Skip to content
Merged
55 changes: 23 additions & 32 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,13 @@ repos:
hooks:
- id: gitleaks

#
# YAML Linters
#
# Dockerfile
- repo: https://github.com/hadolint/hadolint
rev: v2.12.1-beta
Comment thread
MaxymVlasov marked this conversation as resolved.
hooks:
- id: hadolint

# YAML
- repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt
rev: 0.2.3
hooks:
Expand All @@ -71,14 +75,29 @@ repos:
args:
- --strict

# JSON5 Linter
# JSON5
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v3.1.0
hooks:
- id: prettier
# https://prettier.io/docs/en/options.html#parser
files: .json5$

# Bash
- repo: https://github.com/jumanjihouse/pre-commit-hooks
rev: 3.0.0
hooks:
- id: shfmt
args:
- -l
- -i
- '2'
- -ci
- -sr
- -w
- id: shellcheck

# Python
- repo: https://github.com/pre-commit/mirrors-mypy.git
rev: v1.15.0
hooks:
Expand Down Expand Up @@ -133,31 +152,3 @@ repos:
- --lineprecision-report=.tox/.tmp/.test-results/mypy--py-3.9
- --txt-report=.tox/.tmp/.test-results/mypy--py-3.9
pass_filenames: false

- repo: https://github.com/jumanjihouse/pre-commit-hooks
rev: 3.0.0
hooks:
- id: shfmt
args:
- -l
- -i
- '2'
- -ci
- -sr
- -w
- id: shellcheck

# Dockerfile linter
- repo: https://github.com/hadolint/hadolint
rev: v2.12.1-beta
hooks:
- id: hadolint
args:
- --ignore=DL3007 # Using latest
- --ignore=DL3013 # Pin versions in pip
- --ignore=DL3027 # Do not use apt
- --ignore=DL3059 # Docker `RUN`s shouldn't be consolidated here
- --ignore=DL4006 # Not related to alpine
- --ignore=SC1091 # Useless check
- --ignore=SC2015 # Useless check
- --ignore=SC3037 # Not related to alpine
9 changes: 7 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
#
# Install required tools
#
ARG PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION:-latest}

Check warning on line 23 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu ARM

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$PRE_COMMIT_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 23 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$PRE_COMMIT_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 23 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$PRE_COMMIT_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
RUN touch /.env && \
if [ "$PRE_COMMIT_VERSION" = "false" ]; then \
echo "Vital software can't be skipped" && exit 1; \
Expand All @@ -30,19 +30,19 @@
#
# Install tools
#
ARG OPENTOFU_VERSION=${OPENTOFU_VERSION:-false}

Check warning on line 33 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu ARM

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$OPENTOFU_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 33 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$OPENTOFU_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ARG TERRAFORM_VERSION=${TERRAFORM_VERSION:-false}

ARG CHECKOV_VERSION=${CHECKOV_VERSION:-false}

Check warning on line 36 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$CHECKOV_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 36 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$CHECKOV_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ARG HCLEDIT_VERSION=${HCLEDIT_VERSION:-false}

Check warning on line 37 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu ARM

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$HCLEDIT_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ARG INFRACOST_VERSION=${INFRACOST_VERSION:-false}

Check warning on line 38 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu ARM

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$INFRACOST_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 38 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$INFRACOST_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ARG TERRAFORM_DOCS_VERSION=${TERRAFORM_DOCS_VERSION:-false}

Check warning on line 39 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu ARM

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TERRAFORM_DOCS_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 39 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TERRAFORM_DOCS_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 39 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TERRAFORM_DOCS_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ARG TERRAGRUNT_VERSION=${TERRAGRUNT_VERSION:-false}

Check warning on line 40 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu ARM

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TERRAGRUNT_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 40 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TERRAGRUNT_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ARG TERRASCAN_VERSION=${TERRASCAN_VERSION:-false}

Check warning on line 41 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu ARM

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TERRASCAN_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 41 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TERRASCAN_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ARG TFLINT_VERSION=${TFLINT_VERSION:-false}

Check warning on line 42 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TFLINT_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ARG TFSEC_VERSION=${TFSEC_VERSION:-false}

Check warning on line 43 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TFSEC_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ARG TFUPDATE_VERSION=${TFUPDATE_VERSION:-false}

Check warning on line 44 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu ARM

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TFUPDATE_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 44 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TFUPDATE_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 44 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TFUPDATE_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ARG TRIVY_VERSION=${TRIVY_VERSION:-false}

Check warning on line 45 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu ARM

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TRIVY_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 45 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$TRIVY_VERSION' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/


# Tricky thing to install all tools by set only one arg.
Expand All @@ -65,6 +65,8 @@
echo "TRIVY_VERSION=latest" >> /.env \
; fi

# Docker `RUN`s shouldn't be consolidated here
# hadolint global ignore=DL3059
RUN /install/opentofu.sh
RUN /install/terraform.sh

Expand All @@ -81,12 +83,15 @@


# Checking binaries versions and write it to debug file

# SC2086 - We do not need to quote "$F" variable, because it's not contain spaces
Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't hurt to wrap in double quotes though and the benefit would be to not skip this check is we, by any chance, will add any new var into this code block.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we add new vars here, it should be moved to separate .sh file, as it will become too complicated

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But the skipping check may remain and will disable checking it =)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's always a good idea to use the "${VAR}" syntax for consistency and to prevent unexpected behavior happening due to changes in seemingly unrelated places not having been caught because of some forgotten linting suppression.

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Despite the use of curly brackets is also encouraged by at least some shell linters I guess, I'd argue against it as curly brackets denote variable expansion syntax, which is pointless where no expansion is meant or expected.

# DL4006 - Not Applicable for /bin/sh in alpine images. Disable, as recommended by check itself
# hadolint ignore=SC2086,DL4006
RUN . /.env && \
F=tools_versions_info && \
pre-commit --version >> $F && \
(if [ "$OPENTOFU_VERSION" != "false" ]; then ./tofu --version | head -n 1 >> $F; else echo "opentofu SKIPPED" >> $F ; fi) && \
(if [ "$TERRAFORM_VERSION" != "false" ]; then ./terraform --version | head -n 1 >> $F; else echo "terraform SKIPPED" >> $F ; fi) && \

\
(if [ "$CHECKOV_VERSION" != "false" ]; then echo "checkov $(checkov --version)" >> $F; else echo "checkov SKIPPED" >> $F ; fi) && \
(if [ "$HCLEDIT_VERSION" != "false" ]; then echo "hcledit $(./hcledit version)" >> $F; else echo "hcledit SKIPPED" >> $F ; fi) && \
Expand All @@ -98,7 +103,7 @@
(if [ "$TFSEC_VERSION" != "false" ]; then echo "tfsec $(./tfsec --version)" >> $F; else echo "tfsec SKIPPED" >> $F ; fi) && \
(if [ "$TFUPDATE_VERSION" != "false" ]; then echo "tfupdate $(./tfupdate --version)" >> $F; else echo "tfupdate SKIPPED" >> $F ; fi) && \
(if [ "$TRIVY_VERSION" != "false" ]; then echo "trivy $(./trivy --version)" >> $F; else echo "trivy SKIPPED" >> $F ; fi) && \
echo -e "\n\n" && cat $F && echo -e "\n\n"
printf "\n\n\n" && cat $F && printf "\n\n\n"



Expand Down Expand Up @@ -143,9 +148,9 @@

COPY tools/entrypoint.sh /entrypoint.sh

ENV PRE_COMMIT_COLOR=${PRE_COMMIT_COLOR:-always}

Check warning on line 151 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$PRE_COMMIT_COLOR' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 151 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$PRE_COMMIT_COLOR' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

ENV INFRACOST_API_KEY=${INFRACOST_API_KEY:-}

Check warning on line 153 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu ARM

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$INFRACOST_API_KEY' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 153 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$INFRACOST_API_KEY' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ENV INFRACOST_SKIP_UPDATE_CHECK=${INFRACOST_SKIP_UPDATE_CHECK:-false}

Check warning on line 154 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$INFRACOST_SKIP_UPDATE_CHECK' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

Check warning on line 154 in Dockerfile

View workflow job for this annotation

GitHub Actions / Ubuntu x64

Variables should be defined before their use

UndefinedVar: Usage of undefined variable '$INFRACOST_SKIP_UPDATE_CHECK' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/

ENTRYPOINT [ "/entrypoint.sh" ]
10 changes: 4 additions & 6 deletions tests/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,11 +1,9 @@
# We use `latest` tag for tests proposes
Comment thread
MaxymVlasov marked this conversation as resolved.
# hadolint ignore=DL3007
FROM pre-commit-terraform:latest

RUN apt update && \
apt install -y \
datamash \
time && \
# Cleanup
rm -rf /var/lib/apt/lists/*
Comment thread
MaxymVlasov marked this conversation as resolved.
RUN apk add --no-cache \
datamash=~1.8
Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found that we changed base image to alpine a long time ago :)


WORKDIR /pct
ENTRYPOINT [ "/pct/tests/hooks_performance_test.sh" ]
Loading