feat(terrascan): Add support for __GIT_WORKING_DIR__ in hooks arguments#943
Conversation
GSokol
requested review from
MaxymVlasov,
antonbabenko and
yermulnik
as code owners
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for the __GIT_WORKING_DIR__ placeholder in the terrascan hook, allowing users to reference the repository root directory in terrascan configuration paths.
- Implements string replacement for
__GIT_WORKING_DIR__placeholder in terrascan arguments - Documents the new functionality with an example usage for config file paths
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| hooks/terrascan.sh | Adds loop to replace __GIT_WORKING_DIR__ placeholder with current working directory |
| README.md | Documents the new placeholder functionality with example usage |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
|
Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. 📝 WalkthroughSummary by CodeRabbit
WalkthroughAdds placeholder substitution for Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor Developer as Developer
participant Hook as hooks/terrascan.sh
participant Subst as Placeholder Substitution
participant PerDir as per_dir_hook
participant Terra as terrascan
Developer->>Hook: Run hook with ARGS (may include __GIT_WORKING_DIR__)
Hook->>Subst: Iterate ARGS and replace __GIT_WORKING_DIR__ with CWD
Subst-->>Hook: Return updated ARGS
Hook->>PerDir: Invoke per_dir_hook using updated ARGS
PerDir->>Terra: Execute terrascan with resolved config/path
Terra-->>PerDir: Return results
PerDir-->>Hook: Aggregate results
Hook-->>Developer: Emit output/exit status
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
| # Support for setting PATH to repo root. | ||
| for i in "${!ARGS[@]}"; do | ||
| ARGS[i]=${ARGS[i]/__GIT_WORKING_DIR__/$(pwd)\/} | ||
| done |
There was a problem hiding this comment.
@MaxymVlasov Granted this is going to be 5th hook (out of 16) that has this feature implemented locally inside hook, would it make sense to look into moving this feature over right into common::parse_cmdline function so that it is available to all hooks that utilize common::parse_cmdline func?
Are there any obstacles or issues with this that I can't see off hands?
If not, then I can work on this task. Please let me know.
There was a problem hiding this comment.
Yes, should be generally supported by most of hooks.
As far as I remember, it just not make much sense in some hooks, but that's a nit a big deal
There was a problem hiding this comment.
Ok, would move it there.
There was a problem hiding this comment.
@GSokol Oh, I didn't mean for you to work on it (I thought I'd pick this up in a separate PR), although if you're up to — that's marvelous.
Once moved, these hooks need to be updated by removing the for loop (+ probably README update to provide more clear info):
hooks/terraform_tflint.sh:18: ARGS[i]=${ARGS[i]/__GIT_WORKING_DIR__/$(pwd)\/}
hooks/terraform_trivy.sh:17: ARGS[i]=${ARGS[i]/__GIT_WORKING_DIR__/$(pwd)\/}
hooks/terraform_checkov.sh:17: ARGS[i]=${ARGS[i]/__GIT_WORKING_DIR__/$(pwd)\/}
hooks/terraform_tfsec.sh:17: ARGS[i]=${ARGS[i]/__GIT_WORKING_DIR__/$(pwd)\/}Let me know if you'd prefer not to pick this up (it is all fine!) and I'll work on this bit in a separate PR. Thanks.
There was a problem hiding this comment.
I'm approving this PR as it is at the moment though.
There was a problem hiding this comment.
Let me know if you'd prefer not to pick this up (it is all fine!) and I'll work on this bit in a separate PR. Thanks.
@GSokol Could you please let me know whether you're ok to pick this up or would prefer me to take on this?
There was a problem hiding this comment.
I would pick this up into a separate PR (as I need the changes ASAP).
There was a problem hiding this comment.
@MaxymVlasov I've created an issue for this: #944
@GSokol Feel free to pick that issue up if you're up to 👍🏻
Co-authored-by: George Yermulnik (Georgii Iermulnik) <yz@yz.kiev.ua>
| # Support for setting PATH to repo root. | ||
| for i in "${!ARGS[@]}"; do | ||
| ARGS[i]=${ARGS[i]/__GIT_WORKING_DIR__/$(pwd)\/} | ||
| done |
There was a problem hiding this comment.
I'm approving this PR as it is at the moment though.
MaxymVlasov
left a comment
MaxymVlasov
left a comment
There was a problem hiding this comment.
Let's merge it at the EOW as is, if @GSokol will not respond
|
I can't merge it. And as I understand, we agreed, that I would later create a separate PR for moving |
MaxymVlasov
changed the title
__GIT_WORKING_DIR__ in hooks arguments
# [1.102.0](v1.101.1...v1.102.0) (2025-10-14) ### Features * **terrascan:** Add support for `__GIT_WORKING_DIR__` in hooks arguments ([#943](#943)) ([c4ef91e](c4ef91e))
|
This PR is included in version 1.102.0 🎉 |
Put an
xinto the box if that apply:Description of your changes
Add
__GIT_WORKING_DIR__placeholder support for terrascan.How can we test changes
In some repository:
Then, add it ti
.pre-commit-config.yaml