New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Added support for tfupdate
to update version constraints in Terraform configurations
#342
Conversation
223bcc0
to
5dbbaa0
Compare
Beside the new feature I had to path the tfupdate uses subcommands no options it was easier to write the hook in python. |
2c6c813
to
2dd8fcb
Compare
@yermulnik @MaxymVlasov , ok updated the PR as recommended, let me know if it needs anything else. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's use common functions to parse args and then use function per_dir_hook_unique_part
and function run_hook_on_whole_repo
as replace for function tfupdate_
First should work only for dirs with changes, second - recursive for whole repo
Check https://github.com/antonbabenko/pre-commit-terraform/blob/master/hooks/terrascan.sh as an example
tfupdate behaves differently than terrascan, it really runs only against the module as a whole, not individual files. It makes sure the version of terraform or the various providers is pinned to the latest when tfupdate ran. The version lookup is a bit expansive and I'd go against running it multiple times, as it will give the same value, but could be considered as abuse from github (it uses the api to extract the latest published version). I'll make the change to use |
6c984d1
to
456610b
Compare
Ok it is consistent with other hooks in term of passing options but seems a bit verbose args of args, when the command itself (tfupdate) takes only a subcommands and parameters. Either way, let me know if you prefer this version, I'll squash and push. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-
Please add installation instructions to README (for all OSes and param in Docker) and Dockerfile.
tfupdate behaves differently than terrascan, it really runs only against the module as a whole, not individual files. It makes sure the version of terraform or the various providers is pinned to the latest when tfupdate ran.
The version lookup is a bit expansive and I'd go against running it multiple times, as it will give the same value, but could be considered as abuse from github (it uses the api to extract the latest published version).
It runs on per-dir basic, that same as for terrascan and many other hooks.
pre-commit-terraform/hooks/_common.sh
Lines 121 to 130 in 458fb28
# consume modified files passed from pre-commit so that | |
# hook runs against only those relevant directories | |
local index=0 | |
for file_with_path in "${files[@]}"; do | |
file_with_path="${file_with_path// /__REPLACED__SPACE__}" | |
dir_paths[index]=$(dirname "$file_with_path") | |
((index += 1)) | |
done |
pre-commit-terraform/hooks/_common.sh
Lines 138 to 143 in 458fb28
# run hook for each path | |
for dir_path in $(echo "${dir_paths[*]}" | tr ' ' '\n' | sort -u); do | |
dir_path="${dir_path//__REPLACED__SPACE__/ }" | |
pushd "$dir_path" > /dev/null || continue | |
per_dir_hook_unique_part "$args" "$dir_path" |
So, please use function per_dir_hook_unique_part
and function run_hook_on_whole_repo
Just do not use --recurcive
in function per_dir_hook_unique_part
:)
3cdd676
to
a2d7be3
Compare
ok @MaxymVlasov I'm going with the flow, let me know if I'm missing anything else. Thanks for the feedback. |
1d86be0
to
32a400d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Just need to check that all works fine. I'll do that little bit later
Argh, I'll fix the pre-commit. |
32a400d
to
38dc933
Compare
Dockerfile
Outdated
if [ "$TFUPDATE_VERSION" != "false" ]; then \ | ||
( \ | ||
TFUPDATE_RELEASES="https://api.github.com/repos/minamijoyo/tfupdate/releases" && \ | ||
[ "$TFUPDATE_VERSION" = "latest" ] && curl -L "$(curl -s ${TFUPDATE_RELEASES}/latest | grep -o -E "https://.+?/tfupdate_.+_linux_amd64.tar.gz")" > tfupdate.tgz \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I might be doing something different, but this doesn't work for me on Ubuntu as it returns more than just browser_download_url
.
What works for me is e.g. grep -o -E "https://.+?_.+_linux_amd64.tar.gz"
1908e84
to
b7693e8
Compare
Thank you very much @yermulnik , I was missing the targe on the "tar x". Let me know what you think @MaxymVlasov |
@MaxymVlasov very strange, the pre-commit are passing locally, hadolint included. |
This PR has been automatically marked as stale because it has been open 30 days |
e702952
to
6e1635f
Compare
rebased and ready for review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Revert some changes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job!
I fixed all things where I had some questions, so now LGTM
Let's wait to merge #362, rebase here and if all pipelines will be happy and @yermulnik will approve PR, we can go to merge it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Co-authored-by: yermulnik <yz@yz.kiev.ua>
Co-authored-by: George L. Yermulnik <yz@yz.kiev.ua>
tfupdate
to update version constraints in Terraform configurations
# [1.66.0](v1.65.1...v1.66.0) (2022-04-13) ### Features * Added support for `tfupdate` to update version constraints in Terraform configurations ([#342](#342)) ([ef7a0f2](ef7a0f2))
This PR is included in version 1.66.0 🎉 |
Thank you ! |
Put an
x
into the box if that apply:Description of your changes
Fixes #328
How can we test changes
Working on an existing module, for example : https://github.com/cloudposse/terraform-aws-sso.git
Prepare the pre-commit config :
And for the diff :
teraform version and the provider are pinned.
On subsequent run :