#!/bin/bash

# Pre-commit hook for Terraform security checks
# Place this file in .git/hooks/pre-commit and make it executable

# Colors for output
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[0;33m'
NC='\033[0m' # No Color

echo -e "${YELLOW}Running Terraform security pre-commit checks...${NC}"

# Only run checks if terraform files have changed
TERRAFORM_FILES_CHANGED=$(git diff --cached --name-only | grep -E '\.tf$|\.tfvars$')

if [ -z "$TERRAFORM_FILES_CHANGED" ]; then
    echo -e "${GREEN}No Terraform files changed. Skipping security checks.${NC}"
    exit 0
fi

# Store current directory
CURRENT_DIR=$(pwd)

# Check if scripts/run_security_checks.sh exists
if [ -f "terraform/scripts/run_security_checks.sh" ]; then
    # Change to terraform directory and run the security checks
    cd terraform
    if bash scripts/run_security_checks.sh; then
        cd "$CURRENT_DIR"
        echo -e "${GREEN}Terraform security checks passed!${NC}"
        exit 0
    else
        cd "$CURRENT_DIR"
        echo -e "${RED}Terraform security checks failed!${NC}"
        echo -e "${YELLOW}You can bypass this check with git commit --no-verify, but this is NOT recommended.${NC}"
        exit 1
    fi
else
    echo -e "${RED}Security check script not found at terraform/scripts/run_security_checks.sh${NC}"
    echo -e "${YELLOW}Skipping security checks. Please set up the security check script.${NC}"
    exit 0
fi