diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml new file mode 100644 index 0000000..7f3f1a2 --- /dev/null +++ b/.pre-commit-hooks.yaml @@ -0,0 +1,6 @@ +- id: docker-compose-check + name: Validate docker-compose files + description: Checks that vault files are encrypted + entry: compose-check.sh + files: docker-compose.y[a]{0,1}ml$ + language: script diff --git a/compose-check.sh b/compose-check.sh new file mode 100755 index 0000000..5cb2f05 --- /dev/null +++ b/compose-check.sh @@ -0,0 +1,29 @@ +#! /bin/bash +# Verifies that files passed in are valid for docker-compose +set -e + +check_file() { + local file=$1 + docker-compose -f "$file" config -q 2>&1 \ + | sed "/variable is not set. Defaulting/d" + return ${PIPESTATUS[0]} +} + +check_files() { + local all_files=$@ + has_error=0 + for file in $all_files ; do + if [[ -f "$file" ]]; then + if ! check_file "$file" ; then + has_error=1 + fi + fi + done + return $has_error +} + +if ! check_files $@ ; then + echo "To ignore, use --no-verify" +fi + +exit $has_error diff --git a/hooks.yaml b/hooks.yaml new file mode 100644 index 0000000..7f3f1a2 --- /dev/null +++ b/hooks.yaml @@ -0,0 +1,6 @@ +- id: docker-compose-check + name: Validate docker-compose files + description: Checks that vault files are encrypted + entry: compose-check.sh + files: docker-compose.y[a]{0,1}ml$ + language: script