Terraform rules working

2025-05-16 14:00:50 +03:00
commit f4d28d47a9
13 changed files with 857 additions and 0 deletions
--- a/terraform/scripts/pre-commit
+++ b/terraform/scripts/pre-commit
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Pre-commit hook for Terraform security checks
+# Place this file in .git/hooks/pre-commit and make it executable
+
+# Colors for output
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+YELLOW='\033[0;33m'
+NC='\033[0m' # No Color
+
+echo -e "${YELLOW}Running Terraform security pre-commit checks...${NC}"
+
+# Only run checks if terraform files have changed
+TERRAFORM_FILES_CHANGED=$(git diff --cached --name-only | grep -E '\.tf$|\.tfvars$')
+
+if [ -z "$TERRAFORM_FILES_CHANGED" ]; then
+    echo -e "${GREEN}No Terraform files changed. Skipping security checks.${NC}"
+    exit 0
+fi
+
+# Store current directory
+CURRENT_DIR=$(pwd)
+
+# Check if scripts/run_security_checks.sh exists
+if [ -f "terraform/scripts/run_security_checks.sh" ]; then
+    # Change to terraform directory and run the security checks
+    cd terraform
+    if bash scripts/run_security_checks.sh --pre-commit; then
+        cd "$CURRENT_DIR"
+        echo -e "${GREEN}Terraform security checks passed!${NC}"
+        exit 0
+    else
+        cd "$CURRENT_DIR"
+        echo -e "${RED}Terraform security checks failed!${NC}"
+        echo -e "${YELLOW}You can bypass this check with git commit --no-verify, but this is NOT recommended.${NC}"
+        exit 1
+    fi
+else
+    echo -e "${RED}Security check script not found at terraform/scripts/run_security_checks.sh${NC}"
+    echo -e "${YELLOW}Skipping security checks. Please set up the security check script.${NC}"
+    exit 0
+fi