From 6a0caec12793afc47bf71278a252258177acbc83 Mon Sep 17 00:00:00 2001
From: Markus Kuesters <markus.kuesters@woodmark.de>
Date: Tue, 29 Apr 2025 08:26:55 +0200
Subject: [PATCH] Fix passing `-var-file` to commands that don't support it
 prior to OpenTofu 1.8.0

Changelog: fixed
---
 Dockerfile.alpine           |  1 +
 Dockerfile.debian           |  1 +
 src/gitlab-tofu.sh          | 15 +++++++++++++++
 tests/unit/gitlab-tofu.bats | 13 +++++++++++++
 4 files changed, 30 insertions(+)

diff --git a/Dockerfile.alpine b/Dockerfile.alpine
index cf9a896..1a4a47c 100644
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@@ -25,6 +25,7 @@ RUN apk add --no-cache \
 # see https://opentofu.org/docs/intro/install/standalone
 # We may want to switch to installing manually from GitHub and verifying signature
 ARG OPENTOFU_VERSION
+ENV OPENTOFU_VERSION=${OPENTOFU_VERSION}
 RUN curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh && \
     chmod +x install-opentofu.sh && \
     ./install-opentofu.sh --install-method standalone --opentofu-version "${OPENTOFU_VERSION}" && \
diff --git a/Dockerfile.debian b/Dockerfile.debian
index fa6be25..4c70d71 100644
--- a/Dockerfile.debian
+++ b/Dockerfile.debian
@@ -40,6 +40,7 @@ RUN wget https://gitlab.com/gitlab-org/cli/-/releases/v${GLAB_VERSION}/downloads
 # see https://opentofu.org/docs/intro/install/standalone
 # We may want to switch to installing manually from GitHub and verifying signature
 ARG OPENTOFU_VERSION
+ENV OPENTOFU_VERSION=${OPENTOFU_VERSION}
 RUN curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh && \
     chmod +x install-opentofu.sh && \
     ./install-opentofu.sh --install-method standalone --opentofu-version "${OPENTOFU_VERSION}" && \
diff --git a/src/gitlab-tofu.sh b/src/gitlab-tofu.sh
index 3fb85a9..7c70dc4 100644
--- a/src/gitlab-tofu.sh
+++ b/src/gitlab-tofu.sh
@@ -231,6 +231,11 @@ fi
 # Helper functions
 # ================
 
+# is_tofu_at_least checks if OPENTOFU_VERSION is at least the one provided
+is_tofu_at_least() {
+  test "$(printf "%s\n$1" "$OPENTOFU_VERSION" | sort -V | head -1)" = "$1"
+}
+
 # define_http_backend defines the HTTP backend in a file called __gitlab-opentofu-backend.tf if no backend can be found.
 # The backend configuration is attempted to be found with a simple grep.
 define_http_backend() {
@@ -430,6 +435,11 @@ if [ $sourced -eq 0 ]; then
     ;;
     "validate")
       $should_do_implicit_init && tofu_init -backend=false
+
+      if ! is_tofu_at_least "1.8.0"; then
+        var_file_args=""
+      fi
+
       # shellcheck disable=SC2086
       tofu "${tf_chdir_opt}" "${@}" ${var_file_args}
     ;;
@@ -440,6 +450,11 @@ if [ $sourced -eq 0 ]; then
     ;;
     "graph")
       $should_do_implicit_init && tofu_init
+
+      if ! is_tofu_at_least "1.8.0"; then
+        var_file_args=""
+      fi
+
       # shellcheck disable=SC2086
       tofu "${tf_chdir_opt}" "${@}" ${var_file_args}
     ;;
diff --git a/tests/unit/gitlab-tofu.bats b/tests/unit/gitlab-tofu.bats
index dcdc59c..479475d 100644
--- a/tests/unit/gitlab-tofu.bats
+++ b/tests/unit/gitlab-tofu.bats
@@ -230,3 +230,16 @@ EOF
 
   $SHELL test.sh
 }
+
+@test "is_tofu_at_least helper function" {
+  load $(which gitlab-tofu)
+
+  OPENTOFU_VERSION="1.9.1" run is_tofu_at_least "1.8.0"
+  assert_success
+
+  OPENTOFU_VERSION="1.8.0" run is_tofu_at_least "1.8.0"
+  assert_success
+  
+  OPENTOFU_VERSION="1.6.3" run is_tofu_at_least "1.8.0"
+  assert_failure
+}
-- 
GitLab