github/pre-commit-opentofu
1
0
Fork 1
mirror of https://github.com/tofuutils/pre-commit-opentofu.git synced 2025-10-15 17:38:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

feat: spport .tofu files (#6)

Browse source 
Signed-off-by: T. Hinrichsmeyer <t.hinrichsmeyer@ndr.de>
This commit is contained in:
T. Hinrichsmeyer 2024-10-02 15:05:21 +02:00
commit e059c5859b
No known key found for this signature in database
GPG key ID: 984B6DEB69D24B71
4 changed files with 53 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

41
.pre-commit-hooks.yaml
View file

@ -4,7 +4,7 @@
entry: hooks/infracost_breakdown.sh entry: hooks/infracost_breakdown.sh
language: script language: script
require_serial: true require_serial: true
files: \.(tf(vars)?|hcl)$ files: \.((tf|tofu)(vars)?|hcl)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: tofu_fmt - id: tofu_fmt
@ -12,25 +12,29 @@
description: Rewrites all OpenTofu configuration files to a canonical format. description: Rewrites all OpenTofu configuration files to a canonical format.
entry: hooks/tofu_fmt.sh entry: hooks/tofu_fmt.sh
language: script language: script
files: (\.tf|\.tfvars)$ files: \.(tf|tofu)(vars)?$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: tofu_docs - id: tofu_docs
name: OpenTofu docs name: OpenTofu docs
description: Inserts input and output documentation into README.md (using terraform-docs). description:
Inserts input and output documentation into README.md (using
terraform-docs).
require_serial: true require_serial: true
entry: hooks/tofu_docs.sh entry: hooks/tofu_docs.sh
language: script language: script
files: (\.tf|\.terraform\.lock\.hcl)$ files: (\.(tf|tofu)|\.terraform\.lock\.hcl)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: tofu_docs_without_aggregate_type_defaults - id: tofu_docs_without_aggregate_type_defaults
name: OpenTofu docs (without aggregate type defaults) name: OpenTofu docs (without aggregate type defaults)
description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs. description:
Inserts input and output documentation into README.md (using
terraform-docs). Identical to terraform_docs.
require_serial: true require_serial: true
entry: hooks/tofu_docs.sh entry: hooks/tofu_docs.sh
language: script language: script
files: (\.tf)$ files: \.(tf|tofu)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: tofu_docs_replace - id: tofu_docs_replace
@ -39,7 +43,7 @@
require_serial: true require_serial: true
entry: hooks/tofu_docs_replace.py entry: hooks/tofu_docs_replace.py
language: python language: python
files: (\.tf)$ files: \.(tf|tofu)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: tofu_validate - id: tofu_validate
@ -48,7 +52,7 @@
require_serial: true require_serial: true
entry: hooks/tofu_validate.sh entry: hooks/tofu_validate.sh
language: script language: script
files: (\.tf|\.tfvars)$ files: \.(tf|tofu)(vars)?$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: tofu_providers_lock - id: tofu_providers_lock
@ -66,12 +70,13 @@
require_serial: true require_serial: true
entry: hooks/tofu_tflint.sh entry: hooks/tofu_tflint.sh
language: script language: script
files: (\.tf|\.tfvars)$ files: \.(tf|tofu)(vars)?$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: terragrunt_fmt - id: terragrunt_fmt
name: Terragrunt fmt name: Terragrunt fmt
description: Rewrites all Terragrunt configuration files to a canonical format. description:
Rewrites all Terragrunt configuration files to a canonical format.
entry: hooks/terragrunt_fmt.sh entry: hooks/terragrunt_fmt.sh
language: script language: script
files: (\.hcl)$ files: (\.hcl)$
@ -87,18 +92,20 @@
- id: tofu_tfsec - id: tofu_tfsec
name: OpenTofu validate with tfsec (deprecated, use "tofu_trivy") name: OpenTofu validate with tfsec (deprecated, use "tofu_trivy")
description: Static analysis of OpenTofu templates to spot potential security issues. description:
Static analysis of OpenTofu templates to spot potential security issues.
require_serial: true require_serial: true
entry: hooks/tofu_tfsec.sh entry: hooks/tofu_tfsec.sh
files: \.tf(vars)?$ files: \.(tf|tofu)(vars)?$
language: script language: script
- id: tofu_trivy - id: tofu_trivy
name: OpenTofu validate with trivy name: OpenTofu validate with trivy
description: Static analysis of OpenTofu templates to spot potential security issues. description:
Static analysis of OpenTofu templates to spot potential security issues.
require_serial: true require_serial: true
entry: hooks/tofu_trivy.sh entry: hooks/tofu_trivy.sh
files: \.tf(vars)?$ files: \.(tf|tofu)(vars)?$
language: script language: script
- id: checkov - id: checkov
@ -118,7 +125,7 @@
entry: hooks/tofu_checkov.sh entry: hooks/tofu_checkov.sh
language: script language: script
always_run: false always_run: false
files: \.tf$ files: \.(tf|tofu)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
require_serial: true require_serial: true
@ -138,7 +145,7 @@
description: Runs terrascan on OpenTofu templates. description: Runs terrascan on OpenTofu templates.
language: script language: script
entry: hooks/terrascan.sh entry: hooks/terrascan.sh
files: \.tf$ files: \.(tf|tofu)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
require_serial: true require_serial: true
@ -149,5 +156,5 @@
entry: hooks/tfupdate.sh entry: hooks/tfupdate.sh
args: args:
- --args=terraform - --args=terraform
files: \.tf$ files: \.(tf|tofu)$
require_serial: true require_serial: true

2
hooks/tofu_docs.sh
View file

@ -155,7 +155,7 @@ function tofu_docs {
# #
if $create_if_not_exist && [[ ! -f "$text_file" ]]; then if $create_if_not_exist && [[ ! -f "$text_file" ]]; then
dir_have_tf_files="$( dir_have_tf_files="$(
find . -maxdepth 1 -type f | sed 's|.*\.||' | sort -u | grep -oE '^tf$|^tfvars$' || find . -maxdepth 1 -type f | sed 's|.*\.||' | sort -u | grep -oE '^tofu|^tf$|^tfvars$' ||
exit 0 exit 0
)" )"

41
hooks/tofu_docs_replace.py
View file

@ -7,30 +7,41 @@ import sys
def main(argv=None): def main(argv=None):
parser = argparse.ArgumentParser( parser = argparse.ArgumentParser(
description="""Run terraform-docs on a set of files. Follows the standard convention of description="""Run terraform-docs on a set of files. Follows the standard convention of
pulling the documentation from main.tf in order to replace the entire pulling the documentation from main.(tf|tofu) in order to replace the entire
README.md file each time.""" README.md file each time."""
) )
parser.add_argument( parser.add_argument(
'--dest', dest='dest', default='README.md', "--dest",
dest="dest",
default="README.md",
) )
parser.add_argument( parser.add_argument(
'--sort-inputs-by-required', dest='sort', action='store_true', "--sort-inputs-by-required",
help='[deprecated] use --sort-by-required instead', dest="sort",
action="store_true",
help="[deprecated] use --sort-by-required instead",
) )
parser.add_argument( parser.add_argument(
'--sort-by-required', dest='sort', action='store_true', "--sort-by-required",
dest="sort",
action="store_true",
) )
parser.add_argument( parser.add_argument(
'--with-aggregate-type-defaults', dest='aggregate', action='store_true', "--with-aggregate-type-defaults",
help='[deprecated]', dest="aggregate",
action="store_true",
help="[deprecated]",
) )
parser.add_argument('filenames', nargs='*', help='Filenames to check.') parser.add_argument("filenames", nargs="*", help="Filenames to check.")
args = parser.parse_args(argv) args = parser.parse_args(argv)
dirs = [] dirs = []
for filename in args.filenames: for filename in args.filenames:
if (os.path.realpath(filename) not in dirs and if os.path.realpath(filename) not in dirs and (
(filename.endswith(".tf") or filename.endswith(".tfvars"))): filename.endswith(".tf")
or filename.endswith(".tofu")
or filename.endswith(".tfvars")
):
dirs.append(os.path.dirname(filename)) dirs.append(os.path.dirname(filename))
retval = 0 retval = 0
@ -38,12 +49,12 @@ def main(argv=None):
for dir in dirs: for dir in dirs:
try: try:
procArgs = [] procArgs = []
procArgs.append('terraform-docs') procArgs.append("terraform-docs")
if args.sort: if args.sort:
procArgs.append('--sort-by-required') procArgs.append("--sort-by-required")
procArgs.append('md') procArgs.append("md")
procArgs.append("./{dir}".format(dir=dir)) procArgs.append("./{dir}".format(dir=dir))
procArgs.append('>') procArgs.append(">")
procArgs.append("./{dir}/{dest}".format(dir=dir, dest=args.dest)) procArgs.append("./{dir}/{dest}".format(dir=dir, dest=args.dest))
subprocess.check_call(" ".join(procArgs), shell=True) subprocess.check_call(" ".join(procArgs), shell=True)
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e:
@ -52,5 +63,5 @@ def main(argv=None):
return retval return retval
if __name__ == '__main__': if __name__ == "__main__":
sys.exit(main()) sys.exit(main())

4
hooks/tofu_wrapper_module_for_each.sh
View file

@ -312,10 +312,10 @@ EOF
# Read content of all OpenTofu files # Read content of all OpenTofu files
# shellcheck disable=SC2207 # shellcheck disable=SC2207
all_tf_content=$(find "${full_module_dir}" -name '*.tf' -maxdepth 1 -type f -exec cat {} +) all_tf_content=$(find "${full_module_dir}" -regex '.*\.(tf|tofu)' -maxdepth 1 -type f -exec cat {} +)
if [[ ! $all_tf_content ]]; then if [[ ! $all_tf_content ]]; then
common::colorify "yellow" "Skipping ${full_module_dir} because there are no *.tf files." common::colorify "yellow" "Skipping ${full_module_dir} because there are no *.(tf|tofu) files."
continue continue
fi fi