23177125175

Committed 17 Mar 2026 03:32AM UTC coverage: 52.677% (-40.3%) from 92.932%

Build # 23177125175

Build Type

Pull #23177

github

Committed by

web-flow

Commit Message

Merge 1824dfbf4 into 0b9fdfb0e

Pull Request Pull Request #23177: Bump the gha-deps group across 1 directory with 4 updates

Coverage Stats

31687 of 60153 relevant lines covered (52.68%)

1.05 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.94

/src/python/pants/backend/terraform/lint/tfsec/rules.py

# Copyright 2023 Pants project contributors (see CONTRIBUTORS.md).
# Licensed under the Apache License, Version 2.0 (see LICENSE).
from pants.backend.terraform.lint.tfsec.tfsec import SkipTfSecField, TFSec, TfSecRequest
from pants.backend.terraform.target_types import TerraformModuleTarget
from pants.core.goals.lint import REPORT_DIR, LintResult
from pants.core.goals.resolves import ExportableTool
from pants.core.util_rules import config_files
from pants.core.util_rules.config_files import find_config_file
from pants.core.util_rules.external_tool import download_external_tool
from pants.core.util_rules.source_files import SourceFilesRequest, determine_source_files
from pants.engine.fs import CreateDigest, Directory, MergeDigests, RemovePrefix
from pants.engine.intrinsics import create_digest, execute_process, merge_digests, remove_prefix
from pants.engine.platform import Platform
from pants.engine.process import Process
from pants.engine.rules import collect_rules, concurrently, implicitly, rule
from pants.engine.unions import UnionRule
from pants.util.logging import LogLevel
from pants.util.strutil import pluralize


@rule
async def run_tfsec(request: TfSecRequest.Batch, tfsec: TFSec, platform: Platform) -> LintResult:
    (
        downloaded_tfsec,
        sources,
        config_file,
        custom_checks,
        report_directory,
    ) = await concurrently(
        download_external_tool(tfsec.get_request(platform)),
        determine_source_files(SourceFilesRequest(fs.sources for fs in request.elements)),
        find_config_file(tfsec.config_request()),
        find_config_file(tfsec.custom_checks_request()),
        # Ensure that the empty report dir exists.
        create_digest(CreateDigest([Directory(REPORT_DIR)])),
    )

    input_digest = await merge_digests(
        MergeDigests(
            (
                downloaded_tfsec.digest,
                sources.snapshot.digest,
                config_file.snapshot.digest,
                custom_checks.snapshot.digest,
                report_directory,
            )
        )
    )

    computed_args = []
    if tfsec.config:
        computed_args.append(f"--config-file={tfsec.config}")
    if tfsec.custom_check_dir:
        computed_args.append(f"--custom-check-dir={tfsec.custom_check_dir}")

    if tfsec.report_name:
        computed_args.append(f"--out={REPORT_DIR}/{tfsec.report_name}")

    argv = [
        downloaded_tfsec.exe,
        *computed_args,
        *tfsec.args,
    ]
    result = await execute_process(
        Process(
            argv=argv,
            input_digest=input_digest,
            output_directories=(REPORT_DIR,),
            description=f"Run tfsec on {pluralize(len(sources.files), 'file')}",
            level=LogLevel.DEBUG,
        ),
        **implicitly(),
    )

    report = await remove_prefix(RemovePrefix(result.output_digest, REPORT_DIR))
    return LintResult.create(request, result, report=report)


def rules():
    return [
        *collect_rules(),
        *TfSecRequest.rules(),
        *config_files.rules(),
        TerraformModuleTarget.register_plugin_field(SkipTfSecField),
        UnionRule(ExportableTool, TFSec),
    ]

1	# Copyright 2023 Pants project contributors (see CONTRIBUTORS.md).
2	# Licensed under the Apache License, Version 2.0 (see LICENSE).
3	from pants.backend.terraform.lint.tfsec.tfsec import SkipTfSecField, TFSec, TfSecRequest	2✔
4	from pants.backend.terraform.target_types import TerraformModuleTarget	2✔
5	from pants.core.goals.lint import REPORT_DIR, LintResult	2✔
6	from pants.core.goals.resolves import ExportableTool	2✔
7	from pants.core.util_rules import config_files	2✔
8	from pants.core.util_rules.config_files import find_config_file	2✔
9	from pants.core.util_rules.external_tool import download_external_tool	2✔
10	from pants.core.util_rules.source_files import SourceFilesRequest, determine_source_files	2✔
11	from pants.engine.fs import CreateDigest, Directory, MergeDigests, RemovePrefix	2✔
12	from pants.engine.intrinsics import create_digest, execute_process, merge_digests, remove_prefix	2✔
13	from pants.engine.platform import Platform	2✔
14	from pants.engine.process import Process	2✔
15	from pants.engine.rules import collect_rules, concurrently, implicitly, rule	2✔
16	from pants.engine.unions import UnionRule	2✔
17	from pants.util.logging import LogLevel	2✔
18	from pants.util.strutil import pluralize	2✔
19
20
21	@rule	2✔
22	async def run_tfsec(request: TfSecRequest.Batch, tfsec: TFSec, platform: Platform) -> LintResult:	2✔
23	(	2✔
24	downloaded_tfsec,
25	sources,
26	config_file,
27	custom_checks,
28	report_directory,
29	) = await concurrently(
30	download_external_tool(tfsec.get_request(platform)),
31	determine_source_files(SourceFilesRequest(fs.sources for fs in request.elements)),
32	find_config_file(tfsec.config_request()),
33	find_config_file(tfsec.custom_checks_request()),
34	# Ensure that the empty report dir exists.
35	create_digest(CreateDigest([Directory(REPORT_DIR)])),
36	)
37
38	input_digest = await merge_digests(	2✔
39	MergeDigests(
40	(
41	downloaded_tfsec.digest,
42	sources.snapshot.digest,
43	config_file.snapshot.digest,
44	custom_checks.snapshot.digest,
45	report_directory,
46	)
47	)
48	)
49
50	computed_args = []	2✔
51	if tfsec.config:	2✔
52	computed_args.append(f"--config-file={tfsec.config}")	2✔
53	if tfsec.custom_check_dir:	2✔
54	computed_args.append(f"--custom-check-dir={tfsec.custom_check_dir}")	×
55
56	if tfsec.report_name:	2✔
57	computed_args.append(f"--out={REPORT_DIR}/{tfsec.report_name}")	×
58
59	argv = [	2✔
60	downloaded_tfsec.exe,
61	*computed_args,
62	*tfsec.args,
63	]
64	result = await execute_process(	2✔
65	Process(
66	argv=argv,
67	input_digest=input_digest,
68	output_directories=(REPORT_DIR,),
69	description=f"Run tfsec on {pluralize(len(sources.files), 'file')}",
70	level=LogLevel.DEBUG,
71	),
72	**implicitly(),
73	)
74
75	report = await remove_prefix(RemovePrefix(result.output_digest, REPORT_DIR))	2✔
76	return LintResult.create(request, result, report=report)	2✔
77
78
79	def rules():	2✔
80	return [	2✔
81	*collect_rules(),
82	*TfSecRequest.rules(),
83	*config_files.rules(),
84	TerraformModuleTarget.register_plugin_field(SkipTfSecField),
85	UnionRule(ExportableTool, TFSec),
86	]

pantsbuild / pants / 23177125175

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous