43 lines
1.4 KiB
Bash
Executable File
43 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Pre-commit hook for Terraform security checks
|
|
# Place this file in .git/hooks/pre-commit and make it executable
|
|
|
|
# Colors for output
|
|
GREEN='\033[0;32m'
|
|
RED='\033[0;31m'
|
|
YELLOW='\033[0;33m'
|
|
NC='\033[0m' # No Color
|
|
|
|
echo -e "${YELLOW}Running Terraform security pre-commit checks...${NC}"
|
|
|
|
# Only run checks if terraform files have changed
|
|
TERRAFORM_FILES_CHANGED=$(git diff --cached --name-only | grep -E '\.tf$|\.tfvars$')
|
|
|
|
if [ -z "$TERRAFORM_FILES_CHANGED" ]; then
|
|
echo -e "${GREEN}No Terraform files changed. Skipping security checks.${NC}"
|
|
exit 0
|
|
fi
|
|
|
|
# Store current directory
|
|
CURRENT_DIR=$(pwd)
|
|
|
|
# Check if scripts/run_security_checks.sh exists
|
|
if [ -f "terraform/scripts/run_security_checks.sh" ]; then
|
|
# Change to terraform directory and run the security checks
|
|
cd terraform
|
|
if bash scripts/run_security_checks.sh; then
|
|
cd "$CURRENT_DIR"
|
|
echo -e "${GREEN}Terraform security checks passed!${NC}"
|
|
exit 0
|
|
else
|
|
cd "$CURRENT_DIR"
|
|
echo -e "${RED}Terraform security checks failed!${NC}"
|
|
echo -e "${YELLOW}You can bypass this check with git commit --no-verify, but this is NOT recommended.${NC}"
|
|
exit 1
|
|
fi
|
|
else
|
|
echo -e "${RED}Security check script not found at terraform/scripts/run_security_checks.sh${NC}"
|
|
echo -e "${YELLOW}Skipping security checks. Please set up the security check script.${NC}"
|
|
exit 0
|
|
fi |