From c5f2a618a83f04113a3a27475663a709e2c83f5f Mon Sep 17 00:00:00 2001 From: Maksym Vlasov Date: Thu, 6 Jan 2022 17:09:51 +0200 Subject: [PATCH] chore: Improved code structure (moved hooks into a separate dir) (#316) --- .pre-commit-hooks.yaml | 24 +-- {pre_commit_hooks => hooks}/__init__.py | 0 terragrunt_fmt.sh => hooks/_common.sh | 50 +++---- .../infracost_breakdown.sh | 71 +-------- terraform_docs.sh => hooks/terraform_docs.sh | 50 ++----- .../terraform_docs_replace.py | 0 terraform_fmt.sh => hooks/terraform_fmt.sh | 48 +----- hooks/terraform_providers_lock.sh | 42 ++++++ hooks/terraform_tflint.sh | 39 +++++ hooks/terraform_tfsec.sh | 34 +++++ .../terraform_validate.sh | 19 +-- hooks/terragrunt_fmt.sh | 31 ++++ hooks/terragrunt_validate.sh | 31 ++++ hooks/terrascan.sh | 31 ++++ setup.py | 2 +- terraform_providers_lock.sh | 141 ------------------ terraform_tflint.sh | 137 ----------------- terraform_tfsec.sh | 109 -------------- terragrunt_validate.sh | 107 ------------- terrascan.sh | 107 ------------- 20 files changed, 274 insertions(+), 799 deletions(-) rename {pre_commit_hooks => hooks}/__init__.py (100%) rename terragrunt_fmt.sh => hooks/_common.sh (71%) mode change 100755 => 100644 rename infracost_breakdown.sh => hooks/infracost_breakdown.sh (76%) rename terraform_docs.sh => hooks/terraform_docs.sh (92%) rename {pre_commit_hooks => hooks}/terraform_docs_replace.py (100%) rename terraform_fmt.sh => hooks/terraform_fmt.sh (71%) create mode 100755 hooks/terraform_providers_lock.sh create mode 100755 hooks/terraform_tflint.sh create mode 100755 hooks/terraform_tfsec.sh rename terraform_validate.sh => hooks/terraform_validate.sh (88%) create mode 100755 hooks/terragrunt_fmt.sh create mode 100755 hooks/terragrunt_validate.sh create mode 100755 hooks/terrascan.sh delete mode 100755 terraform_providers_lock.sh delete mode 100755 terraform_tflint.sh delete mode 100755 terraform_tfsec.sh delete mode 100755 terragrunt_validate.sh delete mode 100755 terrascan.sh diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 95a000ffb..53004bfc9 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -1,7 +1,7 @@ - id: infracost_breakdown name: Infracost breakdown description: Check terraform infrastructure cost - entry: infracost_breakdown.sh + entry: hooks/infracost_breakdown.sh language: script require_serial: true files: \.(tf(vars)?|hcl)$ @@ -10,7 +10,7 @@ - id: terraform_fmt name: Terraform fmt description: Rewrites all Terraform configuration files to a canonical format. - entry: terraform_fmt.sh + entry: hooks/terraform_fmt.sh language: script files: (\.tf|\.tfvars)$ exclude: \.terraform\/.*$ @@ -19,7 +19,7 @@ name: Terraform docs description: Inserts input and output documentation into README.md (using terraform-docs). require_serial: true - entry: terraform_docs.sh + entry: hooks/terraform_docs.sh language: script files: (\.tf|\.terraform\.lock\.hcl)$ exclude: \.terraform\/.*$ @@ -28,7 +28,7 @@ name: Terraform docs (without aggregate type defaults) description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs. require_serial: true - entry: terraform_docs.sh + entry: hooks/terraform_docs.sh language: script files: (\.tf)$ exclude: \.terraform\/.*$ @@ -46,7 +46,7 @@ name: Terraform validate description: Validates all Terraform configuration files. require_serial: true - entry: terraform_validate.sh + entry: hooks/terraform_validate.sh language: script files: (\.tf|\.tfvars)$ exclude: \.terraform\/.*$ @@ -55,7 +55,7 @@ name: Lock terraform provider versions description: Updates provider signatures in dependency lock files. require_serial: true - entry: terraform_providers_lock.sh + entry: hooks/terraform_providers_lock.sh language: script files: (\.terraform\.lock\.hcl)$ exclude: \.terraform\/.*$ @@ -64,7 +64,7 @@ name: Terraform validate with tflint description: Validates all Terraform configuration files with TFLint. require_serial: true - entry: terraform_tflint.sh + entry: hooks/terraform_tflint.sh language: script files: (\.tf|\.tfvars)$ exclude: \.terraform\/.*$ @@ -72,7 +72,7 @@ - id: terragrunt_fmt name: Terragrunt fmt description: Rewrites all Terragrunt configuration files to a canonical format. - entry: terragrunt_fmt.sh + entry: hooks/terragrunt_fmt.sh language: script files: (\.hcl)$ exclude: \.terraform\/.*$ @@ -80,7 +80,7 @@ - id: terragrunt_validate name: Terragrunt validate description: Validates all Terragrunt configuration files. - entry: terragrunt_validate.sh + entry: hooks/terragrunt_validate.sh language: script files: (\.hcl)$ exclude: \.terraform\/.*$ @@ -89,13 +89,13 @@ name: Terraform validate with tfsec description: Static analysis of Terraform templates to spot potential security issues. require_serial: true - entry: terraform_tfsec.sh + entry: hooks/terraform_tfsec.sh language: script - id: checkov name: Checkov description: Runs checkov on Terraform templates. - entry: checkov -d . + entry: hooks/checkov -d . language: python pass_filenames: false always_run: false @@ -107,7 +107,7 @@ name: terrascan description: Runs terrascan on Terraform templates. language: script - entry: terrascan.sh + entry: hooks/terrascan.sh files: \.tf$ exclude: \.terraform\/.*$ require_serial: true diff --git a/pre_commit_hooks/__init__.py b/hooks/__init__.py similarity index 100% rename from pre_commit_hooks/__init__.py rename to hooks/__init__.py diff --git a/terragrunt_fmt.sh b/hooks/_common.sh old mode 100755 new mode 100644 similarity index 71% rename from terragrunt_fmt.sh rename to hooks/_common.sh index 42f9b5ed5..a835b5d18 --- a/terragrunt_fmt.sh +++ b/hooks/_common.sh @@ -1,26 +1,17 @@ #!/usr/bin/env bash set -eo pipefail -function main { - common::initialize - common::parse_cmdline "$@" - common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" -} - function common::initialize { - local SCRIPT_DIR - # get directory containing this script - SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" - + local -r script_dir=$1 # source getopt function # shellcheck source=lib_getopt - . "$SCRIPT_DIR/lib_getopt" + . "$script_dir/../lib_getopt" } function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions - declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + declare -g -a ARGS=() HOOK_CONFIG=() FILES=() local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -40,6 +31,7 @@ function common::parse_cmdline { ;; --) shift + # shellcheck disable=SC2034 # Variable is used FILES=("$@") break ;; @@ -90,18 +82,24 @@ function common::per_dir_hook { exit $final_exit_code } -function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook - local -r args="$1" - local -r dir_path="$2" - - # pass the arguments to hook - # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") - terragrunt hclfmt ${args[@]} - - # return exit code to common::per_dir_hook - local exit_code=$? - return $exit_code +function common::colorify { + # shellcheck disable=SC2034 + local -r red="\e[0m\e[31m" + # shellcheck disable=SC2034 + local -r green="\e[0m\e[32m" + # shellcheck disable=SC2034 + local -r yellow="\e[0m\e[33m" + # Color reset + local -r RESET="\e[0m" + + # Params start # + local COLOR="${!1}" + local -r TEXT=$2 + # Params end # + + if [ "$PRE_COMMIT_COLOR" = "never" ]; then + COLOR=$RESET + fi + + echo -e "${COLOR}${TEXT}${RESET}" } - -[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/infracost_breakdown.sh b/hooks/infracost_breakdown.sh similarity index 76% rename from infracost_breakdown.sh rename to hooks/infracost_breakdown.sh index f2cb816dd..911bcacaf 100755 --- a/infracost_breakdown.sh +++ b/hooks/infracost_breakdown.sh @@ -1,75 +1,18 @@ #!/usr/bin/env bash set -eo pipefail +# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines +readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" +# shellcheck source=_common.sh +. "$SCRIPT_DIR/_common.sh" + function main { - common::initialize + common::initialize "$SCRIPT_DIR" common::parse_cmdline "$@" + # shellcheck disable=SC2153 # False positive infracost_breakdown_ "${HOOK_CONFIG[*]}" "${ARGS[*]}" } -function common::colorify { - # shellcheck disable=SC2034 - local -r red="\e[0m\e[31m" - # shellcheck disable=SC2034 - local -r green="\e[0m\e[32m" - # shellcheck disable=SC2034 - local -r yellow="\e[0m\e[33m" - # Color reset - local -r RESET="\e[0m" - - # Params start # - local COLOR="${!1}" - local -r TEXT=$2 - # Params end # - - if [ "$PRE_COMMIT_COLOR" = "never" ]; then - COLOR=$RESET - fi - - echo -e "${COLOR}${TEXT}${RESET}" -} - -function common::initialize { - local SCRIPT_DIR - # get directory containing this script - SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" - - # source getopt function - # shellcheck source=lib_getopt - . "$SCRIPT_DIR/lib_getopt" -} - -function common::parse_cmdline { - # common global arrays. - # Populated via `common::parse_cmdline` and can be used inside hooks' functions - declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - - local argv - argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return - eval "set -- $argv" - - for argv; do - case $argv in - -a | --args) - shift - ARGS+=("$1") - shift - ;; - -h | --hook-config) - shift - HOOK_CONFIG+=("$1;") - shift - ;; - --) - shift - # shellcheck disable=SC2034 # Common function - FILES=("$@") - break - ;; - esac - done -} - function infracost_breakdown_ { local -r hook_config="$1" local args diff --git a/terraform_docs.sh b/hooks/terraform_docs.sh similarity index 92% rename from terraform_docs.sh rename to hooks/terraform_docs.sh index f2efb0af7..b1757c343 100755 --- a/terraform_docs.sh +++ b/hooks/terraform_docs.sh @@ -1,54 +1,22 @@ #!/usr/bin/env bash set -eo pipefail +# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines +readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" +# shellcheck source=_common.sh +. "$SCRIPT_DIR/_common.sh" + function main { - common::initialize + common::initialize "$SCRIPT_DIR" common::parse_cmdline "$@" # Support for setting relative PATH to .terraform-docs.yml config. + # shellcheck disable=SC2178 # It's the simplest syntax for that case ARGS=${ARGS[*]/--config=/--config=$(pwd)\/} + # shellcheck disable=SC2128 # It's the simplest syntax for that case + # shellcheck disable=SC2153 # False positive terraform_docs_ "${HOOK_CONFIG[*]}" "$ARGS" "${FILES[@]}" } -function common::initialize { - local SCRIPT_DIR - # get directory containing this script - SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" - - # source getopt function - # shellcheck source=lib_getopt - . "$SCRIPT_DIR/lib_getopt" -} - -function common::parse_cmdline { - # common global arrays. - # Populated via `common::parse_cmdline` and can be used inside hooks' functions - declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - - local argv - argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return - eval "set -- $argv" - - for argv; do - case $argv in - -a | --args) - shift - ARGS+=("$1") - shift - ;; - -h | --hook-config) - shift - HOOK_CONFIG+=("$1;") - shift - ;; - --) - shift - FILES=("$@") - break - ;; - esac - done -} - function terraform_docs_ { local -r hook_config="$1" local -r args="$2" diff --git a/pre_commit_hooks/terraform_docs_replace.py b/hooks/terraform_docs_replace.py similarity index 100% rename from pre_commit_hooks/terraform_docs_replace.py rename to hooks/terraform_docs_replace.py diff --git a/terraform_fmt.sh b/hooks/terraform_fmt.sh similarity index 71% rename from terraform_fmt.sh rename to hooks/terraform_fmt.sh index f6cad78c8..9657af2dc 100755 --- a/terraform_fmt.sh +++ b/hooks/terraform_fmt.sh @@ -1,52 +1,18 @@ #!/usr/bin/env bash set -eo pipefail +# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines +readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" +# shellcheck source=_common.sh +. "$SCRIPT_DIR/_common.sh" + function main { - common::initialize + common::initialize "$SCRIPT_DIR" common::parse_cmdline "$@" + # shellcheck disable=SC2153 # False positive terraform_fmt_ "${ARGS[*]}" "${FILES[@]}" } -function common::initialize { - local SCRIPT_DIR - # get directory containing this script - SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" - - # source getopt function - # shellcheck source=lib_getopt - . "$SCRIPT_DIR/lib_getopt" -} - -function common::parse_cmdline { - # common global arrays. - # Populated via `common::parse_cmdline` and can be used inside hooks' functions - declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - - local argv - argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return - eval "set -- $argv" - - for argv; do - case $argv in - -a | --args) - shift - ARGS+=("$1") - shift - ;; - -h | --hook-config) - shift - HOOK_CONFIG+=("$1;") - shift - ;; - --) - shift - FILES=("$@") - break - ;; - esac - done -} - function terraform_fmt_ { local -r args="$1" shift 1 diff --git a/hooks/terraform_providers_lock.sh b/hooks/terraform_providers_lock.sh new file mode 100755 index 000000000..b5fb7ec31 --- /dev/null +++ b/hooks/terraform_providers_lock.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +set -eo pipefail + +# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines +readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" +# shellcheck source=_common.sh +. "$SCRIPT_DIR/_common.sh" + +function main { + common::initialize "$SCRIPT_DIR" + common::parse_cmdline "$@" + # shellcheck disable=SC2153 # False positive + common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" +} + +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" + local -r dir_path="$2" + + if [ ! -d ".terraform" ]; then + init_output=$(terraform init -backend=false 2>&1) + init_code=$? + + if [ $init_code -ne 0 ]; then + common::colorify "red" "Init before validation failed: $dir_path" + common::colorify "red" "$init_output" + exit $init_code + fi + fi + + # pass the arguments to hook + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") + terraform providers lock ${args[@]} + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} + +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/hooks/terraform_tflint.sh b/hooks/terraform_tflint.sh new file mode 100755 index 000000000..6d154c50b --- /dev/null +++ b/hooks/terraform_tflint.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash + +set -eo pipefail + +# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines +readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" +# shellcheck source=_common.sh +. "$SCRIPT_DIR/_common.sh" + +function main { + common::initialize "$SCRIPT_DIR" + common::parse_cmdline "$@" + # Support for setting PATH to repo root. + # shellcheck disable=SC2178 # It's the simplest syntax for that case + ARGS=${ARGS[*]/__GIT_WORKING_DIR__/$(pwd)\/} + # shellcheck disable=SC2128 # It's the simplest syntax for that case + common::per_dir_hook "$ARGS" "${FILES[@]}" +} + +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" + local -r dir_path="$2" + + # Print checked PATH **only** if TFLint have any messages + # shellcheck disable=SC2091,SC2068 # Suppress error output + $(tflint ${args[@]} 2>&1) 2> /dev/null || { + common::colorify "yellow" "TFLint in $dir_path/:" + + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") + tflint ${args[@]} + } + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} + +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/hooks/terraform_tfsec.sh b/hooks/terraform_tfsec.sh new file mode 100755 index 000000000..284106bfa --- /dev/null +++ b/hooks/terraform_tfsec.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +set -eo pipefail + +# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines +readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" +# shellcheck source=_common.sh +. "$SCRIPT_DIR/_common.sh" + +function main { + common::initialize "$SCRIPT_DIR" + common::parse_cmdline "$@" + # Support for setting PATH to repo root. + # shellcheck disable=SC2178 # It's the simplest syntax for that case + ARGS=${ARGS[*]/__GIT_WORKING_DIR__/$(pwd)\/} + # shellcheck disable=SC2128 # It's the simplest syntax for that case + common::per_dir_hook "$ARGS" "${FILES[@]}" +} + +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" + # shellcheck disable=SC2034 # Unused var. + local -r dir_path="$2" + + # pass the arguments to hook + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") + tfsec ${args[@]} + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} + +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terraform_validate.sh b/hooks/terraform_validate.sh similarity index 88% rename from terraform_validate.sh rename to hooks/terraform_validate.sh index 655bc09ac..4cb50c946 100755 --- a/terraform_validate.sh +++ b/hooks/terraform_validate.sh @@ -1,25 +1,20 @@ #!/usr/bin/env bash set -eo pipefail +# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines +readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" +# shellcheck source=_common.sh +. "$SCRIPT_DIR/_common.sh" + # `terraform validate` requires this env variable to be set export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-east-1} function main { - common::initialize + common::initialize "$SCRIPT_DIR" parse_cmdline_ "$@" terraform_validate_ } -function common::initialize { - local SCRIPT_DIR - # get directory containing this script - SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" - - # source getopt function - # shellcheck source=lib_getopt - . "$SCRIPT_DIR/lib_getopt" -} - function parse_cmdline_ { declare argv argv=$(getopt -o e:i:a: --long envs:,init-args:,args: -- "$@") || return @@ -119,9 +114,7 @@ function terraform_validate_ { } # global arrays -declare -a ARGS declare -a INIT_ARGS declare -a ENVS -declare -a FILES [ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/hooks/terragrunt_fmt.sh b/hooks/terragrunt_fmt.sh new file mode 100755 index 000000000..d91cc9fcc --- /dev/null +++ b/hooks/terragrunt_fmt.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +set -eo pipefail + +# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines +readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" +# shellcheck source=_common.sh +. "$SCRIPT_DIR/_common.sh" + +function main { + common::initialize "$SCRIPT_DIR" + common::parse_cmdline "$@" + # shellcheck disable=SC2153 # False positive + common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" +} + +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" + # shellcheck disable=SC2034 # Unused var. + local -r dir_path="$2" + + # pass the arguments to hook + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") + terragrunt hclfmt ${args[@]} + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} + +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/hooks/terragrunt_validate.sh b/hooks/terragrunt_validate.sh new file mode 100755 index 000000000..96fe3963d --- /dev/null +++ b/hooks/terragrunt_validate.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +set -eo pipefail + +# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines +readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" +# shellcheck source=_common.sh +. "$SCRIPT_DIR/_common.sh" + +function main { + common::initialize "$SCRIPT_DIR" + common::parse_cmdline "$@" + # shellcheck disable=SC2153 # False positive + common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" +} + +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" + # shellcheck disable=SC2034 # Unused var. + local -r dir_path="$2" + + # pass the arguments to hook + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") + terragrunt validate ${args[@]} + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} + +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/hooks/terrascan.sh b/hooks/terrascan.sh new file mode 100755 index 000000000..3bf78c7d2 --- /dev/null +++ b/hooks/terrascan.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash +set -eo pipefail + +# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines +readonly SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" +# shellcheck source=_common.sh +. "$SCRIPT_DIR/_common.sh" + +function main { + common::initialize "$SCRIPT_DIR" + common::parse_cmdline "$@" + # shellcheck disable=SC2153 # False positive + common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" +} + +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" + # shellcheck disable=SC2034 # Unused var. + local -r dir_path="$2" + + # pass the arguments to hook + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") + terrascan scan -i terraform ${args[@]} + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} + +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/setup.py b/setup.py index 4c2b47668..2d88425b9 100644 --- a/setup.py +++ b/setup.py @@ -27,7 +27,7 @@ ], entry_points={ 'console_scripts': [ - 'terraform_docs_replace = pre_commit_hooks.terraform_docs_replace:main', + 'terraform_docs_replace = hooks.terraform_docs_replace:main', ], }, ) diff --git a/terraform_providers_lock.sh b/terraform_providers_lock.sh deleted file mode 100755 index 26bf40b58..000000000 --- a/terraform_providers_lock.sh +++ /dev/null @@ -1,141 +0,0 @@ -#!/usr/bin/env bash - -set -eo pipefail - -function main { - common::initialize - common::parse_cmdline "$@" - common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" -} - -function common::colorify { - # shellcheck disable=SC2034 - local -r red="\e[0m\e[31m" - # shellcheck disable=SC2034 - local -r green="\e[0m\e[32m" - # shellcheck disable=SC2034 - local -r yellow="\e[0m\e[33m" - # Color reset - local -r RESET="\e[0m" - - # Params start # - local COLOR="${!1}" - local -r TEXT=$2 - # Params end # - - if [ "$PRE_COMMIT_COLOR" = "never" ]; then - COLOR=$RESET - fi - - echo -e "${COLOR}${TEXT}${RESET}" -} - -function common::initialize { - local SCRIPT_DIR - # get directory containing this script - SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" - - # source getopt function - # shellcheck source=lib_getopt - . "$SCRIPT_DIR/lib_getopt" -} - -function common::parse_cmdline { - # common global arrays. - # Populated via `common::parse_cmdline` and can be used inside hooks' functions - declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - - local argv - argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return - eval "set -- $argv" - - for argv; do - case $argv in - -a | --args) - shift - ARGS+=("$1") - shift - ;; - -h | --hook-config) - shift - HOOK_CONFIG+=("$1;") - shift - ;; - --) - shift - FILES=("$@") - break - ;; - esac - done -} - -function common::per_dir_hook { - local -r args="$1" - shift 1 - local -a -r files=("$@") - - # consume modified files passed from pre-commit so that - # hook runs against only those relevant directories - local index=0 - for file_with_path in "${files[@]}"; do - file_with_path="${file_with_path// /__REPLACED__SPACE__}" - - dir_paths[index]=$(dirname "$file_with_path") - - ((index += 1)) - done - - # preserve errexit status - shopt -qo errexit && ERREXIT_IS_SET=true - # allow hook to continue if exit_code is greater than 0 - set +e - local final_exit_code=0 - - # run hook for each path - for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do - dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null || continue - - per_dir_hook_unique_part "$args" "$dir_path" - - local exit_code=$? - if [ $exit_code -ne 0 ]; then - final_exit_code=$exit_code - fi - - popd > /dev/null - done - - # restore errexit if it was set before the "for" loop - [[ $ERREXIT_IS_SET ]] && set -e - # return the hook final exit_code - exit $final_exit_code -} - -function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook - local -r args="$1" - local -r dir_path="$2" - - if [ ! -d ".terraform" ]; then - init_output=$(terraform init -backend=false 2>&1) - init_code=$? - - if [ $init_code -ne 0 ]; then - common::colorify "red" "Init before validation failed: $dir_path" - common::colorify "red" "$init_output" - exit $init_code - fi - fi - - # pass the arguments to hook - # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") - terraform providers lock ${args[@]} - - # return exit code to common::per_dir_hook - local exit_code=$? - return $exit_code -} - -[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terraform_tflint.sh b/terraform_tflint.sh deleted file mode 100755 index d6501b84f..000000000 --- a/terraform_tflint.sh +++ /dev/null @@ -1,137 +0,0 @@ -#!/usr/bin/env bash - -set -eo pipefail - -function main { - common::initialize - common::parse_cmdline "$@" - # Support for setting PATH to repo root. - ARGS=${ARGS[*]/__GIT_WORKING_DIR__/$(pwd)\/} - common::per_dir_hook "$ARGS" "${FILES[@]}" -} - -function common::colorify { - # shellcheck disable=SC2034 - local -r red="\e[0m\e[31m" - # shellcheck disable=SC2034 - local -r green="\e[0m\e[32m" - # shellcheck disable=SC2034 - local -r yellow="\e[0m\e[33m" - # Color reset - local -r RESET="\e[0m" - - # Params start # - local COLOR="${!1}" - local -r TEXT=$2 - # Params end # - - if [ "$PRE_COMMIT_COLOR" = "never" ]; then - COLOR=$RESET - fi - - echo -e "${COLOR}${TEXT}${RESET}" -} - -function common::initialize { - local SCRIPT_DIR - # get directory containing this script - SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" - - # source getopt function - # shellcheck source=lib_getopt - . "$SCRIPT_DIR/lib_getopt" -} - -function common::parse_cmdline { - # common global arrays. - # Populated via `common::parse_cmdline` and can be used inside hooks' functions - declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - - local argv - argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return - eval "set -- $argv" - - for argv; do - case $argv in - -a | --args) - shift - ARGS+=("$1") - shift - ;; - -h | --hook-config) - shift - HOOK_CONFIG+=("$1;") - shift - ;; - --) - shift - FILES=("$@") - break - ;; - esac - done -} - -function common::per_dir_hook { - local -r args="$1" - shift 1 - local -a -r files=("$@") - - # consume modified files passed from pre-commit so that - # hook runs against only those relevant directories - local index=0 - for file_with_path in "${files[@]}"; do - file_with_path="${file_with_path// /__REPLACED__SPACE__}" - - dir_paths[index]=$(dirname "$file_with_path") - - ((index += 1)) - done - - # preserve errexit status - shopt -qo errexit && ERREXIT_IS_SET=true - # allow hook to continue if exit_code is greater than 0 - set +e - local final_exit_code=0 - - # run hook for each path - for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do - dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null || continue - - per_dir_hook_unique_part "$args" "$dir_path" - - local exit_code=$? - if [ $exit_code -ne 0 ]; then - final_exit_code=$exit_code - fi - - popd > /dev/null - done - - # restore errexit if it was set before the "for" loop - [[ $ERREXIT_IS_SET ]] && set -e - # return the hook final exit_code - exit $final_exit_code -} - -function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook - local -r args="$1" - local -r dir_path="$2" - - # Print checked PATH **only** if TFLint have any messages - # shellcheck disable=SC2091,SC2068 # Suppress error output - $(tflint ${args[@]} 2>&1) 2> /dev/null || { - common::colorify "yellow" "TFLint in $dir_path/:" - - # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") - tflint ${args[@]} - } - - # return exit code to common::per_dir_hook - local exit_code=$? - return $exit_code -} - -[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terraform_tfsec.sh b/terraform_tfsec.sh deleted file mode 100755 index a68905bca..000000000 --- a/terraform_tfsec.sh +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/env bash -set -eo pipefail - -function main { - common::initialize - common::parse_cmdline "$@" - # Support for setting PATH to repo root. - ARGS=${ARGS[*]/__GIT_WORKING_DIR__/$(pwd)\/} - common::per_dir_hook "$ARGS" "${FILES[@]}" -} - -function common::initialize { - local SCRIPT_DIR - # get directory containing this script - SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" - - # source getopt function - # shellcheck source=lib_getopt - . "$SCRIPT_DIR/lib_getopt" -} - -function common::parse_cmdline { - # common global arrays. - # Populated via `common::parse_cmdline` and can be used inside hooks' functions - declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - - local argv - argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return - eval "set -- $argv" - - for argv; do - case $argv in - -a | --args) - shift - ARGS+=("$1") - shift - ;; - -h | --hook-config) - shift - HOOK_CONFIG+=("$1;") - shift - ;; - --) - shift - FILES=("$@") - break - ;; - esac - done -} - -function common::per_dir_hook { - local -r args="$1" - shift 1 - local -a -r files=("$@") - - # consume modified files passed from pre-commit so that - # hook runs against only those relevant directories - local index=0 - for file_with_path in "${files[@]}"; do - file_with_path="${file_with_path// /__REPLACED__SPACE__}" - - dir_paths[index]=$(dirname "$file_with_path") - - ((index += 1)) - done - - # preserve errexit status - shopt -qo errexit && ERREXIT_IS_SET=true - # allow hook to continue if exit_code is greater than 0 - set +e - local final_exit_code=0 - - # run hook for each path - for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do - dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null || continue - - per_dir_hook_unique_part "$args" "$dir_path" - - local exit_code=$? - if [ $exit_code -ne 0 ]; then - final_exit_code=$exit_code - fi - - popd > /dev/null - done - - # restore errexit if it was set before the "for" loop - [[ $ERREXIT_IS_SET ]] && set -e - # return the hook final exit_code - exit $final_exit_code -} - -function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook - local -r args="$1" - local -r dir_path="$2" - - # pass the arguments to hook - # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") - tfsec ${args[@]} - - # return exit code to common::per_dir_hook - local exit_code=$? - return $exit_code -} - -[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terragrunt_validate.sh b/terragrunt_validate.sh deleted file mode 100755 index 1fd83a1dc..000000000 --- a/terragrunt_validate.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/usr/bin/env bash -set -eo pipefail - -function main { - common::initialize - common::parse_cmdline "$@" - common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" -} - -function common::initialize { - local SCRIPT_DIR - # get directory containing this script - SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" - - # source getopt function - # shellcheck source=lib_getopt - . "$SCRIPT_DIR/lib_getopt" -} - -function common::parse_cmdline { - # common global arrays. - # Populated via `common::parse_cmdline` and can be used inside hooks' functions - declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - - local argv - argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return - eval "set -- $argv" - - for argv; do - case $argv in - -a | --args) - shift - ARGS+=("$1") - shift - ;; - -h | --hook-config) - shift - HOOK_CONFIG+=("$1;") - shift - ;; - --) - shift - FILES=("$@") - break - ;; - esac - done -} - -function common::per_dir_hook { - local -r args="$1" - shift 1 - local -a -r files=("$@") - - # consume modified files passed from pre-commit so that - # hook runs against only those relevant directories - local index=0 - for file_with_path in "${files[@]}"; do - file_with_path="${file_with_path// /__REPLACED__SPACE__}" - - dir_paths[index]=$(dirname "$file_with_path") - - ((index += 1)) - done - - # preserve errexit status - shopt -qo errexit && ERREXIT_IS_SET=true - # allow hook to continue if exit_code is greater than 0 - set +e - local final_exit_code=0 - - # run hook for each path - for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do - dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null || continue - - per_dir_hook_unique_part "$args" "$dir_path" - - local exit_code=$? - if [ $exit_code -ne 0 ]; then - final_exit_code=$exit_code - fi - - popd > /dev/null - done - - # restore errexit if it was set before the "for" loop - [[ $ERREXIT_IS_SET ]] && set -e - # return the hook final exit_code - exit $final_exit_code -} - -function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook - local -r args="$1" - local -r dir_path="$2" - - # pass the arguments to hook - # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") - terragrunt validate ${args[@]} - - # return exit code to common::per_dir_hook - local exit_code=$? - return $exit_code -} - -[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terrascan.sh b/terrascan.sh deleted file mode 100755 index 1ed33bc4a..000000000 --- a/terrascan.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/usr/bin/env bash -set -eo pipefail - -function main { - common::initialize - common::parse_cmdline "$@" - common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" -} - -function common::initialize { - local SCRIPT_DIR - # get directory containing this script - SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" - - # source getopt function - # shellcheck source=lib_getopt - . "$SCRIPT_DIR/lib_getopt" -} - -function common::parse_cmdline { - # common global arrays. - # Populated via `common::parse_cmdline` and can be used inside hooks' functions - declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - - local argv - argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return - eval "set -- $argv" - - for argv; do - case $argv in - -a | --args) - shift - ARGS+=("$1") - shift - ;; - -h | --hook-config) - shift - HOOK_CONFIG+=("$1;") - shift - ;; - --) - shift - FILES=("$@") - break - ;; - esac - done -} - -function common::per_dir_hook { - local -r args="$1" - shift 1 - local -a -r files=("$@") - - # consume modified files passed from pre-commit so that - # hook runs against only those relevant directories - local index=0 - for file_with_path in "${files[@]}"; do - file_with_path="${file_with_path// /__REPLACED__SPACE__}" - - dir_paths[index]=$(dirname "$file_with_path") - - ((index += 1)) - done - - # preserve errexit status - shopt -qo errexit && ERREXIT_IS_SET=true - # allow hook to continue if exit_code is greater than 0 - set +e - local final_exit_code=0 - - # run hook for each path - for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do - dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null || continue - - per_dir_hook_unique_part "$args" "$dir_path" - - local exit_code=$? - if [ $exit_code -ne 0 ]; then - final_exit_code=$exit_code - fi - - popd > /dev/null - done - - # restore errexit if it was set before the "for" loop - [[ $ERREXIT_IS_SET ]] && set -e - # return the hook final exit_code - exit $final_exit_code -} - -function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook - local -r args="$1" - local -r dir_path="$2" - - # pass the arguments to hook - # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") - terrascan scan -i terraform ${args[@]} - - # return exit code to common::per_dir_hook - local exit_code=$? - return $exit_code -} - -[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"