#!/usr/bin/env bash

###### script header ######

lib=$(realpath @@BASE_LIB@@) || exit 1
stat "${lib}" >> /dev/null || exit 1

# shellcheck source=../sh/lib.bash
if ! source "${lib}"; then
  echo "Error: could not find import"
  exit 1
fi

tfsec=$(realpath @@TFSEC@@)
stat "${tfsec}" >> /dev/null

cd "${BUILD_WORKSPACE_DIRECTORY}"

###### script body ######

readarray -t <<< "$(find "$(pwd)" -type f -name "*.tf" -exec dirname "{}" \; | sort -ud)"
terraformModules=("${MAPFILE[@]}")

excludeDirs=(
  "build"
)

echo "The following Terraform modules are excluded and won't be scanned with tfsec:"
for exclude in "${excludeDirs[@]}"; do
  for i in "${!terraformModules[@]}"; do
    if [[ ${terraformModules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}"* ]]; then
      echo "  ${terraformModules[i]}"
      unset 'terraformModules[i]'
    fi
  done
done

statuscode=0

for module in "${terraformModules[@]}"; do
  echo -n "Scanning Terraform module \"${module}\" with tfsec:"
  ${tfsec} \
    --concise-output \
    --exclude-downloaded-modules \
    --no-module-downloads \
    "${module}" || statuscode=$?
done

exit "${statuscode}"