From 0e1a9898a0cd01705b61e0908217944a9185ba78 Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Wed, 22 Dec 2021 22:25:25 +0200 Subject: [PATCH 01/17] chore: Refactor terrascan hook --- terrascan.sh | 130 ++++++++++++++++++++++++++++----------------------- 1 file changed, 71 insertions(+), 59 deletions(-) diff --git a/terrascan.sh b/terrascan.sh index bd66a73de..bc8805799 100755 --- a/terrascan.sh +++ b/terrascan.sh @@ -1,43 +1,85 @@ #!/usr/bin/env bash set -eo pipefail -main() { - initialize_ - parse_cmdline_ "$@" - terrascan_ "${ARGS[*]}" "${FILES[@]}" +function main { + common::initialize + common::parse_cmdline "$@" + common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" } -terrascan_() { - local -r args="${1}" +function common::initialize { + local SCRIPT_DIR + # get directory containing this script + SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" + + # source getopt function + # shellcheck source=lib_getopt + . "$SCRIPT_DIR/lib_getopt" +} + +# common global arrays. +# Populated in `parse_cmdline` and can used in hooks functions +declare -a ARGS=() +declare -a HOOK_CONFIG=() +declare -a FILES=() +function common::parse_cmdline { + local argv + argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return + eval "set -- $argv" + + for argv; do + case $argv in + -a | --args) + shift + ARGS+=("$1") + shift + ;; + -h | --hook-config) + shift + HOOK_CONFIG+=("$1;") + shift + ;; + --) + shift + FILES=("$@") + break + ;; + esac + done +} + +function common::per_dir_hook { + local -r args="$1" shift 1 local -a -r files=("$@") # consume modified files passed from pre-commit so that - # terrascan runs against only those relevant directories + # hook runs against only those relevant directories + local index=0 for file_with_path in "${files[@]}"; do file_with_path="${file_with_path// /__REPLACED__SPACE__}" - paths[index]=$(dirname "$file_with_path") - index=$((index + 1)) + + dir_paths[index]=$(dirname "$file_with_path") + + ((index += 1)) done - # allow terrascan to continue if exit_code is greater than 0 + # allow hook to continue if exit_code is greater than 0 # preserve errexit status shopt -qo errexit && ERREXIT_IS_SET=true set +e - terrascan_final_exit_code=0 + local final_exit_code=0 - # for each path run terrascan - for path_uniq in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do + # run hook for each path + for path_uniq in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do path_uniq="${path_uniq//__REPLACED__SPACE__/ }" pushd "$path_uniq" > /dev/null - # pass the arguments to terrascan - # shellcheck disable=SC2086 # terrascan fails when quoting is used ("$arg" vs $arg) - terrascan scan -i terraform $args + per_dir_hook_unique_part "$args" local exit_code=$? - if [ $exit_code != 0 ]; then - terrascan_final_exit_code=$exit_code + if [ "$exit_code" != 0 ]; then + final_exit_code=$exit_code fi popd > /dev/null @@ -45,51 +87,21 @@ terrascan_() { # restore errexit if it was set before the "for" loop [[ $ERREXIT_IS_SET ]] && set -e - # return the terrascan final exit_code - exit $terrascan_final_exit_code + # return the hook final exit_code + exit $final_exit_code } -initialize_() { - # get directory containing this script - local dir - local source - source="${BASH_SOURCE[0]}" - while [[ -L $source ]]; do # resolve $source until the file is no longer a symlink - dir="$(cd -P "$(dirname "$source")" > /dev/null && pwd)" - source="$(readlink "$source")" - # if $source was a relative symlink, we need to resolve it relative to the path where the symlink file was located - [[ $source != /* ]] && source="$dir/$source" - done - _SCRIPT_DIR="$(dirname "$source")" +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" - # source getopt function - # shellcheck source=lib_getopt - . "$_SCRIPT_DIR/lib_getopt" -} - -parse_cmdline_() { - declare argv - argv=$(getopt -o a: --long args: -- "$@") || return - eval "set -- $argv" + # pass the arguments to hook + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") + terrascan scan -i terraform ${args[@]} - for argv; do - case $argv in - -a | --args) - shift - ARGS+=("$1") - shift - ;; - --) - shift - FILES+=("$@") - break - ;; - esac - done + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code } -# global arrays -declare -a ARGS=() -declare -a FILES=() - [[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" From 11a7393d878ed66554031df5758781e7850d926b Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Wed, 22 Dec 2021 23:20:06 +0200 Subject: [PATCH 02/17] chore: Refactor tflint hook --- terraform_tflint.sh | 106 +++++++++++++++++++++++++++----------------- 1 file changed, 66 insertions(+), 40 deletions(-) diff --git a/terraform_tflint.sh b/terraform_tflint.sh index 87c120383..630e26bdf 100755 --- a/terraform_tflint.sh +++ b/terraform_tflint.sh @@ -2,41 +2,44 @@ set -eo pipefail -main() { - initialize_ - parse_cmdline_ "$@" - tflint_ +function main { + common::initialize + common::parse_cmdline "$@" + # Support for setting PATH to repo root. + ARGS=${ARGS[*]/__GIT_WORKING_DIR__/$(pwd)\/} + common::per_dir_hook "$ARGS" "${FILES[@]}" } -initialize_() { +function common::initialize { + local SCRIPT_DIR # get directory containing this script - local dir - local source - source="${BASH_SOURCE[0]}" - while [[ -L $source ]]; do # resolve $source until the file is no longer a symlink - dir="$(cd -P "$(dirname "$source")" > /dev/null && pwd)" - source="$(readlink "$source")" - # if $source was a relative symlink, we need to resolve it relative to the path where the symlink file was located - [[ $source != /* ]] && source="$dir/$source" - done - _SCRIPT_DIR="$(dirname "$source")" + SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" # source getopt function # shellcheck source=lib_getopt - . "$_SCRIPT_DIR/lib_getopt" + . "$SCRIPT_DIR/lib_getopt" } -parse_cmdline_() { - declare argv - argv=$(getopt -o a: --long args: -- "$@") || return +# common global arrays. +# Populated in `parse_cmdline` and can used in hooks functions +declare -a ARGS=() +declare -a HOOK_CONFIG=() +declare -a FILES=() +function common::parse_cmdline { + local argv + argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" for argv; do case $argv in -a | --args) shift - expanded_arg="${1//__GIT_WORKING_DIR__/$PWD}" - ARGS+=("$expanded_arg") + ARGS+=("$1") + shift + ;; + -h | --hook-config) + shift + HOOK_CONFIG+=("$1;") shift ;; --) @@ -46,43 +49,66 @@ parse_cmdline_() { ;; esac done - } -tflint_() { +function common::per_dir_hook { + local -r args="$1" + shift 1 + local -a -r files=("$@") + + # consume modified files passed from pre-commit so that + # hook runs against only those relevant directories local index=0 - for file_with_path in "${FILES[@]}"; do + for file_with_path in "${files[@]}"; do file_with_path="${file_with_path// /__REPLACED__SPACE__}" - paths[index]=$(dirname "$file_with_path") + dir_paths[index]=$(dirname "$file_with_path") ((index += 1)) done + + # allow hook to continue if exit_code is greater than 0 + # preserve errexit status + shopt -qo errexit && ERREXIT_IS_SET=true set +e - tflint_final_exit_code=0 - for path_uniq in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do + local final_exit_code=0 + + # run hook for each path + for path_uniq in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do path_uniq="${path_uniq//__REPLACED__SPACE__/ }" pushd "$path_uniq" > /dev/null - # Print checked PATH **only** if TFLint have any messages - # shellcheck disable=SC2091 # Suppress error output - $(tflint "${ARGS[@]}" 2>&1) 2> /dev/null || { - echo >&2 -e "\033[1;33m\nTFLint in $path_uniq/:\033[0m" - tflint "${ARGS[@]}" - } + per_dir_hook_unique_part "$args" + local exit_code=$? - if [ $exit_code != 0 ]; then - tflint_final_exit_code=$exit_code + if [ "$exit_code" != 0 ]; then + final_exit_code=$exit_code fi popd > /dev/null done - set -e - exit $tflint_final_exit_code + + # restore errexit if it was set before the "for" loop + [[ $ERREXIT_IS_SET ]] && set -e + # return the hook final exit_code + exit $final_exit_code } -# global arrays -declare -a ARGS -declare -a FILES +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" + + # Print checked PATH **only** if TFLint have any messages + # shellcheck disable=SC2091,SC2068 # Suppress error output + $(tflint ${args[@]} 2>&1) 2> /dev/null || { + echo >&2 -e "\033[1;33m\nTFLint in $path_uniq/:\033[0m" + # shellcheck disable=SC2068 # tflint fails when quoting is used ("$arg" vs $arg) + tflint ${args[@]} + } + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} [[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" From 113fbfa245b105b530ec8999e3187836d0e889f7 Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Wed, 22 Dec 2021 23:38:37 +0200 Subject: [PATCH 03/17] Use colorification in tflint --- terraform_tflint.sh | 37 +++++++++++++++++++++++++++++++------ terrascan.sh | 9 +++++---- 2 files changed, 36 insertions(+), 10 deletions(-) diff --git a/terraform_tflint.sh b/terraform_tflint.sh index 630e26bdf..2c412d3e4 100755 --- a/terraform_tflint.sh +++ b/terraform_tflint.sh @@ -10,6 +10,29 @@ function main { common::per_dir_hook "$ARGS" "${FILES[@]}" } +function common::colorify { + # Colors. Provided as first string to first arg of function. + # shellcheck disable=SC2034 + local -r red="$(tput setaf 1)" + # shellcheck disable=SC2034 + local -r green="$(tput setaf 2)" + # shellcheck disable=SC2034 + local -r yellow="$(tput setaf 3)" + # Color reset + local -r RESET="$(tput sgr0)" + + # Params start # + local COLOR="${!1}" + local -r TEXT=$2 + # Params end # + + if [ "$PRE_COMMIT_COLOR" = "never" ]; then + COLOR=$RESET + fi + + echo -e "${COLOR}${TEXT}${RESET}" +} + function common::initialize { local SCRIPT_DIR # get directory containing this script @@ -74,11 +97,11 @@ function common::per_dir_hook { local final_exit_code=0 # run hook for each path - for path_uniq in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do - path_uniq="${path_uniq//__REPLACED__SPACE__/ }" - pushd "$path_uniq" > /dev/null + for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do + dir_path="${dir_path//__REPLACED__SPACE__/ }" + pushd "$dir_path" > /dev/null - per_dir_hook_unique_part "$args" + per_dir_hook_unique_part "$args" "$dir_path" local exit_code=$? if [ "$exit_code" != 0 ]; then @@ -97,12 +120,14 @@ function common::per_dir_hook { function per_dir_hook_unique_part { # common logic located in common::per_dir_hook local -r args="$1" + local -r dir_path="$2" # Print checked PATH **only** if TFLint have any messages # shellcheck disable=SC2091,SC2068 # Suppress error output $(tflint ${args[@]} 2>&1) 2> /dev/null || { - echo >&2 -e "\033[1;33m\nTFLint in $path_uniq/:\033[0m" - # shellcheck disable=SC2068 # tflint fails when quoting is used ("$arg" vs $arg) + common::colorify "yellow" "TFLint in $dir_path/:" + + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") tflint ${args[@]} } diff --git a/terrascan.sh b/terrascan.sh index bc8805799..a4eed9d7b 100755 --- a/terrascan.sh +++ b/terrascan.sh @@ -71,11 +71,11 @@ function common::per_dir_hook { local final_exit_code=0 # run hook for each path - for path_uniq in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do - path_uniq="${path_uniq//__REPLACED__SPACE__/ }" - pushd "$path_uniq" > /dev/null + for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do + dir_path="${dir_path//__REPLACED__SPACE__/ }" + pushd "$dir_path" > /dev/null - per_dir_hook_unique_part "$args" + per_dir_hook_unique_part "$args" "$dir_path" local exit_code=$? if [ "$exit_code" != 0 ]; then @@ -94,6 +94,7 @@ function common::per_dir_hook { function per_dir_hook_unique_part { # common logic located in common::per_dir_hook local -r args="$1" + local -r dir_path="$2" # pass the arguments to hook # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") From dea356fc2ac86818aa14a7a047aceddb46250cda Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 00:51:22 +0200 Subject: [PATCH 04/17] chore: Refactor tfsec hook --- terraform_tfsec.sh | 126 +++++++++++++++++++++++++++++---------------- 1 file changed, 81 insertions(+), 45 deletions(-) diff --git a/terraform_tfsec.sh b/terraform_tfsec.sh index 0dc01fe10..c4c58db5c 100755 --- a/terraform_tfsec.sh +++ b/terraform_tfsec.sh @@ -1,74 +1,110 @@ #!/usr/bin/env bash set -eo pipefail -main() { - initialize_ - parse_cmdline_ "$@" - - # propagate $FILES to custom function - tfsec_ "$ARGS" "${FILES[*]}" -} - -tfsec_() { - # consume modified files passed from pre-commit so that - # tfsec runs against only those relevant directories - for file_with_path in ${FILES[*]}; do - file_with_path="${file_with_path// /__REPLACED__SPACE__}" - paths[index]=$(dirname "$file_with_path") - - let "index+=1" - done - - for path_uniq in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do - path_uniq="${path_uniq//__REPLACED__SPACE__/ }" - pushd "$path_uniq" > /dev/null - tfsec $ARGS - popd > /dev/null - done +function main { + common::initialize + common::parse_cmdline "$@" + # Support for setting PATH to repo root. + ARGS=${ARGS[*]/__GIT_WORKING_DIR__/$(pwd)\/} + common::per_dir_hook "$ARGS" "${FILES[@]}" } -initialize_() { +function common::initialize { + local SCRIPT_DIR # get directory containing this script - local dir - local source - source="${BASH_SOURCE[0]}" - while [[ -L $source ]]; do # resolve $source until the file is no longer a symlink - dir="$(cd -P "$(dirname "$source")" > /dev/null && pwd)" - source="$(readlink "$source")" - # if $source was a relative symlink, we need to resolve it relative to the path where the symlink file was located - [[ $source != /* ]] && source="$dir/$source" - done - _SCRIPT_DIR="$(dirname "$source")" + SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" # source getopt function # shellcheck source=lib_getopt - . "$_SCRIPT_DIR/lib_getopt" + . "$SCRIPT_DIR/lib_getopt" } -parse_cmdline_() { - declare argv - argv=$(getopt -o a: --long args: -- "$@") || return +# common global arrays. +# Populated in `parse_cmdline` and can used in hooks functions +declare -a ARGS=() +declare -a HOOK_CONFIG=() +declare -a FILES=() +function common::parse_cmdline { + local argv + argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" for argv; do case $argv in -a | --args) shift - expanded_arg="${1//__GIT_WORKING_DIR__/$PWD}" - ARGS+=("$expanded_arg") + ARGS+=("$1") + shift + ;; + -h | --hook-config) + shift + HOOK_CONFIG+=("$1;") shift ;; --) shift - FILES+=("$@") + FILES=("$@") break ;; esac done } -# global arrays -declare -a ARGS=() -declare -a FILES=() +function common::per_dir_hook { + local -r args="$1" + shift 1 + local -a -r files=("$@") + + # consume modified files passed from pre-commit so that + # hook runs against only those relevant directories + local index=0 + for file_with_path in "${files[@]}"; do + file_with_path="${file_with_path// /__REPLACED__SPACE__}" + + dir_paths[index]=$(dirname "$file_with_path") + + ((index += 1)) + done + + # allow hook to continue if exit_code is greater than 0 + # preserve errexit status + shopt -qo errexit && ERREXIT_IS_SET=true + set +e + local final_exit_code=0 + + # run hook for each path + for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do + dir_path="${dir_path//__REPLACED__SPACE__/ }" + pushd "$dir_path" > /dev/null + + per_dir_hook_unique_part "$args" "$dir_path" + + local exit_code=$? + if [ "$exit_code" != 0 ]; then + final_exit_code=$exit_code + fi + + popd > /dev/null + done + + # restore errexit if it was set before the "for" loop + [[ $ERREXIT_IS_SET ]] && set -e + # return the hook final exit_code + exit $final_exit_code +} + +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" + local -r dir_path="$2" + + # pass the arguments to hook + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") + tfsec ${args[@]} + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} [[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" From df4bda58ca07d61b9d9d948412cdcd3fa62c90b0 Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 00:55:48 +0200 Subject: [PATCH 05/17] chore: Patrial refactor of terrafrom_validate hook --- terraform_validate.sh | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/terraform_validate.sh b/terraform_validate.sh index ea23dac7f..945dc7ec2 100755 --- a/terraform_validate.sh +++ b/terraform_validate.sh @@ -4,31 +4,23 @@ set -eo pipefail # `terraform validate` requires this env variable to be set export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-east-1} -main() { - initialize_ +function main { + common::initialize parse_cmdline_ "$@" terraform_validate_ } -initialize_() { +function common::initialize { + local SCRIPT_DIR # get directory containing this script - local dir - local source - source="${BASH_SOURCE[0]}" - while [[ -L $source ]]; do # resolve $source until the file is no longer a symlink - dir="$(cd -P "$(dirname "$source")" > /dev/null && pwd)" - source="$(readlink "$source")" - # if $source was a relative symlink, we need to resolve it relative to the path where the symlink file was located - [[ $source != /* ]] && source="$dir/$source" - done - _SCRIPT_DIR="$(dirname "$source")" + SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" # source getopt function # shellcheck source=lib_getopt - . "$_SCRIPT_DIR/lib_getopt" + . "$SCRIPT_DIR/lib_getopt" } -parse_cmdline_() { +function parse_cmdline_ { declare argv argv=$(getopt -o e:i:a: --long envs:,init-args:,args: -- "$@") || return eval "set -- $argv" @@ -59,7 +51,7 @@ parse_cmdline_() { done } -terraform_validate_() { +function terraform_validate_ { # Setup environment variables local var var_name var_value From d0675e82ecf36e7245235f7639946d5b6857536a Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 00:58:03 +0200 Subject: [PATCH 06/17] chore: Partial refacto of terraform_fmt hook --- terraform_fmt.sh | 113 +++++++++++++++++++++++++++++++---------------- 1 file changed, 74 insertions(+), 39 deletions(-) diff --git a/terraform_fmt.sh b/terraform_fmt.sh index 82e66f5e7..3730feeca 100755 --- a/terraform_fmt.sh +++ b/terraform_fmt.sh @@ -1,33 +1,30 @@ #!/usr/bin/env bash set -eo pipefail -main() { - initialize_ - parse_cmdline_ "$@" - terraform_fmt_ +function main { + common::initialize + common::parse_cmdline "$@" + terraform_fmt_ "${ARGS[*]}" "${FILES[@]}" } -initialize_() { +function common::initialize { + local SCRIPT_DIR # get directory containing this script - local dir - local source - source="${BASH_SOURCE[0]}" - while [[ -L $source ]]; do # resolve $source until the file is no longer a symlink - dir="$(cd -P "$(dirname "$source")" > /dev/null && pwd)" - source="$(readlink "$source")" - # if $source was a relative symlink, we need to resolve it relative to the path where the symlink file was located - [[ $source != /* ]] && source="$dir/$source" - done - _SCRIPT_DIR="$(dirname "$source")" + SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" # source getopt function # shellcheck source=lib_getopt - . "$_SCRIPT_DIR/lib_getopt" + . "$SCRIPT_DIR/lib_getopt" } -parse_cmdline_() { - declare argv - argv=$(getopt -o a: --long args: -- "$@") || return +# common global arrays. +# Populated in `parse_cmdline` and can used in hooks functions +declare -a ARGS=() +declare -a HOOK_CONFIG=() +declare -a FILES=() +function common::parse_cmdline { + local argv + argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" for argv; do @@ -37,6 +34,11 @@ parse_cmdline_() { ARGS+=("$1") shift ;; + -h | --hook-config) + shift + HOOK_CONFIG+=("$1;") + shift + ;; --) shift FILES=("$@") @@ -46,44 +48,77 @@ parse_cmdline_() { done } -terraform_fmt_() { - - declare -a paths - declare -a tfvars_files - - index=0 - - for file_with_path in "${FILES[@]}"; do +function terraform_fmt_ { + local -r args="$1" + shift 1 + local -a -r files=("$@") + # consume modified files passed from pre-commit so that + # hook runs against only those relevant directories + local index=0 + for file_with_path in "${files[@]}"; do file_with_path="${file_with_path// /__REPLACED__SPACE__}" - paths[index]=$(dirname "$file_with_path") - + dir_paths[index]=$(dirname "$file_with_path") + # TODO Unique part if [[ "$file_with_path" == *".tfvars" ]]; then tfvars_files+=("$file_with_path") fi - + #? End for unique part ((index += 1)) done - for path_uniq in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do - path_uniq="${path_uniq//__REPLACED__SPACE__/ }" + # allow hook to continue if exit_code is greater than 0 + # preserve errexit status + shopt -qo errexit && ERREXIT_IS_SET=true + set +e + local final_exit_code=0 - ( - cd "$path_uniq" - terraform fmt "${ARGS[@]}" - ) + # run hook for each path + for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do + dir_path="${dir_path//__REPLACED__SPACE__/ }" + pushd "$dir_path" > /dev/null + + per_dir_hook_unique_part "$args" "$dir_path" + + local exit_code=$? + if [ "$exit_code" != 0 ]; then + final_exit_code=$exit_code + fi + + popd > /dev/null done + # TODO: Unique part # terraform.tfvars are excluded by `terraform fmt` for tfvars_file in "${tfvars_files[@]}"; do tfvars_file="${tfvars_file//__REPLACED__SPACE__/ }" terraform fmt "${ARGS[@]}" "$tfvars_file" + local exit_code=$? + if [ "$exit_code" != 0 ]; then + final_exit_code=$exit_code + fi done + #? End for unique part + # restore errexit if it was set before the "for" loop + [[ $ERREXIT_IS_SET ]] && set -e + # return the hook final exit_code + exit $final_exit_code + } -# global arrays -declare -a ARGS=() -declare -a FILES=() +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" + local -r dir_path="$2" + + # pass the arguments to terrascan + # shellcheck disable=SC2068 # terrascan fails when quoting is used ("$arg" vs $arg) + terraform fmt ${args[@]} + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} [[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" From 2e264f2582fececc3517b219c64b631bd9e8a315 Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 01:19:41 +0200 Subject: [PATCH 07/17] chore: Refactor terraform_providers_lock hook --- terraform_providers_lock.sh | 145 +++++++++++++++++++++++++----------- 1 file changed, 101 insertions(+), 44 deletions(-) diff --git a/terraform_providers_lock.sh b/terraform_providers_lock.sh index 31ea63f78..951d14063 100755 --- a/terraform_providers_lock.sh +++ b/terraform_providers_lock.sh @@ -2,33 +2,53 @@ set -eo pipefail -main() { - initialize_ - parse_cmdline_ "$@" - terraform_providers_lock_ +function main { + common::initialize + common::parse_cmdline "$@" + common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" } -initialize_() { +function common::colorify { + # Colors. Provided as first string to first arg of function. + # shellcheck disable=SC2034 + local -r red="$(tput setaf 1)" + # shellcheck disable=SC2034 + local -r green="$(tput setaf 2)" + # shellcheck disable=SC2034 + local -r yellow="$(tput setaf 3)" + # Color reset + local -r RESET="$(tput sgr0)" + + # Params start # + local COLOR="${!1}" + local -r TEXT=$2 + # Params end # + + if [ "$PRE_COMMIT_COLOR" = "never" ]; then + COLOR=$RESET + fi + + echo -e "${COLOR}${TEXT}${RESET}" +} + +function common::initialize { + local SCRIPT_DIR # get directory containing this script - local dir - local source - source="${BASH_SOURCE[0]}" - while [[ -L $source ]]; do # resolve $source until the file is no longer a symlink - dir="$(cd -P "$(dirname "$source")" > /dev/null && pwd)" - source="$(readlink "$source")" - # if $source was a relative symlink, we need to resolve it relative to the path where the symlink file was located - [[ $source != /* ]] && source="$dir/$source" - done - _SCRIPT_DIR="$(dirname "$source")" + SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" # source getopt function # shellcheck source=lib_getopt - . "$_SCRIPT_DIR/lib_getopt" + . "$SCRIPT_DIR/lib_getopt" } -parse_cmdline_() { - declare argv - argv=$(getopt -o a: --long args: -- "$@") || return +# common global arrays. +# Populated in `parse_cmdline` and can used in hooks functions +declare -a ARGS=() +declare -a HOOK_CONFIG=() +declare -a FILES=() +function common::parse_cmdline { + local argv + argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" for argv; do @@ -38,6 +58,11 @@ parse_cmdline_() { ARGS+=("$1") shift ;; + -h | --hook-config) + shift + HOOK_CONFIG+=("$1;") + shift + ;; --) shift FILES=("$@") @@ -47,42 +72,74 @@ parse_cmdline_() { done } -terraform_providers_lock_() { - local -a paths - local index=0 - local file_with_path +function common::per_dir_hook { + local -r args="$1" + shift 1 + local -a -r files=("$@") - for file_with_path in "${FILES[@]}"; do + # consume modified files passed from pre-commit so that + # hook runs against only those relevant directories + local index=0 + for file_with_path in "${files[@]}"; do file_with_path="${file_with_path// /__REPLACED__SPACE__}" - paths[index]=$(dirname "$file_with_path") + dir_paths[index]=$(dirname "$file_with_path") ((index += 1)) done - local path_uniq - for path_uniq in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do - path_uniq="${path_uniq//__REPLACED__SPACE__/ }" - - if [[ ! -d "${path_uniq}/.terraform" ]]; then - set +e - init_output=$(terraform -chdir="${path_uniq}" init -backend=false 2>&1) - init_code=$? - set -e - - if [[ $init_code != 0 ]]; then - echo "Init before validation failed: $path_uniq" - echo "$init_output" - exit 1 - fi + # allow hook to continue if exit_code is greater than 0 + # preserve errexit status + shopt -qo errexit && ERREXIT_IS_SET=true + set +e + local final_exit_code=0 + + # run hook for each path + for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do + dir_path="${dir_path//__REPLACED__SPACE__/ }" + pushd "$dir_path" > /dev/null + + per_dir_hook_unique_part "$args" "$dir_path" + + local exit_code=$? + if [ "$exit_code" != 0 ]; then + final_exit_code=$exit_code fi - terraform -chdir="${path_uniq}" providers lock "${ARGS[@]}" + popd > /dev/null done + + # restore errexit if it was set before the "for" loop + [[ $ERREXIT_IS_SET ]] && set -e + # return the hook final exit_code + exit $final_exit_code } -# global arrays -declare -a ARGS -declare -a FILES +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" + local -r dir_path="$2" + + if [[ ! -d ".terraform" ]]; then + set +e + init_output=$(terraform init -backend=false 2>&1) + init_code=$? + set -e + + if [[ $init_code != 0 ]]; then + common::colorify "red" "Init before validation failed: $dir_path" + common::colorify "red" "$init_output" + exit 1 + fi + fi + + # pass the arguments to hook + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") + terraform providers lock ${args[@]} + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} [[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" From 9dd0327542a3663f7c4556c8b5534acd31164c09 Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 01:33:15 +0200 Subject: [PATCH 08/17] chore: Refactor terraform_docs hook --- terraform_docs.sh | 57 +++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 31 deletions(-) diff --git a/terraform_docs.sh b/terraform_docs.sh index 3b04afe24..2d290d6fc 100755 --- a/terraform_docs.sh +++ b/terraform_docs.sh @@ -1,35 +1,32 @@ #!/usr/bin/env bash set -eo pipefail -main() { - initialize_ - parse_cmdline_ "$@" +function main { + common::initialize + common::parse_cmdline "$@" # Support for setting relative PATH to .terraform-docs.yml config. ARGS=${ARGS[*]/--config=/--config=$(pwd)\/} terraform_docs_ "${HOOK_CONFIG[*]}" "$ARGS" "${FILES[@]}" } -initialize_() { +function common::initialize { + local SCRIPT_DIR # get directory containing this script - local dir - local source - source="${BASH_SOURCE[0]}" - while [[ -L $source ]]; do # resolve $source until the file is no longer a symlink - dir="$(cd -P "$(dirname "$source")" > /dev/null && pwd)" - source="$(readlink "$source")" - # if $source was a relative symlink, we need to resolve it relative to the path where the symlink file was located - [[ $source != /* ]] && source="$dir/$source" - done - _SCRIPT_DIR="$(dirname "$source")" + SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" # source getopt function # shellcheck source=lib_getopt - . "$_SCRIPT_DIR/lib_getopt" + . "$SCRIPT_DIR/lib_getopt" } -parse_cmdline_() { - declare argv - argv=$(getopt -o a: --long args:,hook-config: -- "$@") || return +# common global arrays. +# Populated in `parse_cmdline` and can used in hooks functions +declare -a ARGS=() +declare -a HOOK_CONFIG=() +declare -a FILES=() +function common::parse_cmdline { + local argv + argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" for argv; do @@ -39,9 +36,9 @@ parse_cmdline_() { ARGS+=("$1") shift ;; - --hook-config) + -h | --hook-config) shift - HOOK_CONFIG+=("$1") + HOOK_CONFIG+=("$1;") shift ;; --) @@ -53,12 +50,15 @@ parse_cmdline_() { done } -terraform_docs_() { +function terraform_docs_ { local -r hook_config="$1" local -r args="$2" shift 2 local -a -r files=("$@") + # Get hook settings + IFS=";" read -r -a configs <<< "$hook_config" + local hack_terraform_docs hack_terraform_docs=$(terraform version | sed -n 1p | grep -c 0.12) || true @@ -72,7 +72,7 @@ terraform_docs_() { if [[ -z "$is_old_terraform_docs" ]]; then # Using terraform-docs 0.8+ (preferred) - terraform_docs "0" "$hook_config" "$args" "${files[@]}" + terraform_docs "0" "${configs[*]}" "$args" "${files[@]}" elif [[ "$hack_terraform_docs" == "1" ]]; then # Using awk script because terraform-docs is older than 0.8 and terraform 0.12 is used @@ -84,17 +84,17 @@ terraform_docs_() { local tmp_file_awk tmp_file_awk=$(mktemp "${TMPDIR:-/tmp}/terraform-docs-XXXXXXXXXX") terraform_docs_awk "$tmp_file_awk" - terraform_docs "$tmp_file_awk" "$hook_config" "$args" "${files[@]}" + terraform_docs "$tmp_file_awk" "${configs[*]}" "$args" "${files[@]}" rm -f "$tmp_file_awk" else # Using terraform 0.11 and no awk script is needed for that - terraform_docs "0" "$hook_config" "$args" "${files[@]}" + terraform_docs "0" "${configs[*]}" "$args" "${files[@]}" fi } -terraform_docs() { +function terraform_docs { local -r terraform_docs_awk_file="$1" local -r hook_config="$2" local -r args="$3" @@ -212,7 +212,7 @@ terraform_docs() { done } -terraform_docs_awk() { +function terraform_docs_awk { local -r output_file=$1 cat << "EOF" > "$output_file" @@ -371,9 +371,4 @@ EOF } -# global arrays -declare -a ARGS=() -declare -a FILES=() -declare -a HOOK_CONFIG=() - [[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" From 5c6b745e2b16d17a5566021ce418fc4553600457 Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 01:45:32 +0200 Subject: [PATCH 09/17] feat: Allow specify arguments for `terragrunt_validate` hook --- terragrunt_validate.sh | 113 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 99 insertions(+), 14 deletions(-) diff --git a/terragrunt_validate.sh b/terragrunt_validate.sh index 7f0cf5849..55fe0d4e8 100755 --- a/terragrunt_validate.sh +++ b/terragrunt_validate.sh @@ -1,23 +1,108 @@ #!/usr/bin/env bash +set -eo pipefail -set -e +function main { + common::initialize + common::parse_cmdline "$@" + common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" +} -declare -a paths +function common::initialize { + local SCRIPT_DIR + # get directory containing this script + SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" -index=0 + # source getopt function + # shellcheck source=lib_getopt + . "$SCRIPT_DIR/lib_getopt" +} -for file_with_path in "$@"; do - file_with_path="${file_with_path// /__REPLACED__SPACE__}" +# common global arrays. +# Populated in `parse_cmdline` and can used in hooks functions +declare -a ARGS=() +declare -a HOOK_CONFIG=() +declare -a FILES=() +function common::parse_cmdline { + local argv + argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return + eval "set -- $argv" - paths[index]=$(dirname "$file_with_path") + for argv; do + case $argv in + -a | --args) + shift + ARGS+=("$1") + shift + ;; + -h | --hook-config) + shift + HOOK_CONFIG+=("$1;") + shift + ;; + --) + shift + FILES=("$@") + break + ;; + esac + done +} - let "index+=1" -done +function common::per_dir_hook { + local -r args="$1" + shift 1 + local -a -r files=("$@") -for path_uniq in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do - path_uniq="${path_uniq//__REPLACED__SPACE__/ }" + # consume modified files passed from pre-commit so that + # hook runs against only those relevant directories + local index=0 + for file_with_path in "${files[@]}"; do + file_with_path="${file_with_path// /__REPLACED__SPACE__}" - pushd "$path_uniq" > /dev/null - terragrunt validate - popd > /dev/null -done + dir_paths[index]=$(dirname "$file_with_path") + + ((index += 1)) + done + + # allow hook to continue if exit_code is greater than 0 + # preserve errexit status + shopt -qo errexit && ERREXIT_IS_SET=true + set +e + local final_exit_code=0 + + # run hook for each path + for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do + dir_path="${dir_path//__REPLACED__SPACE__/ }" + pushd "$dir_path" > /dev/null + + per_dir_hook_unique_part "$args" "$dir_path" + + local exit_code=$? + if [ "$exit_code" != 0 ]; then + final_exit_code=$exit_code + fi + + popd > /dev/null + done + + # restore errexit if it was set before the "for" loop + [[ $ERREXIT_IS_SET ]] && set -e + # return the hook final exit_code + exit $final_exit_code +} + +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" + local -r dir_path="$2" + + # pass the arguments to hook + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") + terragrunt validate ${args[@]} + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} + +[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" From a243f3f314de907b5c964d7adcb9e9fa128b7ac9 Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 01:56:37 +0200 Subject: [PATCH 10/17] feat: Allow specify arguments for `terragrunt_fmt` hook. In the same time, hook not supported any arguments now --- terragrunt_fmt.sh | 113 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 99 insertions(+), 14 deletions(-) diff --git a/terragrunt_fmt.sh b/terragrunt_fmt.sh index ee23131e7..0869acdc6 100755 --- a/terragrunt_fmt.sh +++ b/terragrunt_fmt.sh @@ -1,23 +1,108 @@ #!/usr/bin/env bash +set -eo pipefail -set -e +function main { + common::initialize + common::parse_cmdline "$@" + common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" +} -declare -a paths +function common::initialize { + local SCRIPT_DIR + # get directory containing this script + SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" -index=0 + # source getopt function + # shellcheck source=lib_getopt + . "$SCRIPT_DIR/lib_getopt" +} -for file_with_path in "$@"; do - file_with_path="${file_with_path// /__REPLACED__SPACE__}" +# common global arrays. +# Populated in `parse_cmdline` and can used in hooks functions +declare -a ARGS=() +declare -a HOOK_CONFIG=() +declare -a FILES=() +function common::parse_cmdline { + local argv + argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return + eval "set -- $argv" - paths[index]=$(dirname "$file_with_path") + for argv; do + case $argv in + -a | --args) + shift + ARGS+=("$1") + shift + ;; + -h | --hook-config) + shift + HOOK_CONFIG+=("$1;") + shift + ;; + --) + shift + FILES=("$@") + break + ;; + esac + done +} - let "index+=1" -done +function common::per_dir_hook { + local -r args="$1" + shift 1 + local -a -r files=("$@") -for path_uniq in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do - path_uniq="${path_uniq//__REPLACED__SPACE__/ }" + # consume modified files passed from pre-commit so that + # hook runs against only those relevant directories + local index=0 + for file_with_path in "${files[@]}"; do + file_with_path="${file_with_path// /__REPLACED__SPACE__}" - pushd "$path_uniq" > /dev/null - terragrunt hclfmt - popd > /dev/null -done + dir_paths[index]=$(dirname "$file_with_path") + + ((index += 1)) + done + + # allow hook to continue if exit_code is greater than 0 + # preserve errexit status + shopt -qo errexit && ERREXIT_IS_SET=true + set +e + local final_exit_code=0 + + # run hook for each path + for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do + dir_path="${dir_path//__REPLACED__SPACE__/ }" + pushd "$dir_path" > /dev/null + + per_dir_hook_unique_part "$args" "$dir_path" + + local exit_code=$? + if [ "$exit_code" != 0 ]; then + final_exit_code=$exit_code + fi + + popd > /dev/null + done + + # restore errexit if it was set before the "for" loop + [[ $ERREXIT_IS_SET ]] && set -e + # return the hook final exit_code + exit $final_exit_code +} + +function per_dir_hook_unique_part { + # common logic located in common::per_dir_hook + local -r args="$1" + local -r dir_path="$2" + + # pass the arguments to hook + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") + terragrunt hclfmt ${args[@]} + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} + +[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" From c2346a19b100606018ffba04f0011fcf14f5c951 Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 20:03:10 +0200 Subject: [PATCH 11/17] Implement review suggestions that can't affect logic --- infracost_breakdown.sh | 9 ++++----- terraform_docs.sh | 9 ++++----- terraform_fmt.sh | 15 +++++++-------- terraform_providers_lock.sh | 15 ++++++--------- terraform_tflint.sh | 11 +++++------ terraform_tfsec.sh | 11 +++++------ terragrunt_fmt.sh | 11 +++++------ terragrunt_validate.sh | 11 +++++------ terrascan.sh | 2 +- 9 files changed, 42 insertions(+), 52 deletions(-) diff --git a/infracost_breakdown.sh b/infracost_breakdown.sh index ac0fdf911..302fa47cc 100755 --- a/infracost_breakdown.sh +++ b/infracost_breakdown.sh @@ -40,12 +40,11 @@ function common::initialize { . "$SCRIPT_DIR/lib_getopt" } -# common global arrays. -# Populated in `parse_cmdline` and can used in hooks functions -declare -a ARGS=() -declare -a HOOK_CONFIG=() -declare -a FILES=() function common::parse_cmdline { + # common global arrays. + # Populated via `common::parse_cmdline` and can be used inside hooks' functions + declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" diff --git a/terraform_docs.sh b/terraform_docs.sh index 2d290d6fc..a2965d023 100755 --- a/terraform_docs.sh +++ b/terraform_docs.sh @@ -19,12 +19,11 @@ function common::initialize { . "$SCRIPT_DIR/lib_getopt" } -# common global arrays. -# Populated in `parse_cmdline` and can used in hooks functions -declare -a ARGS=() -declare -a HOOK_CONFIG=() -declare -a FILES=() function common::parse_cmdline { + # common global arrays. + # Populated via `common::parse_cmdline` and can be used inside hooks' functions + declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" diff --git a/terraform_fmt.sh b/terraform_fmt.sh index 3730feeca..75bcf8a28 100755 --- a/terraform_fmt.sh +++ b/terraform_fmt.sh @@ -17,12 +17,11 @@ function common::initialize { . "$SCRIPT_DIR/lib_getopt" } -# common global arrays. -# Populated in `parse_cmdline` and can used in hooks functions -declare -a ARGS=() -declare -a HOOK_CONFIG=() -declare -a FILES=() function common::parse_cmdline { + # common global arrays. + # Populated via `common::parse_cmdline` and can be used inside hooks' functions + declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" @@ -67,9 +66,9 @@ function terraform_fmt_ { ((index += 1)) done - # allow hook to continue if exit_code is greater than 0 # preserve errexit status shopt -qo errexit && ERREXIT_IS_SET=true + # allow hook to continue if exit_code is greater than 0 set +e local final_exit_code=0 @@ -112,8 +111,8 @@ function per_dir_hook_unique_part { local -r args="$1" local -r dir_path="$2" - # pass the arguments to terrascan - # shellcheck disable=SC2068 # terrascan fails when quoting is used ("$arg" vs $arg) + # pass the arguments to hook + # shellcheck disable=SC2068 # hook fails when quoting is used ("$arg[@]") terraform fmt ${args[@]} # return exit code to common::per_dir_hook diff --git a/terraform_providers_lock.sh b/terraform_providers_lock.sh index 951d14063..e31c87cc9 100755 --- a/terraform_providers_lock.sh +++ b/terraform_providers_lock.sh @@ -41,12 +41,11 @@ function common::initialize { . "$SCRIPT_DIR/lib_getopt" } -# common global arrays. -# Populated in `parse_cmdline` and can used in hooks functions -declare -a ARGS=() -declare -a HOOK_CONFIG=() -declare -a FILES=() function common::parse_cmdline { + # common global arrays. + # Populated via `common::parse_cmdline` and can be used inside hooks' functions + declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" @@ -88,9 +87,9 @@ function common::per_dir_hook { ((index += 1)) done - # allow hook to continue if exit_code is greater than 0 # preserve errexit status shopt -qo errexit && ERREXIT_IS_SET=true + # allow hook to continue if exit_code is greater than 0 set +e local final_exit_code=0 @@ -121,15 +120,13 @@ function per_dir_hook_unique_part { local -r dir_path="$2" if [[ ! -d ".terraform" ]]; then - set +e init_output=$(terraform init -backend=false 2>&1) init_code=$? - set -e if [[ $init_code != 0 ]]; then common::colorify "red" "Init before validation failed: $dir_path" common::colorify "red" "$init_output" - exit 1 + exit $init_code fi fi diff --git a/terraform_tflint.sh b/terraform_tflint.sh index 2c412d3e4..d79100d3b 100755 --- a/terraform_tflint.sh +++ b/terraform_tflint.sh @@ -43,12 +43,11 @@ function common::initialize { . "$SCRIPT_DIR/lib_getopt" } -# common global arrays. -# Populated in `parse_cmdline` and can used in hooks functions -declare -a ARGS=() -declare -a HOOK_CONFIG=() -declare -a FILES=() function common::parse_cmdline { + # common global arrays. + # Populated via `common::parse_cmdline` and can be used inside hooks' functions + declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" @@ -90,9 +89,9 @@ function common::per_dir_hook { ((index += 1)) done - # allow hook to continue if exit_code is greater than 0 # preserve errexit status shopt -qo errexit && ERREXIT_IS_SET=true + # allow hook to continue if exit_code is greater than 0 set +e local final_exit_code=0 diff --git a/terraform_tfsec.sh b/terraform_tfsec.sh index c4c58db5c..67f5dd30f 100755 --- a/terraform_tfsec.sh +++ b/terraform_tfsec.sh @@ -19,12 +19,11 @@ function common::initialize { . "$SCRIPT_DIR/lib_getopt" } -# common global arrays. -# Populated in `parse_cmdline` and can used in hooks functions -declare -a ARGS=() -declare -a HOOK_CONFIG=() -declare -a FILES=() function common::parse_cmdline { + # common global arrays. + # Populated via `common::parse_cmdline` and can be used inside hooks' functions + declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" @@ -66,9 +65,9 @@ function common::per_dir_hook { ((index += 1)) done - # allow hook to continue if exit_code is greater than 0 # preserve errexit status shopt -qo errexit && ERREXIT_IS_SET=true + # allow hook to continue if exit_code is greater than 0 set +e local final_exit_code=0 diff --git a/terragrunt_fmt.sh b/terragrunt_fmt.sh index 0869acdc6..2a3b345e6 100755 --- a/terragrunt_fmt.sh +++ b/terragrunt_fmt.sh @@ -17,12 +17,11 @@ function common::initialize { . "$SCRIPT_DIR/lib_getopt" } -# common global arrays. -# Populated in `parse_cmdline` and can used in hooks functions -declare -a ARGS=() -declare -a HOOK_CONFIG=() -declare -a FILES=() function common::parse_cmdline { + # common global arrays. + # Populated via `common::parse_cmdline` and can be used inside hooks' functions + declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" @@ -64,9 +63,9 @@ function common::per_dir_hook { ((index += 1)) done - # allow hook to continue if exit_code is greater than 0 # preserve errexit status shopt -qo errexit && ERREXIT_IS_SET=true + # allow hook to continue if exit_code is greater than 0 set +e local final_exit_code=0 diff --git a/terragrunt_validate.sh b/terragrunt_validate.sh index 55fe0d4e8..5e810465f 100755 --- a/terragrunt_validate.sh +++ b/terragrunt_validate.sh @@ -17,12 +17,11 @@ function common::initialize { . "$SCRIPT_DIR/lib_getopt" } -# common global arrays. -# Populated in `parse_cmdline` and can used in hooks functions -declare -a ARGS=() -declare -a HOOK_CONFIG=() -declare -a FILES=() function common::parse_cmdline { + # common global arrays. + # Populated via `common::parse_cmdline` and can be used inside hooks' functions + declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" @@ -64,9 +63,9 @@ function common::per_dir_hook { ((index += 1)) done - # allow hook to continue if exit_code is greater than 0 # preserve errexit status shopt -qo errexit && ERREXIT_IS_SET=true + # allow hook to continue if exit_code is greater than 0 set +e local final_exit_code=0 diff --git a/terrascan.sh b/terrascan.sh index a4eed9d7b..d38f7db72 100755 --- a/terrascan.sh +++ b/terrascan.sh @@ -64,9 +64,9 @@ function common::per_dir_hook { ((index += 1)) done - # allow hook to continue if exit_code is greater than 0 # preserve errexit status shopt -qo errexit && ERREXIT_IS_SET=true + # allow hook to continue if exit_code is greater than 0 set +e local final_exit_code=0 From 639334a9bace64e0221d30d496b247ef16fbdebc Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 20:12:49 +0200 Subject: [PATCH 12/17] fixup --- terraform_docs.sh | 8 ++++---- terrascan.sh | 9 ++++----- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/terraform_docs.sh b/terraform_docs.sh index a2965d023..0b1e0b546 100755 --- a/terraform_docs.sh +++ b/terraform_docs.sh @@ -140,11 +140,11 @@ function terraform_docs { esac done - local path_uniq - for path_uniq in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do - path_uniq="${path_uniq//__REPLACED__SPACE__/ }" + local dir_path + for dir_path in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do + dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$path_uniq" > /dev/null + pushd "$dir_path" > /dev/null # # Create file if it not exist and `--create-if-not-exist=true` provided diff --git a/terrascan.sh b/terrascan.sh index d38f7db72..c42b97ab9 100755 --- a/terrascan.sh +++ b/terrascan.sh @@ -17,12 +17,11 @@ function common::initialize { . "$SCRIPT_DIR/lib_getopt" } -# common global arrays. -# Populated in `parse_cmdline` and can used in hooks functions -declare -a ARGS=() -declare -a HOOK_CONFIG=() -declare -a FILES=() function common::parse_cmdline { + # common global arrays. + # Populated via `common::parse_cmdline` and can be used inside hooks' functions + declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return eval "set -- $argv" From f3dd6deac411ee9144a22752db7a53923685fbce Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 20:25:55 +0200 Subject: [PATCH 13/17] Change hook-config separator to unique --- infracost_breakdown.sh | 5 +++-- terraform_docs.sh | 5 +++-- terraform_fmt.sh | 3 ++- terraform_providers_lock.sh | 3 ++- terraform_tflint.sh | 3 ++- terraform_tfsec.sh | 3 ++- terragrunt_fmt.sh | 3 ++- terragrunt_validate.sh | 3 ++- terrascan.sh | 3 ++- 9 files changed, 20 insertions(+), 11 deletions(-) diff --git a/infracost_breakdown.sh b/infracost_breakdown.sh index 302fa47cc..8f097e40d 100755 --- a/infracost_breakdown.sh +++ b/infracost_breakdown.sh @@ -44,6 +44,7 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -58,7 +59,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("$1;") + HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") shift ;; --) @@ -76,7 +77,7 @@ function infracost_breakdown_ { read -r -a args <<< "$2" # Get hook settings - IFS=";" read -r -a checks <<< "$hook_config" + IFS="$HOOK_CONFIG_SEPARATOR" read -r -a checks <<< "$hook_config" if [ "$PRE_COMMIT_COLOR" = "never" ]; then args+=("--no-color") diff --git a/terraform_docs.sh b/terraform_docs.sh index 0b1e0b546..4a9dbf109 100755 --- a/terraform_docs.sh +++ b/terraform_docs.sh @@ -23,6 +23,7 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -37,7 +38,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("$1;") + HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") shift ;; --) @@ -56,7 +57,7 @@ function terraform_docs_ { local -a -r files=("$@") # Get hook settings - IFS=";" read -r -a configs <<< "$hook_config" + IFS="$HOOK_CONFIG_SEPARATOR" read -r -a configs <<< "$hook_config" local hack_terraform_docs hack_terraform_docs=$(terraform version | sed -n 1p | grep -c 0.12) || true diff --git a/terraform_fmt.sh b/terraform_fmt.sh index 75bcf8a28..0d64fff05 100755 --- a/terraform_fmt.sh +++ b/terraform_fmt.sh @@ -21,6 +21,7 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -35,7 +36,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("$1;") + HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") shift ;; --) diff --git a/terraform_providers_lock.sh b/terraform_providers_lock.sh index e31c87cc9..f72a61c69 100755 --- a/terraform_providers_lock.sh +++ b/terraform_providers_lock.sh @@ -45,6 +45,7 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -59,7 +60,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("$1;") + HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") shift ;; --) diff --git a/terraform_tflint.sh b/terraform_tflint.sh index d79100d3b..74013a0fc 100755 --- a/terraform_tflint.sh +++ b/terraform_tflint.sh @@ -47,6 +47,7 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -61,7 +62,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("$1;") + HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") shift ;; --) diff --git a/terraform_tfsec.sh b/terraform_tfsec.sh index 67f5dd30f..c3ff968ef 100755 --- a/terraform_tfsec.sh +++ b/terraform_tfsec.sh @@ -23,6 +23,7 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -37,7 +38,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("$1;") + HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") shift ;; --) diff --git a/terragrunt_fmt.sh b/terragrunt_fmt.sh index 2a3b345e6..61fbb29cb 100755 --- a/terragrunt_fmt.sh +++ b/terragrunt_fmt.sh @@ -21,6 +21,7 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -35,7 +36,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("$1;") + HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") shift ;; --) diff --git a/terragrunt_validate.sh b/terragrunt_validate.sh index 5e810465f..f623df817 100755 --- a/terragrunt_validate.sh +++ b/terragrunt_validate.sh @@ -21,6 +21,7 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -35,7 +36,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("$1;") + HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") shift ;; --) diff --git a/terrascan.sh b/terrascan.sh index c42b97ab9..a5af42401 100755 --- a/terrascan.sh +++ b/terrascan.sh @@ -21,6 +21,7 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() + declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -35,7 +36,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("$1;") + HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") shift ;; --) From 15c8c5eaa9cd61143846ee3e3acdd1b347a1c967 Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 20:35:45 +0200 Subject: [PATCH 14/17] Revert "Change hook-config separator to unique" This reverts commit f3dd6deac411ee9144a22752db7a53923685fbce. --- infracost_breakdown.sh | 5 ++--- terraform_docs.sh | 5 ++--- terraform_fmt.sh | 3 +-- terraform_providers_lock.sh | 3 +-- terraform_tflint.sh | 3 +-- terraform_tfsec.sh | 3 +-- terragrunt_fmt.sh | 3 +-- terragrunt_validate.sh | 3 +-- terrascan.sh | 3 +-- 9 files changed, 11 insertions(+), 20 deletions(-) diff --git a/infracost_breakdown.sh b/infracost_breakdown.sh index 8f097e40d..302fa47cc 100755 --- a/infracost_breakdown.sh +++ b/infracost_breakdown.sh @@ -44,7 +44,6 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -59,7 +58,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") + HOOK_CONFIG+=("$1;") shift ;; --) @@ -77,7 +76,7 @@ function infracost_breakdown_ { read -r -a args <<< "$2" # Get hook settings - IFS="$HOOK_CONFIG_SEPARATOR" read -r -a checks <<< "$hook_config" + IFS=";" read -r -a checks <<< "$hook_config" if [ "$PRE_COMMIT_COLOR" = "never" ]; then args+=("--no-color") diff --git a/terraform_docs.sh b/terraform_docs.sh index 4a9dbf109..0b1e0b546 100755 --- a/terraform_docs.sh +++ b/terraform_docs.sh @@ -23,7 +23,6 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -38,7 +37,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") + HOOK_CONFIG+=("$1;") shift ;; --) @@ -57,7 +56,7 @@ function terraform_docs_ { local -a -r files=("$@") # Get hook settings - IFS="$HOOK_CONFIG_SEPARATOR" read -r -a configs <<< "$hook_config" + IFS=";" read -r -a configs <<< "$hook_config" local hack_terraform_docs hack_terraform_docs=$(terraform version | sed -n 1p | grep -c 0.12) || true diff --git a/terraform_fmt.sh b/terraform_fmt.sh index 0d64fff05..75bcf8a28 100755 --- a/terraform_fmt.sh +++ b/terraform_fmt.sh @@ -21,7 +21,6 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -36,7 +35,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") + HOOK_CONFIG+=("$1;") shift ;; --) diff --git a/terraform_providers_lock.sh b/terraform_providers_lock.sh index f72a61c69..e31c87cc9 100755 --- a/terraform_providers_lock.sh +++ b/terraform_providers_lock.sh @@ -45,7 +45,6 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -60,7 +59,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") + HOOK_CONFIG+=("$1;") shift ;; --) diff --git a/terraform_tflint.sh b/terraform_tflint.sh index 74013a0fc..d79100d3b 100755 --- a/terraform_tflint.sh +++ b/terraform_tflint.sh @@ -47,7 +47,6 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -62,7 +61,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") + HOOK_CONFIG+=("$1;") shift ;; --) diff --git a/terraform_tfsec.sh b/terraform_tfsec.sh index c3ff968ef..67f5dd30f 100755 --- a/terraform_tfsec.sh +++ b/terraform_tfsec.sh @@ -23,7 +23,6 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -38,7 +37,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") + HOOK_CONFIG+=("$1;") shift ;; --) diff --git a/terragrunt_fmt.sh b/terragrunt_fmt.sh index 61fbb29cb..2a3b345e6 100755 --- a/terragrunt_fmt.sh +++ b/terragrunt_fmt.sh @@ -21,7 +21,6 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -36,7 +35,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") + HOOK_CONFIG+=("$1;") shift ;; --) diff --git a/terragrunt_validate.sh b/terragrunt_validate.sh index f623df817..5e810465f 100755 --- a/terragrunt_validate.sh +++ b/terragrunt_validate.sh @@ -21,7 +21,6 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -36,7 +35,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") + HOOK_CONFIG+=("$1;") shift ;; --) diff --git a/terrascan.sh b/terrascan.sh index a5af42401..c42b97ab9 100755 --- a/terrascan.sh +++ b/terrascan.sh @@ -21,7 +21,6 @@ function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions declare -g -a ARGS=() FILES=() HOOK_CONFIG=() - declare -g -r HOOK_CONFIG_SEPARATOR='%%SEPARATOR%%' local argv argv=$(getopt -o a:,h: --long args:,hook-config: -- "$@") || return @@ -36,7 +35,7 @@ function common::parse_cmdline { ;; -h | --hook-config) shift - HOOK_CONFIG+=("${1}${HOOK_CONFIG_SEPARATOR}") + HOOK_CONFIG+=("$1;") shift ;; --) From e04081e1d7cf5c654e88c2d43212234a5624e0f4 Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 20:45:11 +0200 Subject: [PATCH 15/17] Since `set +e` right before this loop, if `pushd` fails, I we should skip that iteration --- terraform_docs.sh | 2 +- terraform_fmt.sh | 2 +- terraform_providers_lock.sh | 2 +- terraform_tflint.sh | 2 +- terraform_tfsec.sh | 2 +- terragrunt_fmt.sh | 2 +- terragrunt_validate.sh | 2 +- terrascan.sh | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/terraform_docs.sh b/terraform_docs.sh index 0b1e0b546..558421fbd 100755 --- a/terraform_docs.sh +++ b/terraform_docs.sh @@ -144,7 +144,7 @@ function terraform_docs { for dir_path in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null + pushd "$dir_path" > /dev/null || continue # # Create file if it not exist and `--create-if-not-exist=true` provided diff --git a/terraform_fmt.sh b/terraform_fmt.sh index 75bcf8a28..6a4dee627 100755 --- a/terraform_fmt.sh +++ b/terraform_fmt.sh @@ -75,7 +75,7 @@ function terraform_fmt_ { # run hook for each path for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null + pushd "$dir_path" > /dev/null || continue per_dir_hook_unique_part "$args" "$dir_path" diff --git a/terraform_providers_lock.sh b/terraform_providers_lock.sh index e31c87cc9..fb2700ce8 100755 --- a/terraform_providers_lock.sh +++ b/terraform_providers_lock.sh @@ -96,7 +96,7 @@ function common::per_dir_hook { # run hook for each path for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null + pushd "$dir_path" > /dev/null || continue per_dir_hook_unique_part "$args" "$dir_path" diff --git a/terraform_tflint.sh b/terraform_tflint.sh index d79100d3b..8c3036934 100755 --- a/terraform_tflint.sh +++ b/terraform_tflint.sh @@ -98,7 +98,7 @@ function common::per_dir_hook { # run hook for each path for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null + pushd "$dir_path" > /dev/null || continue per_dir_hook_unique_part "$args" "$dir_path" diff --git a/terraform_tfsec.sh b/terraform_tfsec.sh index 67f5dd30f..3330391be 100755 --- a/terraform_tfsec.sh +++ b/terraform_tfsec.sh @@ -74,7 +74,7 @@ function common::per_dir_hook { # run hook for each path for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null + pushd "$dir_path" > /dev/null || continue per_dir_hook_unique_part "$args" "$dir_path" diff --git a/terragrunt_fmt.sh b/terragrunt_fmt.sh index 2a3b345e6..808c98a45 100755 --- a/terragrunt_fmt.sh +++ b/terragrunt_fmt.sh @@ -72,7 +72,7 @@ function common::per_dir_hook { # run hook for each path for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null + pushd "$dir_path" > /dev/null || continue per_dir_hook_unique_part "$args" "$dir_path" diff --git a/terragrunt_validate.sh b/terragrunt_validate.sh index 5e810465f..5c49d1314 100755 --- a/terragrunt_validate.sh +++ b/terragrunt_validate.sh @@ -72,7 +72,7 @@ function common::per_dir_hook { # run hook for each path for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null + pushd "$dir_path" > /dev/null || continue per_dir_hook_unique_part "$args" "$dir_path" diff --git a/terrascan.sh b/terrascan.sh index c42b97ab9..e90d02423 100755 --- a/terrascan.sh +++ b/terrascan.sh @@ -72,7 +72,7 @@ function common::per_dir_hook { # run hook for each path for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do dir_path="${dir_path//__REPLACED__SPACE__/ }" - pushd "$dir_path" > /dev/null + pushd "$dir_path" > /dev/null || continue per_dir_hook_unique_part "$args" "$dir_path" From 55befd356ed41cd1cd17c5b0f0ef7dd7fe924360 Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Thu, 23 Dec 2021 21:03:19 +0200 Subject: [PATCH 16/17] `!=` is a string comparison operator, and make more strict if logic --- infracost_breakdown.sh | 2 +- terraform_docs.sh | 2 +- terraform_fmt.sh | 6 +++--- terraform_providers_lock.sh | 8 ++++---- terraform_tflint.sh | 4 ++-- terraform_tfsec.sh | 4 ++-- terraform_validate.sh | 24 ++++++++++++------------ terragrunt_fmt.sh | 4 ++-- terragrunt_validate.sh | 4 ++-- terrascan.sh | 4 ++-- 10 files changed, 31 insertions(+), 31 deletions(-) diff --git a/infracost_breakdown.sh b/infracost_breakdown.sh index 302fa47cc..d2a5fe791 100755 --- a/infracost_breakdown.sh +++ b/infracost_breakdown.sh @@ -179,4 +179,4 @@ function infracost_breakdown_ { fi } -[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terraform_docs.sh b/terraform_docs.sh index 558421fbd..0c1e71159 100755 --- a/terraform_docs.sh +++ b/terraform_docs.sh @@ -370,4 +370,4 @@ EOF } -[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terraform_fmt.sh b/terraform_fmt.sh index 6a4dee627..f6cad78c8 100755 --- a/terraform_fmt.sh +++ b/terraform_fmt.sh @@ -80,7 +80,7 @@ function terraform_fmt_ { per_dir_hook_unique_part "$args" "$dir_path" local exit_code=$? - if [ "$exit_code" != 0 ]; then + if [ $exit_code -ne 0 ]; then final_exit_code=$exit_code fi @@ -94,7 +94,7 @@ function terraform_fmt_ { terraform fmt "${ARGS[@]}" "$tfvars_file" local exit_code=$? - if [ "$exit_code" != 0 ]; then + if [ $exit_code -ne 0 ]; then final_exit_code=$exit_code fi done @@ -120,4 +120,4 @@ function per_dir_hook_unique_part { return $exit_code } -[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terraform_providers_lock.sh b/terraform_providers_lock.sh index fb2700ce8..7de38e19e 100755 --- a/terraform_providers_lock.sh +++ b/terraform_providers_lock.sh @@ -101,7 +101,7 @@ function common::per_dir_hook { per_dir_hook_unique_part "$args" "$dir_path" local exit_code=$? - if [ "$exit_code" != 0 ]; then + if [ $exit_code -ne 0 ]; then final_exit_code=$exit_code fi @@ -119,11 +119,11 @@ function per_dir_hook_unique_part { local -r args="$1" local -r dir_path="$2" - if [[ ! -d ".terraform" ]]; then + if [ ! -d ".terraform" ]; then init_output=$(terraform init -backend=false 2>&1) init_code=$? - if [[ $init_code != 0 ]]; then + if [ $init_code -ne 0 ]; then common::colorify "red" "Init before validation failed: $dir_path" common::colorify "red" "$init_output" exit $init_code @@ -139,4 +139,4 @@ function per_dir_hook_unique_part { return $exit_code } -[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terraform_tflint.sh b/terraform_tflint.sh index 8c3036934..81b58b4af 100755 --- a/terraform_tflint.sh +++ b/terraform_tflint.sh @@ -103,7 +103,7 @@ function common::per_dir_hook { per_dir_hook_unique_part "$args" "$dir_path" local exit_code=$? - if [ "$exit_code" != 0 ]; then + if [ $exit_code -ne 0 ]; then final_exit_code=$exit_code fi @@ -135,4 +135,4 @@ function per_dir_hook_unique_part { return $exit_code } -[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terraform_tfsec.sh b/terraform_tfsec.sh index 3330391be..a68905bca 100755 --- a/terraform_tfsec.sh +++ b/terraform_tfsec.sh @@ -79,7 +79,7 @@ function common::per_dir_hook { per_dir_hook_unique_part "$args" "$dir_path" local exit_code=$? - if [ "$exit_code" != 0 ]; then + if [ $exit_code -ne 0 ]; then final_exit_code=$exit_code fi @@ -106,4 +106,4 @@ function per_dir_hook_unique_part { return $exit_code } -[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terraform_validate.sh b/terraform_validate.sh index 945dc7ec2..655bc09ac 100755 --- a/terraform_validate.sh +++ b/terraform_validate.sh @@ -74,23 +74,23 @@ function terraform_validate_ { ((index += 1)) done - local path_uniq - for path_uniq in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do - path_uniq="${path_uniq//__REPLACED__SPACE__/ }" + local dir_path + for dir_path in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do + dir_path="${dir_path//__REPLACED__SPACE__/ }" - if [[ -n "$(find "$path_uniq" -maxdepth 1 -name '*.tf' -print -quit)" ]]; then + if [[ -n "$(find "$dir_path" -maxdepth 1 -name '*.tf' -print -quit)" ]]; then - pushd "$(realpath "$path_uniq")" > /dev/null + pushd "$(realpath "$dir_path")" > /dev/null - if [[ ! -d .terraform ]]; then + if [ ! -d .terraform ]; then set +e init_output=$(terraform init -backend=false "${INIT_ARGS[@]}" 2>&1) init_code=$? set -e - if [[ $init_code != 0 ]]; then + if [ $init_code -ne 0 ]; then error=1 - echo "Init before validation failed: $path_uniq" + echo "Init before validation failed: $dir_path" echo "$init_output" popd > /dev/null continue @@ -102,9 +102,9 @@ function terraform_validate_ { validate_code=$? set -e - if [[ $validate_code != 0 ]]; then + if [ $validate_code -ne 0 ]; then error=1 - echo "Validation failed: $path_uniq" + echo "Validation failed: $dir_path" echo "$validate_output" echo fi @@ -113,7 +113,7 @@ function terraform_validate_ { fi done - if [[ $error -ne 0 ]]; then + if [ $error -ne 0 ]; then exit 1 fi } @@ -124,4 +124,4 @@ declare -a INIT_ARGS declare -a ENVS declare -a FILES -[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terragrunt_fmt.sh b/terragrunt_fmt.sh index 808c98a45..42f9b5ed5 100755 --- a/terragrunt_fmt.sh +++ b/terragrunt_fmt.sh @@ -77,7 +77,7 @@ function common::per_dir_hook { per_dir_hook_unique_part "$args" "$dir_path" local exit_code=$? - if [ "$exit_code" != 0 ]; then + if [ $exit_code -ne 0 ]; then final_exit_code=$exit_code fi @@ -104,4 +104,4 @@ function per_dir_hook_unique_part { return $exit_code } -[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terragrunt_validate.sh b/terragrunt_validate.sh index 5c49d1314..1fd83a1dc 100755 --- a/terragrunt_validate.sh +++ b/terragrunt_validate.sh @@ -77,7 +77,7 @@ function common::per_dir_hook { per_dir_hook_unique_part "$args" "$dir_path" local exit_code=$? - if [ "$exit_code" != 0 ]; then + if [ $exit_code -ne 0 ]; then final_exit_code=$exit_code fi @@ -104,4 +104,4 @@ function per_dir_hook_unique_part { return $exit_code } -[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" diff --git a/terrascan.sh b/terrascan.sh index e90d02423..1ed33bc4a 100755 --- a/terrascan.sh +++ b/terrascan.sh @@ -77,7 +77,7 @@ function common::per_dir_hook { per_dir_hook_unique_part "$args" "$dir_path" local exit_code=$? - if [ "$exit_code" != 0 ]; then + if [ $exit_code -ne 0 ]; then final_exit_code=$exit_code fi @@ -104,4 +104,4 @@ function per_dir_hook_unique_part { return $exit_code } -[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" From d19a0e313d21302ddac8f20eef844f6eef85e129 Mon Sep 17 00:00:00 2001 From: MaxymVlasov Date: Fri, 24 Dec 2021 12:38:55 +0200 Subject: [PATCH 17/17] Make colorify compatible wit BSD systems Check this thread for details: https://github.com/antonbabenko/pre-commit-terraform/pull/310#discussion_r774603112 --- infracost_breakdown.sh | 9 ++++----- terraform_providers_lock.sh | 9 ++++----- terraform_tflint.sh | 9 ++++----- 3 files changed, 12 insertions(+), 15 deletions(-) diff --git a/infracost_breakdown.sh b/infracost_breakdown.sh index d2a5fe791..c56e4cd73 100755 --- a/infracost_breakdown.sh +++ b/infracost_breakdown.sh @@ -8,15 +8,14 @@ function main { } function common::colorify { - # Colors. Provided as first string to first arg of function. # shellcheck disable=SC2034 - local -r red="$(tput setaf 1)" + local -r red="\e[0m\e[31m" # shellcheck disable=SC2034 - local -r green="$(tput setaf 2)" + local -r green="\e[0m\e[32m" # shellcheck disable=SC2034 - local -r yellow="$(tput setaf 3)" + local -r yellow="\e[0m\e[33m" # Color reset - local -r RESET="$(tput sgr0)" + local -r RESET="\e[0m" # Params start # local COLOR="${!1}" diff --git a/terraform_providers_lock.sh b/terraform_providers_lock.sh index 7de38e19e..26bf40b58 100755 --- a/terraform_providers_lock.sh +++ b/terraform_providers_lock.sh @@ -9,15 +9,14 @@ function main { } function common::colorify { - # Colors. Provided as first string to first arg of function. # shellcheck disable=SC2034 - local -r red="$(tput setaf 1)" + local -r red="\e[0m\e[31m" # shellcheck disable=SC2034 - local -r green="$(tput setaf 2)" + local -r green="\e[0m\e[32m" # shellcheck disable=SC2034 - local -r yellow="$(tput setaf 3)" + local -r yellow="\e[0m\e[33m" # Color reset - local -r RESET="$(tput sgr0)" + local -r RESET="\e[0m" # Params start # local COLOR="${!1}" diff --git a/terraform_tflint.sh b/terraform_tflint.sh index 81b58b4af..d6501b84f 100755 --- a/terraform_tflint.sh +++ b/terraform_tflint.sh @@ -11,15 +11,14 @@ function main { } function common::colorify { - # Colors. Provided as first string to first arg of function. # shellcheck disable=SC2034 - local -r red="$(tput setaf 1)" + local -r red="\e[0m\e[31m" # shellcheck disable=SC2034 - local -r green="$(tput setaf 2)" + local -r green="\e[0m\e[32m" # shellcheck disable=SC2034 - local -r yellow="$(tput setaf 3)" + local -r yellow="\e[0m\e[33m" # Color reset - local -r RESET="$(tput sgr0)" + local -r RESET="\e[0m" # Params start # local COLOR="${!1}"