remote/pre-commit-opentofu
1
0
Fork 1
mirror of https://github.com/tofuutils/pre-commit-opentofu.git synced 2026-06-06 08:56:54 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix: expand file extension patterns for tofu hooks

Browse source 
Update file matching patterns in .pre-commit-hooks.yaml to support .tofu,
.tfvars, and other relevant extensions for OpenTofu workflows. Also clarify
log message in tofu_wrapper_module_for_each.sh for missing files.

Signed-off-by: Michael Rosenfeld <michael@rosesecurity.com>
This commit is contained in:
Michael Rosenfeld 2026-05-24 21:48:09 -04:00
commit 451aaa59b5
No known key found for this signature in database
GPG key ID: C17037A434741480
2 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

18
.pre-commit-hooks.yaml
View file

@ -4,7 +4,7 @@
entry: hooks/infracost_breakdown.sh entry: hooks/infracost_breakdown.sh
language: script language: script
require_serial: true require_serial: true
files: \.((tf|tofu)(vars)?|hcl)$ files: \.(tf|tofu|tfvars|hcl)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: tofu_fmt - id: tofu_fmt
@ -12,7 +12,7 @@
description: Rewrites all OpenTofu configuration files to a canonical format. description: Rewrites all OpenTofu configuration files to a canonical format.
entry: hooks/tofu_fmt.sh entry: hooks/tofu_fmt.sh
language: script language: script
files: \.(tf|tofu)(vars)?$ files: \.(tf|tofu|tfvars|(tftest|tofutest|tfmock|tfquery)\.hcl)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: tofu_docs - id: tofu_docs
@ -23,7 +23,7 @@
require_serial: true require_serial: true
entry: hooks/tofu_docs.sh entry: hooks/tofu_docs.sh
language: script language: script
files: (\.(tf|tofu)|\.terraform\.lock\.hcl)$ files: \.(tf|tofu|terraform\.lock\.hcl)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: tofu_docs_without_aggregate_type_defaults - id: tofu_docs_without_aggregate_type_defaults
@ -52,7 +52,7 @@
require_serial: true require_serial: true
entry: hooks/tofu_validate.sh entry: hooks/tofu_validate.sh
language: script language: script
files: \.(tf|tofu)(vars)?$ files: \.(tf|tofu|tfvars|terraform\.lock\.hcl)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: tofu_providers_lock - id: tofu_providers_lock
@ -70,7 +70,7 @@
require_serial: true require_serial: true
entry: hooks/tofu_tflint.sh entry: hooks/tofu_tflint.sh
language: script language: script
files: \.(tf|tofu)(vars)?$ files: \.(tf|tofu|tfvars)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: terragrunt_fmt - id: terragrunt_fmt
@ -104,7 +104,7 @@
Static analysis of OpenTofu templates to spot potential security issues. Static analysis of OpenTofu templates to spot potential security issues.
require_serial: true require_serial: true
entry: hooks/tofu_tfsec.sh entry: hooks/tofu_tfsec.sh
files: \.(tf|tofu)(vars)?$ files: \.(tf|tofu|tfvars)$
language: script language: script
- id: tofu_trivy - id: tofu_trivy
@ -113,7 +113,7 @@
Static analysis of OpenTofu templates to spot potential security issues. Static analysis of OpenTofu templates to spot potential security issues.
require_serial: true require_serial: true
entry: hooks/tofu_trivy.sh entry: hooks/tofu_trivy.sh
files: \.(tf|tofu)(vars)?$ files: \.(tf|tofu|tfvars)$
language: script language: script
- id: checkov - id: checkov
@ -123,7 +123,7 @@
language: python language: python
pass_filenames: false pass_filenames: false
always_run: false always_run: false
files: \.tf$ files: \.(tf|tofu)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
require_serial: true require_serial: true
@ -145,7 +145,7 @@
pass_filenames: false pass_filenames: false
always_run: false always_run: false
require_serial: true require_serial: true
files: \.tf$ files: \.(tf|tofu)$
exclude: \.terraform\/.*$ exclude: \.terraform\/.*$
- id: terrascan - id: terrascan

2
hooks/tofu_wrapper_module_for_each.sh
View file

@ -315,7 +315,7 @@ EOF
all_tf_content=$(find "${full_module_dir}" -regex '.*\.(tf|tofu)' -maxdepth 1 -type f -exec cat {} +) all_tf_content=$(find "${full_module_dir}" -regex '.*\.(tf|tofu)' -maxdepth 1 -type f -exec cat {} +)
if [[ ! $all_tf_content ]]; then if [[ ! $all_tf_content ]]; then
common::colorify "yellow" "Skipping ${full_module_dir} because there are no *.(tf|tofu) files." common::colorify "yellow" "Skipping ${full_module_dir} because there are no .tf or .tofu files."
continue continue
fi fi