pre-commit-terraform: Bash environment variable expansion not working for trivy
Describe the bug
I have the following pre-commit
- id: terraform_trivy
args:
- --args=--config-policy="/Users/${USER}/PATH_TO_CUSTOM_POLICY/"
How can we reproduce it?
Running the pre-commit from above returns the following
2024-02-26T15:39:31.418-0500 FATAL filesystem scan error: scan error: unable to initialize a scanner: unable to initialize a filesystem scanner: analyzer group error: post-analyzer init error: filesystem scanner init error: policy file "/Users/${USER}/PATH_TO_CUSTOM_POLICY" not found
If I replace ${USER} with my username it works fine
Environment information
-
OS:
MacOS: Latest Darwin ARM -
Tools availability and versions:
pre-commit 3.6.2
trivy Version: 0.49.1
.pre-commit-config.yaml:
file content
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.88.0
hooks:
- id: terraform_trivy
args:
- --args=--config-policy="/Users/${USER}/PATH_TO_CUSTOM_POLICY/"
About this issue
- Original URL
- State: closed
- Created 4 months ago
- Comments: 26 (1 by maintainers)
Commits related to this issue
- Merge branch 'master' into GH-638/GH-562/better_logging — committed to antonbabenko/pre-commit-terraform by MaxymVlasov 4 months ago
Verified the fix works. Thanks to everyone that helped!
Should probably just replace
+?with*(which also would be more correct as would allow single-char vars).Yes. Check from https://t.me/catops_chat/233230 to bottom
Okay, so I eliminated the shells scripts as being the issue, I pulled the repo, and ran the script manually, and it worked as expected. Its only failing when I run pre-commit