sh"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
# shellcheck disable=SC2153 # False positive
infracost_breakdown_ "${HOOK_CONFIG[*]}" "${ARGS[*]}"
}
function infracost_breakdown_ {
local -r hook_config="$1"
local args
read -r -a args <<< "$2"
# Get hook settings
IFS=";" read -r -a checks <<< "$hook_config"
if [ "$PRE_COMMIT_COLOR" = "never" ]; then
args+=("--no-color")
fi
local RESULTS
RESULTS="$(infracost breakdown "${args[@]}" --format json)"
local API_VERSION
API_VERSION="$(jq -r .version <<< "$RESULTS")"
if [ "$API_VERSION" != "0.2" ]; then
common::colorify "yellow" "WARNING: Hook supports Infracost API version \"0.2\", got \"$API_VERSION\""
common::colorify "yellow" " Some things may not work as expected"
fi
local dir
dir="$(jq '.projects[].metadata.vcsSubPath' <<< "$RESULTS")"
echo -e "\nRunning in $dir"
local have_failed_checks=false
for check in "${checks[@]}"; do
# $hook_config receives string like '1 > 2; 3 == 4;' etc.
# It gets split by `;` into array, which we're parsing here ('1 > 2' ' 3 == 4')
# Next line removes leading spaces, just for fancy output reason.
# shellcheck disable=SC2001 # Rule exception
check=$(echo "$check" | sed 's/^[[:space:]]*//')
# Drop quotes in hook args section. From:
# -h ".totalHourlyCost > 0.1"
# --hook-config='.currency == "USD"'
# To:
# -h .totalHourlyCost > 0.1
# --hook-config=.currency == "USD"
first_char=${check:0:1}
last_char=${check: -1}
if [ "$first_char" == "$last_char" ] && {
[ "$first_char" == '"' ] || [ "$first_char" == "'" ]
}; then
check="${check:1:-1}"
fi
# shellcheck disable=SC2207 # Can't find working `read` command
operations=($(echo "$check" | grep -oE '[!<>=]{1,2}'))
# Get the very last operator, that is used in comparison inside `jq` query.
# From the example below we need to pick the `>` which is in between `add` and `1000`,
# but not the `!=`, which goes earlier in the `jq` expression
# [.projects[].diff.totalMonthlyCost | select (.!=null) | tonumber] | add > 1000
operation=${operations[-1]}
IFS="$operation" read -r -a jq_check <<< "$check"
real_value="$(jq "${jq_check[0]}" <<< "$RESULTS")"
compare_value="${jq_check[1]}${jq_check[2]}"
# Check types
jq_check_type="$(jq -r "${jq_check[0]} | type" <<< "$RESULTS")"
compare_value_type="$(jq -r "$compare_value | type" <<< "$RESULTS")"
# Fail if comparing different types
if [ "$jq_check_type" != "$compare_value_type" ]; then
common::colorify "yellow" "Warning: Comparing values with different types may give incorrect result"
common::colorify "yellow" " Expression: $check"
common::colorify "yellow" " Types in the expression: [$jq_check_type] $operation [$compare_value_type]"
common::colorify "yellow" " Use 'tonumber' filter when comparing costs (e.g. '.totalMonthlyCost|tonumber')"
have_failed_checks=true
continue
fi
# Fail if string is compared not with `==` or `!=`
if [ "$jq_check_type" == "string" ] && {
[ "$operation" != '==' ] && [ "$operation" != '!=' ]
}; then
common::colorify "yellow" "Warning: Wrong comparison operator is used in expression: $check"
common::colorify "yellow" " Use 'tonumber' filter when comparing costs (e.g. '.totalMonthlyCost|tonumber')"
common::colorify "yellow" " Use '==' or '!=' when comparing strings (e.g. '.currency == \"USD\"')."
have_failed_checks=true
continue
fi
# Compare values
check_passed="$(echo "$RESULTS" | jq "$check")"
status="Passed"
color="green"
if ! $check_passed; then
status="Failed"
color="red"
have_failed_checks=true
fi
# Print check result
common::colorify $color "$status: $check\t\t$real_value $operation $compare_value"
done
# Fancy informational output
currency="$(jq -r '.currency' <<< "$RESULTS")"
echo -e "\nSummary: $(jq -r '.summary' <<< "$RESULTS")"
echo -e "\nTotal Monthly Cost: $(jq -r .totalMonthlyCost <<< "$RESULTS") $currency"
echo "Total Monthly Cost (diff): $(jq -r .projects[].diff.totalMonthlyCost <<< "$RESULTS") $currency"
if $have_failed_checks; then
exit 1
fi
}
[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"

345
hooks/terraform_docs.sh Executable file
View file

@ -0,0 +1,345 @@
#!/usr/bin/env bash
set -eo pipefail
# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines
readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
# shellcheck source=_common.sh
. "$SCRIPT_DIR/_common.sh"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
# Support for setting relative PATH to .terraform-docs.yml config.
# shellcheck disable=SC2178 # It's the simplest syntax for that case
ARGS=${ARGS[*]/--config=/--config=$(pwd)\/}
# shellcheck disable=SC2128 # It's the simplest syntax for that case
# shellcheck disable=SC2153 # False positive
terraform_docs_ "${HOOK_CONFIG[*]}" "$ARGS" "${FILES[@]}"
}
function terraform_docs_ {
local -r hook_config="$1"
local -r args="$2"
shift 2
local -a -r files=("$@")
# Get hook settings
IFS=";" read -r -a configs <<< "$hook_config"
local hack_terraform_docs
hack_terraform_docs=$(terraform version | sed -n 1p | grep -c 0.12) || true
if [[ ! $(command -v terraform-docs) ]]; then
echo "ERROR: terraform-docs is required by terraform_docs pre-commit hook but is not installed or in the system's PATH."
exit 1
fi
local is_old_terraform_docs
is_old_terraform_docs=$(terraform-docs version | grep -o "v0.[1-7]\." | tail -1) || true
if [[ -z "$is_old_terraform_docs" ]]; then # Using terraform-docs 0.8+ (preferred)
terraform_docs "0" "${configs[*]}" "$args" "${files[@]}"
elif [[ "$hack_terraform_docs" == "1" ]]; then # Using awk script because terraform-docs is older than 0.8 and terraform 0.12 is used
if [[ ! $(command -v awk) ]]; then
echo "ERROR: awk is required for terraform-docs hack to work with Terraform 0.12."
exit 1
fi
local tmp_file_awk
tmp_file_awk=$(mktemp "${TMPDIR:-/tmp}/terraform-docs-XXXXXXXXXX")
terraform_docs_awk "$tmp_file_awk"
terraform_docs "$tmp_file_awk" "${configs[*]}" "$args" "${files[@]}"
rm -f "$tmp_file_awk"
else # Using terraform 0.11 and no awk script is needed for that
terraform_docs "0" "${configs[*]}" "$args" "${files[@]}"
fi
}
function terraform_docs {
local -r terraform_docs_awk_file="$1"
local -r hook_config="$2"
local -r args="$3"
shift 3
local -a -r files=("$@")
declare -a paths
local index=0
local file_with_path
for file_with_path in "${files[@]}"; do
file_with_path="${file_with_path// /__REPLACED__SPACE__}"
paths[index]=$(dirname "$file_with_path")
((index += 1))
done
local -r tmp_file=$(mktemp)
#
# Get hook settings
#
local text_file="README.md"
local add_to_existing=false
local create_if_not_exist=false
read -r -a configs <<< "$hook_config"
for c in "${configs[@]}"; do
IFS="=" read -r -a config <<< "$c"
key=${config[0]}
value=${config[1]}
case $key in
--path-to-file)
text_file=$value
;;
--add-to-existing-file)
add_to_existing=$value
;;
--create-file-if-not-exist)
create_if_not_exist=$value
;;
esac
done
local dir_path
for dir_path in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do
dir_path="${dir_path//__REPLACED__SPACE__/ }"
pushd "$dir_path" > /dev/null || continue
#
# Create file if it not exist and `--create-if-not-exist=true` provided
#
if $create_if_not_exist && [[ ! -f "$text_file" ]]; then
dir_have_tf_files="$(
find . -maxdepth 1 -type f | sed 's|.*\.||' | sort -u | grep -oE '^tf$|^tfvars$' ||
exit 0
)"
# if no TF files - skip dir
[ ! "$dir_have_tf_files" ] && popd > /dev/null && continue
dir="$(dirname "$text_file")"
mkdir -p "$dir"
{
echo -e "# ${PWD##*/}\n"
echo "<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->"
echo "<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->"
} >> "$text_file"
fi
# If file still not exist - skip dir
[[ ! -f "$text_file" ]] && popd > /dev/null && continue
#
# If `--add-to-existing-file=true` set, check is in file exist "hook markers",
# and if not - append "hook markers" to the end of file.
#
if $add_to_existing; then
HAVE_MARKER=$(grep -o '<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->' "$text_file" || exit 0)
if [ ! "$HAVE_MARKER" ]; then
echo "<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->" >> "$text_file"
echo "<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->" >> "$text_file"
fi
fi
if [[ "$terraform_docs_awk_file" == "0" ]]; then
# shellcheck disable=SC2086
terraform-docs md $args ./ > "$tmp_file"
else
# Can't append extension for mktemp, so renaming instead
local tmp_file_docs
tmp_file_docs=$(mktemp "${TMPDIR:-/tmp}/terraform-docs-XXXXXXXXXX")
mv "$tmp_file_docs" "$tmp_file_docs.tf"
local tmp_file_docs_tf
tmp_file_docs_tf="$tmp_file_docs.tf"
awk -f "$terraform_docs_awk_file" ./*.tf > "$tmp_file_docs_tf"
# shellcheck disable=SC2086
terraform-docs md $args "$tmp_file_docs_tf" > "$tmp_file"
rm -f "$tmp_file_docs_tf"
fi
# Replace content between markers with the placeholder - https://stackoverflow.com/questions/1212799/how-do-i-extract-lines-between-two-line-delimiters-in-perl#1212834
perl -i -ne 'if (/BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK/../END OF PRE-COMMIT-TERRAFORM DOCS HOOK/) { print $_ if /BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK/; print "I_WANT_TO_BE_REPLACED\n$_" if /END OF PRE-COMMIT-TERRAFORM DOCS HOOK/;} else { print $_ }' "$text_file"
# Replace placeholder with the content of the file
perl -i -e 'open(F, "'"$tmp_file"'"); $f = join "", <F>; while(<>){if (/I_WANT_TO_BE_REPLACED/) {print $f} else {print $_};}' "$text_file"
rm -f "$tmp_file"
popd > /dev/null
done
}
function terraform_docs_awk {
local -r output_file=$1
cat << "EOF" > "$output_file"
# This script converts Terraform 0.12 variables/outputs to something suitable for `terraform-docs`
# As of terraform-docs v0.6.0, HCL2 is not supported. This script is a *dirty hack* to get around it.
# https://github.com/terraform-docs/terraform-docs/
# https://github.com/terraform-docs/terraform-docs/issues/62
# Script was originally found here: https://github.com/cloudposse/build-harness/blob/master/bin/terraform-docs.awk
{
if ( $0 ~ /\{/ ) {
braceCnt++
}
if ( $0 ~ /\}/ ) {
braceCnt--
}
# ----------------------------------------------------------------------------------------------
# variable|output "..." {
# ----------------------------------------------------------------------------------------------
# [END] variable/output block
if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
if (braceCnt == 0 && blockCnt > 0) {
blockCnt--
print $0
}
}
# [START] variable or output block started
if ($0 ~ /^[[:space:]]*(variable|output)[[:space:]][[:space:]]*"(.*?)"/) {
# Normalize the braceCnt and block (should be 1 now)
braceCnt = 1
blockCnt = 1
# [CLOSE] "default" and "type" block
blockDefaultCnt = 0
blockTypeCnt = 0
# Print variable|output line
print $0
}
# ----------------------------------------------------------------------------------------------
# default = ...
# ----------------------------------------------------------------------------------------------
# [END] multiline "default" continues/ends
if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt > 0) {
print $0
# Count opening blocks
blockDefaultCnt += gsub(/\(/, "")
blockDefaultCnt += gsub(/\[/, "")
blockDefaultCnt += gsub(/\{/, "")
# Count closing blocks
blockDefaultCnt -= gsub(/\)/, "")
blockDefaultCnt -= gsub(/\]/, "")
blockDefaultCnt -= gsub(/\}/, "")
}
# [START] multiline "default" statement started
if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
if ($0 ~ /^[[:space:]][[:space:]]*(default)[[:space:]][[:space:]]*=/) {
if ($3 ~ "null") {
print " default = \"null\""
} else {
print $0
# Count opening blocks
blockDefaultCnt += gsub(/\(/, "")
blockDefaultCnt += gsub(/\[/, "")
blockDefaultCnt += gsub(/\{/, "")
# Count closing blocks
blockDefaultCnt -= gsub(/\)/, "")
blockDefaultCnt -= gsub(/\]/, "")
blockDefaultCnt -= gsub(/\}/, "")
}
}
}
# ----------------------------------------------------------------------------------------------
# type = ...
# ----------------------------------------------------------------------------------------------
# [END] multiline "type" continues/ends
if (blockCnt > 0 && blockTypeCnt > 0 && blockDefaultCnt == 0) {
# The following 'print $0' would print multiline type definitions
#print $0
# Count opening blocks
blockTypeCnt += gsub(/\(/, "")
blockTypeCnt += gsub(/\[/, "")
blockTypeCnt += gsub(/\{/, "")
# Count closing blocks
blockTypeCnt -= gsub(/\)/, "")
blockTypeCnt -= gsub(/\]/, "")
blockTypeCnt -= gsub(/\}/, "")
}
# [START] multiline "type" statement started
if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
if ($0 ~ /^[[:space:]][[:space:]]*(type)[[:space:]][[:space:]]*=/ ) {
if ($3 ~ "object") {
print " type = \"object\""
} else {
# Convert multiline stuff into single line
if ($3 ~ /^[[:space:]]*list[[:space:]]*\([[:space:]]*$/) {
type = "list"
} else if ($3 ~ /^[[:space:]]*string[[:space:]]*\([[:space:]]*$/) {
type = "string"
} else if ($3 ~ /^[[:space:]]*map[[:space:]]*\([[:space:]]*$/) {
type = "map"
} else {
type = $3
}
# legacy quoted types: "string", "list", and "map"
if (type ~ /^[[:space:]]*"(.*?)"[[:space:]]*$/) {
print " type = " type
} else {
print " type = \"" type "\""
}
}
# Count opening blocks
blockTypeCnt += gsub(/\(/, "")
blockTypeCnt += gsub(/\[/, "")
blockTypeCnt += gsub(/\{/, "")
# Count closing blocks
blockTypeCnt -= gsub(/\)/, "")
blockTypeCnt -= gsub(/\]/, "")
blockTypeCnt -= gsub(/\}/, "")
}
}
# ----------------------------------------------------------------------------------------------
# description = ...
# ----------------------------------------------------------------------------------------------
# [PRINT] single line "description"
if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
if ($0 ~ /^[[:space:]][[:space:]]*description[[:space:]][[:space:]]*=/) {
print $0
}
}
# ----------------------------------------------------------------------------------------------
# value = ...
# ----------------------------------------------------------------------------------------------
## [PRINT] single line "value"
#if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
# if ($0 ~ /^[[:space:]][[:space:]]*value[[:space:]][[:space:]]*=/) {
# print $0
# }
#}
# ----------------------------------------------------------------------------------------------
# Newlines, comments, everything else
# ----------------------------------------------------------------------------------------------
#if (blockTypeCnt == 0 && blockDefaultCnt == 0) {
# Comments with '#'
if ($0 ~ /^[[:space:]]*#/) {
print $0
}
# Comments with '//'
if ($0 ~ /^[[:space:]]*\/\//) {
print $0
}
# Newlines
if ($0 ~ /^[[:space:]]*$/) {
print $0
}
#}
}
EOF
}
[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"

56
hooks/terraform_docs_replace.py Normal file
View file

@ -0,0 +1,56 @@
import argparse
import os
import subprocess
import sys
def main(argv=None):
parser = argparse.ArgumentParser(
description="""Run terraform-docs on a set of files. Follows the standard convention of
pulling the documentation from main.tf in order to replace the entire
README.md file each time."""
)
parser.add_argument(
'--dest', dest='dest', default='README.md',
)
parser.add_argument(
'--sort-inputs-by-required', dest='sort', action='store_true',
help='[deprecated] use --sort-by-required instead',
)
parser.add_argument(
'--sort-by-required', dest='sort', action='store_true',
)
parser.add_argument(
'--with-aggregate-type-defaults', dest='aggregate', action='store_true',
help='[deprecated]',
)
parser.add_argument('filenames', nargs='*', help='Filenames to check.')
args = parser.parse_args(argv)
dirs = []
for filename in args.filenames:
if (os.path.realpath(filename) not in dirs and
(filename.endswith(".tf") or filename.endswith(".tfvars"))):
dirs.append(os.path.dirname(filename))
retval = 0
for dir in dirs:
try:
procArgs = []
procArgs.append('terraform-docs')
if args.sort:
procArgs.append('--sort-by-required')
procArgs.append('md')
procArgs.append("./{dir}".format(dir=dir))
procArgs.append('>')
procArgs.append("./{dir}/{dest}".format(dir=dir, dest=args.dest))
subprocess.check_call(" ".join(procArgs), shell=True)
except subprocess.CalledProcessError as e:
print(e)
retval = 1
return retval
if __name__ == '__main__':
sys.exit(main())

89
hooks/terraform_fmt.sh Executable file
View file

@ -0,0 +1,89 @@
#!/usr/bin/env bash
set -eo pipefail
# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines
readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
# shellcheck source=_common.sh
. "$SCRIPT_DIR/_common.sh"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
# shellcheck disable=SC2153 # False positive
terraform_fmt_ "${ARGS[*]}" "${FILES[@]}"
}
function terraform_fmt_ {
local -r args="$1"
shift 1
local -a -r files=("$@")
# consume modified files passed from pre-commit so that
# hook runs against only those relevant directories
local index=0
for file_with_path in "${files[@]}"; do
file_with_path="${file_with_path// /__REPLACED__SPACE__}"
dir_paths[index]=$(dirname "$file_with_path")
# TODO Unique part
if [[ "$file_with_path" == *".tfvars" ]]; then
tfvars_files+=("$file_with_path")
fi
#? End for unique part
((index += 1))
done
# preserve errexit status
shopt -qo errexit && ERREXIT_IS_SET=true
# allow hook to continue if exit_code is greater than 0
set +e
local final_exit_code=0
# run hook for each path
for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do
dir_path="${dir_path//__REPLACED__SPACE__/ }"
pushd "$dir_path" > /dev/null || continue
per_dir_hook_unique_part "$args" "$dir_path"
local exit_code=$?
if [ $exit_code -ne 0 ]; then
final_exit_code=$exit_code
fi
popd > /dev/null
done
# TODO: Unique part
# terraform.tfvars are excluded by `terraform fmt`
for tfvars_file in "${tfvars_files[@]}"; do
tfvars_file="${tfvars_file//__REPLACED__SPACE__/ }"
terraform fmt "${ARGS[@]}" "$tfvars_file"
local exit_code=$?
if [ $exit_code -ne 0 ]; then
final_exit_code=$exit_code
fi
done
#? End for unique part
# restore errexit if it was set before the "for" loop
[[ $ERREXIT_IS_SET ]] && set -e
# return the hook final exit_code
exit $final_exit_code
}
function per_dir_hook_unique_part {
# common logic located in common::per_dir_hook
local -r args="$1"
local -r dir_path="$2"
# pass the arguments to hook
# shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]")
terraform fmt ${args[@]}
# return exit code to common::per_dir_hook
local exit_code=$?
return $exit_code
}
[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"

42
hooks/terraform_providers_lock.sh Executable file
View file

@ -0,0 +1,42 @@
#!/usr/bin/env bash
set -eo pipefail
# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines
readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
# shellcheck source=_common.sh
. "$SCRIPT_DIR/_common.sh"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
# shellcheck disable=SC2153 # False positive
common::per_dir_hook "${ARGS[*]}" "${FILES[@]}"
}
function per_dir_hook_unique_part {
# common logic located in common::per_dir_hook
local -r args="$1"
local -r dir_path="$2"
if [ ! -d ".terraform" ]; then
init_output=$(terraform init -backend=false 2>&1)
init_code=$?
if [ $init_code -ne 0 ]; then
common::colorify "red" "Init before validation failed: $dir_path"
common::colorify "red" "$init_output"
exit $init_code
fi
fi
# pass the arguments to hook
# shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]")
terraform providers lock ${args[@]}
# return exit code to common::per_dir_hook
local exit_code=$?
return $exit_code
}
[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"

39
hooks/terraform_tflint.sh Executable file
View file

@ -0,0 +1,39 @@
#!/usr/bin/env bash
set -eo pipefail
# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines
readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
# shellcheck source=_common.sh
. "$SCRIPT_DIR/_common.sh"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
# Support for setting PATH to repo root.
# shellcheck disable=SC2178 # It's the simplest syntax for that case
ARGS=${ARGS[*]/__GIT_WORKING_DIR__/$(pwd)\/}
# shellcheck disable=SC2128 # It's the simplest syntax for that case
common::per_dir_hook "$ARGS" "${FILES[@]}"
}
function per_dir_hook_unique_part {
# common logic located in common::per_dir_hook
local -r args="$1"
local -r dir_path="$2"
# Print checked PATH **only** if TFLint have any messages
# shellcheck disable=SC2091,SC2068 # Suppress error output
$(tflint ${args[@]} 2>&1) 2> /dev/null || {
common::colorify "yellow" "TFLint in $dir_path/:"
# shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]")
tflint ${args[@]}
}
# return exit code to common::per_dir_hook
local exit_code=$?
return $exit_code
}
[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"

34
hooks/terraform_tfsec.sh Executable file
View file

@ -0,0 +1,34 @@
#!/usr/bin/env bash
set -eo pipefail
# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines
readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
# shellcheck source=_common.sh
. "$SCRIPT_DIR/_common.sh"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
# Support for setting PATH to repo root.
# shellcheck disable=SC2178 # It's the simplest syntax for that case
ARGS=${ARGS[*]/__GIT_WORKING_DIR__/$(pwd)\/}
# shellcheck disable=SC2128 # It's the simplest syntax for that case
common::per_dir_hook "$ARGS" "${FILES[@]}"
}
function per_dir_hook_unique_part {
# common logic located in common::per_dir_hook
local -r args="$1"
# shellcheck disable=SC2034 # Unused var.
local -r dir_path="$2"
# pass the arguments to hook
# shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]")
tfsec ${args[@]}
# return exit code to common::per_dir_hook
local exit_code=$?
return $exit_code
}
[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"

120
hooks/terraform_validate.sh Executable file
View file

@ -0,0 +1,120 @@
#!/usr/bin/env bash
set -eo pipefail
# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines
readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
# shellcheck source=_common.sh
. "$SCRIPT_DIR/_common.sh"
# `terraform validate` requires this env variable to be set
export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-east-1}
function main {
common::initialize "$SCRIPT_DIR"
parse_cmdline_ "$@"
terraform_validate_
}
function parse_cmdline_ {
declare argv
argv=$(getopt -o e:i:a: --long envs:,init-args:,args: -- "$@") || return
eval "set -- $argv"
for argv; do
case $argv in
-a | --args)
shift
ARGS+=("$1")
shift
;;
-i | --init-args)
shift
INIT_ARGS+=("$1")
shift
;;
-e | --envs)
shift
ENVS+=("$1")
shift
;;
--)
shift
FILES=("$@")
break
;;
esac
done
}
function terraform_validate_ {
# Setup environment variables
local var var_name var_value
for var in "${ENVS[@]}"; do
var_name="${var%%=*}"
var_value="${var#*=}"
# shellcheck disable=SC2086
export $var_name="$var_value"
done
declare -a paths
local index=0
local error=0
local file_with_path
for file_with_path in "${FILES[@]}"; do
file_with_path="${file_with_path// /__REPLACED__SPACE__}"
paths[index]=$(dirname "$file_with_path")
((index += 1))
done
local dir_path
for dir_path in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do
dir_path="${dir_path//__REPLACED__SPACE__/ }"
if [[ -n "$(find "$dir_path" -maxdepth 1 -name '*.tf' -print -quit)" ]]; then
pushd "$(realpath "$dir_path")" > /dev/null
if [ ! -d .terraform ]; then
set +e
init_output=$(terraform init -backend=false "${INIT_ARGS[@]}" 2>&1)
init_code=$?
set -e
if [ $init_code -ne 0 ]; then
error=1
echo "Init before validation failed: $dir_path"
echo "$init_output"
popd > /dev/null
continue
fi
fi
set +e
validate_output=$(terraform validate "${ARGS[@]}" 2>&1)
validate_code=$?
set -e
if [ $validate_code -ne 0 ]; then
error=1
echo "Validation failed: $dir_path"
echo "$validate_output"
echo
fi
popd > /dev/null
fi
done
if [ $error -ne 0 ]; then
exit 1
fi
}
# global arrays
declare -a INIT_ARGS
declare -a ENVS
[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"

31
hooks/terragrunt_fmt.sh Executable file
View file

@ -0,0 +1,31 @@
#!/usr/bin/env bash
set -eo pipefail
# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines
readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
# shellcheck source=_common.sh
. "$SCRIPT_DIR/_common.sh"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
# shellcheck disable=SC2153 # False positive
common::per_dir_hook "${ARGS[*]}" "${FILES[@]}"
}
function per_dir_hook_unique_part {
# common logic located in common::per_dir_hook
local -r args="$1"
# shellcheck disable=SC2034 # Unused var.
local -r dir_path="$2"
# pass the arguments to hook
# shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]")
terragrunt hclfmt ${args[@]}
# return exit code to common::per_dir_hook
local exit_code=$?
return $exit_code
}
[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"

31
hooks/terragrunt_validate.sh Executable file
View file

@ -0,0 +1,31 @@
#!/usr/bin/env bash
set -eo pipefail
# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines
readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
# shellcheck source=_common.sh
. "$SCRIPT_DIR/_common.sh"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
# shellcheck disable=SC2153 # False positive
common::per_dir_hook "${ARGS[*]}" "${FILES[@]}"
}
function per_dir_hook_unique_part {
# common logic located in common::per_dir_hook
local -r args="$1"
# shellcheck disable=SC2034 # Unused var.
local -r dir_path="$2"
# pass the arguments to hook
# shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]")
terragrunt validate ${args[@]}
# return exit code to common::per_dir_hook
local exit_code=$?
return $exit_code
}
[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"

31
hooks/terrascan.sh Executable file
View file

@ -0,0 +1,31 @@
#!/usr/bin/env bash
set -eo pipefail
# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines
readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")"
# shellcheck source=_common.sh
. "$SCRIPT_DIR/_common.sh"
function main {
common::initialize "$SCRIPT_DIR"
common::parse_cmdline "$@"
# shellcheck disable=SC2153 # False positive
common::per_dir_hook "${ARGS[*]}" "${FILES[@]}"
}
function per_dir_hook_unique_part {
# common logic located in common::per_dir_hook
local -r args="$1"
# shellcheck disable=SC2034 # Unused var.
local -r dir_path="$2"
# pass the arguments to hook
# shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]")
terrascan scan -i terraform ${args[@]}
# return exit code to common::per_dir_hook
local exit_code=$?
return $exit_code
}
[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"