add GIT hook and Makefile target

vshn · Mar 15, 2024 · d47cce7 · d47cce7
1 parent e262a16
commit d47cce7
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 4 deletions.
diff --git a/.githooks/pre-commit b/.githooks/pre-commit
@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+
+
+# detect if specific yaml key exists in file ../../component/class/defaults.yaml
+# specifically find existing passwords and fail if they're non empty
+
+import yaml
+import sys
+import os
+
+def yaml_path_recursion(yaml_dict, path):
+    if len(path) == 1:
+        return len(yaml_dict[path[0]]) > 0 and not yaml_dict[path[0]].startswith("?{vaultkv")
+    else:
+        return yaml_path_recursion(yaml_dict.get(path[0], {}), path[1:])
+
+current_dir = os.path.dirname(os.path.realpath(__file__))
+tests_vshn_file = os.path.join(current_dir, '../../component/tests/vshn.yml')
+defaults_file = os.path.join(current_dir, '../../component/class/defaults.yml')
+
+
+keys_to_check_yaml = [
+    'parameters.appcat.services.vshn.keycloak.additionalInputs.registry_password',
+    'parameters.appcat.services.vshn.keycloak.additionalInputs.registry_username'
+    ]
+
+with open(tests_vshn_file, 'r') as f:
+    defaults = yaml.safe_load(f)
+    for key in keys_to_check_yaml:
+        splitted = key.split(".")
+        if yaml_path_recursion(defaults, splitted):
+            print(f'password is not empty in or broken vault declaration in {tests_vshn_file} for key {key}')
+            sys.exit(1)
+
+with open(defaults_file, 'r') as f:
+    defaults = yaml.safe_load(f)
+    for key in keys_to_check_yaml:
+        splitted = key.split(".")
+        if yaml_path_recursion(defaults, splitted):
+            print(f'password is not empty in or broken vault declaration in {defaults_file} for key {key}')
+            sys.exit(1)
+
+exit(0)
diff --git a/component/Makefile b/component/Makefile
@@ -49,28 +49,32 @@ docs-serve: ## Preview the documentation
 	mkdir -p dependencies
 	$(COMPILE_CMD)
 
+.PHONY: ensure_git_hook
+ensure_git_hook: ## Ensure the git hook is installed
+	cp ../.githooks/pre-commit ../.git/hooks/pre-commit
+
 .PHONY: test
 test: commodore_args += -f tests/$(instance).yml
 test: .compile ## Compile the component
 .PHONY: gen-golden
 gen-golden: commodore_args += -f tests/$(instance).yml
-gen-golden: clean .compile ## Update the reference version for target `golden-diff`.
+gen-golden: clean .compile ensure_git_hook ## Update the reference version for target `golden-diff`.
 	@rm -rf tests/golden/$(instance)
 	@mkdir -p tests/golden/$(instance)
 	@cp -R compiled/. tests/golden/$(instance)/.
 
 .PHONY: golden-diff
 golden-diff: commodore_args += -f tests/$(instance).yml
-golden-diff: clean .compile ## Diff compile output against the reference version. Review output and run `make gen-golden golden-diff` if this target fails.
+golden-diff: clean .compile ensure_git_hook ## Diff compile output against the reference version. Review output and run `make gen-golden golden-diff` if this target fails.
 	@git diff --exit-code --minimal --no-index -- tests/golden/$(instance) compiled/
 
 .PHONY: golden-diff-all
 golden-diff-all: recursive_target=golden-diff
-golden-diff-all: $(test_instances) ## Run golden-diff for all instances. Note: this doesn't work when running make with multiple parallel jobs (-j != 1).
+golden-diff-all: ensure_git_hook $(test_instances) ## Run golden-diff for all instances. Note: this doesn't work when running make with multiple parallel jobs (-j != 1).
 
 .PHONY: gen-golden-all
 gen-golden-all: recursive_target=gen-golden
-gen-golden-all: $(test_instances) ## Run gen-golden for all instances. Note: this doesn't work when running make with multiple parallel jobs (-j != 1).
+gen-golden-all: ensure_git_hook $(test_instances) ## Run gen-golden for all instances. Note: this doesn't work when running make with multiple parallel jobs (-j != 1).
 
 .PHONY: lint_kubent_all
 lint_kubent_all: recursive_target=lint_kubent