forked from emedvedev/pre-commit-terraform
-
Notifications
You must be signed in to change notification settings - Fork 1
/
terraform_validate.sh
executable file
·137 lines (114 loc) · 2.96 KB
/
terraform_validate.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#!/usr/bin/env bash
set -eo pipefail
# `terraform validate` requires this env variable to be set
export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-east-1}
main() {
initialize_
parse_cmdline_ "$@"
terraform_validate_
}
initialize_() {
# get directory containing this script
local dir
local source
source="${BASH_SOURCE[0]}"
while [[ -L $source ]]; do # resolve $source until the file is no longer a symlink
dir="$(cd -P "$(dirname "$source")" > /dev/null && pwd)"
source="$(readlink "$source")"
# if $source was a relative symlink, we need to resolve it relative to the path where the symlink file was located
[[ $source != /* ]] && source="$dir/$source"
done
_SCRIPT_DIR="$(dirname "$source")"
# source getopt function
# shellcheck source=lib_getopt
. "$_SCRIPT_DIR/lib_getopt"
}
parse_cmdline_() {
declare argv
argv=$(getopt -o e:a: --long envs:,args: -- "$@") || return
eval "set -- $argv"
for argv; do
case $argv in
-a | --args)
shift
ARGS+=("$1")
shift
;;
-e | --envs)
shift
ENVS+=("$1")
shift
;;
--)
shift
FILES=("$@")
break
;;
esac
done
}
terraform_validate_() {
rm -rf /tmp/precommitlock
mkdir -p /tmp/precommitlock
sleep 0.5s
# Setup environment variables
local var var_name var_value
for var in "${ENVS[@]}"; do
var_name="${var%%=*}"
var_value="${var#*=}"
# shellcheck disable=SC2086
export $var_name="$var_value"
done
declare -a paths
local index=0
local error=0
local file_with_path
for file_with_path in "${FILES[@]}"; do
file_with_path="${file_with_path// /__REPLACED__SPACE__}"
paths[index]=$(dirname "$file_with_path")
((index += 1))
done
local path_uniq
for path_uniq in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do
path_uniq="${path_uniq//__REPLACED__SPACE__/ }"
if [[ -n "$(find "$path_uniq" -maxdepth 1 -name '*.tf' -print -quit)" ]]; then
lock_file="/tmp/precommitlock/${path_uniq//\//-}"
if [[ -f $lock_file ]]; then
# Another thread is already processing this dir, skipping
continue
fi;
touch $lock_file
pushd "$(realpath "$path_uniq")" > /dev/null
set +e
init_output=$(terraform init -backend=false 2>&1)
init_code=$?
set -e
if [[ $init_code != 0 ]]; then
error=1
echo "Init before validation failed: $path_uniq"
echo "$init_output"
popd > /dev/null
continue
fi
set +e
validate_output=$(terraform validate "${ARGS[@]}")
validate_code=$?
set -e
if [[ $validate_code != 0 ]]; then
error=1
echo "Validation failed: $path_uniq"
echo "$validate_output"
echo
fi
popd > /dev/null
fi
done
if [[ $error -ne 0 ]]; then
exit 1
fi
}
# global arrays
declare -a ARGS
declare -a ENVS
declare -a FILES
[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@"