From 5d2687c27a0ba9a0238609f28eaf58e48efbef0f Mon Sep 17 00:00:00 2001 From: Samuel CHNIBER Date: Tue, 30 Mar 2021 20:40:30 +0200 Subject: [PATCH 1/4] fork in order to fix packer fmt to actually reformat + packer validate hook to take pkvars file as input --- .bandit.yml | 13 -- .flake8 | 25 -- .gitignore | 3 - .isort.cfg | 10 - .mdl_config.json | 10 - .pre-commit-config.yaml | 148 ++---------- .pre-commit-hooks.yaml | 23 +- .prettierignore | 7 - .yamllint | 7 - CONTRIBUTING.md | 141 ----------- LICENSE | 116 --------- README.md | 130 ++++++++--- hooks/packer_fmt.sh | 29 --- hooks/packer_validate.sh | 29 --- lib_getopt | 494 +++++++++++++++++++++++++++++++++++++++ packer_fmt.sh | 28 +++ packer_validate.sh | 114 +++++++++ requirements-dev.txt | 2 - requirements-test.txt | 2 - requirements.txt | 2 - setup-env | 188 --------------- 21 files changed, 759 insertions(+), 762 deletions(-) delete mode 100644 .bandit.yml delete mode 100644 .flake8 delete mode 100644 .gitignore delete mode 100644 .isort.cfg delete mode 100644 .mdl_config.json delete mode 100644 .prettierignore delete mode 100644 .yamllint delete mode 100644 CONTRIBUTING.md delete mode 100644 LICENSE delete mode 100755 hooks/packer_fmt.sh delete mode 100755 hooks/packer_validate.sh create mode 100644 lib_getopt create mode 100755 packer_fmt.sh create mode 100755 packer_validate.sh delete mode 100644 requirements-dev.txt delete mode 100644 requirements-test.txt delete mode 100644 requirements.txt delete mode 100755 setup-env diff --git a/.bandit.yml b/.bandit.yml deleted file mode 100644 index 8ba42d1..0000000 --- a/.bandit.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Configuration file for the Bandit python security scanner -# https://bandit.readthedocs.io/en/latest/config.html - -# Tests are first included by `tests`, and then excluded by `skips`. -# If `tests` is empty, all tests are are considered included. - -tests: -# - B101 -# - B102 - -skips: -# - B101 # skip "assert used" check since assertions are required in pytests diff --git a/.flake8 b/.flake8 deleted file mode 100644 index 92ff826..0000000 --- a/.flake8 +++ /dev/null @@ -1,25 +0,0 @@ -[flake8] -max-line-length = 80 -# Select (turn on) -# * Complexity violations reported by mccabe (C) - -# http://flake8.pycqa.org/en/latest/user/error-codes.html#error-violation-codes -# * Documentation conventions compliance reported by pydocstyle (D) - -# http://www.pydocstyle.org/en/stable/error_codes.html -# * Default errors and warnings reported by pycodestyle (E and W) - -# https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes -# * Default errors reported by pyflakes (F) - -# http://flake8.pycqa.org/en/latest/glossary.html#term-pyflakes -# * Default warnings reported by flake8-bugbear (B) - -# https://github.com/PyCQA/flake8-bugbear#list-of-warnings -# * The B950 flake8-bugbear opinionated warning - -# https://github.com/PyCQA/flake8-bugbear#opinionated-warnings -select = C,D,E,F,W,B,B950 -# Ignore flake8's default warning about maximum line length, which has -# a hard stop at the configured value. Instead we use -# flake8-bugbear's B950, which allows up to 10% overage. -# -# Also ignore flake8's warning about line breaks before binary -# operators. It no longer agrees with PEP8. See, for example, here: -# https://github.com/ambv/black/issues/21. Guido agrees here: -# https://github.com/python/peps/commit/c59c4376ad233a62ca4b3a6060c81368bd21e85b. -ignore = E501,W503 diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 4b15d77..0000000 --- a/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -__pycache__ -.mypy_cache -.python-version diff --git a/.isort.cfg b/.isort.cfg deleted file mode 100644 index 46d45f3..0000000 --- a/.isort.cfg +++ /dev/null @@ -1,10 +0,0 @@ -[settings] -combine_star=true -force_sort_within_sections=true - -import_heading_stdlib=Standard Python Libraries -import_heading_thirdparty=Third-Party Libraries -import_heading_firstparty=cisagov Libraries - -# Run isort under the black profile to align with our other Python linting -profile=black diff --git a/.mdl_config.json b/.mdl_config.json deleted file mode 100644 index 7a6f3f8..0000000 --- a/.mdl_config.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "MD013": { - "code_blocks": false, - "tables": false - }, - "MD024": { - "allow_different_nesting": true - }, - "default": true -} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c851317..a0304e2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,135 +1,15 @@ ---- -default_language_version: - # force all unspecified python hooks to run python3 - python: python3 - repos: - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v3.4.0 - hooks: - - id: check-case-conflict - - id: check-executables-have-shebangs - - id: check-json - - id: check-merge-conflict - - id: check-toml - - id: check-xml - - id: debug-statements - - id: detect-aws-credentials - args: - - --allow-missing-credentials - - id: detect-private-key - - id: end-of-file-fixer - exclude: files/(issue|motd) - - id: mixed-line-ending - args: - - --fix=lf - - id: pretty-format-json - args: - - --autofix - - id: requirements-txt-fixer - - id: trailing-whitespace - - # Text file hooks - - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.26.0 - hooks: - - id: markdownlint - args: - - --config=.mdl_config.json - - repo: https://github.com/pre-commit/mirrors-prettier - rev: v2.2.1 - hooks: - - id: prettier - - repo: https://github.com/adrienverge/yamllint - rev: v1.26.0 - hooks: - - id: yamllint - args: - - --strict - - # Shell script hooks - - repo: https://github.com/lovesegfault/beautysh - rev: 6.0.1 - hooks: - - id: beautysh - args: - - --indent-size - - '2' - - repo: https://github.com/detailyang/pre-commit-shell - rev: 1.0.5 - hooks: - - id: shell-lint - - # Python hooks - - repo: https://github.com/PyCQA/bandit - rev: 1.7.0 - hooks: - - id: bandit - args: - - --config=.bandit.yml - - repo: https://github.com/psf/black - rev: 20.8b1 - hooks: - - id: black - - repo: https://gitlab.com/pycqa/flake8 - rev: 3.8.4 - hooks: - - id: flake8 - additional_dependencies: - - flake8-docstrings - - repo: https://github.com/PyCQA/isort - rev: 5.7.0 - hooks: - - id: isort - - repo: https://github.com/pre-commit/mirrors-mypy - rev: v0.800 - hooks: - - id: mypy - - repo: https://github.com/asottile/pyupgrade - rev: v2.10.0 - hooks: - - id: pyupgrade - - # Ansible hooks - - repo: https://github.com/ansible-community/ansible-lint - # This is intentionally being held back because of issues in v5 per - # https://github.com/cisagov/skeleton-ansible-role/issues/69 - rev: v4.3.7 - hooks: - - id: ansible-lint - # files: molecule/default/playbook.yml - - # Terraform hooks - - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.45.0 - hooks: - - id: terraform_fmt - # There are ongoing issues with how this command works. This issue - # documents the core issue: - # https://github.com/hashicorp/terraform/issues/21408 - # We have seen issues primarily with proxy providers and Terraform code - # that uses remote state. The PR - # https://github.com/hashicorp/terraform/pull/24887 - # has been approved and is part of the 0.13 release to resolve the issue - # with remote states. - # The PR - # https://github.com/hashicorp/terraform/pull/24896 - # is a proprosed fix to deal with `terraform validate` with proxy - # providers (among other configurations). - # We have decided to disable the terraform_validate hook until the issues - # above have been resolved, which we hope will be with the release of - # Terraform 0.13. - # - id: terraform_validate - - # Docker hooks - - repo: https://github.com/IamTheFij/docker-pre-commit - rev: v2.0.0 - hooks: - - id: docker-compose-check - - # Packer hooks - - repo: https://github.com/cisagov/pre-commit-packer - rev: v0.0.2 - hooks: - - id: packer_validate - - id: packer_fmt +- repo: git://github.com/pre-commit/pre-commit-hooks + rev: v3.4.0 + hooks: + - id: check-yaml + - id: end-of-file-fixer + - id: trailing-whitespace + - id: check-case-conflict + - id: check-merge-conflict + - id: check-executables-have-shebangs +- repo: git://github.com/jumanjihouse/pre-commit-hooks + rev: 2.1.5 + hooks: + - id: shfmt + args: ['-l', '-i', '2', '-ci', '-sr', '-w'] diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 636bfbe..92275fb 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -1,17 +1,14 @@ ---- -- id: packer_validate - name: Packer Validate - description: This hook runs `packer validate` on appropriate files. - entry: hooks/packer_validate.sh +- id: packer_fmt + name: Packer fmt + description: Rewrites all Packer configuration files to a canonical format. + entry: packer_fmt.sh language: script files: (packer\.json|\.pkr\.hcl)$ - pass_filenames: true - always_run: true -- id: packer_fmt - name: Packer Format - description: This hook runs `packer fmt` on appropriate files. - entry: hooks/packer_fmt.sh +- id: packer_validate + name: Packer validate + description: Validates all Packer configuration files. + require_serial: true + entry: packer_validate.sh language: script - files: (\.pkr\.hcl)$ - pass_filenames: true + files: (packer\.json|\.pkr\.hcl)$ diff --git a/.prettierignore b/.prettierignore deleted file mode 100644 index 738d402..0000000 --- a/.prettierignore +++ /dev/null @@ -1,7 +0,0 @@ -# Already being linted by pretty-format-json -*.json -# Already being linted by mdl -*.md -# Already being linted by yamllint -*.yaml -*.yml diff --git a/.yamllint b/.yamllint deleted file mode 100644 index 7ed00eb..0000000 --- a/.yamllint +++ /dev/null @@ -1,7 +0,0 @@ ---- -extends: default - -rules: - # yamllint doesn't like when we use yes and no for true and false, - # but that's pretty standard in Ansible. - truthy: disable diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index 52def3c..0000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,141 +0,0 @@ -# Welcome # - -We're so glad you're thinking about contributing to this open source -project! If you're unsure or afraid of anything, just ask or submit -the issue or pull request anyway. The worst that can happen is that -you'll be politely asked to change something. We appreciate any sort -of contribution, and don't want a wall of rules to get in the way of -that. - -Before contributing, we encourage you to read our CONTRIBUTING policy -(you are here), our [LICENSE](LICENSE), and our [README](README.md), -all of which should be in this repository. - -## Issues ## - -If you want to report a bug or request a new feature, the most direct -method is to [create an -issue](https://github.com/cisagov/pre-commit-packer/issues) in this -repository. We recommend that you first search through existing -issues (both open and closed) to check if your particular issue has -already been reported. If it has then you might want to add a comment -to the existing issue. If it hasn't then feel free to create a new -one. - -## Pull requests ## - -If you choose to [submit a pull -request](https://github.com/cisagov/pre-commit-packer/pulls), you will -notice that our continuous integration (CI) system runs a fairly -extensive set of linters and syntax checkers. Your pull request may -fail these checks, and that's OK. If you want you can stop there and -wait for us to make the necessary corrections to ensure your code -passes the CI checks. - -If you want to make the changes yourself, or if you want to become a -regular contributor, then you will want to set up -[pre-commit](https://pre-commit.com/) on your local machine. Once you -do that, the CI checks will run locally before you even write your -commit message. This speeds up your development cycle considerably. - -### Setting up pre-commit ### - -There are a few ways to do this, but we prefer to use -[`pyenv`](https://github.com/pyenv/pyenv) and -[`pyenv-virtualenv`](https://github.com/pyenv/pyenv-virtualenv) to -create and manage a Python virtual environment specific to this -project. - -If you already have `pyenv` and `pyenv-virtualenv` configured you can -take advantage of the `setup-env` tool in this repo to automate the -entire environment configuration process. - -```console -./setup-env -``` - -Otherwise, follow the steps below to manually configure your -environment. - -#### Installing and using `pyenv` and `pyenv-virtualenv` #### - -On the Mac, we recommend installing [brew](https://brew.sh/). Then -installation is as simple as `brew install pyenv pyenv-virtualenv` and -adding this to your profile: - -```bash -eval "$(pyenv init -)" -eval "$(pyenv virtualenv-init -)" -``` - -For Linux, Windows Subsystem for Linux (WSL), or on the Mac (if you -don't want to use `brew`) you can use -[pyenv/pyenv-installer](https://github.com/pyenv/pyenv-installer) to -install the necessary tools. Before running this ensure that you have -installed the prerequisites for your platform according to the -[`pyenv` wiki -page](https://github.com/pyenv/pyenv/wiki/common-build-problems). - -On WSL you should treat your platform as whatever Linux distribution -you've chosen to install. - -Once you have installed `pyenv` you will need to add the following -lines to your `.bashrc`: - -```bash -export PATH="$PATH:$HOME/.pyenv/bin" -eval "$(pyenv init -)" -eval "$(pyenv virtualenv-init -)" -``` - -If you are using a shell other than `bash` you should follow the -instructions that the `pyenv-installer` script outputs. - -You will need to reload your shell for these changes to take effect so -you can begin to use `pyenv`. - -For a list of Python versions that are already installed and ready to -use with `pyenv`, use the command `pyenv versions`. To see a list of -the Python versions available to be installed and used with `pyenv` -use the command `pyenv install --list`. You can read more -[here](https://github.com/pyenv/pyenv/blob/master/COMMANDS.md) about -the many things that `pyenv` can do. See -[here](https://github.com/pyenv/pyenv-virtualenv#usage) for the -additional capabilities that pyenv-virtualenv adds to the `pyenv` -command. - -#### Creating the Python virtual environment #### - -Once `pyenv` and `pyenv-virtualenv` are installed on your system, you -can create and configure the Python virtual environment with these -commands: - -```console -cd pre-commit-packer -pyenv virtualenv pre-commit-packer -pyenv local pre-commit-packer -pip install --requirement requirements-dev.txt -``` - -#### Installing the pre-commit hook #### - -Now setting up pre-commit is as simple as: - -```console -pre-commit install -``` - -At this point the pre-commit checks will run against any files that -you attempt to commit. If you want to run the checks against the -entire repo, just execute `pre-commit run --all-files`. - -## Public domain ## - -This project is in the public domain within the United States, and -copyright and related rights in the work worldwide are waived through -the [CC0 1.0 Universal public domain -dedication](https://creativecommons.org/publicdomain/zero/1.0/). - -All contributions to this project will be released under the CC0 -dedication. By submitting a pull request, you are agreeing to comply -with this waiver of copyright interest. diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 670154e..0000000 --- a/LICENSE +++ /dev/null @@ -1,116 +0,0 @@ -CC0 1.0 Universal - -Statement of Purpose - -The laws of most jurisdictions throughout the world automatically confer -exclusive Copyright and Related Rights (defined below) upon the creator and -subsequent owner(s) (each and all, an "owner") of an original work of -authorship and/or a database (each, a "Work"). - -Certain owners wish to permanently relinquish those rights to a Work for the -purpose of contributing to a commons of creative, cultural and scientific -works ("Commons") that the public can reliably and without fear of later -claims of infringement build upon, modify, incorporate in other works, reuse -and redistribute as freely as possible in any form whatsoever and for any -purposes, including without limitation commercial purposes. These owners may -contribute to the Commons to promote the ideal of a free culture and the -further production of creative, cultural and scientific works, or to gain -reputation or greater distribution for their Work in part through the use and -efforts of others. - -For these and/or other purposes and motivations, and without any expectation -of additional consideration or compensation, the person associating CC0 with a -Work (the "Affirmer"), to the extent that he or she is an owner of Copyright -and Related Rights in the Work, voluntarily elects to apply CC0 to the Work -and publicly distribute the Work under its terms, with knowledge of his or her -Copyright and Related Rights in the Work and the meaning and intended legal -effect of CC0 on those rights. - -1. Copyright and Related Rights. A Work made available under CC0 may be -protected by copyright and related or neighboring rights ("Copyright and -Related Rights"). Copyright and Related Rights include, but are not limited -to, the following: - - i. the right to reproduce, adapt, distribute, perform, display, communicate, - and translate a Work; - - ii. moral rights retained by the original author(s) and/or performer(s); - - iii. publicity and privacy rights pertaining to a person's image or likeness - depicted in a Work; - - iv. rights protecting against unfair competition in regards to a Work, - subject to the limitations in paragraph 4(a), below; - - v. rights protecting the extraction, dissemination, use and reuse of data in - a Work; - - vi. database rights (such as those arising under Directive 96/9/EC of the - European Parliament and of the Council of 11 March 1996 on the legal - protection of databases, and under any national implementation thereof, - including any amended or successor version of such directive); and - - vii. other similar, equivalent or corresponding rights throughout the world - based on applicable law or treaty, and any national implementations thereof. - -2. Waiver. To the greatest extent permitted by, but not in contravention of, -applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and -unconditionally waives, abandons, and surrenders all of Affirmer's Copyright -and Related Rights and associated claims and causes of action, whether now -known or unknown (including existing as well as future claims and causes of -action), in the Work (i) in all territories worldwide, (ii) for the maximum -duration provided by applicable law or treaty (including future time -extensions), (iii) in any current or future medium and for any number of -copies, and (iv) for any purpose whatsoever, including without limitation -commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes -the Waiver for the benefit of each member of the public at large and to the -detriment of Affirmer's heirs and successors, fully intending that such Waiver -shall not be subject to revocation, rescission, cancellation, termination, or -any other legal or equitable action to disrupt the quiet enjoyment of the Work -by the public as contemplated by Affirmer's express Statement of Purpose. - -3. Public License Fallback. Should any part of the Waiver for any reason be -judged legally invalid or ineffective under applicable law, then the Waiver -shall be preserved to the maximum extent permitted taking into account -Affirmer's express Statement of Purpose. In addition, to the extent the Waiver -is so judged Affirmer hereby grants to each affected person a royalty-free, -non transferable, non sublicensable, non exclusive, irrevocable and -unconditional license to exercise Affirmer's Copyright and Related Rights in -the Work (i) in all territories worldwide, (ii) for the maximum duration -provided by applicable law or treaty (including future time extensions), (iii) -in any current or future medium and for any number of copies, and (iv) for any -purpose whatsoever, including without limitation commercial, advertising or -promotional purposes (the "License"). The License shall be deemed effective as -of the date CC0 was applied by Affirmer to the Work. Should any part of the -License for any reason be judged legally invalid or ineffective under -applicable law, such partial invalidity or ineffectiveness shall not -invalidate the remainder of the License, and in such case Affirmer hereby -affirms that he or she will not (i) exercise any of his or her remaining -Copyright and Related Rights in the Work or (ii) assert any associated claims -and causes of action with respect to the Work, in either case contrary to -Affirmer's express Statement of Purpose. - -4. Limitations and Disclaimers. - - a. No trademark or patent rights held by Affirmer are waived, abandoned, - surrendered, licensed or otherwise affected by this document. - - b. Affirmer offers the Work as-is and makes no representations or warranties - of any kind concerning the Work, express, implied, statutory or otherwise, - including without limitation warranties of title, merchantability, fitness - for a particular purpose, non infringement, or the absence of latent or - other defects, accuracy, or the present or absence of errors, whether or not - discoverable, all to the greatest extent permissible under applicable law. - - c. Affirmer disclaims responsibility for clearing rights of other persons - that may apply to the Work or any use thereof, including without limitation - any person's Copyright and Related Rights in the Work. Further, Affirmer - disclaims responsibility for obtaining any necessary consents, permissions - or other rights required for any use of the Work. - - d. Affirmer understands and acknowledges that Creative Commons is not a - party to this document and has no duty or obligation with respect to this - CC0 or use of the Work. - -For more information, please see - diff --git a/README.md b/README.md index 14f7ea0..8017d75 100644 --- a/README.md +++ b/README.md @@ -1,49 +1,117 @@ -# pre-commit-packer # +# Collection of git hooks for Packer to be used with [pre-commit framework](http://pre-commit.com/) -[![GitHub Build Status](https://github.com/cisagov/pre-commit-packer/workflows/build/badge.svg)](https://github.com/cisagov/pre-commit-packer/actions) +## How to install -This is a set of [pre-commit](https://pre-commit.com) hooks intended for -projects using [Packer](https://www.packer.io/). +### 1. Install dependencies -## Available Hooks ## +* [`pre-commit`](https://pre-commit.com/#install) +* [`coreutils`](https://formulae.brew.sh/formula/coreutils) required for `packer_validate` hook on macOS (due to use of `realpath`). -| Hook name | Description | -| ----------------- | ------------------------------------------------------- | -| `packer_validate` | Validate all Packer templates. | -| `packer_fmt` | Check that Packer HCL templates are properly formatted. | +##### MacOS -## Usage ## +```bash +brew install pre-commit pre-commit coreutils +``` + +### 2. Install the pre-commit hook globally + +```bash +DIR=~/.git-template +git config --global init.templateDir ${DIR} +pre-commit init-templatedir -t pre-commit ${DIR} +``` -```yaml +### 3. Add configs and hooks + +Step into the repository you want to have the pre-commit hooks installed and run: + +```bash +git init +cat < .pre-commit-config.yaml repos: - - repo: https://github.com/cisagov/pre-commit-packer - rev: # Version from https://github.com/cisagov/pre-commit-packer/releases - hooks: +- repo: https://github.com/schniber/pre-commit-packer + rev: # Get the latest from: https://github.com/schniber/pre-commit-packer/releases + hooks: + - id: packer_fmt - id: packer_validate args: - - manual_file_entry - - id: packer_fmt + - '--args=--var-file=inputs/dev.pkrvars.hcl' +EOF ``` -## Notes about the `packer_validate` hook ## +### 4. Run + +After pre-commit hook has been installed you can run it manually on all files in the repository + +```bash +pre-commit run -a +``` + +## Available Hooks + +There are several [pre-commit](https://pre-commit.com/) hooks to keep Packer configurations (both `*.pkr.hcl` and `*.pkrvars.hcl`) and Packer json configurations (`packer*.json`) in a good shape: + +| Hook name | Description | +| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------- | +| `packer_fmt` | Rewrites all Packer configuration files to a canonical format. | +| `packer_validate` | Validates all Packer configuration files. | -This hook matches any paths ending in `packer.json` and `.pkr.hcl` by default. -File paths can be added for checking manually as additional arguments. +Check the [source file](https://github.com/schniber/pre-commit-packer/blob/master/.pre-commit-hooks.yaml) to know arguments used for each hook. -## Contributing ## +## Notes about packer_fmt hooks -We welcome contributions! Please see [`CONTRIBUTING.md`](CONTRIBUTING.md) for -details. +1. `packer_fmt` automatically scans for *.pkr.hcl files and locates the subfolder containing the *.pkrvars.hcl files before applying the Packer Formatting. -## License ## + 1. Example: + ```yaml + hooks: + - id: packer_fmt + ``` + +## Notes about packer_validate hooks + +1. `packer_validate` supports custom arguments so you can pass supported no-color or json flags. -This project is in the worldwide [public domain](LICENSE). + 1. Example: + ```yaml + hooks: + - id: packer_validate + args: ['--args=-json'] + ``` -This project is in the public domain within the United States, and -copyright and related rights in the work worldwide are waived through -the [CC0 1.0 Universal public domain -dedication](https://creativecommons.org/publicdomain/zero/1.0/). + In order to pass multiple args, try the following: + ```yaml + - id: packer_validate + args: + - '--args=-json' + - '--args=-no-color' + ``` +1. `packer_validate` also supports custom environment variables passed to the pre-commit runtime + + 1. Example: + ```yaml + hooks: + - id: packer_validate + args: ['--envs=AWS_DEFAULT_REGION="us-west-2"'] + ``` + + In order to pass multiple args, try the following: + ```yaml + - id: packer_validate + args: + - '--envs=AWS_DEFAULT_REGION="us-west-2"' + - '--envs=AWS_ACCESS_KEY_ID="anaccesskey"' + - '--envs=AWS_SECRET_ACCESS_KEY="asecretkey"' + ``` + +1. `packer_validate` also supports custom arguments allowing to choose the input pkrvars.hcl passed to the pre-commit runtime to validate your packer configuration + + 1. Example: + ```yaml + hooks: + - id: packer_validate + args: + - '--args=--var-file=inputs/dev.pkrvars.hcl' + ``` -All contributions to this project will be released under the CC0 -dedication. By submitting a pull request, you are agreeing to comply -with this waiver of copyright interest. +Enjoy the clean & valid packer code! diff --git a/hooks/packer_fmt.sh b/hooks/packer_fmt.sh deleted file mode 100755 index 9d65a5d..0000000 --- a/hooks/packer_fmt.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash - -set -o nounset -set -o errexit -set -o pipefail - -if [ -z "$(command -v packer)" ] -then - echo "packer is required" - exit 1 -fi - -error=0 - -for file in "$@" -do - if ! packer fmt -check "$file" - then - error=1 - echo - echo "Failed path: $file" - echo "================================" - fi -done - -if [[ $error -ne 0 ]] -then - exit 1 -fi diff --git a/hooks/packer_validate.sh b/hooks/packer_validate.sh deleted file mode 100755 index e07885e..0000000 --- a/hooks/packer_validate.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash - -set -o nounset -set -o errexit -set -o pipefail - -if [ -z "$(command -v packer)" ] -then - echo "packer is required" - exit 1 -fi - -error=0 - -for file in "$@" -do - if ! packer validate "$file" - then - error=1 - echo - echo "Failed path: $file" - echo "================================" - fi -done - -if [[ $error -ne 0 ]] -then - exit 1 -fi diff --git a/lib_getopt b/lib_getopt new file mode 100644 index 0000000..c4b21fa --- /dev/null +++ b/lib_getopt @@ -0,0 +1,494 @@ +#!/bin/bash + +getopt() { + # pure-getopt, a drop-in replacement for GNU getopt in pure Bash. + # version 1.4.4 + # + # Copyright 2012-2020 Aron Griffis + # + # Permission is hereby granted, free of charge, to any person obtaining + # a copy of this software and associated documentation files (the + # "Software"), to deal in the Software without restriction, including + # without limitation the rights to use, copy, modify, merge, publish, + # distribute, sublicense, and/or sell copies of the Software, and to + # permit persons to whom the Software is furnished to do so, subject to + # the following conditions: + # + # The above copyright notice and this permission notice shall be included + # in all copies or substantial portions of the Software. + # + # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + # OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + # IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + # CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + # TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + _getopt_main() { + # Returns one of the following statuses: + # 0 success + # 1 error parsing parameters + # 2 error in getopt invocation + # 3 internal error + # 4 reserved for -T + # + # For statuses 0 and 1, generates normalized and shell-quoted + # "options -- parameters" on stdout. + + declare parsed status + declare short long='' name flags='' + declare have_short=false + + # Synopsis from getopt man-page: + # + # getopt optstring parameters + # getopt [options] [--] optstring parameters + # getopt [options] -o|--options optstring [options] [--] parameters + # + # The first form can be normalized to the third form which + # _getopt_parse() understands. The second form can be recognized after + # first parse when $short hasn't been set. + + if [[ -n ${GETOPT_COMPATIBLE+isset} || $1 == [^-]* ]]; then + # Enable compatibility mode + flags=c$flags + # Normalize first to third synopsis form + set -- -o "$1" -- "${@:2}" + fi + + # First parse always uses flags=p since getopt always parses its own + # arguments effectively in this mode. + parsed=$(_getopt_parse getopt ahl:n:o:qQs:TuV \ + alternative,help,longoptions:,name:,options:,quiet,quiet-output,shell:,test,version \ + p "$@") + status=$? + if [[ $status != 0 ]]; then + if [[ $status == 1 ]]; then + echo "Try \`getopt --help' for more information." >&2 + # Since this is the first parse, convert status 1 to 2 + status=2 + fi + return $status + fi + eval "set -- $parsed" + + while [[ $# -gt 0 ]]; do + case $1 in + (-a|--alternative) + flags=a$flags ;; + + (-h|--help) + _getopt_help + return 2 # as does GNU getopt + ;; + + (-l|--longoptions) + long="$long${long:+,}$2" + shift ;; + + (-n|--name) + name=$2 + shift ;; + + (-o|--options) + short=$2 + have_short=true + shift ;; + + (-q|--quiet) + flags=q$flags ;; + + (-Q|--quiet-output) + flags=Q$flags ;; + + (-s|--shell) + case $2 in + (sh|bash) + flags=${flags//t/} ;; + (csh|tcsh) + flags=t$flags ;; + (*) + echo 'getopt: unknown shell after -s or --shell argument' >&2 + echo "Try \`getopt --help' for more information." >&2 + return 2 ;; + esac + shift ;; + + (-u|--unquoted) + flags=u$flags ;; + + (-T|--test) + return 4 ;; + + (-V|--version) + echo "pure-getopt 1.4.4" + return 0 ;; + + (--) + shift + break ;; + esac + + shift + done + + if ! $have_short; then + # $short was declared but never set, not even to an empty string. + # This implies the second form in the synopsis. + if [[ $# == 0 ]]; then + echo 'getopt: missing optstring argument' >&2 + echo "Try \`getopt --help' for more information." >&2 + return 2 + fi + short=$1 + have_short=true + shift + fi + + if [[ $short == -* ]]; then + # Leading dash means generate output in place rather than reordering, + # unless we're already in compatibility mode. + [[ $flags == *c* ]] || flags=i$flags + short=${short#?} + elif [[ $short == +* ]]; then + # Leading plus means POSIXLY_CORRECT, unless we're already in + # compatibility mode. + [[ $flags == *c* ]] || flags=p$flags + short=${short#?} + fi + + # This should fire if POSIXLY_CORRECT is in the environment, even if + # it's an empty string. That's the difference between :+ and + + flags=${POSIXLY_CORRECT+p}$flags + + _getopt_parse "${name:-getopt}" "$short" "$long" "$flags" "$@" + } + + _getopt_parse() { + # Inner getopt parser, used for both first parse and second parse. + # Returns 0 for success, 1 for error parsing, 3 for internal error. + # In the case of status 1, still generates stdout with whatever could + # be parsed. + # + # $flags is a string of characters with the following meanings: + # a - alternative parsing mode + # c - GETOPT_COMPATIBLE + # i - generate output in place rather than reordering + # p - POSIXLY_CORRECT + # q - disable error reporting + # Q - disable normal output + # t - quote for csh/tcsh + # u - unquoted output + + declare name="$1" short="$2" long="$3" flags="$4" + shift 4 + + # Split $long on commas, prepend double-dashes, strip colons; + # for use with _getopt_resolve_abbrev + declare -a longarr + _getopt_split longarr "$long" + longarr=( "${longarr[@]/#/--}" ) + longarr=( "${longarr[@]%:}" ) + longarr=( "${longarr[@]%:}" ) + + # Parse and collect options and parameters + declare -a opts params + declare o alt_recycled=false error=0 + + while [[ $# -gt 0 ]]; do + case $1 in + (--) + params=( "${params[@]}" "${@:2}" ) + break ;; + + (--*=*) + o=${1%%=*} + if ! o=$(_getopt_resolve_abbrev "$o" "${longarr[@]}"); then + error=1 + elif [[ ,"$long", == *,"${o#--}"::,* ]]; then + opts=( "${opts[@]}" "$o" "${1#*=}" ) + elif [[ ,"$long", == *,"${o#--}":,* ]]; then + opts=( "${opts[@]}" "$o" "${1#*=}" ) + elif [[ ,"$long", == *,"${o#--}",* ]]; then + if $alt_recycled; then o=${o#-}; fi + _getopt_err "$name: option '$o' doesn't allow an argument" + error=1 + else + echo "getopt: assertion failed (1)" >&2 + return 3 + fi + alt_recycled=false + ;; + + (--?*) + o=$1 + if ! o=$(_getopt_resolve_abbrev "$o" "${longarr[@]}"); then + error=1 + elif [[ ,"$long", == *,"${o#--}",* ]]; then + opts=( "${opts[@]}" "$o" ) + elif [[ ,"$long", == *,"${o#--}::",* ]]; then + opts=( "${opts[@]}" "$o" '' ) + elif [[ ,"$long", == *,"${o#--}:",* ]]; then + if [[ $# -ge 2 ]]; then + shift + opts=( "${opts[@]}" "$o" "$1" ) + else + if $alt_recycled; then o=${o#-}; fi + _getopt_err "$name: option '$o' requires an argument" + error=1 + fi + else + echo "getopt: assertion failed (2)" >&2 + return 3 + fi + alt_recycled=false + ;; + + (-*) + if [[ $flags == *a* ]]; then + # Alternative parsing mode! + # Try to handle as a long option if any of the following apply: + # 1. There's an equals sign in the mix -x=3 or -xy=3 + # 2. There's 2+ letters and an abbreviated long match -xy + # 3. There's a single letter and an exact long match + # 4. There's a single letter and no short match + o=${1::2} # temp for testing #4 + if [[ $1 == *=* || $1 == -?? || \ + ,$long, == *,"${1#-}"[:,]* || \ + ,$short, != *,"${o#-}"[:,]* ]]; then + o=$(_getopt_resolve_abbrev "${1%%=*}" "${longarr[@]}" 2>/dev/null) + case $? in + (0) + # Unambiguous match. Let the long options parser handle + # it, with a flag to get the right error message. + set -- "-$1" "${@:2}" + alt_recycled=true + continue ;; + (1) + # Ambiguous match, generate error and continue. + _getopt_resolve_abbrev "${1%%=*}" "${longarr[@]}" >/dev/null + error=1 + shift + continue ;; + (2) + # No match, fall through to single-character check. + true ;; + (*) + echo "getopt: assertion failed (3)" >&2 + return 3 ;; + esac + fi + fi + + o=${1::2} + if [[ "$short" == *"${o#-}"::* ]]; then + if [[ ${#1} -gt 2 ]]; then + opts=( "${opts[@]}" "$o" "${1:2}" ) + else + opts=( "${opts[@]}" "$o" '' ) + fi + elif [[ "$short" == *"${o#-}":* ]]; then + if [[ ${#1} -gt 2 ]]; then + opts=( "${opts[@]}" "$o" "${1:2}" ) + elif [[ $# -ge 2 ]]; then + shift + opts=( "${opts[@]}" "$o" "$1" ) + else + _getopt_err "$name: option requires an argument -- '${o#-}'" + error=1 + fi + elif [[ "$short" == *"${o#-}"* ]]; then + opts=( "${opts[@]}" "$o" ) + if [[ ${#1} -gt 2 ]]; then + set -- "$o" "-${1:2}" "${@:2}" + fi + else + if [[ $flags == *a* ]]; then + # Alternative parsing mode! Report on the entire failed + # option. GNU includes =value but we omit it for sanity with + # very long values. + _getopt_err "$name: unrecognized option '${1%%=*}'" + else + _getopt_err "$name: invalid option -- '${o#-}'" + if [[ ${#1} -gt 2 ]]; then + set -- "$o" "-${1:2}" "${@:2}" + fi + fi + error=1 + fi ;; + + (*) + # GNU getopt in-place mode (leading dash on short options) + # overrides POSIXLY_CORRECT + if [[ $flags == *i* ]]; then + opts=( "${opts[@]}" "$1" ) + elif [[ $flags == *p* ]]; then + params=( "${params[@]}" "$@" ) + break + else + params=( "${params[@]}" "$1" ) + fi + esac + + shift + done + + if [[ $flags == *Q* ]]; then + true # generate no output + else + echo -n ' ' + if [[ $flags == *[cu]* ]]; then + printf '%s -- %s' "${opts[*]}" "${params[*]}" + else + if [[ $flags == *t* ]]; then + _getopt_quote_csh "${opts[@]}" -- "${params[@]}" + else + _getopt_quote "${opts[@]}" -- "${params[@]}" + fi + fi + echo + fi + + return $error + } + + _getopt_err() { + if [[ $flags != *q* ]]; then + printf '%s\n' "$1" >&2 + fi + } + + _getopt_resolve_abbrev() { + # Resolves an abbrevation from a list of possibilities. + # If the abbreviation is unambiguous, echoes the expansion on stdout + # and returns 0. If the abbreviation is ambiguous, prints a message on + # stderr and returns 1. (For first parse this should convert to exit + # status 2.) If there is no match at all, prints a message on stderr + # and returns 2. + declare a q="$1" + declare -a matches=() + shift + for a; do + if [[ $q == "$a" ]]; then + # Exact match. Squash any other partial matches. + matches=( "$a" ) + break + elif [[ $flags == *a* && $q == -[^-]* && $a == -"$q" ]]; then + # Exact alternative match. Squash any other partial matches. + matches=( "$a" ) + break + elif [[ $a == "$q"* ]]; then + # Abbreviated match. + matches=( "${matches[@]}" "$a" ) + elif [[ $flags == *a* && $q == -[^-]* && $a == -"$q"* ]]; then + # Abbreviated alternative match. + matches=( "${matches[@]}" "${a#-}" ) + fi + done + case ${#matches[@]} in + (0) + [[ $flags == *q* ]] || \ + printf "$name: unrecognized option %s\\n" >&2 \ + "$(_getopt_quote "$q")" + return 2 ;; + (1) + printf '%s' "${matches[0]}"; return 0 ;; + (*) + [[ $flags == *q* ]] || \ + printf "$name: option %s is ambiguous; possibilities: %s\\n" >&2 \ + "$(_getopt_quote "$q")" "$(_getopt_quote "${matches[@]}")" + return 1 ;; + esac + } + + _getopt_split() { + # Splits $2 at commas to build array specified by $1 + declare IFS=, + eval "$1=( \$2 )" + } + + _getopt_quote() { + # Quotes arguments with single quotes, escaping inner single quotes + declare s space='' q=\' + for s; do + printf "$space'%s'" "${s//$q/$q\\$q$q}" + space=' ' + done + } + + _getopt_quote_csh() { + # Quotes arguments with single quotes, escaping inner single quotes, + # bangs, backslashes and newlines + declare s i c space + for s; do + echo -n "$space'" + for ((i=0; i<${#s}; i++)); do + c=${s:i:1} + case $c in + (\\|\'|!) + echo -n "'\\$c'" ;; + ($'\n') + echo -n "\\$c" ;; + (*) + echo -n "$c" ;; + esac + done + echo -n \' + space=' ' + done + } + + _getopt_help() { + cat <<-EOT >&2 + + Usage: + getopt + getopt [options] [--] + getopt [options] -o|--options [options] [--] + + Parse command options. + + Options: + -a, --alternative allow long options starting with single - + -l, --longoptions the long options to be recognized + -n, --name the name under which errors are reported + -o, --options the short options to be recognized + -q, --quiet disable error reporting by getopt(3) + -Q, --quiet-output no normal output + -s, --shell set quoting conventions to those of + -T, --test test for getopt(1) version + -u, --unquoted do not quote the output + + -h, --help display this help and exit + -V, --version output version information and exit + + For more details see getopt(1). + EOT + } + + _getopt_version_check() { + if [[ -z $BASH_VERSION ]]; then + echo "getopt: unknown version of bash might not be compatible" >&2 + return 1 + fi + + # This is a lexical comparison that should be sufficient forever. + if [[ $BASH_VERSION < 2.05b ]]; then + echo "getopt: bash $BASH_VERSION might not be compatible" >&2 + return 1 + fi + + return 0 + } + + _getopt_version_check + _getopt_main "$@" + declare status=$? + unset -f _getopt_main _getopt_err _getopt_parse _getopt_quote \ + _getopt_quote_csh _getopt_resolve_abbrev _getopt_split _getopt_help \ + _getopt_version_check + return $status +} + +# vim:sw=2 diff --git a/packer_fmt.sh b/packer_fmt.sh new file mode 100755 index 0000000..5ce717b --- /dev/null +++ b/packer_fmt.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +set -e + +declare -a paths + +index=0 + +for file_with_path in "$@"; do + file_with_path="${file_with_path// /__REPLACED__SPACE__}" + + paths[index]=$(dirname "$file_with_path") + (("index+=1")) +done + +for path_uniq in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do + path_uniq="${path_uniq//__REPLACED__SPACE__/ }" + + pushd "$path_uniq" > /dev/null + packer fmt "$path_uniq" + popd > /dev/null +done + +# *.pkrvars.hcl not located in the main directory are excluded by `packer fmt` +IFS= +pkrvars_dir=$(dirname "$(find . -path ./git -prune -false -o -name '*.pkrvars.hcl' -print -quit)") +echo "$pkrvars_dir" +cd "$pkrvars_dir" +packer fmt . diff --git a/packer_validate.sh b/packer_validate.sh new file mode 100755 index 0000000..2420cc7 --- /dev/null +++ b/packer_validate.sh @@ -0,0 +1,114 @@ +#!/usr/bin/env bash +set -eo pipefail + +# `packer validate` requires this env variable to be set +export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-east-1} + +main() { + initialize_ + parse_cmdline_ "$@" + packer_validate_ +} + +initialize_() { + # get directory containing this script + local dir + local source + source="${BASH_SOURCE[0]}" + while [[ -L $source ]]; do # resolve $source until the file is no longer a symlink + dir="$(cd -P "$(dirname "$source")" > /dev/null && pwd)" + source="$(readlink "$source")" + # if $source was a relative symlink, we need to resolve it relative to the path where the symlink file was located + [[ $source != /* ]] && source="$dir/$source" + done + _SCRIPT_DIR="$(dirname "$source")" + + # source getopt function + # shellcheck source=lib_getopt + # shellcheck disable=SC1091 + . "$_SCRIPT_DIR/lib_getopt" +} + +parse_cmdline_() { + declare argv + argv=$(getopt -o e:a: --long envs:,args: -- "$@") || return + eval "set -- $argv" + + for argv; do + case $argv in + -a | --args) + shift + ARGS+=("$1") + shift + ;; + -e | --envs) + shift + ENVS+=("$1") + shift + ;; + --) + shift + FILES=("$@") + break + ;; + esac + done +} + +packer_validate_() { + + # Setup environment variables + local var var_name var_value + for var in "${ENVS[@]}"; do + var_name="${var%%=*}" + var_value="${var#*=}" + # shellcheck disable=SC2086 + export $var_name="$var_value" + done + + declare -a paths + local index=0 + local error=0 + + local file_with_path + for file_with_path in "${FILES[@]}"; do + file_with_path="${file_with_path// /__REPLACED__SPACE__}" + + paths[index]=$(dirname "$file_with_path") + ((index += 1)) + done + + local path_uniq + for path_uniq in $(echo "${paths[*]}" | tr ' ' '\n' | sort -u); do + path_uniq="${path_uniq//__REPLACED__SPACE__/ }" + + if [[ -n "$(find "$path_uniq" -maxdepth 1 -name '*.pkr.hcl' -print)" ]]; then + + pushd "$(realpath "$path_uniq")" > /dev/null + set +e + validate_output=$(packer validate "${ARGS[@]}" . 2>&1) + validate_code=$? + set -e + + if [[ $validate_code != 0 ]]; then + error=1 + echo "Validation failed: $path_uniq" + echo "$validate_output" + echo + fi + + popd > /dev/null + fi + done + + if [[ $error -ne 0 ]]; then + exit 1 + fi +} + +# global arrays +declare -a ARGS +declare -a ENVS +declare -a FILES + +[[ ${BASH_SOURCE[0]} != "$0" ]] || main "$@" diff --git a/requirements-dev.txt b/requirements-dev.txt deleted file mode 100644 index d84ee68..0000000 --- a/requirements-dev.txt +++ /dev/null @@ -1,2 +0,0 @@ ---requirement requirements-test.txt -ipython diff --git a/requirements-test.txt b/requirements-test.txt deleted file mode 100644 index 66f74db..0000000 --- a/requirements-test.txt +++ /dev/null @@ -1,2 +0,0 @@ ---requirement requirements.txt -pre-commit diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 0a8547b..0000000 --- a/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -setuptools -wheel diff --git a/setup-env b/setup-env deleted file mode 100755 index 1579e04..0000000 --- a/setup-env +++ /dev/null @@ -1,188 +0,0 @@ -#!/usr/bin/env bash - -set -o nounset -set -o errexit -set -o pipefail - -USAGE=$(cat << 'END_OF_LINE' -Configure a developement environment for this repository. - -It does the following: - - Verifies pyenv and pyenv-virtualenv are installed. - - Creates a Python virtual environment. - - Configures the activation of the virtual enviroment for the repo directory. - - Installs the requirements needed for development. - - Installs git pre-commit hooks. - - Configures git upstream remote "lineage" repositories. - -Usage: - setup-env [options] [virt_env_name] - setup-env (-h | --help) - -Options: - -f --force Delete virtual enviroment if it already exists. - -h --help Show this message. - -i --install-hooks Install hook environments for all environments in the - pre-commit config file. - -END_OF_LINE -) - -# Flag to force deletion and creation of virtual environment -FORCE=0 - -# Positional parameters -PARAMS="" - -# Parse command line arguments -while (( "$#" )); do - case "$1" in - -f|--force) - FORCE=1 - shift - ;; - -h|--help) - echo "${USAGE}" - exit 0 - ;; - -i|--install-hooks) - INSTALL_HOOKS=1 - shift - ;; - -*) # unsupported flags - echo "Error: Unsupported flag $1" >&2 - exit 1 - ;; - *) # preserve positional arguments - PARAMS="$PARAMS $1" - shift - ;; - esac -done - -# set positional arguments in their proper place -eval set -- "$PARAMS" - -# Check to see if pyenv is installed -if [ -z "$(command -v pyenv)" ] || [ -z "$(command -v pyenv-virtualenv)" ]; then - echo "pyenv and pyenv-virtualenv are required." - if [[ "$OSTYPE" == "darwin"* ]]; then - cat << 'END_OF_LINE' - - On the Mac, we recommend installing brew, https://brew.sh/. Then installation - is as simple as `brew install pyenv pyenv-virtualenv` and adding this to your - profile: - - eval "$(pyenv init -)" - eval "$(pyenv virtualenv-init -)" - -END_OF_LINE - - fi - cat << 'END_OF_LINE' - For Linux, Windows Subsystem for Linux (WSL), or on the Mac (if you don't want - to use "brew") you can use https://github.com/pyenv/pyenv-installer to install - the necessary tools. Before running this ensure that you have installed the - prerequisites for your platform according to the pyenv wiki page, - https://github.com/pyenv/pyenv/wiki/common-build-problems. - - On WSL you should treat your platform as whatever Linux distribution you've - chosen to install. - - Once you have installed "pyenv" you will need to add the following lines to - your ".bashrc": - - export PATH="$PATH:$HOME/.pyenv/bin" - eval "$(pyenv init -)" - eval "$(pyenv virtualenv-init -)" -END_OF_LINE - exit 1 -fi - -set +o nounset -# Determine the virtual environment name -if [ "$1" ]; then - # Use the user-provided environment name - env_name=$1 -else - # Set the environment name to the last part of the working directory. - env_name=${PWD##*/} -fi -set -o nounset - -# Remove any lingering local configuration. -if [ $FORCE -ne 0 ]; then - rm -f .python-version - pyenv virtualenv-delete --force "${env_name}" || true -elif [[ -f .python-version ]]; then - cat << 'END_OF_LINE' - An existing .python-version file was found. Either remove this file yourself - or re-run with --force option to have it deleted along with the associated - virtual environment. - - rm .python-version - -END_OF_LINE - exit 1 -fi - -# Create a new virtual environment for this project -if ! pyenv virtualenv "${env_name}"; then - cat << END_OF_LINE - An existing virtual environment named $env_name was found. Either delete this - environment yourself or re-run with --force option to have it deleted. - - pyenv virtualenv-delete ${env_name} - -END_OF_LINE - exit 1 -fi - -# Set the local application-specific Python version(s) by writing the -# version name to a file named `.python-version'. -pyenv local "${env_name}" - -# Upgrade pip and friends -python3 -m pip install --upgrade pip setuptools wheel - -# Find a requirements file (if possible) and install -for req_file in "requirements-dev.txt" "requirements-test.txt" "requirements.txt"; do - if [[ -f $req_file ]]; then - pip install --requirement $req_file - break - fi -done - -# Install git pre-commit hooks now or later. -pre-commit install ${INSTALL_HOOKS:+"--install-hooks"} - -# Setup git remotes from lineage configuration -# This could fail if the remotes are already setup, but that is ok. -set +o errexit - -eval "$(python3 << 'END_OF_LINE' -from pathlib import Path -import yaml -import sys - -LINEAGE_CONFIG = Path(".github/lineage.yml") - -if not LINEAGE_CONFIG.exists(): - print("No lineage configuration found.", file=sys.stderr) - sys.exit(0) - -with LINEAGE_CONFIG.open("r") as f: - lineage = yaml.safe_load(stream=f) - -if lineage["version"] == "1": - for parent_name, v in lineage["lineage"].items(): - remote_url = v["remote-url"] - print(f"git remote add {parent_name} {remote_url};") - print(f"git remote set-url --push {parent_name} no_push;") -else: - print(f'Unsupported lineage version: {lineage["version"]}', file=sys.stderr) -END_OF_LINE -)" - -# Qapla -echo "Success!" From a9f6c45825b29f7e4b14f577d954435e0c20f1ca Mon Sep 17 00:00:00 2001 From: Samuel CHNIBER Date: Tue, 30 Mar 2021 20:42:12 +0200 Subject: [PATCH 2/4] fork in order to fix packer fmt to actually reformat + packer validate hook to take pkvars file as input --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8017d75..85bb09d 100644 --- a/README.md +++ b/README.md @@ -29,8 +29,8 @@ Step into the repository you want to have the pre-commit hooks installed and run git init cat < .pre-commit-config.yaml repos: -- repo: https://github.com/schniber/pre-commit-packer - rev: # Get the latest from: https://github.com/schniber/pre-commit-packer/releases +- repo: https://github.com/schniber/pre-commit-packer-1 + rev: # Get the latest from: https://github.com/schniber/pre-commit-packer-1/releases hooks: - id: packer_fmt - id: packer_validate From f3bda9fa9218b64287072fe47258bb98779aba6a Mon Sep 17 00:00:00 2001 From: Samuel CHNIBER Date: Tue, 30 Mar 2021 20:54:21 +0200 Subject: [PATCH 3/4] fork in order to fix packer fmt to actually reformat + packer validate hook to take pkvars file as input --- requirements-dev.txt | 2 + requirements-test.txt | 2 + requirements.txt | 2 + setup-env | 190 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 196 insertions(+) create mode 100644 requirements-dev.txt create mode 100644 requirements-test.txt create mode 100644 requirements.txt create mode 100755 setup-env diff --git a/requirements-dev.txt b/requirements-dev.txt new file mode 100644 index 0000000..d84ee68 --- /dev/null +++ b/requirements-dev.txt @@ -0,0 +1,2 @@ +--requirement requirements-test.txt +ipython diff --git a/requirements-test.txt b/requirements-test.txt new file mode 100644 index 0000000..66f74db --- /dev/null +++ b/requirements-test.txt @@ -0,0 +1,2 @@ +--requirement requirements.txt +pre-commit diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..0a8547b --- /dev/null +++ b/requirements.txt @@ -0,0 +1,2 @@ +setuptools +wheel diff --git a/setup-env b/setup-env new file mode 100755 index 0000000..5d7f673 --- /dev/null +++ b/setup-env @@ -0,0 +1,190 @@ +#!/usr/bin/env bash + +set -o nounset +set -o errexit +set -o pipefail + +USAGE=$( + cat << 'END_OF_LINE' +Configure a developement environment for this repository. + +It does the following: + - Verifies pyenv and pyenv-virtualenv are installed. + - Creates a Python virtual environment. + - Configures the activation of the virtual enviroment for the repo directory. + - Installs the requirements needed for development. + - Installs git pre-commit hooks. + - Configures git upstream remote "lineage" repositories. + +Usage: + setup-env [options] [virt_env_name] + setup-env (-h | --help) + +Options: + -f --force Delete virtual enviroment if it already exists. + -h --help Show this message. + -i --install-hooks Install hook environments for all environments in the + pre-commit config file. + +END_OF_LINE +) + +# Flag to force deletion and creation of virtual environment +FORCE=0 + +# Positional parameters +PARAMS="" + +# Parse command line arguments +while (("$#")); do + case "$1" in + -f | --force) + FORCE=1 + shift + ;; + -h | --help) + echo "${USAGE}" + exit 0 + ;; + -i | --install-hooks) + INSTALL_HOOKS=1 + shift + ;; + -*) # unsupported flags + echo "Error: Unsupported flag $1" >&2 + exit 1 + ;; + *) # preserve positional arguments + PARAMS="$PARAMS $1" + shift + ;; + esac +done + +# set positional arguments in their proper place +eval set -- "$PARAMS" + +# Check to see if pyenv is installed +if [ -z "$(command -v pyenv)" ] || [ -z "$(command -v pyenv-virtualenv)" ]; then + echo "pyenv and pyenv-virtualenv are required." + if [[ "$OSTYPE" == "darwin"* ]]; then + cat << 'END_OF_LINE' + + On the Mac, we recommend installing brew, https://brew.sh/. Then installation + is as simple as `brew install pyenv pyenv-virtualenv` and adding this to your + profile: + + eval "$(pyenv init -)" + eval "$(pyenv virtualenv-init -)" + +END_OF_LINE + + fi + cat << 'END_OF_LINE' + For Linux, Windows Subsystem for Linux (WSL), or on the Mac (if you don't want + to use "brew") you can use https://github.com/pyenv/pyenv-installer to install + the necessary tools. Before running this ensure that you have installed the + prerequisites for your platform according to the pyenv wiki page, + https://github.com/pyenv/pyenv/wiki/common-build-problems. + + On WSL you should treat your platform as whatever Linux distribution you've + chosen to install. + + Once you have installed "pyenv" you will need to add the following lines to + your ".bashrc": + + export PATH="$PATH:$HOME/.pyenv/bin" + eval "$(pyenv init -)" + eval "$(pyenv virtualenv-init -)" +END_OF_LINE + exit 1 +fi + +set +o nounset +# Determine the virtual environment name +if [ "$1" ]; then + # Use the user-provided environment name + env_name=$1 +else + # Set the environment name to the last part of the working directory. + env_name=${PWD##*/} +fi +set -o nounset + +# Remove any lingering local configuration. +if [ $FORCE -ne 0 ]; then + rm -f .python-version + pyenv virtualenv-delete --force "${env_name}" || true +elif [[ -f .python-version ]]; then + cat << 'END_OF_LINE' + An existing .python-version file was found. Either remove this file yourself + or re-run with --force option to have it deleted along with the associated + virtual environment. + + rm .python-version + +END_OF_LINE + exit 1 +fi + +# Create a new virtual environment for this project +if ! pyenv virtualenv "${env_name}"; then + cat << END_OF_LINE + An existing virtual environment named $env_name was found. Either delete this + environment yourself or re-run with --force option to have it deleted. + + pyenv virtualenv-delete ${env_name} + +END_OF_LINE + exit 1 +fi + +# Set the local application-specific Python version(s) by writing the +# version name to a file named `.python-version'. +pyenv local "${env_name}" + +# Upgrade pip and friends +python3 -m pip install --upgrade pip setuptools wheel + +# Find a requirements file (if possible) and install +for req_file in "requirements-dev.txt" "requirements-test.txt" "requirements.txt"; do + if [[ -f $req_file ]]; then + pip install --requirement $req_file + break + fi +done + +# Install git pre-commit hooks now or later. +pre-commit install ${INSTALL_HOOKS:+"--install-hooks"} + +# Setup git remotes from lineage configuration +# This could fail if the remotes are already setup, but that is ok. +set +o errexit + +eval "$( + python3 << 'END_OF_LINE' +from pathlib import Path +import yaml +import sys + +LINEAGE_CONFIG = Path(".github/lineage.yml") + +if not LINEAGE_CONFIG.exists(): + print("No lineage configuration found.", file=sys.stderr) + sys.exit(0) + +with LINEAGE_CONFIG.open("r") as f: + lineage = yaml.safe_load(stream=f) + +if lineage["version"] == "1": + for parent_name, v in lineage["lineage"].items(): + remote_url = v["remote-url"] + print(f"git remote add {parent_name} {remote_url};") + print(f"git remote set-url --push {parent_name} no_push;") +else: + print(f'Unsupported lineage version: {lineage["version"]}', file=sys.stderr) +END_OF_LINE +)" + +# Qapla +echo "Success!" From ab773591ea35ce3efab99671de3f8001f5a0ccd6 Mon Sep 17 00:00:00 2001 From: Samuel CHNIBER Date: Tue, 30 Mar 2021 23:02:29 +0200 Subject: [PATCH 4/4] alignment with contribution guidelines --- .bandit.yml | 13 ++ .flake8 | 25 +++ .gitignore | 3 + .isort.cfg | 10 ++ .mdl_config.json | 10 ++ .pre-commit-config.yaml | 148 ++++++++++++++++-- .pre-commit-hooks.yaml | 7 +- .prettierignore | 7 + .yamllint | 7 + CONTRIBUTING.md | 141 +++++++++++++++++ LICENSE | 116 ++++++++++++++ README.md | 105 ++++++------- packer_fmt.sh => hooks/packer_fmt.sh | 0 .../packer_validate.sh | 3 - setup-env | 14 +- 15 files changed, 522 insertions(+), 87 deletions(-) create mode 100644 .bandit.yml create mode 100644 .flake8 create mode 100644 .gitignore create mode 100644 .isort.cfg create mode 100644 .mdl_config.json create mode 100644 .prettierignore create mode 100644 .yamllint create mode 100644 CONTRIBUTING.md create mode 100644 LICENSE rename packer_fmt.sh => hooks/packer_fmt.sh (100%) rename packer_validate.sh => hooks/packer_validate.sh (95%) diff --git a/.bandit.yml b/.bandit.yml new file mode 100644 index 0000000..8ba42d1 --- /dev/null +++ b/.bandit.yml @@ -0,0 +1,13 @@ +--- +# Configuration file for the Bandit python security scanner +# https://bandit.readthedocs.io/en/latest/config.html + +# Tests are first included by `tests`, and then excluded by `skips`. +# If `tests` is empty, all tests are are considered included. + +tests: +# - B101 +# - B102 + +skips: +# - B101 # skip "assert used" check since assertions are required in pytests diff --git a/.flake8 b/.flake8 new file mode 100644 index 0000000..92ff826 --- /dev/null +++ b/.flake8 @@ -0,0 +1,25 @@ +[flake8] +max-line-length = 80 +# Select (turn on) +# * Complexity violations reported by mccabe (C) - +# http://flake8.pycqa.org/en/latest/user/error-codes.html#error-violation-codes +# * Documentation conventions compliance reported by pydocstyle (D) - +# http://www.pydocstyle.org/en/stable/error_codes.html +# * Default errors and warnings reported by pycodestyle (E and W) - +# https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes +# * Default errors reported by pyflakes (F) - +# http://flake8.pycqa.org/en/latest/glossary.html#term-pyflakes +# * Default warnings reported by flake8-bugbear (B) - +# https://github.com/PyCQA/flake8-bugbear#list-of-warnings +# * The B950 flake8-bugbear opinionated warning - +# https://github.com/PyCQA/flake8-bugbear#opinionated-warnings +select = C,D,E,F,W,B,B950 +# Ignore flake8's default warning about maximum line length, which has +# a hard stop at the configured value. Instead we use +# flake8-bugbear's B950, which allows up to 10% overage. +# +# Also ignore flake8's warning about line breaks before binary +# operators. It no longer agrees with PEP8. See, for example, here: +# https://github.com/ambv/black/issues/21. Guido agrees here: +# https://github.com/python/peps/commit/c59c4376ad233a62ca4b3a6060c81368bd21e85b. +ignore = E501,W503 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4b15d77 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +__pycache__ +.mypy_cache +.python-version diff --git a/.isort.cfg b/.isort.cfg new file mode 100644 index 0000000..46d45f3 --- /dev/null +++ b/.isort.cfg @@ -0,0 +1,10 @@ +[settings] +combine_star=true +force_sort_within_sections=true + +import_heading_stdlib=Standard Python Libraries +import_heading_thirdparty=Third-Party Libraries +import_heading_firstparty=cisagov Libraries + +# Run isort under the black profile to align with our other Python linting +profile=black diff --git a/.mdl_config.json b/.mdl_config.json new file mode 100644 index 0000000..7a6f3f8 --- /dev/null +++ b/.mdl_config.json @@ -0,0 +1,10 @@ +{ + "MD013": { + "code_blocks": false, + "tables": false + }, + "MD024": { + "allow_different_nesting": true + }, + "default": true +} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a0304e2..c851317 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,15 +1,135 @@ +--- +default_language_version: + # force all unspecified python hooks to run python3 + python: python3 + repos: -- repo: git://github.com/pre-commit/pre-commit-hooks - rev: v3.4.0 - hooks: - - id: check-yaml - - id: end-of-file-fixer - - id: trailing-whitespace - - id: check-case-conflict - - id: check-merge-conflict - - id: check-executables-have-shebangs -- repo: git://github.com/jumanjihouse/pre-commit-hooks - rev: 2.1.5 - hooks: - - id: shfmt - args: ['-l', '-i', '2', '-ci', '-sr', '-w'] + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v3.4.0 + hooks: + - id: check-case-conflict + - id: check-executables-have-shebangs + - id: check-json + - id: check-merge-conflict + - id: check-toml + - id: check-xml + - id: debug-statements + - id: detect-aws-credentials + args: + - --allow-missing-credentials + - id: detect-private-key + - id: end-of-file-fixer + exclude: files/(issue|motd) + - id: mixed-line-ending + args: + - --fix=lf + - id: pretty-format-json + args: + - --autofix + - id: requirements-txt-fixer + - id: trailing-whitespace + + # Text file hooks + - repo: https://github.com/igorshubovych/markdownlint-cli + rev: v0.26.0 + hooks: + - id: markdownlint + args: + - --config=.mdl_config.json + - repo: https://github.com/pre-commit/mirrors-prettier + rev: v2.2.1 + hooks: + - id: prettier + - repo: https://github.com/adrienverge/yamllint + rev: v1.26.0 + hooks: + - id: yamllint + args: + - --strict + + # Shell script hooks + - repo: https://github.com/lovesegfault/beautysh + rev: 6.0.1 + hooks: + - id: beautysh + args: + - --indent-size + - '2' + - repo: https://github.com/detailyang/pre-commit-shell + rev: 1.0.5 + hooks: + - id: shell-lint + + # Python hooks + - repo: https://github.com/PyCQA/bandit + rev: 1.7.0 + hooks: + - id: bandit + args: + - --config=.bandit.yml + - repo: https://github.com/psf/black + rev: 20.8b1 + hooks: + - id: black + - repo: https://gitlab.com/pycqa/flake8 + rev: 3.8.4 + hooks: + - id: flake8 + additional_dependencies: + - flake8-docstrings + - repo: https://github.com/PyCQA/isort + rev: 5.7.0 + hooks: + - id: isort + - repo: https://github.com/pre-commit/mirrors-mypy + rev: v0.800 + hooks: + - id: mypy + - repo: https://github.com/asottile/pyupgrade + rev: v2.10.0 + hooks: + - id: pyupgrade + + # Ansible hooks + - repo: https://github.com/ansible-community/ansible-lint + # This is intentionally being held back because of issues in v5 per + # https://github.com/cisagov/skeleton-ansible-role/issues/69 + rev: v4.3.7 + hooks: + - id: ansible-lint + # files: molecule/default/playbook.yml + + # Terraform hooks + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.45.0 + hooks: + - id: terraform_fmt + # There are ongoing issues with how this command works. This issue + # documents the core issue: + # https://github.com/hashicorp/terraform/issues/21408 + # We have seen issues primarily with proxy providers and Terraform code + # that uses remote state. The PR + # https://github.com/hashicorp/terraform/pull/24887 + # has been approved and is part of the 0.13 release to resolve the issue + # with remote states. + # The PR + # https://github.com/hashicorp/terraform/pull/24896 + # is a proprosed fix to deal with `terraform validate` with proxy + # providers (among other configurations). + # We have decided to disable the terraform_validate hook until the issues + # above have been resolved, which we hope will be with the release of + # Terraform 0.13. + # - id: terraform_validate + + # Docker hooks + - repo: https://github.com/IamTheFij/docker-pre-commit + rev: v2.0.0 + hooks: + - id: docker-compose-check + + # Packer hooks + - repo: https://github.com/cisagov/pre-commit-packer + rev: v0.0.2 + hooks: + - id: packer_validate + - id: packer_fmt diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 92275fb..9f0ecc6 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -1,14 +1,15 @@ +--- - id: packer_fmt name: Packer fmt description: Rewrites all Packer configuration files to a canonical format. - entry: packer_fmt.sh + entry: hooks/packer_fmt.sh language: script - files: (packer\.json|\.pkr\.hcl)$ + files: (packer\.json|\.pkr\.hcl|\.pkrvars\.hcl)$ - id: packer_validate name: Packer validate description: Validates all Packer configuration files. require_serial: true - entry: packer_validate.sh + entry: hooks/packer_validate.sh language: script files: (packer\.json|\.pkr\.hcl)$ diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..738d402 --- /dev/null +++ b/.prettierignore @@ -0,0 +1,7 @@ +# Already being linted by pretty-format-json +*.json +# Already being linted by mdl +*.md +# Already being linted by yamllint +*.yaml +*.yml diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..7ed00eb --- /dev/null +++ b/.yamllint @@ -0,0 +1,7 @@ +--- +extends: default + +rules: + # yamllint doesn't like when we use yes and no for true and false, + # but that's pretty standard in Ansible. + truthy: disable diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..52def3c --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,141 @@ +# Welcome # + +We're so glad you're thinking about contributing to this open source +project! If you're unsure or afraid of anything, just ask or submit +the issue or pull request anyway. The worst that can happen is that +you'll be politely asked to change something. We appreciate any sort +of contribution, and don't want a wall of rules to get in the way of +that. + +Before contributing, we encourage you to read our CONTRIBUTING policy +(you are here), our [LICENSE](LICENSE), and our [README](README.md), +all of which should be in this repository. + +## Issues ## + +If you want to report a bug or request a new feature, the most direct +method is to [create an +issue](https://github.com/cisagov/pre-commit-packer/issues) in this +repository. We recommend that you first search through existing +issues (both open and closed) to check if your particular issue has +already been reported. If it has then you might want to add a comment +to the existing issue. If it hasn't then feel free to create a new +one. + +## Pull requests ## + +If you choose to [submit a pull +request](https://github.com/cisagov/pre-commit-packer/pulls), you will +notice that our continuous integration (CI) system runs a fairly +extensive set of linters and syntax checkers. Your pull request may +fail these checks, and that's OK. If you want you can stop there and +wait for us to make the necessary corrections to ensure your code +passes the CI checks. + +If you want to make the changes yourself, or if you want to become a +regular contributor, then you will want to set up +[pre-commit](https://pre-commit.com/) on your local machine. Once you +do that, the CI checks will run locally before you even write your +commit message. This speeds up your development cycle considerably. + +### Setting up pre-commit ### + +There are a few ways to do this, but we prefer to use +[`pyenv`](https://github.com/pyenv/pyenv) and +[`pyenv-virtualenv`](https://github.com/pyenv/pyenv-virtualenv) to +create and manage a Python virtual environment specific to this +project. + +If you already have `pyenv` and `pyenv-virtualenv` configured you can +take advantage of the `setup-env` tool in this repo to automate the +entire environment configuration process. + +```console +./setup-env +``` + +Otherwise, follow the steps below to manually configure your +environment. + +#### Installing and using `pyenv` and `pyenv-virtualenv` #### + +On the Mac, we recommend installing [brew](https://brew.sh/). Then +installation is as simple as `brew install pyenv pyenv-virtualenv` and +adding this to your profile: + +```bash +eval "$(pyenv init -)" +eval "$(pyenv virtualenv-init -)" +``` + +For Linux, Windows Subsystem for Linux (WSL), or on the Mac (if you +don't want to use `brew`) you can use +[pyenv/pyenv-installer](https://github.com/pyenv/pyenv-installer) to +install the necessary tools. Before running this ensure that you have +installed the prerequisites for your platform according to the +[`pyenv` wiki +page](https://github.com/pyenv/pyenv/wiki/common-build-problems). + +On WSL you should treat your platform as whatever Linux distribution +you've chosen to install. + +Once you have installed `pyenv` you will need to add the following +lines to your `.bashrc`: + +```bash +export PATH="$PATH:$HOME/.pyenv/bin" +eval "$(pyenv init -)" +eval "$(pyenv virtualenv-init -)" +``` + +If you are using a shell other than `bash` you should follow the +instructions that the `pyenv-installer` script outputs. + +You will need to reload your shell for these changes to take effect so +you can begin to use `pyenv`. + +For a list of Python versions that are already installed and ready to +use with `pyenv`, use the command `pyenv versions`. To see a list of +the Python versions available to be installed and used with `pyenv` +use the command `pyenv install --list`. You can read more +[here](https://github.com/pyenv/pyenv/blob/master/COMMANDS.md) about +the many things that `pyenv` can do. See +[here](https://github.com/pyenv/pyenv-virtualenv#usage) for the +additional capabilities that pyenv-virtualenv adds to the `pyenv` +command. + +#### Creating the Python virtual environment #### + +Once `pyenv` and `pyenv-virtualenv` are installed on your system, you +can create and configure the Python virtual environment with these +commands: + +```console +cd pre-commit-packer +pyenv virtualenv pre-commit-packer +pyenv local pre-commit-packer +pip install --requirement requirements-dev.txt +``` + +#### Installing the pre-commit hook #### + +Now setting up pre-commit is as simple as: + +```console +pre-commit install +``` + +At this point the pre-commit checks will run against any files that +you attempt to commit. If you want to run the checks against the +entire repo, just execute `pre-commit run --all-files`. + +## Public domain ## + +This project is in the public domain within the United States, and +copyright and related rights in the work worldwide are waived through +the [CC0 1.0 Universal public domain +dedication](https://creativecommons.org/publicdomain/zero/1.0/). + +All contributions to this project will be released under the CC0 +dedication. By submitting a pull request, you are agreeing to comply +with this waiver of copyright interest. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..670154e --- /dev/null +++ b/LICENSE @@ -0,0 +1,116 @@ +CC0 1.0 Universal + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator and +subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for the +purpose of contributing to a commons of creative, cultural and scientific +works ("Commons") that the public can reliably and without fear of later +claims of infringement build upon, modify, incorporate in other works, reuse +and redistribute as freely as possible in any form whatsoever and for any +purposes, including without limitation commercial purposes. These owners may +contribute to the Commons to promote the ideal of a free culture and the +further production of creative, cultural and scientific works, or to gain +reputation or greater distribution for their Work in part through the use and +efforts of others. + +For these and/or other purposes and motivations, and without any expectation +of additional consideration or compensation, the person associating CC0 with a +Work (the "Affirmer"), to the extent that he or she is an owner of Copyright +and Related Rights in the Work, voluntarily elects to apply CC0 to the Work +and publicly distribute the Work under its terms, with knowledge of his or her +Copyright and Related Rights in the Work and the meaning and intended legal +effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not limited +to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, communicate, + and translate a Work; + + ii. moral rights retained by the original author(s) and/or performer(s); + + iii. publicity and privacy rights pertaining to a person's image or likeness + depicted in a Work; + + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + + v. rights protecting the extraction, dissemination, use and reuse of data in + a Work; + + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation thereof, + including any amended or successor version of such directive); and + + vii. other similar, equivalent or corresponding rights throughout the world + based on applicable law or treaty, and any national implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention of, +applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and +unconditionally waives, abandons, and surrenders all of Affirmer's Copyright +and Related Rights and associated claims and causes of action, whether now +known or unknown (including existing as well as future claims and causes of +action), in the Work (i) in all territories worldwide, (ii) for the maximum +duration provided by applicable law or treaty (including future time +extensions), (iii) in any current or future medium and for any number of +copies, and (iv) for any purpose whatsoever, including without limitation +commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes +the Waiver for the benefit of each member of the public at large and to the +detriment of Affirmer's heirs and successors, fully intending that such Waiver +shall not be subject to revocation, rescission, cancellation, termination, or +any other legal or equitable action to disrupt the quiet enjoyment of the Work +by the public as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason be +judged legally invalid or ineffective under applicable law, then the Waiver +shall be preserved to the maximum extent permitted taking into account +Affirmer's express Statement of Purpose. In addition, to the extent the Waiver +is so judged Affirmer hereby grants to each affected person a royalty-free, +non transferable, non sublicensable, non exclusive, irrevocable and +unconditional license to exercise Affirmer's Copyright and Related Rights in +the Work (i) in all territories worldwide, (ii) for the maximum duration +provided by applicable law or treaty (including future time extensions), (iii) +in any current or future medium and for any number of copies, and (iv) for any +purpose whatsoever, including without limitation commercial, advertising or +promotional purposes (the "License"). The License shall be deemed effective as +of the date CC0 was applied by Affirmer to the Work. Should any part of the +License for any reason be judged legally invalid or ineffective under +applicable law, such partial invalidity or ineffectiveness shall not +invalidate the remainder of the License, and in such case Affirmer hereby +affirms that he or she will not (i) exercise any of his or her remaining +Copyright and Related Rights in the Work or (ii) assert any associated claims +and causes of action with respect to the Work, in either case contrary to +Affirmer's express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + + b. Affirmer offers the Work as-is and makes no representations or warranties + of any kind concerning the Work, express, implied, statutory or otherwise, + including without limitation warranties of title, merchantability, fitness + for a particular purpose, non infringement, or the absence of latent or + other defects, accuracy, or the present or absence of errors, whether or not + discoverable, all to the greatest extent permissible under applicable law. + + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without limitation + any person's Copyright and Related Rights in the Work. Further, Affirmer + disclaims responsibility for obtaining any necessary consents, permissions + or other rights required for any use of the Work. + + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to this + CC0 or use of the Work. + +For more information, please see + diff --git a/README.md b/README.md index 85bb09d..6866660 100644 --- a/README.md +++ b/README.md @@ -1,78 +1,42 @@ -# Collection of git hooks for Packer to be used with [pre-commit framework](http://pre-commit.com/) +# pre-commit-packer # -## How to install +[![GitHub Build Status](https://github.com/cisagov/pre-commit-packer/workflows/build/badge.svg)](https://github.com/cisagov/pre-commit-packer/actions) -### 1. Install dependencies +This is a set of [pre-commit](https://pre-commit.com) hooks intended for +projects using [Packer](https://www.packer.io/). -* [`pre-commit`](https://pre-commit.com/#install) -* [`coreutils`](https://formulae.brew.sh/formula/coreutils) required for `packer_validate` hook on macOS (due to use of `realpath`). +## Available Hooks ## -##### MacOS - -```bash -brew install pre-commit pre-commit coreutils -``` - -### 2. Install the pre-commit hook globally - -```bash -DIR=~/.git-template -git config --global init.templateDir ${DIR} -pre-commit init-templatedir -t pre-commit ${DIR} -``` - -### 3. Add configs and hooks +| Hook name | Description | +| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------- | +| `packer_fmt` | Rewrites all Packer configuration files to a canonical format. | +| `packer_validate` | Validates all Packer configuration files. | -Step into the repository you want to have the pre-commit hooks installed and run: +## Usage ## -```bash -git init -cat < .pre-commit-config.yaml +```yaml repos: -- repo: https://github.com/schniber/pre-commit-packer-1 - rev: # Get the latest from: https://github.com/schniber/pre-commit-packer-1/releases - hooks: + - repo: https://github.com/cisagov/pre-commit-packer + rev: # Version from https://github.com/cisagov/pre-commit-packer/releases + hooks: - id: packer_fmt - id: packer_validate args: - '--args=--var-file=inputs/dev.pkrvars.hcl' -EOF -``` - -### 4. Run - -After pre-commit hook has been installed you can run it manually on all files in the repository - -```bash -pre-commit run -a ``` -## Available Hooks - -There are several [pre-commit](https://pre-commit.com/) hooks to keep Packer configurations (both `*.pkr.hcl` and `*.pkrvars.hcl`) and Packer json configurations (`packer*.json`) in a good shape: - -| Hook name | Description | -| ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------- | -| `packer_fmt` | Rewrites all Packer configuration files to a canonical format. | -| `packer_validate` | Validates all Packer configuration files. | +## Notes about the `packer_fmt` hook ## -Check the [source file](https://github.com/schniber/pre-commit-packer/blob/master/.pre-commit-hooks.yaml) to know arguments used for each hook. +This hook scans any files in the packer configuration ending in `packer.json`,`.pkr.hcl` +and `.pkrvars.hcl` and applies packer formatting. -## Notes about packer_fmt hooks +## Notes about the `packer_validate` hook ## -1. `packer_fmt` automatically scans for *.pkr.hcl files and locates the subfolder containing the *.pkrvars.hcl files before applying the Packer Formatting. +1. `packer_validate` supports custom arguments so you can pass supported +no-color or json flags. 1. Example: - ```yaml - hooks: - - id: packer_fmt - ``` - -## Notes about packer_validate hooks - -1. `packer_validate` supports custom arguments so you can pass supported no-color or json flags. - 1. Example: ```yaml hooks: - id: packer_validate @@ -80,15 +44,19 @@ Check the [source file](https://github.com/schniber/pre-commit-packer/blob/maste ``` In order to pass multiple args, try the following: + ```yaml - id: packer_validate args: - '--args=-json' - '--args=-no-color' ``` -1. `packer_validate` also supports custom environment variables passed to the pre-commit runtime + +1. `packer_validate` also supports custom environment variables passed to +the pre-commit runtime 1. Example: + ```yaml hooks: - id: packer_validate @@ -96,6 +64,7 @@ Check the [source file](https://github.com/schniber/pre-commit-packer/blob/maste ``` In order to pass multiple args, try the following: + ```yaml - id: packer_validate args: @@ -104,9 +73,11 @@ Check the [source file](https://github.com/schniber/pre-commit-packer/blob/maste - '--envs=AWS_SECRET_ACCESS_KEY="asecretkey"' ``` -1. `packer_validate` also supports custom arguments allowing to choose the input pkrvars.hcl passed to the pre-commit runtime to validate your packer configuration +1. `packer_validate` also supports custom arguments allowing to choose +the input pkrvars.hcl passed to the pre-commit runtime to validate your packer configuration 1. Example: + ```yaml hooks: - id: packer_validate @@ -114,4 +85,20 @@ Check the [source file](https://github.com/schniber/pre-commit-packer/blob/maste - '--args=--var-file=inputs/dev.pkrvars.hcl' ``` -Enjoy the clean & valid packer code! +## Contributing ## + +We welcome contributions! Please see [`CONTRIBUTING.md`](CONTRIBUTING.md) for +details. + +## License ## + +This project is in the worldwide [public domain](LICENSE). + +This project is in the public domain within the United States, and +copyright and related rights in the work worldwide are waived through +the [CC0 1.0 Universal public domain +dedication](https://creativecommons.org/publicdomain/zero/1.0/). + +All contributions to this project will be released under the CC0 +dedication. By submitting a pull request, you are agreeing to comply +with this waiver of copyright interest. diff --git a/packer_fmt.sh b/hooks/packer_fmt.sh similarity index 100% rename from packer_fmt.sh rename to hooks/packer_fmt.sh diff --git a/packer_validate.sh b/hooks/packer_validate.sh similarity index 95% rename from packer_validate.sh rename to hooks/packer_validate.sh index 2420cc7..3d47634 100755 --- a/packer_validate.sh +++ b/hooks/packer_validate.sh @@ -1,9 +1,6 @@ #!/usr/bin/env bash set -eo pipefail -# `packer validate` requires this env variable to be set -export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-east-1} - main() { initialize_ parse_cmdline_ "$@" diff --git a/setup-env b/setup-env index 5d7f673..1579e04 100755 --- a/setup-env +++ b/setup-env @@ -4,8 +4,7 @@ set -o nounset set -o errexit set -o pipefail -USAGE=$( - cat << 'END_OF_LINE' +USAGE=$(cat << 'END_OF_LINE' Configure a developement environment for this repository. It does the following: @@ -36,17 +35,17 @@ FORCE=0 PARAMS="" # Parse command line arguments -while (("$#")); do +while (( "$#" )); do case "$1" in - -f | --force) + -f|--force) FORCE=1 shift ;; - -h | --help) + -h|--help) echo "${USAGE}" exit 0 ;; - -i | --install-hooks) + -i|--install-hooks) INSTALL_HOOKS=1 shift ;; @@ -161,8 +160,7 @@ pre-commit install ${INSTALL_HOOKS:+"--install-hooks"} # This could fail if the remotes are already setup, but that is ok. set +o errexit -eval "$( - python3 << 'END_OF_LINE' +eval "$(python3 << 'END_OF_LINE' from pathlib import Path import yaml import sys