From 262b73fa418d05e3f6adb1496d5fe4e6630e4913 Mon Sep 17 00:00:00 2001 From: christian-calabrese Date: Mon, 23 Dec 2024 16:05:36 +0100 Subject: [PATCH] fix: lock --- .github/workflows/infra_plan.yaml | 33 ++++++------------------- infra/resources/dev/tfmodules.lock.json | 3 +-- infra/scripts/lock-modules.sh | 8 +++--- 3 files changed, 13 insertions(+), 31 deletions(-) diff --git a/.github/workflows/infra_plan.yaml b/.github/workflows/infra_plan.yaml index ee10d1a6..439678b0 100644 --- a/.github/workflows/infra_plan.yaml +++ b/.github/workflows/infra_plan.yaml @@ -159,9 +159,6 @@ jobs: local module_path="$1" tar --exclude="$module_path/.*" -cf - "$module_path" | sha256sum | awk '{ print $1 }' } - - missing_modules=() - changed_modules=() # Iterate over modules listed in the metadata that were sourced from the Terraform registry jq -r --arg registry_url "$REGISTRY_URL" \ @@ -178,39 +175,23 @@ jobs: previous_hash=$(jq -r --arg module "$module_name" '.[$module]' "$HASHES_FILE") if [ "$previous_hash" = "null" ] || [ -z "$previous_hash" ]; then - # Add to missing modules array - missing_modules+=("$module_name") + # The hash for the current module is not found + echo "Error: the hash for module $module_name is missing in $HASHES_FILE. Please ensure it exists and is up to date." + exit 1 else # Compare the hashes if [ "$previous_hash" == "$new_hash" ]; then echo "The module $module_name has not changed." else - changed_modules+=("$module_name") + echo "The module $module_name has changed!" + # Exit with an error if the module has changed + exit 1 fi fi else echo "Module path $module_path not found." fi - done < <(jq -r --arg registry_url "$REGISTRY_URL" \ - '.Modules[] | select(.Source | contains($registry_url)) | .Key' \ - "$MODULES_METADATA") - - # Check if we found any issues and report them - if [ ${#missing_modules[@]} -gt 0 ] || [ ${#changed_modules[@]} -gt 0 ]; then - echo -e "\nSummary of issues found:" - - if [ ${#missing_modules[@]} -gt 0 ]; then - echo -e "\nModules missing from lock file:" - printf '%s\n' "${missing_modules[@]}" - fi - - if [ ${#changed_modules[@]} -gt 0 ]; then - echo -e "\nModules with changed hashes:" - printf '%s\n' "${changed_modules[@]}" - fi - - exit 1 - fi + done # Run Terraform Plan diff --git a/infra/resources/dev/tfmodules.lock.json b/infra/resources/dev/tfmodules.lock.json index da96394c..f4c7e98a 100644 --- a/infra/resources/dev/tfmodules.lock.json +++ b/infra/resources/dev/tfmodules.lock.json @@ -1,4 +1,3 @@ { - "dx-azure-naming-convention": "0c9ce3717cffe952bc1a3873a94374dfc9894516a08209db8879295b3068c0a2", - "dx-azure-naming-conventionz": "acc4deff5f60bec71440ab808a4721416417478d3793b2f8dc86f9ed9400230b" + "dx-azure-naming-conventionz": "302662f449f4359dc31a92ac3be39b3cb6311efe769c45d21149b40ab2453aa5" } diff --git a/infra/scripts/lock-modules.sh b/infra/scripts/lock-modules.sh index 92cca845..656f3056 100755 --- a/infra/scripts/lock-modules.sh +++ b/infra/scripts/lock-modules.sh @@ -99,7 +99,8 @@ function needs_terraform_get() { function ensure_terraform_get() { if needs_terraform_get; then warn "Running terraform get in $(pwd)" - if ! terraform get >/dev/null; then + rm -rf "$MODULES_DIR" 2>/dev/null || true + if ! terraform get -update >/dev/null; then error "terraform get failed" return 1 fi @@ -111,7 +112,7 @@ function ensure_terraform_get() { function calculate_hash() { local -r module_path="$1" # Create tar archive excluding hidden files, then calculate SHA256 hash - tar --exclude="$module_path/.*" -cf - "$module_path" | sha256sum | awk '{ print $1 }' + tar --exclude='$module_path/.*' -cf - "$module_path" | sha256sum | awk '{ print $1 }' } # Initialize or create the hashes file if it doesn't exist @@ -188,10 +189,11 @@ function process_directory() { ensure_terraform_get || return 1 + rm -f "$HASHES_FILE" + # Check if lock file exists but no registry modules are present if [[ -f "$HASHES_FILE" ]] && ! has_registry_modules; then info "No registry modules found but lock file exists, removing it" - rm -f "$HASHES_FILE" cd "$base_dir" return 0 fi