docs: Add steps to configure auth to source Terraform modules from private GitHub repos (#517)

README.md

@@ -51,7 +51,9 @@ If you are using `pre-commit-terraform` already or want to support its developme
   * [terraform\_wrapper\_module\_for\_each](#terraform_wrapper_module_for_each)
   * [terrascan](#terrascan)
   * [tfupdate](#tfupdate)
-* [Docker Usage: File Permissions](#docker-usage-file-permissions)
+* [Docker Usage](#docker-usage)
+  * [File Permissions](#file-permissions)
+  * [Download Terraform modules from private GitHub repositories](#download-terraform-modules-from-private-github-repositories)
 * [Authors](#authors)
 * [License](#license)
   * [Additional information for users from Russia and Belarus](#additional-information-for-users-from-russia-and-belarus)
@@ -241,7 +243,7 @@ pre-commit run -a
 
 Or, using Docker ([available tags](https://github.com/antonbabenko/pre-commit-terraform/pkgs/container/pre-commit-terraform/versions)):
 
-> **Note**: This command uses your user id and group id for the docker container to use to access the local files.  If the files are owned by another user, update the `USERID` environment variable.  See [File Permissions section](#docker-usage-file-permissions) for more information.
+> **Note**: This command uses your user id and group id for the docker container to use to access the local files.  If the files are owned by another user, update the `USERID` environment variable.  See [File Permissions section](#file-permissions) for more information.
 
 ```bash
 TAG=latest
@@ -845,7 +847,9 @@ If the generated name is incorrect, set them by providing the `module-repo-short
 Check [`tfupdate` usage instructions](https://github.com/minamijoyo/tfupdate#usage) for other available options and usage examples.  
 No need to pass `--recursive .` as it is added automatically.
 
-## Docker Usage: File Permissions
+## Docker Usage
+
+### File Permissions
 
 A mismatch between the Docker container's user and the local repository file ownership can cause permission issues in the repository where `pre-commit` is run.  The container runs as the `root` user by default, and uses a `tools/entrypoint.sh` script to assume a user ID and group ID if specified by the environment variable `USERID`.
 
@@ -865,6 +869,41 @@ $ ls -aldn .
 drwxr-xr-x 9 1000 1000 4096 Sep  1 16:23 .
 ```
 
+### Download Terraform modules from private GitHub repositories
+
+If you use a private Git repository as your Terraform module source, you are required to authenticate to GitHub using a [Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).
+
+When running pre-commit on Docker, both locally or on CI, you need to configure the [~/.netrc](https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html) file, which contains login and initialization information used by the auto-login process.
+
+This can be achieved by firstly creating the `~/.netrc` file including your `GITHUB_PAT` and `GITHUB_SERVER_HOSTNAME`
+
+```bash
+# set GH values (replace with your own values)
+GITHUB_PAT=ghp_bl481aBlabl481aBla
+GITHUB_SERVER_HOSTNAME=github.com
+
+# create .netrc file
+echo -e "machine $GITHUB_SERVER_HOSTNAME\n\tlogin $GITHUB_PAT" >> ~/.netrc
+```
+
+The `~/.netrc` file will look similar to the following:
+
+```
+machine github.com
+  login ghp_bl481aBlabl481aBla
+```
+
+> **Note**: The value of `GITHUB_SERVER_HOSTNAME` can also refer to a GitHub Enterprise server (i.e. `github.my-enterprise.com`).
+
+Finally, you can execute `docker run` with an additional volume mount so that the `~/.netrc` is accessible within the container
+
+```bash
+# run pre-commit-terraform with docker
+# adding volume for .netrc file
+# .netrc needs to be in /root/ dir
+docker run --rm -e "USERID=$(id -u):$(id -g)" -v ~/.netrc:/root/.netrc -v $(pwd):/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:latest run -a
+```
+
 ## Authors
 
 This repository is managed by [Anton Babenko](https://github.com/antonbabenko) with help from these awesome contributors: