Skip to content

Commit

Permalink
fix: lock
Browse files Browse the repository at this point in the history
  • Loading branch information
@christian-calabrese
christian-calabrese committed Dec 23, 2024
1 parent 0a709d7 commit 262b73f
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 31 deletions.
33 changes: 7 additions & 26 deletions .github/workflows/infra_plan.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,9 +159,6 @@ jobs:
local module_path="$1"
tar --exclude="$module_path/.*" -cf - "$module_path" | sha256sum | awk '{ print $1 }'
}
missing_modules=()
changed_modules=()
# Iterate over modules listed in the metadata that were sourced from the Terraform registry
jq -r --arg registry_url "$REGISTRY_URL" \
Expand All @@ -178,39 +175,23 @@ jobs:
previous_hash=$(jq -r --arg module "$module_name" '.[$module]' "$HASHES_FILE")
if [ "$previous_hash" = "null" ] || [ -z "$previous_hash" ]; then
# Add to missing modules array
missing_modules+=("$module_name")
# The hash for the current module is not found
echo "Error: the hash for module $module_name is missing in $HASHES_FILE. Please ensure it exists and is up to date."
exit 1
else
# Compare the hashes
if [ "$previous_hash" == "$new_hash" ]; then
echo "The module $module_name has not changed."
else
changed_modules+=("$module_name")
echo "The module $module_name has changed!"
# Exit with an error if the module has changed
exit 1
fi
fi
else
echo "Module path $module_path not found."
fi
done < <(jq -r --arg registry_url "$REGISTRY_URL" \
'.Modules[] | select(.Source | contains($registry_url)) | .Key' \
"$MODULES_METADATA")
# Check if we found any issues and report them
if [ ${#missing_modules[@]} -gt 0 ] || [ ${#changed_modules[@]} -gt 0 ]; then
echo -e "\nSummary of issues found:"
if [ ${#missing_modules[@]} -gt 0 ]; then
echo -e "\nModules missing from lock file:"
printf '%s\n' "${missing_modules[@]}"
fi
if [ ${#changed_modules[@]} -gt 0 ]; then
echo -e "\nModules with changed hashes:"
printf '%s\n' "${changed_modules[@]}"
fi
exit 1
fi
done
# Run Terraform Plan
Expand Down
3 changes: 1 addition & 2 deletions infra/resources/dev/tfmodules.lock.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
{
"dx-azure-naming-convention": "0c9ce3717cffe952bc1a3873a94374dfc9894516a08209db8879295b3068c0a2",
"dx-azure-naming-conventionz": "acc4deff5f60bec71440ab808a4721416417478d3793b2f8dc86f9ed9400230b"
"dx-azure-naming-conventionz": "302662f449f4359dc31a92ac3be39b3cb6311efe769c45d21149b40ab2453aa5"
}
8 changes: 5 additions & 3 deletions infra/scripts/lock-modules.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,8 @@ function needs_terraform_get() {
function ensure_terraform_get() {
if needs_terraform_get; then
warn "Running terraform get in $(pwd)"
if ! terraform get >/dev/null; then
rm -rf "$MODULES_DIR" 2>/dev/null || true
if ! terraform get -update >/dev/null; then
error "terraform get failed"
return 1
fi
Expand All @@ -111,7 +112,7 @@ function ensure_terraform_get() {
function calculate_hash() {
local -r module_path="$1"
# Create tar archive excluding hidden files, then calculate SHA256 hash
tar --exclude="$module_path/.*" -cf - "$module_path" | sha256sum | awk '{ print $1 }'
tar --exclude='$module_path/.*' -cf - "$module_path" | sha256sum | awk '{ print $1 }'
}

# Initialize or create the hashes file if it doesn't exist
Expand Down Expand Up @@ -188,10 +189,11 @@ function process_directory() {

ensure_terraform_get || return 1

rm -f "$HASHES_FILE"

# Check if lock file exists but no registry modules are present
if [[ -f "$HASHES_FILE" ]] && ! has_registry_modules; then
info "No registry modules found but lock file exists, removing it"
rm -f "$HASHES_FILE"
cd "$base_dir"
return 0
fi
Expand Down

0 comments on commit 262b73f

Please sign in to comment.