diff --git a/hooks/_common.sh b/hooks/_common.sh index a835b5d18..7c4261959 100644 --- a/hooks/_common.sh +++ b/hooks/_common.sh @@ -1,13 +1,29 @@ #!/usr/bin/env bash set -eo pipefail +####################################################################### +# Init arguments parser +# Arguments: +# script_dir - absolute path to hook dir location +####################################################################### function common::initialize { local -r script_dir=$1 # source getopt function - # shellcheck source=lib_getopt + # shellcheck source=../lib_getopt . "$script_dir/../lib_getopt" } +####################################################################### +# Parse provided to script args and filenames and populate each to +# appropriate Global +# Globals (init and populate): +# ARGS (array) arguments that configure wrapped tool behavior +# HOOK_CONFIG (array) arguments that configure hook behavior +# FILES (array) filenames to check +# Arguments: +# $@ (array) all specified in `hooks.[].args` in +# `.pre-commit-config.yaml` and filenames. +####################################################################### function common::parse_cmdline { # common global arrays. # Populated via `common::parse_cmdline` and can be used inside hooks' functions @@ -39,6 +55,17 @@ function common::parse_cmdline { done } +####################################################################### +# Hook execution boilerplate logic that common for hooks, that run on +# per dir basis. +# 1. Because hook run on whole dir, reduce file paths to uniq dir paths +# 2. Run for each dir `per_dir_hook_unique_part`, on all paths +# 2.1. If at least 1 check failed - change exit code to non-zero +# 3. Complete hook execution and return exit code +# Arguments: +# args (string with array) arguments that configure wrapped tool behavior +# files (array) filenames to check +####################################################################### function common::per_dir_hook { local -r args="$1" shift 1 @@ -82,6 +109,16 @@ function common::per_dir_hook { exit $final_exit_code } +####################################################################### +# Colorify provided string and print out it to stdout +# Environment variables: +# PRE_COMMIT_COLOR (string) If set to `never` - do not colorify string +# Arguments: +# COLOR (string) Color name that will be used for colorify +# TEXT (string) +# Outputs: +# Print out provided text to stdout +####################################################################### function common::colorify { # shellcheck disable=SC2034 local -r red="\e[0m\e[31m" diff --git a/hooks/infracost_breakdown.sh b/hooks/infracost_breakdown.sh index 911bcacaf..e13c98930 100755 --- a/hooks/infracost_breakdown.sh +++ b/hooks/infracost_breakdown.sh @@ -13,6 +13,19 @@ function main { infracost_breakdown_ "${HOOK_CONFIG[*]}" "${ARGS[*]}" } +####################################################################### +# Wrapper around `infracost breakdown` tool that check and compare +# infra cost by provided hook_config +# Environment variables: +# PRE_COMMIT_COLOR (string) If set to `never` - force tool output to +# plain text +# Arguments: +# hook_config (string with array) arguments that configure hook behavior +# args (string with array) arguments that configure wrapped tool behavior +# Outputs: +# Print out hook checks status (Passed/Failed), total monthly cost and +# diff, summary about infracost check (non-supported resources etc.) +####################################################################### function infracost_breakdown_ { local -r hook_config="$1" local args diff --git a/hooks/terraform_docs.sh b/hooks/terraform_docs.sh index b1757c343..2737f4940 100755 --- a/hooks/terraform_docs.sh +++ b/hooks/terraform_docs.sh @@ -17,6 +17,14 @@ function main { terraform_docs_ "${HOOK_CONFIG[*]}" "$ARGS" "${FILES[@]}" } +####################################################################### +# Functions that prepares hacks for old versions of `terraform`` and +# `terraform-docs` that them call `terraform_docs` +# Arguments: +# hook_config (string with array) arguments that configure hook behavior +# args (string with array) arguments that configure wrapped tool behavior +# files (array) filenames to check +####################################################################### function terraform_docs_ { local -r hook_config="$1" local -r args="$2" @@ -61,6 +69,18 @@ function terraform_docs_ { fi } +####################################################################### +# Wrapper around `terraform-docs` tool that check and change/create +# (depends on on provided hook_config) terraform documentation in +# markdown format +# Arguments: +# terraform_docs_awk_file (string) filename where awk hack for old +# `terraform-docs` populated. Needed for tf 0.12+. +# Hack skipped when `terraform_docs_awk_file == "0"` +# hook_config (string with array) arguments that configure hook behavior +# args (string with array) arguments that configure wrapped tool behavior +# files (array) filenames to check +####################################################################### function terraform_docs { local -r terraform_docs_awk_file="$1" local -r hook_config="$2" @@ -183,6 +203,12 @@ function terraform_docs { done } +####################################################################### +# Functions that create file with awk hacks for old versions of +# `terraform-docs` +# Arguments: +# output_file (string) filename where hack will be written +####################################################################### function terraform_docs_awk { local -r output_file=$1 diff --git a/hooks/terraform_fmt.sh b/hooks/terraform_fmt.sh index 9657af2dc..a37e2c5c8 100755 --- a/hooks/terraform_fmt.sh +++ b/hooks/terraform_fmt.sh @@ -13,6 +13,19 @@ function main { terraform_fmt_ "${ARGS[*]}" "${FILES[@]}" } +####################################################################### +# Hook execution boilerplate logic that common for hooks, that run on +# per dir basis. Little bit extended than `common::per_dir_hook` +# 1. Because hook run on whole dir, reduce file paths to uniq dir paths +# (uniq) 1.1. Collect paths to *.tfvars files to separate variable +# 2. Run for each dir `per_dir_hook_unique_part`, on all paths +# (uniq) 2.1. Run `terraform fmt` on each *.tfvars file +# 2.2. If at least 1 check failed - change exit code to non-zero +# 3. Complete hook execution and return exit code +# Arguments: +# args (string with array) arguments that configure wrapped tool behavior +# files (array) filenames to check +####################################################################### function terraform_fmt_ { local -r args="$1" shift 1 @@ -72,8 +85,17 @@ function terraform_fmt_ { } +####################################################################### +# Uniq part of `common::per_dir_hook`. That function executes in loop +# on each provided dir path. Run wrapped tool with specified arguments +# Arguments: +# args (string with array) arguments that configure wrapped tool behavior +# dir_path (string) PATH to dir from git repo root. Can be used in +# error logging +# Outputs: +# If failed - print out hook checks status +####################################################################### function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook local -r args="$1" local -r dir_path="$2" diff --git a/hooks/terraform_providers_lock.sh b/hooks/terraform_providers_lock.sh index b5fb7ec31..d8b0bd745 100755 --- a/hooks/terraform_providers_lock.sh +++ b/hooks/terraform_providers_lock.sh @@ -14,8 +14,17 @@ function main { common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" } +####################################################################### +# Uniq part of `common::per_dir_hook`. That function executes in loop +# on each provided dir path. Run wrapped tool with specified arguments +# Arguments: +# args (string with array) arguments that configure wrapped tool behavior +# dir_path (string) PATH to dir from git repo root. Can be used in +# error logging +# Outputs: +# If failed - print out hook checks status +####################################################################### function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook local -r args="$1" local -r dir_path="$2" diff --git a/hooks/terraform_tflint.sh b/hooks/terraform_tflint.sh index 6d154c50b..cc0f39b0b 100755 --- a/hooks/terraform_tflint.sh +++ b/hooks/terraform_tflint.sh @@ -17,8 +17,17 @@ function main { common::per_dir_hook "$ARGS" "${FILES[@]}" } +####################################################################### +# Uniq part of `common::per_dir_hook`. That function executes in loop +# on each provided dir path. Run wrapped tool with specified arguments +# Arguments: +# args (string with array) arguments that configure wrapped tool behavior +# dir_path (string) PATH to dir from git repo root. Can be used in +# error logging +# Outputs: +# If failed - print out hook checks status +####################################################################### function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook local -r args="$1" local -r dir_path="$2" diff --git a/hooks/terraform_tfsec.sh b/hooks/terraform_tfsec.sh index 284106bfa..204af5f8b 100755 --- a/hooks/terraform_tfsec.sh +++ b/hooks/terraform_tfsec.sh @@ -16,8 +16,17 @@ function main { common::per_dir_hook "$ARGS" "${FILES[@]}" } +####################################################################### +# Uniq part of `common::per_dir_hook`. That function executes in loop +# on each provided dir path. Run wrapped tool with specified arguments +# Arguments: +# args (string with array) arguments that configure wrapped tool behavior +# dir_path (string) PATH to dir from git repo root. Can be used in +# error logging +# Outputs: +# If failed - print out hook checks status +####################################################################### function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook local -r args="$1" # shellcheck disable=SC2034 # Unused var. local -r dir_path="$2" diff --git a/hooks/terraform_validate.sh b/hooks/terraform_validate.sh index 4cb50c946..54a360011 100755 --- a/hooks/terraform_validate.sh +++ b/hooks/terraform_validate.sh @@ -15,6 +15,19 @@ function main { terraform_validate_ } +####################################################################### +# Parse provided to script args and filenames and populate each to +# appropriate Global +# Globals (init and populate): +# ARGS (array) arguments that configure wrapped tool behavior +# INIT_ARGS (array) arguments for `terraform init` command` +# ENVS (array) environment variables that will be used with +# `terraform` commands +# FILES (array) filenames to check +# Arguments: +# $@ (array) all specified in `hooks.[].args` in +# `.pre-commit-config.yaml` and filenames. +####################################################################### function parse_cmdline_ { declare argv argv=$(getopt -o e:i:a: --long envs:,init-args:,args: -- "$@") || return @@ -46,6 +59,24 @@ function parse_cmdline_ { done } +####################################################################### +# Wrapper around `terraform validate` tool that check is code are valid +# 1. Export provided envs to environment +# 2. Because hook run on whole dir, reduce file paths to uniq dir paths +# 3. In each dir that have *.tf files: +# 3.1. Check is `.terraform` exist and if not - run `terraform init` +# 3.2. Run `terraform validate` +# 3.3. If at least 1 check failed - change exit code to non-zero +# 4. Complete hook execution and return exit code +# Globals: +# ARGS (array) arguments that configure wrapped tool behavior +# INIT_ARGS (array) arguments for `terraform init` command` +# ENVS (array) environment variables that will be used with +# `terraform` commands +# FILES (array) filenames to check +# Outputs: +# If failed - print out hook checks status +####################################################################### function terraform_validate_ { # Setup environment variables diff --git a/hooks/terragrunt_fmt.sh b/hooks/terragrunt_fmt.sh index d91cc9fcc..917d243f6 100755 --- a/hooks/terragrunt_fmt.sh +++ b/hooks/terragrunt_fmt.sh @@ -13,8 +13,17 @@ function main { common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" } +####################################################################### +# Uniq part of `common::per_dir_hook`. That function executes in loop +# on each provided dir path. Run wrapped tool with specified arguments +# Arguments: +# args (string with array) arguments that configure wrapped tool behavior +# dir_path (string) PATH to dir from git repo root. Can be used in +# error logging +# Outputs: +# If failed - print out hook checks status +####################################################################### function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook local -r args="$1" # shellcheck disable=SC2034 # Unused var. local -r dir_path="$2" diff --git a/hooks/terragrunt_validate.sh b/hooks/terragrunt_validate.sh index 96fe3963d..192ebd18a 100755 --- a/hooks/terragrunt_validate.sh +++ b/hooks/terragrunt_validate.sh @@ -13,8 +13,17 @@ function main { common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" } +####################################################################### +# Uniq part of `common::per_dir_hook`. That function executes in loop +# on each provided dir path. Run wrapped tool with specified arguments +# Arguments: +# args (string with array) arguments that configure wrapped tool behavior +# dir_path (string) PATH to dir from git repo root. Can be used in +# error logging +# Outputs: +# If failed - print out hook checks status +####################################################################### function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook local -r args="$1" # shellcheck disable=SC2034 # Unused var. local -r dir_path="$2" diff --git a/hooks/terrascan.sh b/hooks/terrascan.sh index 3bf78c7d2..07b14e837 100755 --- a/hooks/terrascan.sh +++ b/hooks/terrascan.sh @@ -13,8 +13,17 @@ function main { common::per_dir_hook "${ARGS[*]}" "${FILES[@]}" } +####################################################################### +# Uniq part of `common::per_dir_hook`. That function executes in loop +# on each provided dir path. Run wrapped tool with specified arguments +# Arguments: +# args (string with array) arguments that configure wrapped tool behavior +# dir_path (string) PATH to dir from git repo root. Can be used in +# error logging +# Outputs: +# If failed - print out hook checks status +####################################################################### function per_dir_hook_unique_part { - # common logic located in common::per_dir_hook local -r args="$1" # shellcheck disable=SC2034 # Unused var. local -r dir_path="$2"