axion1337.chat-gitops/scripts/hooks/pre-commit

#!/usr/bin/env bash
# GitOps ConfigMap Checksum Hook
# Automatically updates checksum annotations in kustomization.yaml when ConfigMaps change.
# This ensures Flux CD re-deploys the HelmRelease when external ConfigMap sources are modified.
#
# See: docs/ops-configmap-sync.md

set -euo pipefail

REPO_ROOT="$(git rev-parse --show-toplevel)"
ELEMENT_VALUES="$REPO_ROOT/apps/production/custom-configs/element-values.yaml"
SYNAPSE_VALUES="$REPO_ROOT/apps/production/custom-configs/synapse-values.yaml"
KUSTOMIZATION="$REPO_ROOT/apps/production/kustomization.yaml"

# Function to calculate MD5 hash (handles both GNU md5sum and BSD md5)
get_md5() {
  local file="$1"
  if command -v md5sum &> /dev/null; then
    md5sum "$file" | awk '{print $1}'
  elif command -v md5 &> /dev/null; then
    md5 -q "$file"
  else
    echo "ERROR: Neither md5sum nor md5 found" >&2
    exit 1
  fi
}

# Update checksums for ConfigMaps that exist and are staged
if git diff --cached --name-only | grep -q "element-values.yaml"; then
  ELEMENT_HASH=$(get_md5 "$ELEMENT_VALUES")
  sed -i.bak "s/value: \"[0-9a-f]\{32\}\" *# element-config/value: \"$ELEMENT_HASH\" # element-config/" "$KUSTOMIZATION"
  rm -f "$KUSTOMIZATION.bak"
  git add "$KUSTOMIZATION"
fi

if git diff --cached --name-only | grep -q "synapse-values.yaml"; then
  SYNAPSE_HASH=$(get_md5 "$SYNAPSE_VALUES")
  sed -i.bak "s/value: \"[0-9a-f]\{32\}\" *# synapse-config/value: \"$SYNAPSE_HASH\" # synapse-config/" "$KUSTOMIZATION"
  rm -f "$KUSTOMIZATION.bak"
  git add "$KUSTOMIZATION"
fi