From fc98a63dd8cad6d88444433b37387435507150dc Mon Sep 17 00:00:00 2001 From: SOHAN-cyber <66588130+SOHAN-cyber@users.noreply.github.com> Date: Tue, 24 Sep 2024 21:57:46 +0530 Subject: [PATCH 01/46] Update Dockerfile --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0f7426d..1fd6207 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,8 +24,9 @@ RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-comm RUN curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \ && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ - && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ - && mv tofu /usr/bin/tofu + && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/tofu \ + && rm "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" \ + && rm "tofu_${TOFU_VERSION}_SHA256SUMS" # # Install tools @@ -208,6 +209,7 @@ COPY --from=builder \ /usr/local/bin/pre-commit \ # Hooks and terraform binaries /bin_dir/ \ + /usr/bin/tofu \ /usr/local/bin/checkov* \ /usr/bin/ # Copy pre-commit packages From d2f129a4be155422bf3a06809b81b6cda6e31f07 Mon Sep 17 00:00:00 2001 From: SOHAN-cyber <66588130+SOHAN-cyber@users.noreply.github.com> Date: Tue, 24 Sep 2024 21:59:24 +0530 Subject: [PATCH 02/46] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1fd6207..7444d07 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,7 @@ RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-comm RUN curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \ && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ - && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/tofu \ + && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/ \ && rm "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" \ && rm "tofu_${TOFU_VERSION}_SHA256SUMS" From 14fc63eb5b04e3ad1525d06e437b15935841775f Mon Sep 17 00:00:00 2001 From: SOHAN-cyber <66588130+SOHAN-cyber@users.noreply.github.com> Date: Tue, 24 Sep 2024 22:10:26 +0530 Subject: [PATCH 03/46] feat(tofu): add handling for missing tofu binary in Docker image This commit introduces logic to gracefully handle the case when the tofu binary is not found in the Docker image, improving the overall user experience. BREAKING CHANGE: The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes. git commit -m "feat(tofu): add handling for missing tofu binary in Docker image This commit introduces logic to gracefully handle the case when the tofu binary is not found in the Docker image, improving the overall user experience. BREAKING CHANGE: The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes." --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7444d07..39255fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,6 @@ ARG TOFU_VERSION=${TOFU_VERSION:-1.6.1} RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-commit \ || pip3 install --no-cache-dir pre-commit==${PRE_COMMIT_VERSION} - RUN curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \ && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ From 81b78c8fd708225995ac1568dd2ba5e15770d12e Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 25 Sep 2024 00:39:10 +0000 Subject: [PATCH 04/46] chore(release): version 2.0.0 [skip ci] # [2.0.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.4...v2.0.0) (2024-09-25) ### Features * **tofu:** add handling for missing tofu binary in Docker image This commit introduces logic to gracefully handle the case when the tofu binary is not found in the Docker image, improving the overall user experience. BREAKING CHANGE: The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes. ([14fc63e](https://github.com/tofuutils/pre-commit-opentofu/commit/14fc63eb5b04e3ad1525d06e437b15935841775f)) ### BREAKING CHANGES * **tofu:** The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes." --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 995d405..e02f1ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. +# [2.0.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.4...v2.0.0) (2024-09-25) + + +### Features + +* **tofu:** add handling for missing tofu binary in Docker image This commit introduces logic to gracefully handle the case when the tofu binary is not found in the Docker image, improving the overall user experience. BREAKING CHANGE: The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes. ([14fc63e](https://github.com/tofuutils/pre-commit-opentofu/commit/14fc63eb5b04e3ad1525d06e437b15935841775f)) + + +### BREAKING CHANGES + +* **tofu:** The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes." + ## [1.0.4](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.3...v1.0.4) (2024-09-21) From e059c5859bceddf1ca018f55851f6940ad51f1c2 Mon Sep 17 00:00:00 2001 From: "T. Hinrichsmeyer" Date: Wed, 2 Oct 2024 15:05:21 +0200 Subject: [PATCH 05/46] feat: spport .tofu files (#6) Signed-off-by: T. Hinrichsmeyer --- .pre-commit-hooks.yaml | 41 ++++++++++++++++----------- hooks/tofu_docs.sh | 2 +- hooks/tofu_docs_replace.py | 41 +++++++++++++++++---------- hooks/tofu_wrapper_module_for_each.sh | 4 +-- 4 files changed, 53 insertions(+), 35 deletions(-) diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 0dbc918..c5c5f66 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -4,7 +4,7 @@ entry: hooks/infracost_breakdown.sh language: script require_serial: true - files: \.(tf(vars)?|hcl)$ + files: \.((tf|tofu)(vars)?|hcl)$ exclude: \.terraform\/.*$ - id: tofu_fmt @@ -12,25 +12,29 @@ description: Rewrites all OpenTofu configuration files to a canonical format. entry: hooks/tofu_fmt.sh language: script - files: (\.tf|\.tfvars)$ + files: \.(tf|tofu)(vars)?$ exclude: \.terraform\/.*$ - id: tofu_docs name: OpenTofu docs - description: Inserts input and output documentation into README.md (using terraform-docs). + description: + Inserts input and output documentation into README.md (using + terraform-docs). require_serial: true entry: hooks/tofu_docs.sh language: script - files: (\.tf|\.terraform\.lock\.hcl)$ + files: (\.(tf|tofu)|\.terraform\.lock\.hcl)$ exclude: \.terraform\/.*$ - id: tofu_docs_without_aggregate_type_defaults name: OpenTofu docs (without aggregate type defaults) - description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs. + description: + Inserts input and output documentation into README.md (using + terraform-docs). Identical to terraform_docs. require_serial: true entry: hooks/tofu_docs.sh language: script - files: (\.tf)$ + files: \.(tf|tofu)$ exclude: \.terraform\/.*$ - id: tofu_docs_replace @@ -39,7 +43,7 @@ require_serial: true entry: hooks/tofu_docs_replace.py language: python - files: (\.tf)$ + files: \.(tf|tofu)$ exclude: \.terraform\/.*$ - id: tofu_validate @@ -48,7 +52,7 @@ require_serial: true entry: hooks/tofu_validate.sh language: script - files: (\.tf|\.tfvars)$ + files: \.(tf|tofu)(vars)?$ exclude: \.terraform\/.*$ - id: tofu_providers_lock @@ -66,12 +70,13 @@ require_serial: true entry: hooks/tofu_tflint.sh language: script - files: (\.tf|\.tfvars)$ + files: \.(tf|tofu)(vars)?$ exclude: \.terraform\/.*$ - id: terragrunt_fmt name: Terragrunt fmt - description: Rewrites all Terragrunt configuration files to a canonical format. + description: + Rewrites all Terragrunt configuration files to a canonical format. entry: hooks/terragrunt_fmt.sh language: script files: (\.hcl)$ @@ -87,18 +92,20 @@ - id: tofu_tfsec name: OpenTofu validate with tfsec (deprecated, use "tofu_trivy") - description: Static analysis of OpenTofu templates to spot potential security issues. + description: + Static analysis of OpenTofu templates to spot potential security issues. require_serial: true entry: hooks/tofu_tfsec.sh - files: \.tf(vars)?$ + files: \.(tf|tofu)(vars)?$ language: script - id: tofu_trivy name: OpenTofu validate with trivy - description: Static analysis of OpenTofu templates to spot potential security issues. + description: + Static analysis of OpenTofu templates to spot potential security issues. require_serial: true entry: hooks/tofu_trivy.sh - files: \.tf(vars)?$ + files: \.(tf|tofu)(vars)?$ language: script - id: checkov @@ -118,7 +125,7 @@ entry: hooks/tofu_checkov.sh language: script always_run: false - files: \.tf$ + files: \.(tf|tofu)$ exclude: \.terraform\/.*$ require_serial: true @@ -138,7 +145,7 @@ description: Runs terrascan on OpenTofu templates. language: script entry: hooks/terrascan.sh - files: \.tf$ + files: \.(tf|tofu)$ exclude: \.terraform\/.*$ require_serial: true @@ -149,5 +156,5 @@ entry: hooks/tfupdate.sh args: - --args=terraform - files: \.tf$ + files: \.(tf|tofu)$ require_serial: true diff --git a/hooks/tofu_docs.sh b/hooks/tofu_docs.sh index b7c9e30..8b8d136 100755 --- a/hooks/tofu_docs.sh +++ b/hooks/tofu_docs.sh @@ -155,7 +155,7 @@ function tofu_docs { # if $create_if_not_exist && [[ ! -f "$text_file" ]]; then dir_have_tf_files="$( - find . -maxdepth 1 -type f | sed 's|.*\.||' | sort -u | grep -oE '^tf$|^tfvars$' || + find . -maxdepth 1 -type f | sed 's|.*\.||' | sort -u | grep -oE '^tofu|^tf$|^tfvars$' || exit 0 )" diff --git a/hooks/tofu_docs_replace.py b/hooks/tofu_docs_replace.py index a9cf6c9..26f1d06 100644 --- a/hooks/tofu_docs_replace.py +++ b/hooks/tofu_docs_replace.py @@ -7,30 +7,41 @@ import sys def main(argv=None): parser = argparse.ArgumentParser( description="""Run terraform-docs on a set of files. Follows the standard convention of - pulling the documentation from main.tf in order to replace the entire + pulling the documentation from main.(tf|tofu) in order to replace the entire README.md file each time.""" ) parser.add_argument( - '--dest', dest='dest', default='README.md', + "--dest", + dest="dest", + default="README.md", ) parser.add_argument( - '--sort-inputs-by-required', dest='sort', action='store_true', - help='[deprecated] use --sort-by-required instead', + "--sort-inputs-by-required", + dest="sort", + action="store_true", + help="[deprecated] use --sort-by-required instead", ) parser.add_argument( - '--sort-by-required', dest='sort', action='store_true', + "--sort-by-required", + dest="sort", + action="store_true", ) parser.add_argument( - '--with-aggregate-type-defaults', dest='aggregate', action='store_true', - help='[deprecated]', + "--with-aggregate-type-defaults", + dest="aggregate", + action="store_true", + help="[deprecated]", ) - parser.add_argument('filenames', nargs='*', help='Filenames to check.') + parser.add_argument("filenames", nargs="*", help="Filenames to check.") args = parser.parse_args(argv) dirs = [] for filename in args.filenames: - if (os.path.realpath(filename) not in dirs and - (filename.endswith(".tf") or filename.endswith(".tfvars"))): + if os.path.realpath(filename) not in dirs and ( + filename.endswith(".tf") + or filename.endswith(".tofu") + or filename.endswith(".tfvars") + ): dirs.append(os.path.dirname(filename)) retval = 0 @@ -38,12 +49,12 @@ def main(argv=None): for dir in dirs: try: procArgs = [] - procArgs.append('terraform-docs') + procArgs.append("terraform-docs") if args.sort: - procArgs.append('--sort-by-required') - procArgs.append('md') + procArgs.append("--sort-by-required") + procArgs.append("md") procArgs.append("./{dir}".format(dir=dir)) - procArgs.append('>') + procArgs.append(">") procArgs.append("./{dir}/{dest}".format(dir=dir, dest=args.dest)) subprocess.check_call(" ".join(procArgs), shell=True) except subprocess.CalledProcessError as e: @@ -52,5 +63,5 @@ def main(argv=None): return retval -if __name__ == '__main__': +if __name__ == "__main__": sys.exit(main()) diff --git a/hooks/tofu_wrapper_module_for_each.sh b/hooks/tofu_wrapper_module_for_each.sh index f1a70ef..c87db22 100755 --- a/hooks/tofu_wrapper_module_for_each.sh +++ b/hooks/tofu_wrapper_module_for_each.sh @@ -312,10 +312,10 @@ EOF # Read content of all OpenTofu files # shellcheck disable=SC2207 - all_tf_content=$(find "${full_module_dir}" -name '*.tf' -maxdepth 1 -type f -exec cat {} +) + all_tf_content=$(find "${full_module_dir}" -regex '.*\.(tf|tofu)' -maxdepth 1 -type f -exec cat {} +) if [[ ! $all_tf_content ]]; then - common::colorify "yellow" "Skipping ${full_module_dir} because there are no *.tf files." + common::colorify "yellow" "Skipping ${full_module_dir} because there are no *.(tf|tofu) files." continue fi From 5af24ae7a6d7f043fafc1a5b8387c33f0c521302 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 16 Oct 2024 20:56:03 +0000 Subject: [PATCH 06/46] chore(release): version 2.1.0 [skip ci] # [2.1.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.0.0...v2.1.0) (2024-10-16) ### Features * spport .tofu files ([#6](https://github.com/tofuutils/pre-commit-opentofu/issues/6)) ([e059c58](https://github.com/tofuutils/pre-commit-opentofu/commit/e059c5859bceddf1ca018f55851f6940ad51f1c2)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e02f1ca..71bf459 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +# [2.1.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.0.0...v2.1.0) (2024-10-16) + + +### Features + +* spport .tofu files ([#6](https://github.com/tofuutils/pre-commit-opentofu/issues/6)) ([e059c58](https://github.com/tofuutils/pre-commit-opentofu/commit/e059c5859bceddf1ca018f55851f6940ad51f1c2)) + # [2.0.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.4...v2.0.0) (2024-09-25) From 7b4692fe47cf98ce0cf5840ae38477c3e4991e09 Mon Sep 17 00:00:00 2001 From: Jim Date: Tue, 18 Mar 2025 19:40:25 -0500 Subject: [PATCH 07/46] Update docker build to install newer tofu binary The current 1.6 that gets installed does not have the provider-defined functions feature, which has a new syntax. The new syntax causes `tofu fmt` fails on code that uses this feature. Using the latest current release should fix this and possibly other issues. Better solutions certainly exist, just trying to keep this simple. Signed-off-by: jimbocoder --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 39255fc..567440f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ RUN apk add --no-cache \ setuptools ARG PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION:-latest} -ARG TOFU_VERSION=${TOFU_VERSION:-1.6.1} +ARG TOFU_VERSION=${TOFU_VERSION:-1.9.0} # Install pre-commit RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-commit \ From e625db13ec285e132f43cdf6e5aa3f3272e45451 Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Sat, 29 Mar 2025 18:50:17 +0100 Subject: [PATCH 08/46] feat: make release --- Dockerfile | 105 +++++++++++++++++++++++++++-------------------------- 1 file changed, 53 insertions(+), 52 deletions(-) diff --git a/Dockerfile b/Dockerfile index 567440f..1616bfd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,8 +10,8 @@ RUN apk add --no-cache \ curl=~8 && \ # Upgrade packages for be able get latest Checkov python3 -m pip install --no-cache-dir --upgrade \ - pip \ - setuptools + pip \ + setuptools ARG PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION:-latest} ARG TOFU_VERSION=${TOFU_VERSION:-1.9.0} @@ -21,11 +21,11 @@ RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-comm || pip3 install --no-cache-dir pre-commit==${PRE_COMMIT_VERSION} RUN curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ - && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \ - && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ - && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/ \ - && rm "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" \ - && rm "tofu_${TOFU_VERSION}_SHA256SUMS" + && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \ + && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ + && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/ \ + && rm "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" \ + && rm "tofu_${TOFU_VERSION}_SHA256SUMS" # # Install tools @@ -47,18 +47,18 @@ ARG HCLEDIT_VERSION=${HCLEDIT_VERSION:-false} # specified in step below ARG INSTALL_ALL=${INSTALL_ALL:-false} RUN if [ "$INSTALL_ALL" != "false" ]; then \ - echo "export CHECKOV_VERSION=latest" >> /.env && \ - echo "export INFRACOST_VERSION=latest" >> /.env && \ - echo "export TERRAFORM_DOCS_VERSION=latest" >> /.env && \ - echo "export TERRAGRUNT_VERSION=latest" >> /.env && \ - echo "export TERRASCAN_VERSION=latest" >> /.env && \ - echo "export TFLINT_VERSION=latest" >> /.env && \ - echo "export TFSEC_VERSION=latest" >> /.env && \ - echo "export TRIVY_VERSION=latest" >> /.env && \ - echo "export TFUPDATE_VERSION=latest" >> /.env && \ - echo "export HCLEDIT_VERSION=latest" >> /.env \ + echo "export CHECKOV_VERSION=latest" >> /.env && \ + echo "export INFRACOST_VERSION=latest" >> /.env && \ + echo "export TERRAFORM_DOCS_VERSION=latest" >> /.env && \ + echo "export TERRAGRUNT_VERSION=latest" >> /.env && \ + echo "export TERRASCAN_VERSION=latest" >> /.env && \ + echo "export TFLINT_VERSION=latest" >> /.env && \ + echo "export TFSEC_VERSION=latest" >> /.env && \ + echo "export TRIVY_VERSION=latest" >> /.env && \ + echo "export TFUPDATE_VERSION=latest" >> /.env && \ + echo "export HCLEDIT_VERSION=latest" >> /.env \ ; else \ - touch /.env \ + touch /.env \ ; fi @@ -66,10 +66,10 @@ RUN if [ "$INSTALL_ALL" != "false" ]; then \ RUN . /.env && \ if [ "$CHECKOV_VERSION" != "false" ]; then \ ( \ - apk add --no-cache gcc=~12 libffi-dev=~3 musl-dev=~1; \ - [ "$CHECKOV_VERSION" = "latest" ] && pip3 install --no-cache-dir checkov \ - || pip3 install --no-cache-dir checkov==${CHECKOV_VERSION}; \ - apk del gcc libffi-dev musl-dev \ + apk add --no-cache gcc=~12 libffi-dev=~3 musl-dev=~1; \ + [ "$CHECKOV_VERSION" = "latest" ] && pip3 install --no-cache-dir checkov \ + || pip3 install --no-cache-dir checkov==${CHECKOV_VERSION}; \ + apk del gcc libffi-dev musl-dev \ ) \ ; fi @@ -77,9 +77,9 @@ RUN . /.env && \ RUN . /.env && \ if [ "$INFRACOST_VERSION" != "false" ]; then \ ( \ - INFRACOST_RELEASES="https://api.github.com/repos/infracost/infracost/releases" && \ - [ "$INFRACOST_VERSION" = "latest" ] && curl -L "$(curl -s ${INFRACOST_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \ - || curl -L "$(curl -s ${INFRACOST_RELEASES} | grep -o -E "https://.+?v${INFRACOST_VERSION}/infracost-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \ + INFRACOST_RELEASES="https://api.github.com/repos/infracost/infracost/releases" && \ + [ "$INFRACOST_VERSION" = "latest" ] && curl -L "$(curl -s ${INFRACOST_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \ + || curl -L "$(curl -s ${INFRACOST_RELEASES} | grep -o -E "https://.+?v${INFRACOST_VERSION}/infracost-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \ ) && tar -xzf infracost.tgz && rm infracost.tgz && mv infracost-${TARGETOS}-${TARGETARCH} infracost \ ; fi @@ -87,9 +87,9 @@ RUN . /.env && \ RUN . /.env && \ if [ "$TERRAFORM_DOCS_VERSION" != "false" ]; then \ ( \ - TERRAFORM_DOCS_RELEASES="https://api.github.com/repos/terraform-docs/terraform-docs/releases" && \ - [ "$TERRAFORM_DOCS_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \ - || curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES} | grep -o -E "https://.+?v${TERRAFORM_DOCS_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \ + TERRAFORM_DOCS_RELEASES="https://api.github.com/repos/terraform-docs/terraform-docs/releases" && \ + [ "$TERRAFORM_DOCS_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \ + || curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES} | grep -o -E "https://.+?v${TERRAFORM_DOCS_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \ ) && tar -xzf terraform-docs.tgz terraform-docs && rm terraform-docs.tgz && chmod +x terraform-docs \ ; fi @@ -97,9 +97,9 @@ RUN . /.env && \ RUN . /.env \ && if [ "$TERRAGRUNT_VERSION" != "false" ]; then \ ( \ - TERRAGRUNT_RELEASES="https://api.github.com/repos/gruntwork-io/terragrunt/releases" && \ - [ "$TERRAGRUNT_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAGRUNT_RELEASES}/latest | grep -o -E -m 1 "https://.+?/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \ - || curl -L "$(curl -s ${TERRAGRUNT_RELEASES} | grep -o -E -m 1 "https://.+?v${TERRAGRUNT_VERSION}/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \ + TERRAGRUNT_RELEASES="https://api.github.com/repos/gruntwork-io/terragrunt/releases" && \ + [ "$TERRAGRUNT_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAGRUNT_RELEASES}/latest | grep -o -E -m 1 "https://.+?/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \ + || curl -L "$(curl -s ${TERRAGRUNT_RELEASES} | grep -o -E -m 1 "https://.+?v${TERRAGRUNT_VERSION}/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \ ) && chmod +x terragrunt \ ; fi @@ -111,9 +111,9 @@ RUN . /.env && \ # Convert the first letter to Uppercase OS="$(echo ${TARGETOS} | cut -c1 | tr '[:lower:]' '[:upper:]' | xargs echo -n; echo ${TARGETOS} | cut -c2-)"; \ ( \ - TERRASCAN_RELEASES="https://api.github.com/repos/tenable/terrascan/releases" && \ - [ "$TERRASCAN_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRASCAN_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \ - || curl -L "$(curl -s ${TERRASCAN_RELEASES} | grep -o -E "https://.+?${TERRASCAN_VERSION}_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \ + TERRASCAN_RELEASES="https://api.github.com/repos/tenable/terrascan/releases" && \ + [ "$TERRASCAN_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRASCAN_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \ + || curl -L "$(curl -s ${TERRASCAN_RELEASES} | grep -o -E "https://.+?${TERRASCAN_VERSION}_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \ ) && tar -xzf terrascan.tar.gz terrascan && rm terrascan.tar.gz && \ ./terrascan init \ ; fi @@ -122,9 +122,9 @@ RUN . /.env && \ RUN . /.env && \ if [ "$TFLINT_VERSION" != "false" ]; then \ ( \ - TFLINT_RELEASES="https://api.github.com/repos/terraform-linters/tflint/releases" && \ - [ "$TFLINT_VERSION" = "latest" ] && curl -L "$(curl -s ${TFLINT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \ - || curl -L "$(curl -s ${TFLINT_RELEASES} | grep -o -E "https://.+?/v${TFLINT_VERSION}/tflint_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \ + TFLINT_RELEASES="https://api.github.com/repos/terraform-linters/tflint/releases" && \ + [ "$TFLINT_VERSION" = "latest" ] && curl -L "$(curl -s ${TFLINT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \ + || curl -L "$(curl -s ${TFLINT_RELEASES} | grep -o -E "https://.+?/v${TFLINT_VERSION}/tflint_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \ ) && unzip tflint.zip && rm tflint.zip \ ; fi @@ -132,9 +132,9 @@ RUN . /.env && \ RUN . /.env && \ if [ "$TFSEC_VERSION" != "false" ]; then \ ( \ - TFSEC_RELEASES="https://api.github.com/repos/aquasecurity/tfsec/releases" && \ - [ "$TFSEC_VERSION" = "latest" ] && curl -L "$(curl -s ${TFSEC_RELEASES}/latest | grep -o -E -m 1 "https://.+?/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \ - || curl -L "$(curl -s ${TFSEC_RELEASES} | grep -o -E -m 1 "https://.+?v${TFSEC_VERSION}/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \ + TFSEC_RELEASES="https://api.github.com/repos/aquasecurity/tfsec/releases" && \ + [ "$TFSEC_VERSION" = "latest" ] && curl -L "$(curl -s ${TFSEC_RELEASES}/latest | grep -o -E -m 1 "https://.+?/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \ + || curl -L "$(curl -s ${TFSEC_RELEASES} | grep -o -E -m 1 "https://.+?v${TFSEC_VERSION}/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \ ) && chmod +x tfsec \ ; fi @@ -143,9 +143,9 @@ RUN . /.env && \ if [ "$TRIVY_VERSION" != "false" ]; then \ if [ "$TARGETARCH" != "amd64" ]; then ARCH="$TARGETARCH"; else ARCH="64bit"; fi; \ ( \ - TRIVY_RELEASES="https://api.github.com/repos/aquasecurity/trivy/releases" && \ - [ "$TRIVY_VERSION" = "latest" ] && curl -L "$(curl -s ${TRIVY_RELEASES}/latest | grep -o -E -i -m 1 "https://.+?/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \ - || curl -L "$(curl -s ${TRIVY_RELEASES} | grep -o -E -i -m 1 "https://.+?/v${TRIVY_VERSION}/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \ + TRIVY_RELEASES="https://api.github.com/repos/aquasecurity/trivy/releases" && \ + [ "$TRIVY_VERSION" = "latest" ] && curl -L "$(curl -s ${TRIVY_RELEASES}/latest | grep -o -E -i -m 1 "https://.+?/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \ + || curl -L "$(curl -s ${TRIVY_RELEASES} | grep -o -E -i -m 1 "https://.+?/v${TRIVY_VERSION}/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \ ) && tar -xzf trivy.tar.gz trivy && rm trivy.tar.gz \ ; fi @@ -153,9 +153,9 @@ RUN . /.env && \ RUN . /.env && \ if [ "$TFUPDATE_VERSION" != "false" ]; then \ ( \ - TFUPDATE_RELEASES="https://api.github.com/repos/minamijoyo/tfupdate/releases" && \ - [ "$TFUPDATE_VERSION" = "latest" ] && curl -L "$(curl -s ${TFUPDATE_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \ - || curl -L "$(curl -s ${TFUPDATE_RELEASES} | grep -o -E -m 1 "https://.+?${TFUPDATE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \ + TFUPDATE_RELEASES="https://api.github.com/repos/minamijoyo/tfupdate/releases" && \ + [ "$TFUPDATE_VERSION" = "latest" ] && curl -L "$(curl -s ${TFUPDATE_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \ + || curl -L "$(curl -s ${TFUPDATE_RELEASES} | grep -o -E -m 1 "https://.+?${TFUPDATE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \ ) && tar -xzf tfupdate.tgz tfupdate && rm tfupdate.tgz \ ; fi @@ -163,9 +163,9 @@ RUN . /.env && \ RUN . /.env && \ if [ "$HCLEDIT_VERSION" != "false" ]; then \ ( \ - HCLEDIT_RELEASES="https://api.github.com/repos/minamijoyo/hcledit/releases" && \ - [ "$HCLEDIT_VERSION" = "latest" ] && curl -L "$(curl -s ${HCLEDIT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \ - || curl -L "$(curl -s ${HCLEDIT_RELEASES} | grep -o -E -m 1 "https://.+?${HCLEDIT_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \ + HCLEDIT_RELEASES="https://api.github.com/repos/minamijoyo/hcledit/releases" && \ + [ "$HCLEDIT_VERSION" = "latest" ] && curl -L "$(curl -s ${HCLEDIT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \ + || curl -L "$(curl -s ${HCLEDIT_RELEASES} | grep -o -E -m 1 "https://.+?${HCLEDIT_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \ ) && tar -xzf hcledit.tgz hcledit && rm hcledit.tgz \ ; fi @@ -210,7 +210,7 @@ COPY --from=builder \ /bin_dir/ \ /usr/bin/tofu \ /usr/local/bin/checkov* \ - /usr/bin/ + /usr/bin/ # Copy pre-commit packages COPY --from=builder /usr/local/lib/python3.12/site-packages/ /usr/local/lib/python3.12/site-packages/ # Copy terrascan policies @@ -218,10 +218,10 @@ COPY --from=builder /root/ /root/ # Install hooks extra deps RUN if [ "$(grep -o '^terraform-docs SKIPPED$' /usr/bin/tools_versions_info)" = "" ]; then \ - apk add --no-cache perl=~5 \ + apk add --no-cache perl=~5 \ ; fi && \ if [ "$(grep -o '^infracost SKIPPED$' /usr/bin/tools_versions_info)" = "" ]; then \ - apk add --no-cache jq=~1 \ + apk add --no-cache jq=~1 \ ; fi && \ # Fix git runtime fatal: # unsafe repository ('/lint' is owned by someone else) @@ -235,3 +235,4 @@ ENV INFRACOST_API_KEY=${INFRACOST_API_KEY:-} ENV INFRACOST_SKIP_UPDATE_CHECK=${INFRACOST_SKIP_UPDATE_CHECK:-false} ENTRYPOINT [ "/entrypoint.sh" ] + From 08c520a2f2013297b33df80965ae8aae6e9f06b5 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 29 Mar 2025 17:51:48 +0000 Subject: [PATCH 09/46] chore(release): version 2.2.0 [skip ci] # [2.2.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.1.0...v2.2.0) (2025-03-29) ### Features * make release ([e625db1](https://github.com/tofuutils/pre-commit-opentofu/commit/e625db13ec285e132f43cdf6e5aa3f3272e45451)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 71bf459..5bbab38 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +# [2.2.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.1.0...v2.2.0) (2025-03-29) + + +### Features + +* make release ([e625db1](https://github.com/tofuutils/pre-commit-opentofu/commit/e625db13ec285e132f43cdf6e5aa3f3272e45451)) + # [2.1.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.0.0...v2.1.0) (2024-10-16) From 0cbe56181770a552451150b34272a7db64c1fb66 Mon Sep 17 00:00:00 2001 From: Nikolai Mishin Date: Sun, 1 Jun 2025 01:53:20 +0200 Subject: [PATCH 10/46] Create dependabot.yml --- .github/dependabot.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..c6ee553 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: / + schedule: + interval: daily + time: "11:00" + commit-message: + prefix: "gh-actions:" From f8089e96a80166523f0f9b2663185698ea827a58 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 May 2025 23:54:03 +0000 Subject: [PATCH 11/46] gh-actions: bump cycjimmy/semantic-release-action from 4.0.0 to 4.2.0 Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 4.0.0 to 4.2.0. - [Release notes](https://github.com/cycjimmy/semantic-release-action/releases) - [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/cycjimmy/semantic-release-action/compare/61680d0e9b02ff86f5648ade99e01be17f0260a4...0a51e81a6baff2acad3ee88f4121c589c73d0f0e) --- updated-dependencies: - dependency-name: cycjimmy/semantic-release-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4aa0df1..385b387 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@61680d0e9b02ff86f5648ade99e01be17f0260a4 # v4.0.0 + uses: cycjimmy/semantic-release-action@0a51e81a6baff2acad3ee88f4121c589c73d0f0e # v4.2.0 with: semantic_version: 18.0.0 extra_plugins: | From 6be1b27016de6e1be0a048754ad392929bd12e42 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 May 2025 23:54:06 +0000 Subject: [PATCH 12/46] gh-actions: bump MaxymVlasov/dive-action from 0.1.0 to 1.5.0 Bumps [MaxymVlasov/dive-action](https://github.com/maxymvlasov/dive-action) from 0.1.0 to 1.5.0. - [Release notes](https://github.com/maxymvlasov/dive-action/releases) - [Commits](https://github.com/maxymvlasov/dive-action/compare/0035999cae50d4ef657ac94be84f01812aa192a5...b08c8287e603d028c986d7044e83fa76bcca6a65) --- updated-dependencies: - dependency-name: MaxymVlasov/dive-action dependency-version: 1.5.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-image-test.yaml b/.github/workflows/build-image-test.yaml index f83e11e..b659041 100644 --- a/.github/workflows/build-image-test.yaml +++ b/.github/workflows/build-image-test.yaml @@ -52,7 +52,7 @@ jobs: - name: Dive - check image for waste files if: steps.changed-files-specific.outputs.any_changed == 'true' - uses: MaxymVlasov/dive-action@0035999cae50d4ef657ac94be84f01812aa192a5 # v0.1.0 + uses: MaxymVlasov/dive-action@b08c8287e603d028c986d7044e83fa76bcca6a65 # v1.5.0 with: image: ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }} config-file: ${{ github.workspace }}/.github/.dive-ci.yaml From 700b083394832ef5bdaafa583530c9c4f4c0bbfd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 May 2025 23:54:10 +0000 Subject: [PATCH 13/46] gh-actions: bump tj-actions/changed-files from 13.1 to 26.1 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 13.1 to 26.1. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/2c85495a7bb72f2734cb5181e29b2ee5e08e61f7...58ae566dc69a926834e4798bcfe0436ff97c0599) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-version: '26.1' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-image-test.yaml b/.github/workflows/build-image-test.yaml index f83e11e..54b75d0 100644 --- a/.github/workflows/build-image-test.yaml +++ b/.github/workflows/build-image-test.yaml @@ -15,7 +15,7 @@ jobs: - name: Get changed Dockerfile id: changed-files-specific - uses: tj-actions/changed-files@2c85495a7bb72f2734cb5181e29b2ee5e08e61f7 # v13.1 + uses: tj-actions/changed-files@58ae566dc69a926834e4798bcfe0436ff97c0599 # v26.1 with: files: | Dockerfile From 10393e2209e71f962d73c3fc824540b4ecc6db51 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 May 2025 23:54:13 +0000 Subject: [PATCH 14/46] gh-actions: bump amannn/action-semantic-pull-request from 5.4.0 to 5.5.3 Bumps [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) from 5.4.0 to 5.5.3. - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](https://github.com/amannn/action-semantic-pull-request/compare/e9fabac35e210fea40ca5b14c0da95a099eff26f...0723387faaf9b38adef4775cd42cfd5155ed6017) --- updated-dependencies: - dependency-name: amannn/action-semantic-pull-request dependency-version: 5.5.3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/pr-title.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 7a8b642..19e48a4 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 + - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From df38ee3d39d6122b4c6448553258f2c5eb70b512 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 May 2025 23:54:00 +0000 Subject: [PATCH 15/46] gh-actions: bump pre-commit/action from 2.0.3 to 3.0.1 Bumps [pre-commit/action](https://github.com/pre-commit/action) from 2.0.3 to 3.0.1. - [Release notes](https://github.com/pre-commit/action/releases) - [Commits](https://github.com/pre-commit/action/compare/9b88afc9cd57fd75b655d5c71bd38146d07135fe...2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd) --- updated-dependencies: - dependency-name: pre-commit/action dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/pre-commit.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 1085384..95b8c1a 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -40,7 +40,7 @@ jobs: with: python-version: '3.9' - name: Execute pre-commit - uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe # v2.0.3 + uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 env: SKIP: no-commit-to-branch,hadolint with: @@ -49,7 +49,7 @@ jobs: # Run only skipped checks - name: Execute pre-commit check that have no auto-fixes if: always() - uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe # v2.0.3 + uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 env: SKIP: check-added-large-files,check-merge-conflict,check-vcs-permalinks,forbid-new-submodules,no-commit-to-branch,end-of-file-fixer,trailing-whitespace,check-yaml,check-merge-conflict,check-executables-have-shebangs,check-case-conflict,mixed-line-ending,detect-aws-credentials,detect-private-key,shfmt,shellcheck with: From 8604934d93bc5dbc1eb3905e8d958fba78e5b37b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Jun 2025 12:10:49 +0000 Subject: [PATCH 16/46] gh-actions: bump actions/stale from 9.0.0 to 9.1.0 Bumps [actions/stale](https://github.com/actions/stale) from 9.0.0 to 9.1.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/28ca1036281a5e5922ead5184a1bbf96e5fc984e...5bef64f19d7facfb25b37b414482c7164d639639) --- updated-dependencies: - dependency-name: actions/stale dependency-version: 9.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/stale-actions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 32f08e7..802c138 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's From ed9b22cc377c092f70dd7e7de4d71299f55c57b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Jun 2025 12:16:54 +0000 Subject: [PATCH 17/46] gh-actions: bump actions/setup-python from 5.0.0 to 5.6.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.0.0 to 5.6.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/0a5c61591373683505ea898e09a3ea4f39ef2b9c...a26af69be951a213d495a4c3e4e4022e16d87065) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 5.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/pre-commit.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 95b8c1a..85bfe4c 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -36,7 +36,7 @@ jobs: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} # Skip tofu_tflint which interferes to commit pre-commit auto-fixes - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: '3.9' - name: Execute pre-commit From 98a556422ae637e3824d45c7c639734a68bfc8ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Jun 2025 12:20:13 +0000 Subject: [PATCH 18/46] gh-actions: bump tj-actions/changed-files from 26.1 to 46 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 26.1 to 46. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/58ae566dc69a926834e4798bcfe0436ff97c0599...ed68ef82c095e0d48ec87eccea555d944a631a4c) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-version: '46' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-image-test.yaml b/.github/workflows/build-image-test.yaml index 2df3cfd..1003867 100644 --- a/.github/workflows/build-image-test.yaml +++ b/.github/workflows/build-image-test.yaml @@ -15,7 +15,7 @@ jobs: - name: Get changed Dockerfile id: changed-files-specific - uses: tj-actions/changed-files@58ae566dc69a926834e4798bcfe0436ff97c0599 # v26.1 + uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5 with: files: | Dockerfile From 44c7b5dec9362d2fe7ed5e8786f4d95956791d3d Mon Sep 17 00:00:00 2001 From: Nikolai Mishin Date: Wed, 4 Jun 2025 00:11:35 +0200 Subject: [PATCH 19/46] fix: Update pre-commit/action version (#30) This is needed to switch to the new cache: https://gh.io/gha-cache-sunset Signed-off-by: Nikolai Mishin --- .github/workflows/pre-commit.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 85bfe4c..3fab3c2 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -40,7 +40,7 @@ jobs: with: python-version: '3.9' - name: Execute pre-commit - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 + uses: pre-commit/action@576ff52938d158a24ac7e009dfa94b1455e7df99 env: SKIP: no-commit-to-branch,hadolint with: @@ -49,7 +49,7 @@ jobs: # Run only skipped checks - name: Execute pre-commit check that have no auto-fixes if: always() - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 + uses: pre-commit/action@576ff52938d158a24ac7e009dfa94b1455e7df99 env: SKIP: check-added-large-files,check-merge-conflict,check-vcs-permalinks,forbid-new-submodules,no-commit-to-branch,end-of-file-fixer,trailing-whitespace,check-yaml,check-merge-conflict,check-executables-have-shebangs,check-case-conflict,mixed-line-ending,detect-aws-credentials,detect-private-key,shfmt,shellcheck with: From df886fa772e7d1eedf5603327c0cf02968e7d779 Mon Sep 17 00:00:00 2001 From: Oliver Ladner Date: Fri, 23 May 2025 18:25:20 +0200 Subject: [PATCH 20/46] fix: make infracost_breakdown.sh compatible with bash 3.2 (macOS) - Replace mapfile with while-read loop for bash 3.2 compatibility - Fix substring expressions to avoid negative indices: (${check: -1} => ${check:$((${#check}-1)):1}) - Replace negative array indexing with explicit length calculation - Maintain identical functionality while supporting macOS default bash version Signed-off-by: Oliver Ladner --- hooks/infracost_breakdown.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/hooks/infracost_breakdown.sh b/hooks/infracost_breakdown.sh index 5515791..121f49b 100755 --- a/hooks/infracost_breakdown.sh +++ b/hooks/infracost_breakdown.sh @@ -70,19 +70,24 @@ function infracost_breakdown_ { # -h .totalHourlyCost > 0.1 # --hook-config=.currency == "USD" first_char=${check:0:1} - last_char=${check: -1} + last_char=${check:$((${#check} - 1)):1} if [ "$first_char" == "$last_char" ] && { [ "$first_char" == '"' ] || [ "$first_char" == "'" ] }; then - check="${check:1:-1}" + check="${check:1:$((${#check} - 2))}" fi - mapfile -t operations < <(echo "$check" | grep -oE '[!<>=]{1,2}') + # Replace mapfile with while read loop for bash 3.2 compatibility + operations=() + while IFS= read -r line; do + operations+=("$line") + done < <(echo "$check" | grep -oE '[!<>=]{1,2}') + # Get the very last operator, that is used in comparison inside `jq` query. # From the example below we need to pick the `>` which is in between `add` and `1000`, # but not the `!=`, which goes earlier in the `jq` expression # [.projects[].diff.totalMonthlyCost | select (.!=null) | tonumber] | add > 1000 - operation=${operations[-1]} + operation=${operations[$((${#operations[@]} - 1))]} IFS="$operation" read -r -a jq_check <<< "$check" real_value="$(jq "${jq_check[0]}" <<< "$RESULTS")" From 04bfdda8eb902a604850282feec57563f388d71e Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 4 Jun 2025 08:26:32 +0000 Subject: [PATCH 21/46] chore(release): version 2.2.1 [skip ci] ## [2.2.1](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.2.0...v2.2.1) (2025-06-04) ### Bug Fixes * make infracost_breakdown.sh compatible with bash 3.2 (macOS) ([df886fa](https://github.com/tofuutils/pre-commit-opentofu/commit/df886fa772e7d1eedf5603327c0cf02968e7d779)) * Update pre-commit/action version ([#30](https://github.com/tofuutils/pre-commit-opentofu/issues/30)) ([44c7b5d](https://github.com/tofuutils/pre-commit-opentofu/commit/44c7b5dec9362d2fe7ed5e8786f4d95956791d3d)) --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5bbab38..4c0f74a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ All notable changes to this project will be documented in this file. +## [2.2.1](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.2.0...v2.2.1) (2025-06-04) + + +### Bug Fixes + +* make infracost_breakdown.sh compatible with bash 3.2 (macOS) ([df886fa](https://github.com/tofuutils/pre-commit-opentofu/commit/df886fa772e7d1eedf5603327c0cf02968e7d779)) +* Update pre-commit/action version ([#30](https://github.com/tofuutils/pre-commit-opentofu/issues/30)) ([44c7b5d](https://github.com/tofuutils/pre-commit-opentofu/commit/44c7b5dec9362d2fe7ed5e8786f4d95956791d3d)) + # [2.2.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.1.0...v2.2.0) (2025-03-29) From 407a900bbc18ea535dcced35277fabb774d91b00 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jun 2025 12:28:37 +0000 Subject: [PATCH 22/46] gh-actions: bump cycjimmy/semantic-release-action from 4.2.0 to 4.2.1 Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 4.2.0 to 4.2.1. - [Release notes](https://github.com/cycjimmy/semantic-release-action/releases) - [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/cycjimmy/semantic-release-action/compare/0a51e81a6baff2acad3ee88f4121c589c73d0f0e...c4a2fa890676fc2db25ad0aacd8ab4a0f1f4c024) --- updated-dependencies: - dependency-name: cycjimmy/semantic-release-action dependency-version: 4.2.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 385b387..716bc60 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@0a51e81a6baff2acad3ee88f4121c589c73d0f0e # v4.2.0 + uses: cycjimmy/semantic-release-action@c4a2fa890676fc2db25ad0aacd8ab4a0f1f4c024 # v4.2.1 with: semantic_version: 18.0.0 extra_plugins: | From d94583baf874f48ce56fa3071c384801b46e64df Mon Sep 17 00:00:00 2001 From: Benjamin Richter Date: Wed, 18 Jun 2025 12:24:20 +0200 Subject: [PATCH 23/46] Update README.md fix tofu_fmt heading --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 73c4bb0..023ad0c 100644 --- a/README.md +++ b/README.md @@ -552,7 +552,7 @@ To replicate functionality in `tofu_docs` hook: - --args=--config=.terraform-docs.yml ``` -### terraftofu_fmtorm_fmt +### tofu_fmt 1. `tofu_fmt` supports custom arguments so you can pass [supported flags](https://www.terraform.io/docs/cli/commands/fmt.html#usage). Eg: From 977d08e2d1627a6f7cebe28b637b4bc4fae9eff3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Jul 2025 14:24:37 +0000 Subject: [PATCH 24/46] gh-actions: bump cycjimmy/semantic-release-action from 4.2.1 to 4.2.2 Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/cycjimmy/semantic-release-action/releases) - [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/cycjimmy/semantic-release-action/compare/c4a2fa890676fc2db25ad0aacd8ab4a0f1f4c024...16ca923e6ccbb50770c415a0ccd43709a8c5f7a4) --- updated-dependencies: - dependency-name: cycjimmy/semantic-release-action dependency-version: 4.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 716bc60..78d7954 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@c4a2fa890676fc2db25ad0aacd8ab4a0f1f4c024 # v4.2.1 + uses: cycjimmy/semantic-release-action@16ca923e6ccbb50770c415a0ccd43709a8c5f7a4 # v4.2.2 with: semantic_version: 18.0.0 extra_plugins: | From b2658a3f8e7a1f379343d9fbba4f9597d0ef1c9e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 17:26:54 +0000 Subject: [PATCH 25/46] gh-actions: bump actions/checkout from 4 to 5 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-test.yaml | 2 +- .github/workflows/build-image.yaml | 2 +- .github/workflows/pre-commit.yaml | 4 ++-- .github/workflows/release.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-image-test.yaml b/.github/workflows/build-image-test.yaml index 1003867..0abc018 100644 --- a/.github/workflows/build-image-test.yaml +++ b/.github/workflows/build-image-test.yaml @@ -9,7 +9,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index 2d0c497..68a054f 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up QEMU uses: docker/setup-qemu-action@v3 diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 3fab3c2..a8e86e6 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -6,7 +6,7 @@ jobs: pre-commit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - run: | git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/* @@ -31,7 +31,7 @@ jobs: curl -L "$(curl -s https://api.github.com/repos/hadolint/hadolint/releases/latest | grep -o -E -m 1 "https://.+?/hadolint-Linux-x86_64")" > hadolint \ && chmod +x hadolint && sudo mv hadolint /usr/bin/ # Need to success pre-commit fix push - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 78d7954..cf3441c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false fetch-depth: 0 From f81b28692c07dfd206871b74736a17d658b2d765 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Aug 2025 11:43:05 +0000 Subject: [PATCH 26/46] gh-actions: bump amannn/action-semantic-pull-request from 5.5.3 to 6.1.1 Bumps [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) from 5.5.3 to 6.1.1. - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](https://github.com/amannn/action-semantic-pull-request/compare/0723387faaf9b38adef4775cd42cfd5155ed6017...48f256284bd46cdaab1048c3721360e808335d50) --- updated-dependencies: - dependency-name: amannn/action-semantic-pull-request dependency-version: 6.1.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/pr-title.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 19e48a4..3d86d51 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 + - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From a4ae94e826b69eb34265d7033a45c25d91a3cedd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Sep 2025 23:11:04 +0000 Subject: [PATCH 27/46] gh-actions: bump cycjimmy/semantic-release-action from 4.2.2 to 5.0.0 Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 4.2.2 to 5.0.0. - [Release notes](https://github.com/cycjimmy/semantic-release-action/releases) - [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/cycjimmy/semantic-release-action/compare/16ca923e6ccbb50770c415a0ccd43709a8c5f7a4...9cc899c47e6841430bbaedb43de1560a568dfd16) --- updated-dependencies: - dependency-name: cycjimmy/semantic-release-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cf3441c..c1c049b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@16ca923e6ccbb50770c415a0ccd43709a8c5f7a4 # v4.2.2 + uses: cycjimmy/semantic-release-action@9cc899c47e6841430bbaedb43de1560a568dfd16 # v5.0.0 with: semantic_version: 18.0.0 extra_plugins: | From 84d857a5ae5e3758cf01b4443087966d4d88993c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 13:18:51 +0000 Subject: [PATCH 28/46] gh-actions: bump actions/setup-python from 5.6.0 to 6.0.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.6.0 to 6.0.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/a26af69be951a213d495a4c3e4e4022e16d87065...e797f83bcb11b83ae66e0230d6156d7c80228e7c) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/pre-commit.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index a8e86e6..96ca101 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -36,7 +36,7 @@ jobs: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} # Skip tofu_tflint which interferes to commit pre-commit auto-fixes - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: '3.9' - name: Execute pre-commit From f2b0eb603a22d4dd6b5d8d532dc7542cb22bf3f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Sep 2025 14:02:40 +0000 Subject: [PATCH 29/46] gh-actions: bump actions/stale from 9.1.0 to 10.0.0 Bumps [actions/stale](https://github.com/actions/stale) from 9.1.0 to 10.0.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/5bef64f19d7facfb25b37b414482c7164d639639...3a9db7e6a41a89f618792c92c0e97cc736e1b13f) --- updated-dependencies: - dependency-name: actions/stale dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/stale-actions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 802c138..d797c08 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 + - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's From f9d6074ab09f09e5fe2ce8e619349b81aec9e403 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Sep 2025 12:30:24 +0000 Subject: [PATCH 30/46] gh-actions: bump tj-actions/changed-files from 46.0.5 to 47.0.0 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 46.0.5 to 47.0.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/ed68ef82c095e0d48ec87eccea555d944a631a4c...24d32ffd492484c1d75e0c0b894501ddb9d30d62) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-version: 47.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-image-test.yaml b/.github/workflows/build-image-test.yaml index 0abc018..1a518e0 100644 --- a/.github/workflows/build-image-test.yaml +++ b/.github/workflows/build-image-test.yaml @@ -15,7 +15,7 @@ jobs: - name: Get changed Dockerfile id: changed-files-specific - uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5 + uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0 with: files: | Dockerfile From f1a589bd124b277cc02fcbf04ee05017fb8822c0 Mon Sep 17 00:00:00 2001 From: widnyana Date: Thu, 9 Oct 2025 16:23:02 +0700 Subject: [PATCH 31/46] fix: replace deprecated hclfmt with hcl format command Replace deprecated `terragrunt hclfmt` command with the recommended `terragrunt hcl format` to eliminate deprecation warnings. Resolves warning: "The `hclfmt` command is deprecated and will be removed in a future version of Terragrunt." Signed-off-by: widnyana --- hooks/terragrunt_fmt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hooks/terragrunt_fmt.sh b/hooks/terragrunt_fmt.sh index 7c78b92..0b4165a 100755 --- a/hooks/terragrunt_fmt.sh +++ b/hooks/terragrunt_fmt.sh @@ -12,7 +12,7 @@ function main { common::parse_cmdline "$@" common::export_provided_env_vars "${ENV_VARS[@]}" common::parse_and_export_env_vars - # JFYI: terragrunt hclfmt color already suppressed via PRE_COMMIT_COLOR=never + # JFYI: terragrunt hcl format color already suppressed via PRE_COMMIT_COLOR=never # shellcheck disable=SC2153 # False positive common::per_dir_hook "$HOOK_ID" "${#ARGS[@]}" "${ARGS[@]}" "${FILES[@]}" @@ -40,7 +40,7 @@ function per_dir_hook_unique_part { local -a -r args=("$@") # pass the arguments to hook - terragrunt hclfmt "${args[@]}" + terragrunt hcl format "${args[@]}" # return exit code to common::per_dir_hook local exit_code=$? @@ -57,7 +57,7 @@ function run_hook_on_whole_repo { local -a -r args=("$@") # pass the arguments to hook - terragrunt hclfmt "$(pwd)" "${args[@]}" + terragrunt hcl format "$(pwd)" "${args[@]}" # return exit code to common::per_dir_hook local exit_code=$? From 211d65d43d91eb474c630a8dd82d205a2f889eee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Oct 2025 11:22:49 +0000 Subject: [PATCH 32/46] gh-actions: bump cycjimmy/semantic-release-action from 5.0.0 to 5.0.1 Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/cycjimmy/semantic-release-action/releases) - [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/cycjimmy/semantic-release-action/compare/9cc899c47e6841430bbaedb43de1560a568dfd16...ebcbc663748eae8da59a127a7d8b8e22f82514b2) --- updated-dependencies: - dependency-name: cycjimmy/semantic-release-action dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c1c049b..200ef37 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@9cc899c47e6841430bbaedb43de1560a568dfd16 # v5.0.0 + uses: cycjimmy/semantic-release-action@ebcbc663748eae8da59a127a7d8b8e22f82514b2 # v5.0.1 with: semantic_version: 18.0.0 extra_plugins: | From 430f50f0bd82b5ac7ac0cb132c05b609705e9308 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Oct 2025 11:22:34 +0000 Subject: [PATCH 33/46] gh-actions: bump cycjimmy/semantic-release-action from 5.0.1 to 5.0.2 Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/cycjimmy/semantic-release-action/releases) - [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/cycjimmy/semantic-release-action/compare/ebcbc663748eae8da59a127a7d8b8e22f82514b2...ba330626c4750c19d8299de843f05c7aa5574f62) --- updated-dependencies: - dependency-name: cycjimmy/semantic-release-action dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 200ef37..d75e4e3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@ebcbc663748eae8da59a127a7d8b8e22f82514b2 # v5.0.1 + uses: cycjimmy/semantic-release-action@ba330626c4750c19d8299de843f05c7aa5574f62 # v5.0.2 with: semantic_version: 18.0.0 extra_plugins: | From a3716be334939ca767ac9113bcf8e78beaf1fce4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 12:21:03 +0000 Subject: [PATCH 34/46] gh-actions: bump MaxymVlasov/dive-action from 1.5.0 to 1.5.1 Bumps [MaxymVlasov/dive-action](https://github.com/maxymvlasov/dive-action) from 1.5.0 to 1.5.1. - [Release notes](https://github.com/maxymvlasov/dive-action/releases) - [Commits](https://github.com/maxymvlasov/dive-action/compare/b08c8287e603d028c986d7044e83fa76bcca6a65...fafb796951b322cc4926b8a5eafda89ab9de8edf) --- updated-dependencies: - dependency-name: MaxymVlasov/dive-action dependency-version: 1.5.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-image-test.yaml b/.github/workflows/build-image-test.yaml index 1a518e0..0346a8f 100644 --- a/.github/workflows/build-image-test.yaml +++ b/.github/workflows/build-image-test.yaml @@ -52,7 +52,7 @@ jobs: - name: Dive - check image for waste files if: steps.changed-files-specific.outputs.any_changed == 'true' - uses: MaxymVlasov/dive-action@b08c8287e603d028c986d7044e83fa76bcca6a65 # v1.5.0 + uses: MaxymVlasov/dive-action@fafb796951b322cc4926b8a5eafda89ab9de8edf # v1.5.1 with: image: ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }} config-file: ${{ github.workspace }}/.github/.dive-ci.yaml From 10864545ddc58bd96330029b6bff16da3d072237 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 22 Oct 2025 12:57:51 +0000 Subject: [PATCH 35/46] chore(release): version 2.2.2 [skip ci] ## [2.2.2](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.2.1...v2.2.2) (2025-10-22) ### Bug Fixes * replace deprecated hclfmt with hcl format command ([f1a589b](https://github.com/tofuutils/pre-commit-opentofu/commit/f1a589bd124b277cc02fcbf04ee05017fb8822c0)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c0f74a..9e2ef95 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [2.2.2](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.2.1...v2.2.2) (2025-10-22) + + +### Bug Fixes + +* replace deprecated hclfmt with hcl format command ([f1a589b](https://github.com/tofuutils/pre-commit-opentofu/commit/f1a589bd124b277cc02fcbf04ee05017fb8822c0)) + ## [2.2.1](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.2.0...v2.2.1) (2025-06-04) From c3397c32d9a9a4c105306b9ba65251ec3e6061fa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Nov 2025 11:21:09 +0000 Subject: [PATCH 36/46] gh-actions: bump cycjimmy/semantic-release-action from 5.0.2 to 6.0.0 Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 5.0.2 to 6.0.0. - [Release notes](https://github.com/cycjimmy/semantic-release-action/releases) - [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/cycjimmy/semantic-release-action/compare/ba330626c4750c19d8299de843f05c7aa5574f62...b12c8f6015dc215fe37bc154d4ad456dd3833c90) --- updated-dependencies: - dependency-name: cycjimmy/semantic-release-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d75e4e3..3233cf3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@ba330626c4750c19d8299de843f05c7aa5574f62 # v5.0.2 + uses: cycjimmy/semantic-release-action@b12c8f6015dc215fe37bc154d4ad456dd3833c90 # v6.0.0 with: semantic_version: 18.0.0 extra_plugins: | From 624daa51ed46971066ba8c3f27203af8906dbbdc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Nov 2025 11:21:15 +0000 Subject: [PATCH 37/46] gh-actions: bump actions/checkout from 5.0.0 to 5.0.1 Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v5...v5.0.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-test.yaml | 2 +- .github/workflows/build-image.yaml | 2 +- .github/workflows/pre-commit.yaml | 4 ++-- .github/workflows/release.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-image-test.yaml b/.github/workflows/build-image-test.yaml index 0346a8f..9f56ead 100644 --- a/.github/workflows/build-image-test.yaml +++ b/.github/workflows/build-image-test.yaml @@ -9,7 +9,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: fetch-depth: 0 diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index 68a054f..26460e7 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v5.0.1 - name: Set up QEMU uses: docker/setup-qemu-action@v3 diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 96ca101..1e873b6 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -6,7 +6,7 @@ jobs: pre-commit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - run: | git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/* @@ -31,7 +31,7 @@ jobs: curl -L "$(curl -s https://api.github.com/repos/hadolint/hadolint/releases/latest | grep -o -E -m 1 "https://.+?/hadolint-Linux-x86_64")" > hadolint \ && chmod +x hadolint && sudo mv hadolint /usr/bin/ # Need to success pre-commit fix push - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d75e4e3..1b5d4f9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: persist-credentials: false fetch-depth: 0 From 4f6be1dd0d6849fb63712b37b5fc3fe3b92201bd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Mar 2026 11:06:54 +0000 Subject: [PATCH 38/46] gh-actions: bump tj-actions/changed-files from 47.0.0 to 47.0.5 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 47.0.0 to 47.0.5. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/24d32ffd492484c1d75e0c0b894501ddb9d30d62...22103cc46bda19c2b464ffe86db46df6922fd323) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-version: 47.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-image-test.yaml b/.github/workflows/build-image-test.yaml index 9f56ead..c7223f0 100644 --- a/.github/workflows/build-image-test.yaml +++ b/.github/workflows/build-image-test.yaml @@ -15,7 +15,7 @@ jobs: - name: Get changed Dockerfile id: changed-files-specific - uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0 + uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5 with: files: | Dockerfile From 50351cae8e48bc4b8366af3b9fe370176c17c0c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2026 11:07:57 +0000 Subject: [PATCH 39/46] gh-actions: bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index 26460e7..3bf9105 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -22,7 +22,7 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Login to ghcr.io - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -66,7 +66,7 @@ jobs: "github_token=${{ secrets.GITHUB_TOKEN }}" - name: Login to DockerHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: registry.hub.docker.com username: ${{ secrets.DOCKERHUB_USER }} From 0ca9eca3823420f31d09c62bf1672bea03ca3e07 Mon Sep 17 00:00:00 2001 From: mketteringham Date: Tue, 21 Apr 2026 11:31:02 +0100 Subject: [PATCH 40/46] feat: add terragrunt_validate_inputs hook Signed-off-by: mketteringham --- .pre-commit-hooks.yaml | 8 ++ README.md | 29 +++- hooks/_common.sh | 2 +- hooks/terragrunt_validate_inputs.sh | 198 ++++++++++++++++++++++++++++ 4 files changed, 235 insertions(+), 2 deletions(-) create mode 100755 hooks/terragrunt_validate_inputs.sh diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index c5c5f66..8af3d6e 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -90,6 +90,14 @@ files: (\.hcl)$ exclude: \.terraform\/.*$ +- id: terragrunt_validate_inputs + name: Terragrunt validate inputs + description: Validates Terragrunt unused and undefined inputs. + entry: hooks/terragrunt_validate_inputs.sh + language: script + files: (\.hcl)$ + exclude: \.terraform\/.*$ + - id: tofu_tfsec name: OpenTofu validate with tfsec (deprecated, use "tofu_trivy") description: diff --git a/README.md b/README.md index 023ad0c..afb9387 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ If you are using `pre-commit-opentofu` already or want to support its developmen

* [`checkov`](https://github.com/bridgecrewio/checkov) required for `tofu_checkov` hook. * [`terraform-docs`](https://github.com/terraform-docs/terraform-docs) required for `tofu_docs` hook. -* [`terragrunt`](https://terragrunt.gruntwork.io/docs/getting-started/install/) required for `terragrunt_validate` hook. +* [`terragrunt`](https://terragrunt.gruntwork.io/docs/getting-started/install/) required for `terragrunt_validate` and `terragrunt_validate_inputs` hooks. * [`terrascan`](https://github.com/tenable/terrascan) required for `terrascan` hook. * [`TFLint`](https://github.com/terraform-linters/tflint) required for `tofu_tflint` hook. * [`TFSec`](https://github.com/liamg/tfsec) required for `tofu_tfsec` hook. @@ -266,6 +266,32 @@ TAG=latest docker run --rm --entrypoint cat tofuutils/pre-commit-opentofu:$TAG /usr/bin/tools_versions_info ``` +### Example: Terragrunt Input Validation + +Use `terragrunt_validate_inputs` to check that Terragrunt inputs line up with the module variables they are passed into: + +```yaml +repos: +- repo: https://github.com/tofuutils/pre-commit-opentofu + rev: # Get the latest from: https://github.com/tofuutils/pre-commit-opentofu/releases + hooks: + - id: terragrunt_fmt + - id: terragrunt_validate_inputs + args: + - --args=--terragrunt-strict-validate +``` + +> **Note**: This hook automatically uses `terragrunt validate-inputs` for older Terragrunt releases and `terragrunt hcl validate --inputs` for newer releases. +> +> If Terragrunt reports intermittent `.terragrunt-cache` download or `file exists` errors in your repository, run this hook serially in your consumer configuration: +> +> ```yaml +> - id: terragrunt_validate_inputs +> require_serial: true +> args: +> - --args=--terragrunt-strict-validate +> ``` + ## Available Hooks There are several [pre-commit](https://pre-commit.com/) hooks to keep OpenTofu configurations (both `*.tf` and `*.tfvars`) and Terragrunt configurations (`*.hcl`) in a good shape: @@ -286,6 +312,7 @@ There are several [pre-commit](https://pre-commit.com/) hooks to keep OpenTofu c | `tofu_validate` | Validates all Terraform configuration files. [Hook notes](#tofu_validate) | `jq`, only for `--retry-once-with-cleanup` flag | | `terragrunt_fmt` | Reformat all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) to a canonical format. | `terragrunt` | | `terragrunt_validate` | Validates all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) | `terragrunt` | +| `terragrunt_validate_inputs` | Validates Terragrunt unused and undefined inputs. | `terragrunt` | | `tofu_wrapper_module_for_each` | Generates OpenTofu wrappers with `for_each` in module. [Hook notes](#terraform_wrapper_module_for_each) | `hcledit` | | `terrascan` | [terrascan](https://github.com/tenable/terrascan) Detect compliance and security violations. [Hook notes](#terrascan) | `terrascan` | | `tfupdate` | [tfupdate](https://github.com/minamijoyo/tfupdate) Update version constraints of OpenTofu core, providers, and modules. [Hook notes](#tfupdate) | `tfupdate` | diff --git a/hooks/_common.sh b/hooks/_common.sh index 133e457..3f4bdc4 100644 --- a/hooks/_common.sh +++ b/hooks/_common.sh @@ -112,7 +112,7 @@ function common::parse_and_export_env_vars { while true; do # Check if at least 1 env var exists in `$arg` # shellcheck disable=SC2016 # '${' should not be expanded - if [[ "$arg" =~ .*'${'[A-Z_][A-Z0-9_]+?'}'.* ]]; then + if [[ "$arg" =~ .*'${'[A-Z_][A-Z0-9_]*'}'.* ]]; then # Get `ENV_VAR` from `.*${ENV_VAR}.*` local env_var_name=${arg#*$\{} env_var_name=${env_var_name%%\}*} diff --git a/hooks/terragrunt_validate_inputs.sh b/hooks/terragrunt_validate_inputs.sh new file mode 100755 index 0000000..a7b0f78 --- /dev/null +++ b/hooks/terragrunt_validate_inputs.sh @@ -0,0 +1,198 @@ +#!/usr/bin/env bash +set -eo pipefail + +# globals variables +# shellcheck disable=SC2155 # No way to assign to readonly variable in separate lines +readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" +# shellcheck source=_common.sh +. "$SCRIPT_DIR/_common.sh" + +function main { + common::initialize "$SCRIPT_DIR" + common::parse_cmdline "$@" + common::export_provided_env_vars "${ENV_VARS[@]}" + common::parse_and_export_env_vars + # JFYI: terragrunt validate color already suppressed via PRE_COMMIT_COLOR=never + + if terragrunt_version_ge_0_78; then + normalize_validate_args_for_modern_terragrunt + readonly SUBCOMMAND=("hcl" "validate" "--inputs") + readonly RUN_ALL_SUBCOMMAND=("run" "--all" "hcl" "validate" "--inputs") + + # shellcheck disable=SC2153 # False positive + common::per_dir_hook "$HOOK_ID" "${#ARGS[@]}" "${ARGS[@]}" "${FILES[@]}" + return + fi + + run_legacy_validate_inputs +} + +function normalize_validate_args_for_modern_terragrunt { + local arg_idx + + for arg_idx in "${!ARGS[@]}"; do + case "${ARGS[$arg_idx]}" in + --terragrunt-strict-validate|--strict-validate) + ARGS[$arg_idx]="--strict" + ;; + esac + done +} + +function terragrunt_version_ge_0_78 { + local version_raw + local version + local major + local minor + + version_raw=$(terragrunt --version 2>/dev/null || true) + version=$(echo "$version_raw" | sed -E 's/.*v?([0-9]+)\.([0-9]+)\.([0-9]+).*/\1.\2.\3/') + + if [[ ! $version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + return 1 + fi + + IFS=. read -r major minor _ <<< "$version" + + if ((major > 0)); then + return 0 + fi + + if ((minor >= 78)); then + return 0 + fi + + return 1 +} + +function run_legacy_validate_inputs { + local -a unit_dirs=() + local final_exit_code=0 + local dir_path + + while read -r dir_path; do + if [[ -n $dir_path ]]; then + unit_dirs+=("$dir_path") + fi + done < <(legacy_unit_dirs_from_files) + + if [[ ${#unit_dirs[@]} -eq 0 ]]; then + return 0 + fi + + # preserve errexit status + shopt -qo errexit && ERREXIT_IS_SET=true + set +e + + for dir_path in "${unit_dirs[@]}"; do + pushd "$dir_path" > /dev/null || continue + terragrunt validate-inputs "${ARGS[@]}" + + local exit_code=$? + if [ $exit_code -ne 0 ]; then + final_exit_code=$exit_code + fi + + popd > /dev/null + done + + [[ $ERREXIT_IS_SET ]] && set -e + exit $final_exit_code +} + +function legacy_unit_dirs_from_files { + local -a unit_files=() + local file_with_path + local file_dir + local file_name + + if common::is_hook_run_on_whole_repo "$HOOK_ID" "${FILES[@]}"; then + find . -type f -name terragrunt.hcl \ + -not -path '*/.terragrunt-cache/*' \ + -not -path '*/.terraform/*' \ + | sort -u | while read -r unit_file; do + dirname "$unit_file" + done + return + fi + + for file_with_path in "${FILES[@]}"; do + file_dir=$(dirname "$file_with_path") + file_name=$(basename "$file_with_path") + + if [[ $file_name == terragrunt.hcl ]]; then + unit_files+=("$file_with_path") + continue + fi + + while read -r unit_file; do + if [[ -n $unit_file ]]; then + unit_files+=("$unit_file") + fi + done < <(find "$file_dir" -type f -name terragrunt.hcl \ + -not -path '*/.terragrunt-cache/*' \ + -not -path '*/.terraform/*' | sort -u) + done + + if [[ ${#unit_files[@]} -eq 0 ]]; then + find . -type f -name terragrunt.hcl \ + -not -path '*/.terragrunt-cache/*' \ + -not -path '*/.terraform/*' \ + | sort -u | while read -r unit_file; do + dirname "$unit_file" + done + return + fi + + printf '%s\n' "${unit_files[@]}" | sort -u | while read -r unit_file; do + dirname "$unit_file" + done +} + +####################################################################### +# Unique part of `common::per_dir_hook`. The function is executed in loop +# on each provided dir path. Run wrapped tool with specified arguments +# Arguments: +# dir_path (string) PATH to dir relative to git repo root. +# Can be used in error logging +# change_dir_in_unique_part (string/false) Modifier which creates +# possibilities to use non-common chdir strategies. +# Availability depends on hook. +# args (array) arguments that configure wrapped tool behavior +# Outputs: +# If failed - print out hook checks status +####################################################################### +function per_dir_hook_unique_part { + # shellcheck disable=SC2034 # Unused var. + local -r dir_path="$1" + # shellcheck disable=SC2034 # Unused var. + local -r change_dir_in_unique_part="$2" + shift 2 + local -a -r args=("$@") + + # pass the arguments to hook + terragrunt "${SUBCOMMAND[@]}" "${args[@]}" + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} + +####################################################################### +# Unique part of `common::per_dir_hook`. The function is executed one time +# in the root git repo +# Arguments: +# args (array) arguments that configure wrapped tool behavior +####################################################################### +function run_hook_on_whole_repo { + local -a -r args=("$@") + + # pass the arguments to hook + terragrunt "${RUN_ALL_SUBCOMMAND[@]}" "${args[@]}" + + # return exit code to common::per_dir_hook + local exit_code=$? + return $exit_code +} + +[ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" From ba566610310affb03b323a94f13f560d3e027c68 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 21 Apr 2026 11:00:03 +0000 Subject: [PATCH 41/46] chore(release): version 2.3.0 [skip ci] # [2.3.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.2.2...v2.3.0) (2026-04-21) ### Features * add terragrunt_validate_inputs hook ([0ca9eca](https://github.com/tofuutils/pre-commit-opentofu/commit/0ca9eca3823420f31d09c62bf1672bea03ca3e07)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e2ef95..c631c8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +# [2.3.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.2.2...v2.3.0) (2026-04-21) + + +### Features + +* add terragrunt_validate_inputs hook ([0ca9eca](https://github.com/tofuutils/pre-commit-opentofu/commit/0ca9eca3823420f31d09c62bf1672bea03ca3e07)) + ## [2.2.2](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.2.1...v2.2.2) (2025-10-22) From 451aaa59b552eb3913629c835af8b6b568aab120 Mon Sep 17 00:00:00 2001 From: Michael Rosenfeld Date: Sun, 24 May 2026 21:48:09 -0400 Subject: [PATCH 42/46] fix: expand file extension patterns for tofu hooks Update file matching patterns in .pre-commit-hooks.yaml to support .tofu, .tfvars, and other relevant extensions for OpenTofu workflows. Also clarify log message in tofu_wrapper_module_for_each.sh for missing files. Signed-off-by: Michael Rosenfeld --- .pre-commit-hooks.yaml | 18 +++++++++--------- hooks/tofu_wrapper_module_for_each.sh | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 8af3d6e..d60a3e5 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -4,7 +4,7 @@ entry: hooks/infracost_breakdown.sh language: script require_serial: true - files: \.((tf|tofu)(vars)?|hcl)$ + files: \.(tf|tofu|tfvars|hcl)$ exclude: \.terraform\/.*$ - id: tofu_fmt @@ -12,7 +12,7 @@ description: Rewrites all OpenTofu configuration files to a canonical format. entry: hooks/tofu_fmt.sh language: script - files: \.(tf|tofu)(vars)?$ + files: \.(tf|tofu|tfvars|(tftest|tofutest|tfmock|tfquery)\.hcl)$ exclude: \.terraform\/.*$ - id: tofu_docs @@ -23,7 +23,7 @@ require_serial: true entry: hooks/tofu_docs.sh language: script - files: (\.(tf|tofu)|\.terraform\.lock\.hcl)$ + files: \.(tf|tofu|terraform\.lock\.hcl)$ exclude: \.terraform\/.*$ - id: tofu_docs_without_aggregate_type_defaults @@ -52,7 +52,7 @@ require_serial: true entry: hooks/tofu_validate.sh language: script - files: \.(tf|tofu)(vars)?$ + files: \.(tf|tofu|tfvars|terraform\.lock\.hcl)$ exclude: \.terraform\/.*$ - id: tofu_providers_lock @@ -70,7 +70,7 @@ require_serial: true entry: hooks/tofu_tflint.sh language: script - files: \.(tf|tofu)(vars)?$ + files: \.(tf|tofu|tfvars)$ exclude: \.terraform\/.*$ - id: terragrunt_fmt @@ -104,7 +104,7 @@ Static analysis of OpenTofu templates to spot potential security issues. require_serial: true entry: hooks/tofu_tfsec.sh - files: \.(tf|tofu)(vars)?$ + files: \.(tf|tofu|tfvars)$ language: script - id: tofu_trivy @@ -113,7 +113,7 @@ Static analysis of OpenTofu templates to spot potential security issues. require_serial: true entry: hooks/tofu_trivy.sh - files: \.(tf|tofu)(vars)?$ + files: \.(tf|tofu|tfvars)$ language: script - id: checkov @@ -123,7 +123,7 @@ language: python pass_filenames: false always_run: false - files: \.tf$ + files: \.(tf|tofu)$ exclude: \.terraform\/.*$ require_serial: true @@ -145,7 +145,7 @@ pass_filenames: false always_run: false require_serial: true - files: \.tf$ + files: \.(tf|tofu)$ exclude: \.terraform\/.*$ - id: terrascan diff --git a/hooks/tofu_wrapper_module_for_each.sh b/hooks/tofu_wrapper_module_for_each.sh index c87db22..4572b58 100755 --- a/hooks/tofu_wrapper_module_for_each.sh +++ b/hooks/tofu_wrapper_module_for_each.sh @@ -315,7 +315,7 @@ EOF all_tf_content=$(find "${full_module_dir}" -regex '.*\.(tf|tofu)' -maxdepth 1 -type f -exec cat {} +) if [[ ! $all_tf_content ]]; then - common::colorify "yellow" "Skipping ${full_module_dir} because there are no *.(tf|tofu) files." + common::colorify "yellow" "Skipping ${full_module_dir} because there are no .tf or .tofu files." continue fi From 9624cc8f24177378449203194b4f0ee71bc6c1a0 Mon Sep 17 00:00:00 2001 From: Michael Rosenfeld Date: Sun, 24 May 2026 22:01:30 -0400 Subject: [PATCH 43/46] feat: support .tofu file extension and update hooks/tools Add support for the `.tofu` file extension in OpenTofu config matching and documentation. Update pre-commit hooks, regex, and README to reflect support for `.tofu` files alongside `.tf` and `.tfvars`. Fix minor shell quoting and array assignment issues. Upgrade pre-commit-hooks to v6.0.0. Signed-off-by: Michael Rosenfeld --- .github/workflows/build-image.yaml | 1 - .pre-commit-config.yaml | 2 +- Dockerfile | 3 +-- README.md | 6 ++++-- hooks/_common.sh | 2 +- hooks/terragrunt_validate_inputs.sh | 14 +++++++------- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index 3bf9105..a79e218 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -98,4 +98,3 @@ jobs: tags: | registry.hub.docker.com/tofuutils/pre-commit-opentofu:nightly provenance: false - diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 17fc5a6..e801df2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v6.0.0 hooks: # Git style - id: check-added-large-files diff --git a/Dockerfile b/Dockerfile index 1616bfd..6699cb2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,7 +22,7 @@ RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-comm RUN curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \ - && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ + && [ "$(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ')" = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/ \ && rm "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" \ && rm "tofu_${TOFU_VERSION}_SHA256SUMS" @@ -235,4 +235,3 @@ ENV INFRACOST_API_KEY=${INFRACOST_API_KEY:-} ENV INFRACOST_SKIP_UPDATE_CHECK=${INFRACOST_SKIP_UPDATE_CHECK:-false} ENTRYPOINT [ "/entrypoint.sh" ] - diff --git a/README.md b/README.md index afb9387..c5f25a9 100644 --- a/README.md +++ b/README.md @@ -294,7 +294,7 @@ repos: ## Available Hooks -There are several [pre-commit](https://pre-commit.com/) hooks to keep OpenTofu configurations (both `*.tf` and `*.tfvars`) and Terragrunt configurations (`*.hcl`) in a good shape: +There are several [pre-commit](https://pre-commit.com/) hooks to keep OpenTofu configurations (`*.tf`, `*.tofu`, and `*.tfvars`) and Terragrunt configurations (`*.hcl`) in a good shape: | Hook name | Description | Dependencies
[Install instructions here](#1-install-dependencies) | @@ -326,6 +326,8 @@ Check the [source file](https://github.com/tofuutils/pre-commit-opentofu/blob/ma OpenTofu operates on a per-dir basis, while `pre-commit` framework only supports files and files that exist. This means if you only remove the TF-related file without any other changes in the same dir, checks will be skipped. Example and details [here](https://github.com/pre-commit/pre-commit/issues/3048). +Hooks match `*.tofu` files where OpenTofu configuration files are supported, but some wrapped third-party tools may lag behind OpenTofu's native `*.tofu` parsing. If a hook runs `terraform-docs`, `tflint`, `tfsec`, `trivy`, `checkov`, `infracost`, or `tfupdate`, make sure the installed tool version supports the file extensions used in your repository. + ### All hooks: Usage of environment variables in `--args` > All, except deprecated hooks: `checkov`, `tofu_docs_replace` @@ -930,7 +932,7 @@ To replicate functionality in `tofu_docs` hook: require_serial: true entry: .generate-providers.sh language: script - files: \.tf(vars)?$ + files: \.(tf|tofu|tfvars)$ pass_filenames: false - repo: https://github.com/pre-commit/pre-commit-hooks diff --git a/hooks/_common.sh b/hooks/_common.sh index 3f4bdc4..5808c19 100644 --- a/hooks/_common.sh +++ b/hooks/_common.sh @@ -123,7 +123,7 @@ function common::parse_and_export_env_vars { # `$arg` will be checked in `if` conditional, `$ARGS` will be used in the next functions. # shellcheck disable=SC2016 # '${' should not be expanded arg=${arg/'${'$env_var_name'}'/$env_var_value} - ARGS[$arg_idx]=$arg + ARGS[arg_idx]=$arg # shellcheck disable=SC2016 # '${' should not be expanded common::colorify "green" 'After ${'"$env_var_name"'} expansion: '"'$arg'\n" continue diff --git a/hooks/terragrunt_validate_inputs.sh b/hooks/terragrunt_validate_inputs.sh index a7b0f78..a406324 100755 --- a/hooks/terragrunt_validate_inputs.sh +++ b/hooks/terragrunt_validate_inputs.sh @@ -32,8 +32,8 @@ function normalize_validate_args_for_modern_terragrunt { for arg_idx in "${!ARGS[@]}"; do case "${ARGS[$arg_idx]}" in - --terragrunt-strict-validate|--strict-validate) - ARGS[$arg_idx]="--strict" + --terragrunt-strict-validate | --strict-validate) + ARGS[arg_idx]="--strict" ;; esac done @@ -45,7 +45,7 @@ function terragrunt_version_ge_0_78 { local major local minor - version_raw=$(terragrunt --version 2>/dev/null || true) + version_raw=$(terragrunt --version 2> /dev/null || true) version=$(echo "$version_raw" | sed -E 's/.*v?([0-9]+)\.([0-9]+)\.([0-9]+).*/\1.\2.\3/') if [[ ! $version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then @@ -109,8 +109,8 @@ function legacy_unit_dirs_from_files { if common::is_hook_run_on_whole_repo "$HOOK_ID" "${FILES[@]}"; then find . -type f -name terragrunt.hcl \ -not -path '*/.terragrunt-cache/*' \ - -not -path '*/.terraform/*' \ - | sort -u | while read -r unit_file; do + -not -path '*/.terraform/*' | + sort -u | while read -r unit_file; do dirname "$unit_file" done return @@ -137,8 +137,8 @@ function legacy_unit_dirs_from_files { if [[ ${#unit_files[@]} -eq 0 ]]; then find . -type f -name terragrunt.hcl \ -not -path '*/.terragrunt-cache/*' \ - -not -path '*/.terraform/*' \ - | sort -u | while read -r unit_file; do + -not -path '*/.terraform/*' | + sort -u | while read -r unit_file; do dirname "$unit_file" done return From ab333d78c6ab3df72f3711ecc9beadb8b39f9462 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 25 May 2026 22:53:37 +0000 Subject: [PATCH 44/46] chore(release): version 2.4.0 [skip ci] # [2.4.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.3.0...v2.4.0) (2026-05-25) ### Bug Fixes * expand file extension patterns for tofu hooks ([451aaa5](https://github.com/tofuutils/pre-commit-opentofu/commit/451aaa59b552eb3913629c835af8b6b568aab120)) ### Features * support .tofu file extension and update hooks/tools ([9624cc8](https://github.com/tofuutils/pre-commit-opentofu/commit/9624cc8f24177378449203194b4f0ee71bc6c1a0)) --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c631c8c..847c7e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. +# [2.4.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.3.0...v2.4.0) (2026-05-25) + + +### Bug Fixes + +* expand file extension patterns for tofu hooks ([451aaa5](https://github.com/tofuutils/pre-commit-opentofu/commit/451aaa59b552eb3913629c835af8b6b568aab120)) + + +### Features + +* support .tofu file extension and update hooks/tools ([9624cc8](https://github.com/tofuutils/pre-commit-opentofu/commit/9624cc8f24177378449203194b4f0ee71bc6c1a0)) + # [2.3.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.2.2...v2.3.0) (2026-04-21) From c9cd4a805d378516a24dac33278fa51deb98bf2e Mon Sep 17 00:00:00 2001 From: Nikolai Mishin Date: Tue, 26 May 2026 23:40:30 +0200 Subject: [PATCH 45/46] fix: Update hadolint installation Signed-off-by: Nikolai Mishin --- .github/workflows/pre-commit.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 1e873b6..b0566cf 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -27,9 +27,13 @@ jobs: sudo apt update && sudo apt install shellcheck - name: Install hadolint + env: + GH_TOKEN: ${{ github.token }} run: | - curl -L "$(curl -s https://api.github.com/repos/hadolint/hadolint/releases/latest | grep -o -E -m 1 "https://.+?/hadolint-Linux-x86_64")" > hadolint \ - && chmod +x hadolint && sudo mv hadolint /usr/bin/ + gh release download v2.14.0 --repo hadolint/hadolint --pattern "hadolint-linux-x86_64" + mv hadolint-linux-x86_64 hadolint + chmod +x hadolint + sudo mv hadolint /usr/bin/ # Need to success pre-commit fix push - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: From 3f263a968cd776924c3d1f4981e0fbf1cd79ff4d Mon Sep 17 00:00:00 2001 From: Michael Rosenfeld Date: Tue, 26 May 2026 12:06:07 -0400 Subject: [PATCH 46/46] fix: typo fixes Signed-off-by: Michael Rosenfeld --- CHANGELOG.md | 2 +- README.md | 2 +- lib_getopt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 847c7e6..2112ef2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -48,7 +48,7 @@ All notable changes to this project will be documented in this file. ### Features -* spport .tofu files ([#6](https://github.com/tofuutils/pre-commit-opentofu/issues/6)) ([e059c58](https://github.com/tofuutils/pre-commit-opentofu/commit/e059c5859bceddf1ca018f55851f6940ad51f1c2)) +* support .tofu files ([#6](https://github.com/tofuutils/pre-commit-opentofu/issues/6)) ([e059c58](https://github.com/tofuutils/pre-commit-opentofu/commit/e059c5859bceddf1ca018f55851f6940ad51f1c2)) # [2.0.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.4...v2.0.0) (2024-09-25) diff --git a/README.md b/README.md index c5f25a9..c8434c9 100644 --- a/README.md +++ b/README.md @@ -718,7 +718,7 @@ To replicate functionality in `tofu_docs` hook: - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl ``` -3. By default, pre-commit-opentofu performs directory switching into the OpenTofu modules for you. If you want to delgate the directory changing to the binary - this will allow tflint to determine the full paths for error/warning messages, rather than just module relative paths. *Note: this requires `tflint>=0.44.0`.* For example: +3. By default, pre-commit-opentofu performs directory switching into the OpenTofu modules for you. If you want to delegate the directory changing to the binary - this will allow tflint to determine the full paths for error/warning messages, rather than just module relative paths. *Note: this requires `tflint>=0.44.0`.* For example: ```yaml - id: tofu_tflint diff --git a/lib_getopt b/lib_getopt index c4b21fa..74e72f1 100644 --- a/lib_getopt +++ b/lib_getopt @@ -360,7 +360,7 @@ getopt() { } _getopt_resolve_abbrev() { - # Resolves an abbrevation from a list of possibilities. + # Resolves an abbreviation from a list of possibilities. # If the abbreviation is unambiguous, echoes the expansion on stdout # and returns 0. If the abbreviation is ambiguous, prints a message on # stderr and returns 1. (For first parse this should convert to exit