github/pre-commit-opentofu
1
0
Fork 1
mirror of https://github.com/tofuutils/pre-commit-opentofu.git synced 2025-10-15 17:38:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Compare commits

base: github:main
Branches Tags
github:main
github:dependabot/github_actions/actions/stale-10.1.0
github:fix/7
github:master
github:feat/rename-terraform-to-tofu
github:v2.2.1
github:v2.2.0
github:v2.1.0
github:v2.0.0
github:v1.0.4
github:v1.0.3
github:v1.0.2
github:v1.0.1
github:v1.0.0
..
compare: github:v1.0.1
Branches Tags
github:main
github:dependabot/github_actions/actions/stale-10.1.0
github:fix/7
github:master
github:feat/rename-terraform-to-tofu
github:v2.2.1
github:v2.2.0
github:v2.1.0
github:v2.0.0
github:v1.0.4
github:v1.0.3
github:v1.0.2
github:v1.0.1
github:v1.0.0

No commits in common. "main" and "v1.0.1" have entirely different histories.
main ... v1.0.1

15 changed files with 345 additions and 255 deletions
Download patch file Download diff file Expand all files Collapse all files

10
.github/dependabot.yml vendored
View file

@ -1,10 +0,0 @@
---
version: 2
updates:
- package-ecosystem: "github-actions"
directory: /
schedule:
interval: daily
time: "11:00"
commit-message:
prefix: "gh-actions:"

6
.github/workflows/build-image-test.yaml vendored
View file

@ -9,13 +9,13 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Get changed Dockerfile
id: changed-files-specific
uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
uses: tj-actions/changed-files@2c85495a7bb72f2734cb5181e29b2ee5e08e61f7 # v13.1
with:
files: |
Dockerfile
@ -52,7 +52,7 @@ jobs:
- name: Dive - check image for waste files
if: steps.changed-files-specific.outputs.any_changed == 'true'
uses: MaxymVlasov/dive-action@fafb796951b322cc4926b8a5eafda89ab9de8edf # v1.5.1
uses: MaxymVlasov/dive-action@0035999cae50d4ef657ac94be84f01812aa192a5 # v0.1.0
with:
image: ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
config-file: ${{ github.workspace }}/.github/.dive-ci.yaml

60
.github/workflows/build-image.yaml vendored
View file

@ -13,28 +13,27 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to ghcr.io
uses: docker/login-action@v3
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set tag for image
run: |
echo IMAGE_TAG=$([ ${{ github.ref_type }} == 'tag' ] && echo ${{ github.ref_name }} || echo 'latest') >> $GITHUB_ENV
- name: Build and Push release to ghcr.io
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Build and Push release
if: github.event_name != 'schedule'
uses: docker/build-push-action@v5
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
context: .
build-args: |
@ -49,9 +48,9 @@ jobs:
secrets: |
"github_token=${{ secrets.GITHUB_TOKEN }}"
- name: Build and Push nightly to ghcr.io
- name: Build and Push nightly
if: github.event_name == 'schedule'
uses: docker/build-push-action@v5
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
context: .
build-args: |
@ -64,38 +63,3 @@ jobs:
provenance: false
secrets: |
"github_token=${{ secrets.GITHUB_TOKEN }}"
- name: Login to DockerHub Container Registry
uses: docker/login-action@v3
with:
registry: registry.hub.docker.com
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Build and Push release to DockerHub
if: github.event_name != 'schedule'
uses: docker/build-push-action@v5
with:
context: .
build-args: |
INSTALL_ALL=true
platforms: linux/amd64,linux/arm64
push: true
tags: |
registry.hub.docker.com/tofuutils/pre-commit-opentofu:${{ env.IMAGE_TAG }}
registry.hub.docker.com/tofuutils/pre-commit-opentofu:latest
provenance: false
- name: Build and Push nightly to DockerHub
if: github.event_name == 'schedule'
uses: docker/build-push-action@v5
with:
context: .
build-args: |
INSTALL_ALL=true
platforms: linux/amd64,linux/arm64
push: true
tags: |
registry.hub.docker.com/tofuutils/pre-commit-opentofu:nightly
provenance: false

2
.github/workflows/pr-title.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
steps:
# Please look up the latest version from
# https://github.com/amannn/action-semantic-pull-request/releases
- uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
- uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:

10
.github/workflows/pre-commit.yaml vendored
View file

@ -6,7 +6,7 @@ jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- run: |
git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/*
@ -31,16 +31,16 @@ jobs:
curl -L "$(curl -s https://api.github.com/repos/hadolint/hadolint/releases/latest | grep -o -E -m 1 "https://.+?/hadolint-Linux-x86_64")" > hadolint \
&& chmod +x hadolint && sudo mv hadolint /usr/bin/
# Need to success pre-commit fix push
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
# Skip tofu_tflint which interferes to commit pre-commit auto-fixes
- uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: '3.9'
- name: Execute pre-commit
uses: pre-commit/action@576ff52938d158a24ac7e009dfa94b1455e7df99
uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe # v2.0.3
env:
SKIP: no-commit-to-branch,hadolint
with:
@ -49,7 +49,7 @@ jobs:
# Run only skipped checks
- name: Execute pre-commit check that have no auto-fixes
if: always()
uses: pre-commit/action@576ff52938d158a24ac7e009dfa94b1455e7df99
uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe # v2.0.3
env:
SKIP: check-added-large-files,check-merge-conflict,check-vcs-permalinks,forbid-new-submodules,no-commit-to-branch,end-of-file-fixer,trailing-whitespace,check-yaml,check-merge-conflict,check-executables-have-shebangs,check-case-conflict,mixed-line-ending,detect-aws-credentials,detect-private-key,shfmt,shellcheck
with:

4
.github/workflows/release.yml vendored
View file

@ -18,13 +18,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
fetch-depth: 0
- name: Release
uses: cycjimmy/semantic-release-action@ba330626c4750c19d8299de843f05c7aa5574f62 # v5.0.2
uses: cycjimmy/semantic-release-action@61680d0e9b02ff86f5648ade99e01be17f0260a4 # v4.0.0
with:
semantic_version: 18.0.0
extra_plugins: |

2
.github/workflows/stale-actions.yaml vendored
View file

@ -7,7 +7,7 @@ jobs:
stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
- uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
# Staling issues and PR's

43
.pre-commit-hooks.yaml
View file

@ -4,7 +4,7 @@
entry: hooks/infracost_breakdown.sh
language: script
require_serial: true
files: \.((tf|tofu)(vars)?|hcl)$
files: \.(tf(vars)?|hcl)$
exclude: \.terraform\/.*$
- id: tofu_fmt
@ -12,38 +12,34 @@
description: Rewrites all OpenTofu configuration files to a canonical format.
entry: hooks/tofu_fmt.sh
language: script
files: \.(tf|tofu)(vars)?$
files: (\.tf|\.tfvars)$
exclude: \.terraform\/.*$
- id: tofu_docs
name: OpenTofu docs
description:
Inserts input and output documentation into README.md (using
terraform-docs).
description: Inserts input and output documentation into README.md (using terraform-docs).
require_serial: true
entry: hooks/tofu_docs.sh
language: script
files: (\.(tf|tofu)|\.terraform\.lock\.hcl)$
files: (\.tf|\.terraform\.lock\.hcl)$
exclude: \.terraform\/.*$
- id: tofu_docs_without_aggregate_type_defaults
name: OpenTofu docs (without aggregate type defaults)
description:
Inserts input and output documentation into README.md (using
terraform-docs). Identical to terraform_docs.
description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs.
require_serial: true
entry: hooks/tofu_docs.sh
language: script
files: \.(tf|tofu)$
files: (\.tf)$
exclude: \.terraform\/.*$
- id: tofu_docs_replace
name: OpenTofu docs (overwrite README.md)
description: Overwrite content of README.md with terraform-docs.
require_serial: true
entry: hooks/tofu_docs_replace.py
entry: terraform_docs_replace
language: python
files: \.(tf|tofu)$
files: (\.tf)$
exclude: \.terraform\/.*$
- id: tofu_validate
@ -52,7 +48,7 @@
require_serial: true
entry: hooks/tofu_validate.sh
language: script
files: \.(tf|tofu)(vars)?$
files: (\.tf|\.tfvars)$
exclude: \.terraform\/.*$
- id: tofu_providers_lock
@ -70,13 +66,12 @@
require_serial: true
entry: hooks/tofu_tflint.sh
language: script
files: \.(tf|tofu)(vars)?$
files: (\.tf|\.tfvars)$
exclude: \.terraform\/.*$
- id: terragrunt_fmt
name: Terragrunt fmt
description:
Rewrites all Terragrunt configuration files to a canonical format.
description: Rewrites all Terragrunt configuration files to a canonical format.
entry: hooks/terragrunt_fmt.sh
language: script
files: (\.hcl)$
@ -92,20 +87,18 @@
- id: tofu_tfsec
name: OpenTofu validate with tfsec (deprecated, use "tofu_trivy")
description:
Static analysis of OpenTofu templates to spot potential security issues.
description: Static analysis of OpenTofu templates to spot potential security issues.
require_serial: true
entry: hooks/tofu_tfsec.sh
files: \.(tf|tofu)(vars)?$
files: \.tf(vars)?$
language: script
- id: tofu_trivy
name: OpenTofu validate with trivy
description:
Static analysis of OpenTofu templates to spot potential security issues.
description: Static analysis of OpenTofu templates to spot potential security issues.
require_serial: true
entry: hooks/tofu_trivy.sh
files: \.(tf|tofu)(vars)?$
files: \.tf(vars)?$
language: script
- id: checkov
@ -125,7 +118,7 @@
entry: hooks/tofu_checkov.sh
language: script
always_run: false
files: \.(tf|tofu)$
files: \.tf$
exclude: \.terraform\/.*$
require_serial: true
@ -145,7 +138,7 @@
description: Runs terrascan on OpenTofu templates.
language: script
entry: hooks/terrascan.sh
files: \.(tf|tofu)$
files: \.tf$
exclude: \.terraform\/.*$
require_serial: true
@ -156,5 +149,5 @@
entry: hooks/tfupdate.sh
args:
- --args=terraform
files: \.(tf|tofu)$
files: \.tf$
require_serial: true

51
CHANGELOG.md
View file

@ -2,57 +2,6 @@
All notable changes to this project will be documented in this file.
## [2.2.1](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.2.0...v2.2.1) (2025-06-04)
### Bug Fixes
* make infracost_breakdown.sh compatible with bash 3.2 (macOS) ([df886fa](https://github.com/tofuutils/pre-commit-opentofu/commit/df886fa772e7d1eedf5603327c0cf02968e7d779))
* Update pre-commit/action version ([#30](https://github.com/tofuutils/pre-commit-opentofu/issues/30)) ([44c7b5d](https://github.com/tofuutils/pre-commit-opentofu/commit/44c7b5dec9362d2fe7ed5e8786f4d95956791d3d))
# [2.2.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.1.0...v2.2.0) (2025-03-29)
### Features
* make release ([e625db1](https://github.com/tofuutils/pre-commit-opentofu/commit/e625db13ec285e132f43cdf6e5aa3f3272e45451))
# [2.1.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.0.0...v2.1.0) (2024-10-16)
### Features
* spport .tofu files ([#6](https://github.com/tofuutils/pre-commit-opentofu/issues/6)) ([e059c58](https://github.com/tofuutils/pre-commit-opentofu/commit/e059c5859bceddf1ca018f55851f6940ad51f1c2))
# [2.0.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.4...v2.0.0) (2024-09-25)
### Features
* **tofu:** add handling for missing tofu binary in Docker image This commit introduces logic to gracefully handle the case when the tofu binary is not found in the Docker image, improving the overall user experience. BREAKING CHANGE: The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes. ([14fc63e](https://github.com/tofuutils/pre-commit-opentofu/commit/14fc63eb5b04e3ad1525d06e437b15935841775f))
### BREAKING CHANGES
* **tofu:** The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes."
## [1.0.4](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.3...v1.0.4) (2024-09-21)
### Bug Fixes
* docker image reference in README.md ([7b04f0c](https://github.com/tofuutils/pre-commit-opentofu/commit/7b04f0c24940f1642c8f599bfd0794dd46b0b274))
* docker image reference in README.md ([f9b71fe](https://github.com/tofuutils/pre-commit-opentofu/commit/f9b71fe08fedd4ceb23ced6fe2171edf24add290))
* dockerhub ([0fac591](https://github.com/tofuutils/pre-commit-opentofu/commit/0fac59197f2f2cb4bc417917e5adb6ac92a20b7a))
* entry for tofu_docs_replace ([f146463](https://github.com/tofuutils/pre-commit-opentofu/commit/f146463ac8effcfa441f3f6b21e811095f0da73c))
## [1.0.2](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.1...v1.0.2) (2024-03-08)
### Bug Fixes
* remove obsolete terraform checks and awk file hack ([97cba7a](https://github.com/tofuutils/pre-commit-opentofu/commit/97cba7a646996c7cae3719f1b6241d47da5882d9))
## [1.0.1](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.0...v1.0.1) (2024-03-07)

108
Dockerfile
View file

@ -10,22 +10,22 @@ RUN apk add --no-cache \
curl=~8 && \
# Upgrade packages for be able get latest Checkov
python3 -m pip install --no-cache-dir --upgrade \
pip \
setuptools
pip \
setuptools
ARG PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION:-latest}
ARG TOFU_VERSION=${TOFU_VERSION:-1.9.0}
ARG TOFU_VERSION=${TOFU_VERSION:-1.6.1}
# Install pre-commit
RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-commit \
|| pip3 install --no-cache-dir pre-commit==${PRE_COMMIT_VERSION}
RUN curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \
&& curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \
&& [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \
&& unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/ \
&& rm "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" \
&& rm "tofu_${TOFU_VERSION}_SHA256SUMS"
&& curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \
&& [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \
&& unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \
&& mv tofu /usr/bin/tofu
#
# Install tools
@ -47,18 +47,18 @@ ARG HCLEDIT_VERSION=${HCLEDIT_VERSION:-false}
# specified in step below
ARG INSTALL_ALL=${INSTALL_ALL:-false}
RUN if [ "$INSTALL_ALL" != "false" ]; then \
echo "export CHECKOV_VERSION=latest" >> /.env && \
echo "export INFRACOST_VERSION=latest" >> /.env && \
echo "export TERRAFORM_DOCS_VERSION=latest" >> /.env && \
echo "export TERRAGRUNT_VERSION=latest" >> /.env && \
echo "export TERRASCAN_VERSION=latest" >> /.env && \
echo "export TFLINT_VERSION=latest" >> /.env && \
echo "export TFSEC_VERSION=latest" >> /.env && \
echo "export TRIVY_VERSION=latest" >> /.env && \
echo "export TFUPDATE_VERSION=latest" >> /.env && \
echo "export HCLEDIT_VERSION=latest" >> /.env \
echo "export CHECKOV_VERSION=latest" >> /.env && \
echo "export INFRACOST_VERSION=latest" >> /.env && \
echo "export TERRAFORM_DOCS_VERSION=latest" >> /.env && \
echo "export TERRAGRUNT_VERSION=latest" >> /.env && \
echo "export TERRASCAN_VERSION=latest" >> /.env && \
echo "export TFLINT_VERSION=latest" >> /.env && \
echo "export TFSEC_VERSION=latest" >> /.env && \
echo "export TRIVY_VERSION=latest" >> /.env && \
echo "export TFUPDATE_VERSION=latest" >> /.env && \
echo "export HCLEDIT_VERSION=latest" >> /.env \
; else \
touch /.env \
touch /.env \
; fi
@ -66,10 +66,10 @@ RUN if [ "$INSTALL_ALL" != "false" ]; then \
RUN . /.env && \
if [ "$CHECKOV_VERSION" != "false" ]; then \
( \
apk add --no-cache gcc=~12 libffi-dev=~3 musl-dev=~1; \
[ "$CHECKOV_VERSION" = "latest" ] && pip3 install --no-cache-dir checkov \
|| pip3 install --no-cache-dir checkov==${CHECKOV_VERSION}; \
apk del gcc libffi-dev musl-dev \
apk add --no-cache gcc=~12 libffi-dev=~3 musl-dev=~1; \
[ "$CHECKOV_VERSION" = "latest" ] && pip3 install --no-cache-dir checkov \
|| pip3 install --no-cache-dir checkov==${CHECKOV_VERSION}; \
apk del gcc libffi-dev musl-dev \
) \
; fi
@ -77,9 +77,9 @@ RUN . /.env && \
RUN . /.env && \
if [ "$INFRACOST_VERSION" != "false" ]; then \
( \
INFRACOST_RELEASES="https://api.github.com/repos/infracost/infracost/releases" && \
[ "$INFRACOST_VERSION" = "latest" ] && curl -L "$(curl -s ${INFRACOST_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \
|| curl -L "$(curl -s ${INFRACOST_RELEASES} | grep -o -E "https://.+?v${INFRACOST_VERSION}/infracost-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \
INFRACOST_RELEASES="https://api.github.com/repos/infracost/infracost/releases" && \
[ "$INFRACOST_VERSION" = "latest" ] && curl -L "$(curl -s ${INFRACOST_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \
|| curl -L "$(curl -s ${INFRACOST_RELEASES} | grep -o -E "https://.+?v${INFRACOST_VERSION}/infracost-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \
) && tar -xzf infracost.tgz && rm infracost.tgz && mv infracost-${TARGETOS}-${TARGETARCH} infracost \
; fi
@ -87,9 +87,9 @@ RUN . /.env && \
RUN . /.env && \
if [ "$TERRAFORM_DOCS_VERSION" != "false" ]; then \
( \
TERRAFORM_DOCS_RELEASES="https://api.github.com/repos/terraform-docs/terraform-docs/releases" && \
[ "$TERRAFORM_DOCS_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \
|| curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES} | grep -o -E "https://.+?v${TERRAFORM_DOCS_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \
TERRAFORM_DOCS_RELEASES="https://api.github.com/repos/terraform-docs/terraform-docs/releases" && \
[ "$TERRAFORM_DOCS_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \
|| curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES} | grep -o -E "https://.+?v${TERRAFORM_DOCS_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \
) && tar -xzf terraform-docs.tgz terraform-docs && rm terraform-docs.tgz && chmod +x terraform-docs \
; fi
@ -97,9 +97,9 @@ RUN . /.env && \
RUN . /.env \
&& if [ "$TERRAGRUNT_VERSION" != "false" ]; then \
( \
TERRAGRUNT_RELEASES="https://api.github.com/repos/gruntwork-io/terragrunt/releases" && \
[ "$TERRAGRUNT_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAGRUNT_RELEASES}/latest | grep -o -E -m 1 "https://.+?/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \
|| curl -L "$(curl -s ${TERRAGRUNT_RELEASES} | grep -o -E -m 1 "https://.+?v${TERRAGRUNT_VERSION}/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \
TERRAGRUNT_RELEASES="https://api.github.com/repos/gruntwork-io/terragrunt/releases" && \
[ "$TERRAGRUNT_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAGRUNT_RELEASES}/latest | grep -o -E -m 1 "https://.+?/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \
|| curl -L "$(curl -s ${TERRAGRUNT_RELEASES} | grep -o -E -m 1 "https://.+?v${TERRAGRUNT_VERSION}/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \
) && chmod +x terragrunt \
; fi
@ -111,9 +111,9 @@ RUN . /.env && \
# Convert the first letter to Uppercase
OS="$(echo ${TARGETOS} | cut -c1 | tr '[:lower:]' '[:upper:]' | xargs echo -n; echo ${TARGETOS} | cut -c2-)"; \
( \
TERRASCAN_RELEASES="https://api.github.com/repos/tenable/terrascan/releases" && \
[ "$TERRASCAN_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRASCAN_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \
|| curl -L "$(curl -s ${TERRASCAN_RELEASES} | grep -o -E "https://.+?${TERRASCAN_VERSION}_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \
TERRASCAN_RELEASES="https://api.github.com/repos/tenable/terrascan/releases" && \
[ "$TERRASCAN_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRASCAN_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \
|| curl -L "$(curl -s ${TERRASCAN_RELEASES} | grep -o -E "https://.+?${TERRASCAN_VERSION}_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \
) && tar -xzf terrascan.tar.gz terrascan && rm terrascan.tar.gz && \
./terrascan init \
; fi
@ -122,9 +122,9 @@ RUN . /.env && \
RUN . /.env && \
if [ "$TFLINT_VERSION" != "false" ]; then \
( \
TFLINT_RELEASES="https://api.github.com/repos/terraform-linters/tflint/releases" && \
[ "$TFLINT_VERSION" = "latest" ] && curl -L "$(curl -s ${TFLINT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \
|| curl -L "$(curl -s ${TFLINT_RELEASES} | grep -o -E "https://.+?/v${TFLINT_VERSION}/tflint_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \
TFLINT_RELEASES="https://api.github.com/repos/terraform-linters/tflint/releases" && \
[ "$TFLINT_VERSION" = "latest" ] && curl -L "$(curl -s ${TFLINT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \
|| curl -L "$(curl -s ${TFLINT_RELEASES} | grep -o -E "https://.+?/v${TFLINT_VERSION}/tflint_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \
) && unzip tflint.zip && rm tflint.zip \
; fi
@ -132,9 +132,9 @@ RUN . /.env && \
RUN . /.env && \
if [ "$TFSEC_VERSION" != "false" ]; then \
( \
TFSEC_RELEASES="https://api.github.com/repos/aquasecurity/tfsec/releases" && \
[ "$TFSEC_VERSION" = "latest" ] && curl -L "$(curl -s ${TFSEC_RELEASES}/latest | grep -o -E -m 1 "https://.+?/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \
|| curl -L "$(curl -s ${TFSEC_RELEASES} | grep -o -E -m 1 "https://.+?v${TFSEC_VERSION}/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \
TFSEC_RELEASES="https://api.github.com/repos/aquasecurity/tfsec/releases" && \
[ "$TFSEC_VERSION" = "latest" ] && curl -L "$(curl -s ${TFSEC_RELEASES}/latest | grep -o -E -m 1 "https://.+?/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \
|| curl -L "$(curl -s ${TFSEC_RELEASES} | grep -o -E -m 1 "https://.+?v${TFSEC_VERSION}/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \
) && chmod +x tfsec \
; fi
@ -143,9 +143,9 @@ RUN . /.env && \
if [ "$TRIVY_VERSION" != "false" ]; then \
if [ "$TARGETARCH" != "amd64" ]; then ARCH="$TARGETARCH"; else ARCH="64bit"; fi; \
( \
TRIVY_RELEASES="https://api.github.com/repos/aquasecurity/trivy/releases" && \
[ "$TRIVY_VERSION" = "latest" ] && curl -L "$(curl -s ${TRIVY_RELEASES}/latest | grep -o -E -i -m 1 "https://.+?/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \
|| curl -L "$(curl -s ${TRIVY_RELEASES} | grep -o -E -i -m 1 "https://.+?/v${TRIVY_VERSION}/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \
TRIVY_RELEASES="https://api.github.com/repos/aquasecurity/trivy/releases" && \
[ "$TRIVY_VERSION" = "latest" ] && curl -L "$(curl -s ${TRIVY_RELEASES}/latest | grep -o -E -i -m 1 "https://.+?/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \
|| curl -L "$(curl -s ${TRIVY_RELEASES} | grep -o -E -i -m 1 "https://.+?/v${TRIVY_VERSION}/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \
) && tar -xzf trivy.tar.gz trivy && rm trivy.tar.gz \
; fi
@ -153,9 +153,9 @@ RUN . /.env && \
RUN . /.env && \
if [ "$TFUPDATE_VERSION" != "false" ]; then \
( \
TFUPDATE_RELEASES="https://api.github.com/repos/minamijoyo/tfupdate/releases" && \
[ "$TFUPDATE_VERSION" = "latest" ] && curl -L "$(curl -s ${TFUPDATE_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \
|| curl -L "$(curl -s ${TFUPDATE_RELEASES} | grep -o -E -m 1 "https://.+?${TFUPDATE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \
TFUPDATE_RELEASES="https://api.github.com/repos/minamijoyo/tfupdate/releases" && \
[ "$TFUPDATE_VERSION" = "latest" ] && curl -L "$(curl -s ${TFUPDATE_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \
|| curl -L "$(curl -s ${TFUPDATE_RELEASES} | grep -o -E -m 1 "https://.+?${TFUPDATE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \
) && tar -xzf tfupdate.tgz tfupdate && rm tfupdate.tgz \
; fi
@ -163,9 +163,9 @@ RUN . /.env && \
RUN . /.env && \
if [ "$HCLEDIT_VERSION" != "false" ]; then \
( \
HCLEDIT_RELEASES="https://api.github.com/repos/minamijoyo/hcledit/releases" && \
[ "$HCLEDIT_VERSION" = "latest" ] && curl -L "$(curl -s ${HCLEDIT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \
|| curl -L "$(curl -s ${HCLEDIT_RELEASES} | grep -o -E -m 1 "https://.+?${HCLEDIT_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \
HCLEDIT_RELEASES="https://api.github.com/repos/minamijoyo/hcledit/releases" && \
[ "$HCLEDIT_VERSION" = "latest" ] && curl -L "$(curl -s ${HCLEDIT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \
|| curl -L "$(curl -s ${HCLEDIT_RELEASES} | grep -o -E -m 1 "https://.+?${HCLEDIT_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \
) && tar -xzf hcledit.tgz hcledit && rm hcledit.tgz \
; fi
@ -208,9 +208,8 @@ COPY --from=builder \
/usr/local/bin/pre-commit \
# Hooks and terraform binaries
/bin_dir/ \
/usr/bin/tofu \
/usr/local/bin/checkov* \
/usr/bin/
/usr/bin/
# Copy pre-commit packages
COPY --from=builder /usr/local/lib/python3.12/site-packages/ /usr/local/lib/python3.12/site-packages/
# Copy terrascan policies
@ -218,10 +217,10 @@ COPY --from=builder /root/ /root/
# Install hooks extra deps
RUN if [ "$(grep -o '^terraform-docs SKIPPED$' /usr/bin/tools_versions_info)" = "" ]; then \
apk add --no-cache perl=~5 \
apk add --no-cache perl=~5 \
; fi && \
if [ "$(grep -o '^infracost SKIPPED$' /usr/bin/tools_versions_info)" = "" ]; then \
apk add --no-cache jq=~1 \
apk add --no-cache jq=~1 \
; fi && \
# Fix git runtime fatal:
# unsafe repository ('/lint' is owned by someone else)
@ -235,4 +234,3 @@ ENV INFRACOST_API_KEY=${INFRACOST_API_KEY:-}
ENV INFRACOST_SKIP_UPDATE_CHECK=${INFRACOST_SKIP_UPDATE_CHECK:-false}
ENTRYPOINT [ "/entrypoint.sh" ]

12
README.md
View file

@ -76,7 +76,7 @@ If you are using `pre-commit-opentofu` already or want to support its developmen
```bash
TAG=latest
docker pull tofuutils/pre-commit-opentofu:$TAG
docker pull ghcr.io/tofuutils/pre-commit-opentofu:$TAG
```
All available tags [here](https://github.com/tofuutils/pre-commit-opentofu/pkgs/container/pre-commit-opentofu/versions).
@ -256,14 +256,14 @@ Or, using Docker ([available tags](https://github.com/tofuutils/pre-commit-opent
```bash
TAG=latest
docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint tofuutils/pre-commit-opentofu:$TAG run -a
docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:$TAG run -a
```
Execute this command to list the versions of the tools in Docker:
```bash
TAG=latest
docker run --rm --entrypoint cat tofuutils/pre-commit-opentofu:$TAG /usr/bin/tools_versions_info
docker run --rm --entrypoint cat ghcr.io/tofuutils/pre-commit-opentofu:$TAG /usr/bin/tools_versions_info
```
## Available Hooks
@ -552,7 +552,7 @@ To replicate functionality in `tofu_docs` hook:
- --args=--config=.terraform-docs.yml
```
### tofu_fmt
### terraftofu_fmtorm_fmt
1. `tofu_fmt` supports custom arguments so you can pass [supported flags](https://www.terraform.io/docs/cli/commands/fmt.html#usage). Eg:
@ -997,7 +997,7 @@ The [recommended command](#4-run) to run the Docker container is:
```bash
TAG=latest
docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint tofuutils/pre-commit-opentofu:$TAG run -a
docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:$TAG run -a
```
which uses your current session's user ID and group ID to set the variable in the run command. Without this setting, you may find files and directories owned by `root` in your local repository.
@ -1041,7 +1041,7 @@ Finally, you can execute `docker run` with an additional volume mount so that th
# run pre-commit-opentofu with docker
# adding volume for .netrc file
# .netrc needs to be in /root/ dir
docker run --rm -e "USERID=$(id -u):$(id -g)" -v ~/.netrc:/root/.netrc -v $(pwd):/lint -w /lint tofuutils/pre-commit-opentofu:latest run -a
docker run --rm -e "USERID=$(id -u):$(id -g)" -v ~/.netrc:/root/.netrc -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:latest run -a
```
## Authors

13
hooks/infracost_breakdown.sh
View file

@ -70,24 +70,19 @@ function infracost_breakdown_ {
# -h .totalHourlyCost > 0.1
# --hook-config=.currency == "USD"
first_char=${check:0:1}
last_char=${check:$((${#check} - 1)):1}
last_char=${check: -1}
if [ "$first_char" == "$last_char" ] && {
[ "$first_char" == '"' ] || [ "$first_char" == "'" ]
}; then
check="${check:1:$((${#check} - 2))}"
check="${check:1:-1}"
fi
# Replace mapfile with while read loop for bash 3.2 compatibility
operations=()
while IFS= read -r line; do
operations+=("$line")
done < <(echo "$check" | grep -oE '[!<>=]{1,2}')
mapfile -t operations < <(echo "$check" | grep -oE '[!<>=]{1,2}')
# Get the very last operator, that is used in comparison inside `jq` query.
# From the example below we need to pick the `>` which is in between `add` and `1000`,
# but not the `!=`, which goes earlier in the `jq` expression
# [.projects[].diff.totalMonthlyCost | select (.!=null) | tonumber] | add > 1000
operation=${operations[$((${#operations[@]} - 1))]}
operation=${operations[-1]}
IFS="$operation" read -r -a jq_check <<< "$check"
real_value="$(jq "${jq_check[0]}" <<< "$RESULTS")"

234
hooks/tofu_docs.sh
View file

@ -26,17 +26,18 @@ function main {
ARGS[i]=${ARGS[i]/--config=/--config=$(pwd)\/}
done
# shellcheck disable=SC2153 # False positive
tofu_check_ "${HOOK_CONFIG[*]}" "${ARGS[*]}" "${FILES[@]}"
terraform_docs_ "${HOOK_CONFIG[*]}" "${ARGS[*]}" "${FILES[@]}"
}
#######################################################################
# TODO Function which checks `terraform-docs` exists
# TODO Function which prepares hacks for old versions of `terraform` and
# `terraform-docs` that them call `terraform_docs`
# Arguments:
# hook_config (string with array) arguments that configure hook behavior
# args (string with array) arguments that configure wrapped tool behavior
# files (array) filenames to check
#######################################################################
function tofu_check_ {
function tofu_docs_ {
local -r hook_config="$1"
local -r args="$2"
shift 2
@ -45,12 +46,40 @@ function tofu_check_ {
# Get hook settings
IFS=";" read -r -a configs <<< "$hook_config"
local hack_tofu_docs
hack_terraform_docs=$(tofu version | sed -n 1p | grep -c 0.12) || true
if [[ ! $(command -v terraform-docs) ]]; then
echo "ERROR: terraform-docs is required by tofu_docs pre-commit hook but is not installed or in the system's PATH."
echo "ERROR: terraform-docs is required by terraform_docs pre-commit hook but is not installed or in the system's PATH."
exit 1
fi
tofu_docs "${configs[*]}" "${args[*]}" "${files[@]}"
local is_old_terraform_docs
is_old_terraform_docs=$(terraform-docs version | grep -o "v0.[1-7]\." | tail -1) || true
if [[ -z "$is_old_terraform_docs" ]]; then # Using terraform-docs 0.8+ (preferred)
terraform_docs "0" "${configs[*]}" "$args" "${files[@]}"
elif [[ "$hack_terraform_docs" == "1" ]]; then # Using awk script because terraform-docs is older than 0.8 and terraform 0.12 is used
if [[ ! $(command -v awk) ]]; then
# TODO: pls check it
echo "ERROR: awk is required for terraform-docs hack to work with Terraform 0.12."
exit 1
fi
local tmp_file_awk
tmp_file_awk=$(mktemp "${TMPDIR:-/tmp}/tofu-docs-XXXXXXXXXX")
tofu_docs_awk "$tmp_file_awk"
tofu_docs "$tmp_file_awk" "${configs[*]}" "$args" "${files[@]}"
rm -f "$tmp_file_awk"
else # Using terraform 0.11 and no awk script is needed for that
# TODO: should be deleted for OpenTofu.
tofu_docs "0" "${configs[*]}" "$args" "${files[@]}"
fi
}
#######################################################################
@ -58,14 +87,18 @@ function tofu_check_ {
# (depends on provided hook_config) OpenTofu documentation in
# markdown format
# Arguments:
# terraform_docs_awk_file (string) filename where awk hack for old
# `terraform-docs` was written. Needed for TF 0.12+.
# Hack skipped when `tofu_docs_awk_file == "0"`
# hook_config (string with array) arguments that configure hook behavior
# args (string with array) arguments that configure wrapped tool behavior
# files (array) filenames to check
#######################################################################
function tofu_docs {
local -r hook_config="$1"
local -r args="$2"
shift 2
local -r tofu_docs_awk_file="$1"
local -r hook_config="$2"
local args="$3"
shift 3
local -a -r files=("$@")
local -a paths
@ -155,7 +188,7 @@ function tofu_docs {
#
if $create_if_not_exist && [[ ! -f "$text_file" ]]; then
dir_have_tf_files="$(
find . -maxdepth 1 -type f | sed 's|.*\.||' | sort -u | grep -oE '^tofu|^tf$|^tfvars$' ||
find . -maxdepth 1 -type f | sed 's|.*\.||' | sort -u | grep -oE '^tf$|^tfvars$' ||
exit 0
)"
@ -191,8 +224,22 @@ function tofu_docs {
fi
fi
# shellcheck disable=SC2086
terraform-docs $tf_docs_formatter $args ./ > "$tmp_file"
if [[ "$terraform_docs_awk_file" == "0" ]]; then
# shellcheck disable=SC2086
terraform-docs $tf_docs_formatter $args ./ > "$tmp_file"
else
# Can't append extension for mktemp, so renaming instead
local tmp_file_docs
tmp_file_docs=$(mktemp "${TMPDIR:-/tmp}/tofu-docs-XXXXXXXXXX")
mv "$tmp_file_docs" "$tmp_file_docs.tf"
local tmp_file_docs_tf
tmp_file_docs_tf="$tmp_file_docs.tf"
awk -f "$terraform_docs_awk_file" ./*.tf > "$tmp_file_docs_tf"
# shellcheck disable=SC2086
terraform-docs $tf_docs_formatter $args "$tmp_file_docs_tf" > "$tmp_file"
rm -f "$tmp_file_docs_tf"
fi
# Use of insertion markers to insert the terraform-docs output between the markers
# Replace content between markers with the placeholder - https://stackoverflow.com/questions/1212799/how-do-i-extract-lines-between-two-line-delimiters-in-perl#1212834
@ -211,4 +258,169 @@ function tofu_docs {
rm -f "$config_file_no_color"
}
#######################################################################
# Function which creates file with `awk` hacks for old versions of
# `terraform-docs`
# Arguments:
# output_file (string) filename where hack will be written to
#######################################################################
function tofu_docs_awk {
local -r output_file=$1
cat << "EOF" > "$output_file"
# This script converts Terraform 0.12 variables/outputs to something suitable for `terraform-docs`
# As of terraform-docs v0.6.0, HCL2 is not supported. This script is a *dirty hack* to get around it.
# https://github.com/terraform-docs/terraform-docs/
# https://github.com/terraform-docs/terraform-docs/issues/62
# Script was originally found here: https://github.com/cloudposse/build-harness/blob/master/bin/terraform-docs.awk
{
if ( $0 ~ /\{/ ) {
braceCnt++
}
if ( $0 ~ /\}/ ) {
braceCnt--
}
# ----------------------------------------------------------------------------------------------
# variable|output "..." {
# ----------------------------------------------------------------------------------------------
# [END] variable/output block
if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
if (braceCnt == 0 && blockCnt > 0) {
blockCnt--
print $0
}
}
# [START] variable or output block started
if ($0 ~ /^[[:space:]]*(variable|output)[[:space:]][[:space:]]*"(.*?)"/) {
# Normalize the braceCnt and block (should be 1 now)
braceCnt = 1
blockCnt = 1
# [CLOSE] "default" and "type" block
blockDefaultCnt = 0
blockTypeCnt = 0
# Print variable|output line
print $0
}
# ----------------------------------------------------------------------------------------------
# default = ...
# ----------------------------------------------------------------------------------------------
# [END] multiline "default" continues/ends
if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt > 0) {
print $0
# Count opening blocks
blockDefaultCnt += gsub(/\(/, "")
blockDefaultCnt += gsub(/\[/, "")
blockDefaultCnt += gsub(/\{/, "")
# Count closing blocks
blockDefaultCnt -= gsub(/\)/, "")
blockDefaultCnt -= gsub(/\]/, "")
blockDefaultCnt -= gsub(/\}/, "")
}
# [START] multiline "default" statement started
if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
if ($0 ~ /^[[:space:]][[:space:]]*(default)[[:space:]][[:space:]]*=/) {
if ($3 ~ "null") {
print " default = \"null\""
} else {
print $0
# Count opening blocks
blockDefaultCnt += gsub(/\(/, "")
blockDefaultCnt += gsub(/\[/, "")
blockDefaultCnt += gsub(/\{/, "")
# Count closing blocks
blockDefaultCnt -= gsub(/\)/, "")
blockDefaultCnt -= gsub(/\]/, "")
blockDefaultCnt -= gsub(/\}/, "")
}
}
}
# ----------------------------------------------------------------------------------------------
# type = ...
# ----------------------------------------------------------------------------------------------
# [END] multiline "type" continues/ends
if (blockCnt > 0 && blockTypeCnt > 0 && blockDefaultCnt == 0) {
# The following 'print $0' would print multiline type definitions
#print $0
# Count opening blocks
blockTypeCnt += gsub(/\(/, "")
blockTypeCnt += gsub(/\[/, "")
blockTypeCnt += gsub(/\{/, "")
# Count closing blocks
blockTypeCnt -= gsub(/\)/, "")
blockTypeCnt -= gsub(/\]/, "")
blockTypeCnt -= gsub(/\}/, "")
}
# [START] multiline "type" statement started
if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
if ($0 ~ /^[[:space:]][[:space:]]*(type)[[:space:]][[:space:]]*=/ ) {
if ($3 ~ "object") {
print " type = \"object\""
} else {
# Convert multiline stuff into single line
if ($3 ~ /^[[:space:]]*list[[:space:]]*\([[:space:]]*$/) {
type = "list"
} else if ($3 ~ /^[[:space:]]*string[[:space:]]*\([[:space:]]*$/) {
type = "string"
} else if ($3 ~ /^[[:space:]]*map[[:space:]]*\([[:space:]]*$/) {
type = "map"
} else {
type = $3
}
# legacy quoted types: "string", "list", and "map"
if (type ~ /^[[:space:]]*"(.*?)"[[:space:]]*$/) {
print " type = " type
} else {
print " type = \"" type "\""
}
}
# Count opening blocks
blockTypeCnt += gsub(/\(/, "")
blockTypeCnt += gsub(/\[/, "")
blockTypeCnt += gsub(/\{/, "")
# Count closing blocks
blockTypeCnt -= gsub(/\)/, "")
blockTypeCnt -= gsub(/\]/, "")
blockTypeCnt -= gsub(/\}/, "")
}
}
# ----------------------------------------------------------------------------------------------
# description = ...
# ----------------------------------------------------------------------------------------------
# [PRINT] single line "description"
if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
if ($0 ~ /^[[:space:]][[:space:]]*description[[:space:]][[:space:]]*=/) {
print $0
}
}
# ----------------------------------------------------------------------------------------------
# value = ...
# ----------------------------------------------------------------------------------------------
## [PRINT] single line "value"
#if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
# if ($0 ~ /^[[:space:]][[:space:]]*value[[:space:]][[:space:]]*=/) {
# print $0
# }
#}
# ----------------------------------------------------------------------------------------------
# Newlines, comments, everything else
# ----------------------------------------------------------------------------------------------
#if (blockTypeCnt == 0 && blockDefaultCnt == 0) {
# Comments with '#'
if ($0 ~ /^[[:space:]]*#/) {
print $0
}
# Comments with '//'
if ($0 ~ /^[[:space:]]*\/\//) {
print $0
}
# Newlines
if ($0 ~ /^[[:space:]]*$/) {
print $0
}
#}
}
EOF
}
[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"

41
hooks/tofu_docs_replace.py
View file

@ -7,41 +7,30 @@ import sys
def main(argv=None):
parser = argparse.ArgumentParser(
description="""Run terraform-docs on a set of files. Follows the standard convention of
pulling the documentation from main.(tf|tofu) in order to replace the entire
pulling the documentation from main.tf in order to replace the entire
README.md file each time."""
)
parser.add_argument(
"--dest",
dest="dest",
default="README.md",
'--dest', dest='dest', default='README.md',
)
parser.add_argument(
"--sort-inputs-by-required",
dest="sort",
action="store_true",
help="[deprecated] use --sort-by-required instead",
'--sort-inputs-by-required', dest='sort', action='store_true',
help='[deprecated] use --sort-by-required instead',
)
parser.add_argument(
"--sort-by-required",
dest="sort",
action="store_true",
'--sort-by-required', dest='sort', action='store_true',
)
parser.add_argument(
"--with-aggregate-type-defaults",
dest="aggregate",
action="store_true",
help="[deprecated]",
'--with-aggregate-type-defaults', dest='aggregate', action='store_true',
help='[deprecated]',
)
parser.add_argument("filenames", nargs="*", help="Filenames to check.")
parser.add_argument('filenames', nargs='*', help='Filenames to check.')
args = parser.parse_args(argv)
dirs = []
for filename in args.filenames:
if os.path.realpath(filename) not in dirs and (
filename.endswith(".tf")
or filename.endswith(".tofu")
or filename.endswith(".tfvars")
):
if (os.path.realpath(filename) not in dirs and
(filename.endswith(".tf") or filename.endswith(".tfvars"))):
dirs.append(os.path.dirname(filename))
retval = 0
@ -49,12 +38,12 @@ def main(argv=None):
for dir in dirs:
try:
procArgs = []
procArgs.append("terraform-docs")
procArgs.append('terraform-docs')
if args.sort:
procArgs.append("--sort-by-required")
procArgs.append("md")
procArgs.append('--sort-by-required')
procArgs.append('md')
procArgs.append("./{dir}".format(dir=dir))
procArgs.append(">")
procArgs.append('>')
procArgs.append("./{dir}/{dest}".format(dir=dir, dest=args.dest))
subprocess.check_call(" ".join(procArgs), shell=True)
except subprocess.CalledProcessError as e:
@ -63,5 +52,5 @@ def main(argv=None):
return retval
if __name__ == "__main__":
if __name__ == '__main__':
sys.exit(main())

4
hooks/tofu_wrapper_module_for_each.sh
View file

@ -312,10 +312,10 @@ EOF
# Read content of all OpenTofu files
# shellcheck disable=SC2207
all_tf_content=$(find "${full_module_dir}" -regex '.*\.(tf|tofu)' -maxdepth 1 -type f -exec cat {} +)
all_tf_content=$(find "${full_module_dir}" -name '*.tf' -maxdepth 1 -type f -exec cat {} +)
if [[ ! $all_tf_content ]]; then
common::colorify "yellow" "Skipping ${full_module_dir} because there are no *.(tf|tofu) files."
common::colorify "yellow" "Skipping ${full_module_dir} because there are no *.tf files."
continue
fi