From a7b20d40b975dc916c83f731a366c7e82998e671 Mon Sep 17 00:00:00 2001 From: Pulasthi Bandara Date: Wed, 8 Oct 2025 13:13:23 +1300 Subject: [PATCH] feat: support downloading tflint plugins --- tf/extensions.bzl | 7 ++++++- tf/toolchains/tflint/BUILD.toolchain.tpl | 2 +- tf/toolchains/tflint/toolchain.bzl | 17 +++++++++++++++-- tf/toolchains/tflint/wrapper.sh | 2 ++ 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/tf/extensions.bzl b/tf/extensions.bzl index 59879cd..f17b7c9 100644 --- a/tf/extensions.bzl +++ b/tf/extensions.bzl @@ -74,11 +74,11 @@ def _tf_repositories(ctx): version = version_tag.tflint_version, os = host_detected_os, arch = host_detected_arch, + config = version_tag.tflint_config, ) tflint_toolchains += [tflint_repo_name] - if version_tag.use_tofu: tofu_download( name = tf_repo_name, @@ -113,6 +113,11 @@ _version_tag = tag_class( "use_tofu": attr.bool(default = False), "version": attr.string(mandatory = True), "tflint_version": attr.string(default = TFLINT_VERSION), + "tflint_config": attr.label( + default = "@rules_tf//tf/toolchains/tflint:config.hcl", + allow_single_file = True, + cfg = "target", + ), "tfdoc_version": attr.string(default = TFDOC_VERSION), "mirror": attr.string_dict(mandatory = True), }, diff --git a/tf/toolchains/tflint/BUILD.toolchain.tpl b/tf/toolchains/tflint/BUILD.toolchain.tpl index 607fa2f..ee9f703 100644 --- a/tf/toolchains/tflint/BUILD.toolchain.tpl +++ b/tf/toolchains/tflint/BUILD.toolchain.tpl @@ -1,6 +1,6 @@ package(default_visibility = ["//visibility:public"]) -exports_files(["config.hcl", "wrapper.sh"]) +exports_files(["config.hcl", "wrapper.sh", "tflint_plugins"]) alias( name = "runtime", diff --git a/tf/toolchains/tflint/toolchain.bzl b/tf/toolchains/tflint/toolchain.bzl index 11fb8ce..56c74a6 100644 --- a/tf/toolchains/tflint/toolchain.bzl +++ b/tf/toolchains/tflint/toolchain.bzl @@ -2,7 +2,7 @@ load("@rules_tf//tf/toolchains:utils.bzl", "get_sha256sum") TflintInfo = provider( doc = "Information about how to invoke tflint.", - fields = ["runner", "deps", "config"], + fields = ["runner", "deps", "config", "tflint_plugins"], ) def _tflint_toolchain_impl(ctx): @@ -10,10 +10,12 @@ def _tflint_toolchain_impl(ctx): runtime = TflintInfo( runner = ctx.file.wrapper, config = ctx.file.config, + tflint_plugins = ctx.file.tflint_plugins, deps = ctx.files.bash_tools + [ ctx.file.wrapper, ctx.file.config, ctx.file.tflint, + ctx.file.tflint_plugins, ], ), ) @@ -45,6 +47,11 @@ tflint_toolchain = rule( allow_files = True, cfg = "target", ), + "tflint_plugins": attr.label( + mandatory = True, + allow_single_file = True, + cfg = "target", + ), }, ) @@ -100,6 +107,12 @@ def _tflint_download_impl(ctx): if not res.success: fail("!failed to dl: ", url) + res = ctx.execute([ + "bash", + "-c", + "mkdir -p tflint_plugins; TFLINT_PLUGIN_DIR=./tflint_plugins tflint/tflint -c ./config.hcl --init", + ]) + return tflint_download = repository_rule( @@ -117,13 +130,13 @@ tflint_download = repository_rule( }, ) - DECLARE_TOOLCHAIN_CHUNK = """ tflint_toolchain( name = "{toolchain_repo}_toolchain_impl", tflint = "@{toolchain_repo}//:runtime", config = "@{toolchain_repo}//:config.hcl", wrapper = "@{toolchain_repo}//:wrapper.sh", + tflint_plugins = "@{toolchain_repo}//:tflint_plugins", ) toolchain( diff --git a/tf/toolchains/tflint/wrapper.sh b/tf/toolchains/tflint/wrapper.sh index 708a478..5ec7e1e 100755 --- a/tf/toolchains/tflint/wrapper.sh +++ b/tf/toolchains/tflint/wrapper.sh @@ -23,4 +23,6 @@ if [[ ! -f "${TFLINT_CONFIG_FILE}" ]]; then exit 1 fi +export TFLINT_PLUGIN_DIR="${TFLINT_DIR}/tflint_plugins" + exec "${TFLINT_DIR}/tflint/tflint" --chdir="$WORKDIR" --config="${TFLINT_CONFIG_FILE}" "$@"