weeheavy/pre-commit-opentofu
1
0
Fork 0
forked from github/pre-commit-opentofu
Code Pull requests Activity

Merge pull request #1 from tofuutils/feat/rename-terraform-to-tofu

Browse source 
feat: rename pre-commit-terraform to pre-commit-opentofu
This commit is contained in:
kvendingoldo 2024-01-17 01:17:32 +01:00 committed by GitHub
commit 02ebd94241
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
42 changed files with 1860 additions and 2824 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.github/.container-structure-test-config.yaml vendored
View file

@ -10,10 +10,10 @@ commandTests:
args: ["-V"]
expectedOutput: ["^pre-commit ([0-9]+\\.){2}[0-9]+\\n$"]
- name: "terraform"
command: "terraform"
- name: "tofu"
command: "terrtofuaform"
args: ["-version"]
expectedOutput: ["^Terraform v([0-9]+\\.){2}[0-9]+\\non linux_amd64\\n$"]
expectedOutput: ["^OpenTofu v([0-9]+\\.){2}[0-9]+\\non linux_amd64\\n$"]
- name: "checkov"
command: "checkov"

35
.github/CONTRIBUTING.md vendored
View file

@ -21,24 +21,24 @@ Enjoy the clean, valid, and documented code!
## Run and debug hooks locally
```bash
pre-commit try-repo {-a} /path/to/local/pre-commit-terraform/repo {hook_name}
pre-commit try-repo {-a} /path/to/local/pre-commit-opentofu/repo {hook_name}
```
I.e.
```bash
pre-commit try-repo /mnt/c/Users/tf/pre-commit-terraform terraform_fmt # Run only `terraform_fmt` check
pre-commit try-repo -a ~/pre-commit-terraform # run all existing checks from repo
pre-commit try-repo /mnt/c/Users/tf/pre-commit-opentofu tofu_fmt # Run only `tofu_fmt` check
pre-commit try-repo -a ~/pre-commit-opentofu # run all existing checks from repo
```
Running `pre-commit` with `try-repo` ignores all arguments specified in `.pre-commit-config.yaml`.
If you need to test hook with arguments, follow [pre-commit doc](https://pre-commit.com/#arguments-pattern-in-hooks) to test hooks.
For example, to test that the [`terraform_fmt`](../README.md#terraform_fmt) hook works fine with arguments:
For example, to test that the [`tofu_fmt`](../README.md#tofu_fmt) hook works fine with arguments:
```bash
/tmp/pre-commit-terraform/terraform_fmt.sh --args=-diff --args=-write=false test-dir/main.tf test-dir/vars.tf
/tmp/pre-commit-opentofu/tofu_fmt.sh --args=-diff --args=-write=false test-dir/main.tf test-dir/vars.tf
```
## Run hook performance test
@ -50,10 +50,10 @@ Script accept next options:
| # | Name | Example value | Description |
| --- | ---------------------------------- | ------------------------------------------------------------------------ | ---------------------------------------------------- |
| 1 | `TEST_NUM` | `200` | How many times need repeat test |
| 2 | `TEST_COMMAND` | `'pre-commit try-repo -a /tmp/159/pre-commit-terraform terraform_tfsec'` | Valid pre-commit command |
| 2 | `TEST_COMMAND` | `'pre-commit try-repo -a /tmp/159/pre-commit-opentofu tofu_tfsec'` | Valid pre-commit command |
| 3 | `TEST_DIR` | `'/tmp/infrastructure'` | Dir on what you run tests. |
| 4 | `TEST_DESCRIPTION` | ```'`terraform_tfsec` PR #123:'``` | Text that you'd like to see in result |
| 5 | `RAW_TEST_`<br>`RESULTS_FILE_NAME` | `terraform_tfsec_pr123` | (Temporary) File where all test data will be stored. |
| 4 | `TEST_DESCRIPTION` | ```'`tofu_tfsec` PR #123:'``` | Text that you'd like to see in result |
| 5 | `RAW_TEST_`<br>`RESULTS_FILE_NAME` | `tofu_tfsec_pr123` | (Temporary) File where all test data will be stored. |
<!-- markdownlint-enable no-inline-html -->
> **Note:** To make test results repeatable and comparable, be sure that on the test machine nothing generates an unstable workload. During tests good to stop any other apps and do not interact with the test machine.
@ -66,23 +66,23 @@ Script accept next options:
# Install deps
sudo apt install -y datamash
# Run tests
./hooks_performance_test.sh 200 'pre-commit try-repo -a /tmp/159/pre-commit-terraform terraform_tfsec' '/tmp/infrastructure' '`terraform_tfsec` v1.51.0:' 'terraform_tfsec_pr159'
./hooks_performance_test.sh 200 'pre-commit try-repo -a /tmp/159/pre-commit-opentofu tofu_tfsec' '/tmp/infrastructure' '`tofu_tfsec` v1.51.0:' 'tofu_tfsec_pr159'
```
### Run via Docker
```bash
# Build `pre-commit-terraform` image
docker build -t pre-commit-terraform --build-arg INSTALL_ALL=true .
# Build `pre-commit-opentofu` image
docker build -t pre-commit-opentofu --build-arg INSTALL_ALL=true .
# Build test image
docker build -t pre-commit-tests tests/
# Run
TEST_NUM=1
TEST_DIR='/tmp/infrastructure'
PRE_COMMIT_DIR="$(pwd)"
TEST_COMMAND='pre-commit try-repo -a /pct terraform_tfsec'
TEST_DESCRIPTION='`terraform_tfsec` v1.51.0:'
RAW_TEST_RESULTS_FILE_NAME='terraform_tfsec_pr159'
TEST_COMMAND='pre-commit try-repo -a /pct tofu_tfsec'
TEST_DESCRIPTION='`tofu_tfsec` v1.51.0:'
RAW_TEST_RESULTS_FILE_NAME='tofu_tfsec_pr159'
docker run -v "$PRE_COMMIT_DIR:/pct:rw" -v "$TEST_DIR:/lint:ro" pre-commit-tests \
$TEST_NUM "$TEST_COMMAND" '/lint' "$RAW_TEST_RESULTS_FILE_NAME" "$RAW_TEST_RESULTS_FILE_NAME"
@ -100,12 +100,13 @@ sudo rm -rf tests/results
## Add new hook
You can use [this PR](https://github.com/antonbabenko/pre-commit-terraform/pull/252) as an example.
You can use [this PR](https://github.com/tofuutils/pre-commit-opentofu/pull/1) as an example.
### Before write code
1. Try to figure out future hook usage.
2. Confirm the concept with [Anton Babenko](https://github.com/antonbabenko).
2. Confirm the concept with one of the following people: [Alexander Sharov](https://github.com/kvendingoldo), [Nikolay Mishin](https://github.com/Nmishin), [Anastasiia Kozlova](https://github.com/anastasiiakozlova245).
### Prepare basic documentation
@ -129,7 +130,7 @@ You can use [this PR](https://github.com/antonbabenko/pre-commit-terraform/pull/
```yaml
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform # Your repo
- repo: https://github.com/tofuutils/pre-commit-opentofu # Your repo
rev: 3d76da3885e6a33d59527eff3a57d246dfb66620 # Your commit SHA
hooks:
- id: terraform_docs # New hook name

4
.github/FUNDING.yml vendored
View file

@ -1,2 +1,2 @@
github: [antonbabenko]
custom: https://www.paypal.me/antonbabenko
github: [kvendingoldo]
custom: https://www.paypal.me/kvendingoldo

2
.github/ISSUE_TEMPLATE/bug_report_docker.md vendored
View file

@ -7,7 +7,7 @@ labels:
---
<!--
Thank you for helping to improve pre-commit-terraform!
Thank you for helping to improve pre-commit-opentofu!
Please be sure to search for open issues before raising a new one. We use issues
for bug reports and feature requests. Please note, this template is for bugs

4
.github/ISSUE_TEMPLATE/bug_report_local_install.md vendored
View file

@ -7,7 +7,7 @@ labels:
---
<!--
Thank you for helping to improve pre-commit-terraform!
Thank you for helping to improve pre-commit-opentofu!
Please be sure to search for open issues before raising a new one. We use issues
for bug reports and feature requests. Please note, this template is for bugs
@ -78,7 +78,7 @@ Linux DESKTOP-C7315EF 5.4.72-microsoft-standard-WSL2 #1 SMP Wed Oct 28 23:40:43
bash << EOF
bash --version | head -n 1 2>/dev/null || echo "bash SKIPPED"
pre-commit --version 2>/dev/null || echo "pre-commit SKIPPED"
terraform --version | head -n 1 2>/dev/null || echo "terraform SKIPPED"
tofu --version | head -n 1 2>/dev/null || echo "tofu SKIPPED"
python --version 2>/dev/null || echo "python SKIPPED"
python3 --version 2>/dev/null || echo "python3 SKIPPED"
echo -n "checkov " && checkov --version 2>/dev/null || echo "checkov SKIPPED"

6
.github/ISSUE_TEMPLATE/feature_request.md vendored
View file

@ -6,7 +6,7 @@ labels:
---
<!--
Thank you for helping to improve pre-commit-terraform!
Thank you for helping to improve pre-commit-opentofu!
Please be sure to search for open issues before raising a new one. We use issues
for bug reports and feature requests. Please note, this template is for feature
@ -22,8 +22,8 @@ implement it sensibly.
--->
### How could pre-commit-terraform help solve your problem?
### How could pre-commit-opentofu help solve your problem?
<!--
Let us know how you think pre-commit-terraform could help with your use case.
Let us know how you think pre-commit-opentofu could help with your use case.
-->

4
.github/PULL_REQUEST_TEMPLATE.md vendored
View file

@ -1,5 +1,5 @@
<!--
Thank you for helping to improve pre-commit-terraform!
Thank you for helping to improve pre-commit-opentofu!
-->
Put an `x` into the box if that apply:
@ -15,7 +15,7 @@ Put an `x` into the box if that apply:
Briefly describe what this pull request does. Be sure to direct your reviewers'
attention to anything that needs special consideration.
We love pull requests that resolve an open pre-commit-terraform issue. If yours does, you
We love pull requests that resolve an open pre-commit-opentofu issue. If yours does, you
can uncomment the below line to indicate which issue your PR fixes, for example
"Fixes #123456":
-->

2
.github/workflows/pre-commit.yaml vendored
View file

@ -35,7 +35,7 @@ jobs:
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
# Skip terraform_tflint which interferes to commit pre-commit auto-fixes
# Skip tofu_tflint which interferes to commit pre-commit auto-fixes
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: '3.9'

86
.pre-commit-hooks.yaml
View file

@ -1,40 +1,40 @@
- id: infracost_breakdown
name: Infracost breakdown
description: Check terraform infrastructure cost
description: Check OpenTofu infrastructure cost
entry: hooks/infracost_breakdown.sh
language: script
require_serial: true
files: \.(tf(vars)?|hcl)$
exclude: \.terraform\/.*$
- id: terraform_fmt
name: Terraform fmt
description: Rewrites all Terraform configuration files to a canonical format.
entry: hooks/terraform_fmt.sh
- id: tofu_fmt
name: OpenTofu fmt
description: Rewrites all OpenTofu configuration files to a canonical format.
entry: hooks/tofu_fmt.sh
language: script
files: (\.tf|\.tfvars)$
exclude: \.terraform\/.*$
- id: terraform_docs
name: Terraform docs
- id: tofu_docs
name: OpenTofu docs
description: Inserts input and output documentation into README.md (using terraform-docs).
require_serial: true
entry: hooks/terraform_docs.sh
entry: hooks/tofu_docs.sh
language: script
files: (\.tf|\.terraform\.lock\.hcl)$
exclude: \.terraform\/.*$
- id: terraform_docs_without_aggregate_type_defaults
name: Terraform docs (without aggregate type defaults)
- id: tofu_docs_without_aggregate_type_defaults
name: OpenTofu docs (without aggregate type defaults)
description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs.
require_serial: true
entry: hooks/terraform_docs.sh
entry: hooks/tofu_docs.sh
language: script
files: (\.tf)$
exclude: \.terraform\/.*$
- id: terraform_docs_replace
name: Terraform docs (overwrite README.md)
- id: tofu_docs_replace
name: OpenTofu docs (overwrite README.md)
description: Overwrite content of README.md with terraform-docs.
require_serial: true
entry: terraform_docs_replace
@ -42,29 +42,29 @@
files: (\.tf)$
exclude: \.terraform\/.*$
- id: terraform_validate
name: Terraform validate
description: Validates all Terraform configuration files.
- id: tofu_validate
name: OpenTofu validate
description: Validates all OpenTofu configuration files.
require_serial: true
entry: hooks/terraform_validate.sh
entry: hooks/tofu_validate.sh
language: script
files: (\.tf|\.tfvars)$
exclude: \.terraform\/.*$
- id: terraform_providers_lock
name: Lock terraform provider versions
- id: tofu_providers_lock
name: Lock OpenTofu provider versions
description: Updates provider signatures in dependency lock files.
require_serial: true
entry: hooks/terraform_providers_lock.sh
entry: hooks/tofu_providers_lock.sh
language: script
files: (\.terraform\.lock\.hcl)$
exclude: \.terraform\/.*$
- id: terraform_tflint
name: Terraform validate with tflint
description: Validates all Terraform configuration files with TFLint.
- id: tofu_tflint
name: OpenTofu validate with tflint
description: Validates all OpenTofu configuration files with TFLint.
require_serial: true
entry: hooks/terraform_tflint.sh
entry: hooks/tofu_tflint.sh
language: script
files: (\.tf|\.tfvars)$
exclude: \.terraform\/.*$
@ -85,25 +85,25 @@
files: (\.hcl)$
exclude: \.terraform\/.*$
- id: terraform_tfsec
name: Terraform validate with tfsec (deprecated, use "terraform_trivy")
description: Static analysis of Terraform templates to spot potential security issues.
- id: tofu_tfsec
name: OpenTofu validate with tfsec (deprecated, use "tofu_trivy")
description: Static analysis of OpenTofu templates to spot potential security issues.
require_serial: true
entry: hooks/terraform_tfsec.sh
entry: hooks/tofu_tfsec.sh
files: \.tf(vars)?$
language: script
- id: terraform_trivy
name: Terraform validate with trivy
description: Static analysis of Terraform templates to spot potential security issues.
- id: tofu_trivy
name: OpenTofu validate with trivy
description: Static analysis of OpenTofu templates to spot potential security issues.
require_serial: true
entry: hooks/terraform_trivy.sh
entry: hooks/tofu_trivy.sh
files: \.tf(vars)?$
language: script
- id: checkov
name: checkov (deprecated, use "terraform_checkov")
description: Runs checkov on Terraform templates.
name: checkov (deprecated, use "tofu_checkov")
description: Runs checkov on OpenTofu templates.
entry: checkov -d .
language: python
pass_filenames: false
@ -112,20 +112,20 @@
exclude: \.terraform\/.*$
require_serial: true
- id: terraform_checkov
- id: tofu_checkov
name: Checkov
description: Runs checkov on Terraform templates.
entry: hooks/terraform_checkov.sh
description: Runs checkov on OpenTofu templates.
entry: hooks/tofu_checkov.sh
language: script
always_run: false
files: \.tf$
exclude: \.terraform\/.*$
require_serial: true
- id: terraform_wrapper_module_for_each
name: Terraform wrapper with for_each in module
description: Generate Terraform wrappers with for_each in module.
entry: hooks/terraform_wrapper_module_for_each.sh
- id: tofu_wrapper_module_for_each
name: OpenTofu wrapper with for_each in module
description: Generate OpenTofu wrappers with for_each in module.
entry: hooks/tofu_wrapper_module_for_each.sh
language: script
pass_filenames: false
always_run: false
@ -135,7 +135,7 @@
- id: terrascan
name: terrascan
description: Runs terrascan on Terraform templates.
description: Runs terrascan on OpenTofu templates.
language: script
entry: hooks/terrascan.sh
files: \.tf$
@ -144,7 +144,7 @@
- id: tfupdate
name: tfupdate
description: Runs tfupdate on Terraform templates.
description: Runs tfupdate on OpenTofu templates.
language: script
entry: hooks/tfupdate.sh
args:

947
CHANGELOG.md
View file

@ -2,952 +2,9 @@
All notable changes to this project will be documented in this file.
# [1.86.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.85.0...v1.86.0) (2023-12-21)
# [1.0.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.0) (2023-12-21)
### Features
* **`terraform_docs`:** Add `terraform-docs` default markers support and describe how to migrate to them ([#609](https://github.com/antonbabenko/pre-commit-terraform/issues/609)) ([4a0e1fe](https://github.com/antonbabenko/pre-commit-terraform/commit/4a0e1fed008230b65085da0e42b7695bc4e0a5f1))
# [1.85.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.84.0...v1.85.0) (2023-12-15)
### Features
* **trivy:** Add `terraform_trivy` hook and deprecate `terraform_tfsec` ([#606](https://github.com/antonbabenko/pre-commit-terraform/issues/606)) ([f3c819a](https://github.com/antonbabenko/pre-commit-terraform/commit/f3c819a747662d1257fa6989318d6ede5fabaff3))
# [1.84.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.83.6...v1.84.0) (2023-12-12)
### Features
* **deps:** Bump Python version in docker image from 3.11.5 to v3.12.0 ([#597](https://github.com/antonbabenko/pre-commit-terraform/issues/597)) ([28e3cde](https://github.com/antonbabenko/pre-commit-terraform/commit/28e3cde152370bcc5b38e82beb0345299f8c511d))
## [1.83.6](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.83.5...v1.83.6) (2023-11-16)
### Bug Fixes
* **`terraform_validate`:** Run `terraform init` on "Missing required provider" error ([#586](https://github.com/antonbabenko/pre-commit-terraform/issues/586)) ([6e2bb2e](https://github.com/antonbabenko/pre-commit-terraform/commit/6e2bb2e2a12528903d8b8a21f2924473e498385a))
## [1.83.5](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.83.4...v1.83.5) (2023-10-11)
### Bug Fixes
* Suppress duplicate error messages in `terraform_validate` ([#577](https://github.com/antonbabenko/pre-commit-terraform/issues/577)) ([4ea6b14](https://github.com/antonbabenko/pre-commit-terraform/commit/4ea6b14c6fdf48e33fa6e116cbe332bba0888bbb))
## [1.83.4](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.83.3...v1.83.4) (2023-09-22)
### Bug Fixes
* Fix terraform_wrapper_module_for_each for when resource name contains 'variable' ([#573](https://github.com/antonbabenko/pre-commit-terraform/issues/573)) ([941177e](https://github.com/antonbabenko/pre-commit-terraform/commit/941177e066e8de255f58f0a5afbda72995eb3f08))
## [1.83.3](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.83.2...v1.83.3) (2023-09-15)
### Bug Fixes
* Run `terraform_tfsec` only on terraform code changes ([#571](https://github.com/antonbabenko/pre-commit-terraform/issues/571)) ([4253162](https://github.com/antonbabenko/pre-commit-terraform/commit/42531626144fb8cdca3d5750c7206393f501feb4))
## [1.83.2](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.83.1...v1.83.2) (2023-09-04)
### Bug Fixes
* Extend `terraform_validate` `--retry-once-with-cleanup` errors list ([#566](https://github.com/antonbabenko/pre-commit-terraform/issues/566)) ([19188e5](https://github.com/antonbabenko/pre-commit-terraform/commit/19188e5c384a1803bca607e4e79faf61cc55a5b9))
## [1.83.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.83.0...v1.83.1) (2023-09-04)
### Bug Fixes
* Fixed ordering issue in terraform_wrapper_module_for_each hook ([#565](https://github.com/antonbabenko/pre-commit-terraform/issues/565)) ([dc12be1](https://github.com/antonbabenko/pre-commit-terraform/commit/dc12be1faff4b73a3fc9bd62296c40a351597a20))
# [1.83.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.82.0...v1.83.0) (2023-08-25)
### Features
* Skip legacy modules (with provider block) in terraform_wrapper_module_for_each hook ([#560](https://github.com/antonbabenko/pre-commit-terraform/issues/560)) ([456cc76](https://github.com/antonbabenko/pre-commit-terraform/commit/456cc7616ac4facc3392c51ed9606a7535f8fd0f))
# [1.82.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.81.2...v1.82.0) (2023-08-15)
### Features
* **docker:** Add ssh-client to Docker image to access private modules via ssh ([#553](https://github.com/antonbabenko/pre-commit-terraform/issues/553)) ([1d76157](https://github.com/antonbabenko/pre-commit-terraform/commit/1d76157c9d67a2cbc1b08a4d7bc5ad53a3b663e7))
## [1.81.2](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.81.1...v1.81.2) (2023-08-10)
### Bug Fixes
* Fix terraform_wrapper_module_for_each hook heredoc vars defaults ([#554](https://github.com/antonbabenko/pre-commit-terraform/issues/554)) ([6fd4263](https://github.com/antonbabenko/pre-commit-terraform/commit/6fd4263f599ff3318cc2095dde03a312bb617511))
## [1.81.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.81.0...v1.81.1) (2023-08-10)
### Bug Fixes
* Fix the terraform_wrapper_module_for_each hook for modules without outputs or variables ([#552](https://github.com/antonbabenko/pre-commit-terraform/issues/552)) ([f24b3fa](https://github.com/antonbabenko/pre-commit-terraform/commit/f24b3fab71b248c4be75ec378c43e6921053491a))
# [1.81.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.80.0...v1.81.0) (2023-06-12)
### Features
* Speedup `terraform_validate` - firstly try run validate without checking is `.terraform/` is valid ([#524](https://github.com/antonbabenko/pre-commit-terraform/issues/524)) ([d0d08ac](https://github.com/antonbabenko/pre-commit-terraform/commit/d0d08ac63cebd23e4ee7ff58fb91ea20c398ab69))
# [1.80.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.79.1...v1.80.0) (2023-05-30)
### Features
* **`terraform_providers_lock`:** Add `--mode` option and deprecate previous workflow ([#528](https://github.com/antonbabenko/pre-commit-terraform/issues/528)) ([2426b52](https://github.com/antonbabenko/pre-commit-terraform/commit/2426b527aeee39aad0386cbbd734747d883ed7b6))
## [1.79.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.79.0...v1.79.1) (2023-05-09)
### Bug Fixes
* Fix `terraform_providers_lock` hook broken in v1.79.0 ([#521](https://github.com/antonbabenko/pre-commit-terraform/issues/521)) ([6bfc5bf](https://github.com/antonbabenko/pre-commit-terraform/commit/6bfc5bf7670a6d9fbf21d1a686fdaa941ab34aa6))
# [1.79.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.78.0...v1.79.0) (2023-05-08)
### Features
* TFLint: Add `--hook-config=--delegate-chdir` to use `tflint -chdir` ([#512](https://github.com/antonbabenko/pre-commit-terraform/issues/512)) ([1e9debc](https://github.com/antonbabenko/pre-commit-terraform/commit/1e9debc02f558156823fc1ddd5cf2b48b1593167))
# [1.78.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.77.4...v1.78.0) (2023-04-28)
### Features
* **ci:** Build multi-arch Docker images (`amd64`, `arm64`) ([#496](https://github.com/antonbabenko/pre-commit-terraform/issues/496)) ([923c2c6](https://github.com/antonbabenko/pre-commit-terraform/commit/923c2c6a1e093620980790e864801f48a13ecf57))
## [1.77.4](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.77.3...v1.77.4) (2023-04-28)
### Bug Fixes
* Speed up x2 TFLint hook execution in dirs with violations ([#514](https://github.com/antonbabenko/pre-commit-terraform/issues/514)) ([49974ab](https://github.com/antonbabenko/pre-commit-terraform/commit/49974ab9ef37e199d65778e6055aaf8130c6a875))
## [1.77.3](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.77.2...v1.77.3) (2023-04-21)
### Bug Fixes
* Updates all dependencies used in Dockerfile and fix Docker image ([#507](https://github.com/antonbabenko/pre-commit-terraform/issues/507)) ([dc177fe](https://github.com/antonbabenko/pre-commit-terraform/commit/dc177fe29ed250fbb98702248c7de232bdb75f58))
## [1.77.2](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.77.1...v1.77.2) (2023-04-09)
### Bug Fixes
* Fixed spacing in `terraform_wrapper_module_for_each` hook ([#503](https://github.com/antonbabenko/pre-commit-terraform/issues/503)) ([ddc0d81](https://github.com/antonbabenko/pre-commit-terraform/commit/ddc0d81d31a2571de95246b9970216ae0e4432c4))
## [1.77.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.77.0...v1.77.1) (2023-02-03)
### Bug Fixes
* Pass command line arguments to tflint init ([#487](https://github.com/antonbabenko/pre-commit-terraform/issues/487)) ([29a8c00](https://github.com/antonbabenko/pre-commit-terraform/commit/29a8c00251e16941059df0f460b1e55890d4d7b5))
# [1.77.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.76.1...v1.77.0) (2022-11-26)
### Features
* Add `--retry-once-with-cleanup` to `terraform_validate` ([#441](https://github.com/antonbabenko/pre-commit-terraform/issues/441)) ([96fe3ef](https://github.com/antonbabenko/pre-commit-terraform/commit/96fe3ef6577705ee72ae33cba5f366ce32b9a5f7))
## [1.76.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.76.0...v1.76.1) (2022-11-26)
### Bug Fixes
* Describe migration instructions from `terraform_docs_replace` ([#451](https://github.com/antonbabenko/pre-commit-terraform/issues/451)) ([a8bcaa7](https://github.com/antonbabenko/pre-commit-terraform/commit/a8bcaa7975175679f2da0a5d1379f0e20446a2f9))
# [1.76.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.75.0...v1.76.0) (2022-10-06)
### Features
* Add support for version constraints in `tfupdate` ([#437](https://github.com/antonbabenko/pre-commit-terraform/issues/437)) ([a446642](https://github.com/antonbabenko/pre-commit-terraform/commit/a4466425fb486257cfc672094d92b0fb04fdfe93))
# [1.75.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.74.2...v1.75.0) (2022-09-07)
### Features
* Allow running container as non-root UID/GID for ownership issues (docker) ([#433](https://github.com/antonbabenko/pre-commit-terraform/issues/433)) ([abc2570](https://github.com/antonbabenko/pre-commit-terraform/commit/abc2570e42d3b01b56d34a474eedbf13063d3c31))
## [1.74.2](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.74.1...v1.74.2) (2022-09-02)
### Bug Fixes
* Fixed url for wrappers in generated README (terraform_wrapper_module_for_each) ([#429](https://github.com/antonbabenko/pre-commit-terraform/issues/429)) ([fe29c6c](https://github.com/antonbabenko/pre-commit-terraform/commit/fe29c6c71abf31e5e7fbba6ed1d3555971e89ee4))
## [1.74.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.74.0...v1.74.1) (2022-07-13)
### Bug Fixes
* Passed scenario in `terraform_docs` hook now works as expected ([7ac2736](https://github.com/antonbabenko/pre-commit-terraform/commit/7ac2736ab9544455b06fb66f2fb40d3609a010b6))
# [1.74.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.73.0...v1.74.0) (2022-07-12)
### Bug Fixes
* Add `--env-vars`, deprecate `--envs` ([#410](https://github.com/antonbabenko/pre-commit-terraform/issues/410)) ([2b35cad](https://github.com/antonbabenko/pre-commit-terraform/commit/2b35cad50fd7fe1c662cab1bfaab2a4ef7baa3c9))
* Add `--tf-init-args`, deprecate `--init-args` ([#407](https://github.com/antonbabenko/pre-commit-terraform/issues/407)) ([c4f8251](https://github.com/antonbabenko/pre-commit-terraform/commit/c4f8251d302260953c62a6b2116ea89584ce04a6))
### Features
* Add support for set env vars inside hook runtime ([#408](https://github.com/antonbabenko/pre-commit-terraform/issues/408)) ([d490231](https://github.com/antonbabenko/pre-commit-terraform/commit/d4902313ce11cc12c738397463f307b830a9ba3e))
* Allow `terraform_providers_lock` specify terraform init args ([#406](https://github.com/antonbabenko/pre-commit-terraform/issues/406)) ([32b232f](https://github.com/antonbabenko/pre-commit-terraform/commit/32b232f039ceee24b2db8e09de57047c78c6005b))
* Suppress color for all hooks if `PRE_COMMIT_COLOR=never` set ([#409](https://github.com/antonbabenko/pre-commit-terraform/issues/409)) ([b12f0c6](https://github.com/antonbabenko/pre-commit-terraform/commit/b12f0c662c4ebd104b27880fc380854590c0ca22))
# [1.73.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.72.2...v1.73.0) (2022-06-27)
### Features
* Add __GIT_WORKING_DIR__ to terraform_checkov ([#399](https://github.com/antonbabenko/pre-commit-terraform/issues/399)) ([ae88ed7](https://github.com/antonbabenko/pre-commit-terraform/commit/ae88ed73cfb63398270608d4e68f46bb4424f150))
## [1.72.2](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.72.1...v1.72.2) (2022-06-21)
### Bug Fixes
* Pre-commit-terraform terraform_validate hook ([#401](https://github.com/antonbabenko/pre-commit-terraform/issues/401)) ([d9f482c](https://github.com/antonbabenko/pre-commit-terraform/commit/d9f482c0c6fa0bd464bbaa7444b4f853f1bc4fb9))
## [1.72.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.72.0...v1.72.1) (2022-05-25)
### Bug Fixes
* Fixed `terraform_fmt` with `tfenv`, when `terraform` default version is not specified ([#389](https://github.com/antonbabenko/pre-commit-terraform/issues/389)) ([1b9476a](https://github.com/antonbabenko/pre-commit-terraform/commit/1b9476a2798f49c474cb59e812ddaf66b2cc6ca2))
# [1.72.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.71.0...v1.72.0) (2022-05-25)
### Features
* When a config file is given, do not specify formatter on cli (terraform_docs) ([#386](https://github.com/antonbabenko/pre-commit-terraform/issues/386)) ([962054b](https://github.com/antonbabenko/pre-commit-terraform/commit/962054b923e7a4fff5338fd3f5cb76f957797dd3))
# [1.71.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.70.1...v1.71.0) (2022-05-02)
### Features
* Added terraform_wrapper_module_for_each hook ([#376](https://github.com/antonbabenko/pre-commit-terraform/issues/376)) ([e4e9a73](https://github.com/antonbabenko/pre-commit-terraform/commit/e4e9a73d7eb8182bcad5ffca17876d1c0a4a8a49))
## [1.70.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.70.0...v1.70.1) (2022-04-28)
### Bug Fixes
* Fixed `tfupdate` to work in all cases, not only `pre-commit run --all` ([#375](https://github.com/antonbabenko/pre-commit-terraform/issues/375)) ([297cc75](https://github.com/antonbabenko/pre-commit-terraform/commit/297cc757879f25bed6d3adf3b6254cf0d37b17c2))
# [1.70.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.69.0...v1.70.0) (2022-04-28)
### Features
* Add support for `pre-commit/pre-commit-hooks` in Docker image ([#374](https://github.com/antonbabenko/pre-commit-terraform/issues/374)) ([017da74](https://github.com/antonbabenko/pre-commit-terraform/commit/017da745d0817f94b44c3c773e4aa8d42a80aa09))
# [1.69.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.68.1...v1.69.0) (2022-04-26)
### Features
* Allow env vars expansion in `--args` section for all hooks ([#363](https://github.com/antonbabenko/pre-commit-terraform/issues/363)) ([caa01c3](https://github.com/antonbabenko/pre-commit-terraform/commit/caa01c30b33a5a829b75ee6a9e9e08a534a42216))
## [1.68.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.68.0...v1.68.1) (2022-04-20)
### Bug Fixes
* Fixed git fatal error in Dockerfile ([#372](https://github.com/antonbabenko/pre-commit-terraform/issues/372)) ([c3f8dd4](https://github.com/antonbabenko/pre-commit-terraform/commit/c3f8dd40e6d6867c661e2495f8194ee7bd9c7fdd))
# [1.68.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.67.0...v1.68.0) (2022-04-18)
### Features
* Removed `coreutils` (realpath) from dependencies for MacOS ([#368](https://github.com/antonbabenko/pre-commit-terraform/issues/368)) ([944a2e5](https://github.com/antonbabenko/pre-commit-terraform/commit/944a2e5fefd50df6130c68bcaa4beb4d770c11b9))
# [1.67.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.66.0...v1.67.0) (2022-04-15)
### Features
* Added `terraform_checkov` (run per folder), deprecated `checkov` hook ([#290](https://github.com/antonbabenko/pre-commit-terraform/issues/290)) ([e3a9834](https://github.com/antonbabenko/pre-commit-terraform/commit/e3a98345bb3be407c476749496827b418b81241c))
# [1.66.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.65.1...v1.66.0) (2022-04-13)
### Features
* Added support for `tfupdate` to update version constraints in Terraform configurations ([#342](https://github.com/antonbabenko/pre-commit-terraform/issues/342)) ([ef7a0f2](https://github.com/antonbabenko/pre-commit-terraform/commit/ef7a0f2b467d20f30341d25df3d4012cff2194ec))
## [1.65.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.65.0...v1.65.1) (2022-04-13)
### Bug Fixes
* Improve `tflint --init` command execution ([#361](https://github.com/antonbabenko/pre-commit-terraform/issues/361)) ([d31cb69](https://github.com/antonbabenko/pre-commit-terraform/commit/d31cb6936376bd1aaa9ada83021c29e6ca6727e0))
# [1.65.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.64.1...v1.65.0) (2022-04-13)
### Features
* Adding init to terraform_tflint hook ([#352](https://github.com/antonbabenko/pre-commit-terraform/issues/352)) ([1aff30f](https://github.com/antonbabenko/pre-commit-terraform/commit/1aff30f2a4cb0df65a1e693690b5225a112cf621))
## [1.64.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.64.0...v1.64.1) (2022-03-31)
### Bug Fixes
* Make hooks bash 3.2 compatible ([#339](https://github.com/antonbabenko/pre-commit-terraform/issues/339)) ([4ad825d](https://github.com/antonbabenko/pre-commit-terraform/commit/4ad825d8d39254c69f0e01fb3e7728f0be9acbb9))
# [1.64.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.63.0...v1.64.0) (2022-02-10)
### Features
* Improved speed of `pre-commit run -a` for multiple hooks ([#338](https://github.com/antonbabenko/pre-commit-terraform/issues/338)) ([579dc45](https://github.com/antonbabenko/pre-commit-terraform/commit/579dc45fb40bc64c6742d42a9da78eddb0b70e1d))
# [1.63.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.62.3...v1.63.0) (2022-02-10)
### Features
* Improve performance during `pre-commit --all (-a)` run ([#327](https://github.com/antonbabenko/pre-commit-terraform/issues/327)) ([7e7c916](https://github.com/antonbabenko/pre-commit-terraform/commit/7e7c91643e8f213168b95d0583f787f914b04ce4))
## [1.62.3](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.62.2...v1.62.3) (2021-12-22)
### Bug Fixes
* Check all directories with changes and pass all args in terrascan hook ([#305](https://github.com/antonbabenko/pre-commit-terraform/issues/305)) ([66401d9](https://github.com/antonbabenko/pre-commit-terraform/commit/66401d93f485164fb2272af297df835b932c61c3))
## [1.62.2](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.62.1...v1.62.2) (2021-12-21)
### Bug Fixes
* Properly exclude .terraform directory with checkov hook ([#306](https://github.com/antonbabenko/pre-commit-terraform/issues/306)) ([b431a43](https://github.com/antonbabenko/pre-commit-terraform/commit/b431a43ffa6cd13156485ef853c967856e9572ef))
* Speedup `terrascan` hook up to x3 times in big repos ([#307](https://github.com/antonbabenko/pre-commit-terraform/issues/307)) ([2e8dcf9](https://github.com/antonbabenko/pre-commit-terraform/commit/2e8dcf9298733a256cc7f8c6f05b3ef9a1047a36))
## [1.62.1](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.62.0...v1.62.1) (2021-12-18)
### Bug Fixes
* **terraform_tflint:** Restore current working directory behavior ([#302](https://github.com/antonbabenko/pre-commit-terraform/issues/302)) ([93029dc](https://github.com/antonbabenko/pre-commit-terraform/commit/93029dcfcf6b9b121c24573f3e647d9fde255486))
# [1.62.0](https://github.com/antonbabenko/pre-commit-terraform/compare/v1.61.0...v1.62.0) (2021-12-12)
### Features
* Added semantic release ([#296](https://github.com/antonbabenko/pre-commit-terraform/issues/296)) ([1bcca44](https://github.com/antonbabenko/pre-commit-terraform/commit/1bcca44d1677128c23d505be644f1d16c320eb4c))
# Change Log
All notable changes to this project will be documented in this file.
<a name="unreleased"></a>
## [Unreleased]
<a name="v1.61.0"></a>
## [v1.61.0] - 2021-12-11
- feat: Pass custom arguments to terraform init in `terraform_validate` hook ([#293](https://github.com/antonbabenko/pre-commit-terraform/issues/293))
- fix: analyse all folders with tflint and don't stop on first execution ([#289](https://github.com/antonbabenko/pre-commit-terraform/issues/289))
<a name="v1.60.0"></a>
## [v1.60.0] - 2021-12-08
- fix: pre-build docker image ([#292](https://github.com/antonbabenko/pre-commit-terraform/issues/292))
<a name="v1.59.0"></a>
## [v1.59.0] - 2021-12-06
- fix: Fixed docker build ([#288](https://github.com/antonbabenko/pre-commit-terraform/issues/288))
<a name="v1.58.0"></a>
## [v1.58.0] - 2021-11-20
- chore: Publish container image on release ([#285](https://github.com/antonbabenko/pre-commit-terraform/issues/285))
- chore: Fix master merge to working branch on pre-commit autofixes ([#286](https://github.com/antonbabenko/pre-commit-terraform/issues/286))
<a name="v1.57.0"></a>
## [v1.57.0] - 2021-11-17
- fix: typo in arg name for terraform-docs ([#283](https://github.com/antonbabenko/pre-commit-terraform/issues/283))
- chore: Add deprecation notice to `terraform_docs_replace` ([#280](https://github.com/antonbabenko/pre-commit-terraform/issues/280))
<a name="v1.56.0"></a>
## [v1.56.0] - 2021-11-08
- feat: Updated Docker image from Ubuntu to Alpine ([#278](https://github.com/antonbabenko/pre-commit-terraform/issues/278))
- chore: Updated messages shown in terraform_tflint hook ([#274](https://github.com/antonbabenko/pre-commit-terraform/issues/274))
<a name="v1.55.0"></a>
## [v1.55.0] - 2021-10-27
- fix: Fixed 1.54.0 where `terraform_docs` was broken ([#272](https://github.com/antonbabenko/pre-commit-terraform/issues/272))
<a name="v1.54.0"></a>
## [v1.54.0] - 2021-10-27
- feat: Add support for quoted values in `infracost_breakdown` `--hook-config` ([#269](https://github.com/antonbabenko/pre-commit-terraform/issues/269))
- docs: Added notes about sponsors ([#268](https://github.com/antonbabenko/pre-commit-terraform/issues/268))
- fix: Fixed args expand in terraform_docs ([#260](https://github.com/antonbabenko/pre-commit-terraform/issues/260))
<a name="v1.53.0"></a>
## [v1.53.0] - 2021-10-26
- docs: Pre-release 1.53 ([#267](https://github.com/antonbabenko/pre-commit-terraform/issues/267))
- docs: Clarify docs for terraform_tfsec hook ([#266](https://github.com/antonbabenko/pre-commit-terraform/issues/266))
- feat: Add infracost_breakdown hook ([#252](https://github.com/antonbabenko/pre-commit-terraform/issues/252))
- feat: Set up PR reviewers automatically ([#258](https://github.com/antonbabenko/pre-commit-terraform/issues/258))
- docs: fix protocol to prevent MITM ([#257](https://github.com/antonbabenko/pre-commit-terraform/issues/257))
- feat: add __GIT_WORKING_DIR__ to tfsec ([#255](https://github.com/antonbabenko/pre-commit-terraform/issues/255))
- docs: Add missing space in terrascan install cmd ([#253](https://github.com/antonbabenko/pre-commit-terraform/issues/253))
- fix: command not found ([#251](https://github.com/antonbabenko/pre-commit-terraform/issues/251))
- fix: execute tflint once in no errors ([#250](https://github.com/antonbabenko/pre-commit-terraform/issues/250))
- docs: fix deps ([#249](https://github.com/antonbabenko/pre-commit-terraform/issues/249))
- feat: Add `terraform_docs` hook settings ([#245](https://github.com/antonbabenko/pre-commit-terraform/issues/245))
- fix: terrafrom_tflint ERROR output for files located in repo root ([#243](https://github.com/antonbabenko/pre-commit-terraform/issues/243))
- feat: Add support for specify terraform-docs config file ([#244](https://github.com/antonbabenko/pre-commit-terraform/issues/244))
- docs: Document hooks dependencies ([#247](https://github.com/antonbabenko/pre-commit-terraform/issues/247))
- feat: Allow passing of args to terraform_fmt ([#147](https://github.com/antonbabenko/pre-commit-terraform/issues/147))
- docs: Add terraform_fmt usage instructions and how-to debug script with args ([#242](https://github.com/antonbabenko/pre-commit-terraform/issues/242))
- fix: TFSec outputs the same results multiple times ([#237](https://github.com/antonbabenko/pre-commit-terraform/issues/237))
- chore: Do not mark issues and PR's in milestone as stale ([#241](https://github.com/antonbabenko/pre-commit-terraform/issues/241))
<a name="v1.52.0"></a>
## [v1.52.0] - 2021-10-04
- feat: Add new hook for `terraform providers lock` operation ([#173](https://github.com/antonbabenko/pre-commit-terraform/issues/173))
- docs: Document terraform_tfsec args usage ([#238](https://github.com/antonbabenko/pre-commit-terraform/issues/238))
- docs: Make contributors more visible ([#236](https://github.com/antonbabenko/pre-commit-terraform/issues/236))
- docs: Add contributing guide and docs about performance tests ([#235](https://github.com/antonbabenko/pre-commit-terraform/issues/235))
- fix: terraform_tflint hook executes in a serial way to run less often ([#211](https://github.com/antonbabenko/pre-commit-terraform/issues/211))
- feat: Add PATH outputs when TFLint found any problem ([#234](https://github.com/antonbabenko/pre-commit-terraform/issues/234))
- fix: Dockerfile if INSTALL_ALL is not defined ([#233](https://github.com/antonbabenko/pre-commit-terraform/issues/233))
- docs: Describe hooks usage and improve examples ([#232](https://github.com/antonbabenko/pre-commit-terraform/issues/232))
- chore: Add shfmt to workflow ([#231](https://github.com/antonbabenko/pre-commit-terraform/issues/231))
- fix: remove dead code from terraform-docs script ([#229](https://github.com/antonbabenko/pre-commit-terraform/issues/229))
<a name="v1.51.0"></a>
## [v1.51.0] - 2021-09-17
- fix: trigger terraform-docs on changes in lock files ([#228](https://github.com/antonbabenko/pre-commit-terraform/issues/228))
- fix: label auto-adding after label rename ([#226](https://github.com/antonbabenko/pre-commit-terraform/issues/226))
- chore: Updated GH stale action config ([#223](https://github.com/antonbabenko/pre-commit-terraform/issues/223))
- feat: Add GH checks and templates ([#222](https://github.com/antonbabenko/pre-commit-terraform/issues/222))
- feat: Add mixed line ending check to prevent possible errors ([#221](https://github.com/antonbabenko/pre-commit-terraform/issues/221))
- fix: Dockerized pre-commit-terraform ([#219](https://github.com/antonbabenko/pre-commit-terraform/issues/219))
- docs: Initial docs improvement ([#218](https://github.com/antonbabenko/pre-commit-terraform/issues/218))
- chore: Update Ubuntu install method ([#198](https://github.com/antonbabenko/pre-commit-terraform/issues/198))
<a name="v1.50.0"></a>
## [v1.50.0] - 2021-04-22
- feat: Adds support for Terrascan ([#195](https://github.com/antonbabenko/pre-commit-terraform/issues/195))
<a name="v1.49.0"></a>
## [v1.49.0] - 2021-04-20
- fix: Fix and pin versions in Dockerfile ([#193](https://github.com/antonbabenko/pre-commit-terraform/issues/193))
- chore: Fix mistake on command ([#185](https://github.com/antonbabenko/pre-commit-terraform/issues/185))
- Update README.md
<a name="v1.48.0"></a>
## [v1.48.0] - 2021-03-12
- chore: add dockerfile ([#183](https://github.com/antonbabenko/pre-commit-terraform/issues/183))
- docs: Added checkov install ([#182](https://github.com/antonbabenko/pre-commit-terraform/issues/182))
<a name="v1.47.0"></a>
## [v1.47.0] - 2021-02-25
- fix: remove sed postprocessing from the terraform_docs_replace hook to fix compatibility with terraform-docs 0.11.0+ ([#176](https://github.com/antonbabenko/pre-commit-terraform/issues/176))
- docs: updates installs for macOS and ubuntu ([#175](https://github.com/antonbabenko/pre-commit-terraform/issues/175))
<a name="v1.46.0"></a>
## [v1.46.0] - 2021-02-20
- fix: Terraform validate for submodules ([#172](https://github.com/antonbabenko/pre-commit-terraform/issues/172))
<a name="v1.45.0"></a>
## [v1.45.0] - 2020-11-12
- fix: Correct deprecated parameter to terraform-docs ([#156](https://github.com/antonbabenko/pre-commit-terraform/issues/156))
<a name="v1.44.0"></a>
## [v1.44.0] - 2020-11-02
<a name="v1.43.1"></a>
## [v1.43.1] - 2020-11-02
- feat: Make terraform_validate to run init if necessary ([#158](https://github.com/antonbabenko/pre-commit-terraform/issues/158))
<a name="v1.43.0"></a>
## [v1.43.0] - 2020-09-24
- fix: Fix regex considering terraform-docs v0.10.0 old ([#151](https://github.com/antonbabenko/pre-commit-terraform/issues/151))
<a name="v1.42.0"></a>
## [v1.42.0] - 2020-09-24
- fix: make terraform_docs Windows compatible ([#129](https://github.com/antonbabenko/pre-commit-terraform/issues/129))
<a name="v1.41.0"></a>
## [v1.41.0] - 2020-09-23
- fix: terraform-docs version 0.10 removed with-aggregate-type-defaults ([#150](https://github.com/antonbabenko/pre-commit-terraform/issues/150))
<a name="v1.40.0"></a>
## [v1.40.0] - 2020-09-22
- feat: Add possibility to share tflint config file for subdirs ([#149](https://github.com/antonbabenko/pre-commit-terraform/issues/149))
<a name="v1.39.0"></a>
## [v1.39.0] - 2020-09-08
- feat: Add checkov support ([#143](https://github.com/antonbabenko/pre-commit-terraform/issues/143))
<a name="v1.38.0"></a>
## [v1.38.0] - 2020-09-07
- fix: Correctly handle arrays in terraform_docs.sh ([#141](https://github.com/antonbabenko/pre-commit-terraform/issues/141))
<a name="v1.37.0"></a>
## [v1.37.0] - 2020-09-01
- fix: make terraform_tfsec.sh executable ([#140](https://github.com/antonbabenko/pre-commit-terraform/issues/140))
<a name="v1.36.0"></a>
## [v1.36.0] - 2020-09-01
- feat: have option for terraform_tfsec hook to only run in relevant modified directories ([#135](https://github.com/antonbabenko/pre-commit-terraform/issues/135))
<a name="v1.35.0"></a>
## [v1.35.0] - 2020-08-28
- fix: Squash terraform_docs bug ([#138](https://github.com/antonbabenko/pre-commit-terraform/issues/138))
<a name="v1.34.0"></a>
## [v1.34.0] - 2020-08-27
- chore: Use lib_getopt for all hooks and some style tweaks ([#137](https://github.com/antonbabenko/pre-commit-terraform/issues/137))
<a name="v1.33.0"></a>
## [v1.33.0] - 2020-08-27
- fix: Pass args and env vars to terraform validate ([#125](https://github.com/antonbabenko/pre-commit-terraform/issues/125))
- docs: Update terraform-docs link pointing to new organization ([#130](https://github.com/antonbabenko/pre-commit-terraform/issues/130))
<a name="v1.32.0"></a>
## [v1.32.0] - 2020-08-19
- feat: add terragrunt validate hook ([#134](https://github.com/antonbabenko/pre-commit-terraform/issues/134))
<a name="v1.31.0"></a>
## [v1.31.0] - 2020-05-27
- fix: Updated formatting in README (closes [#113](https://github.com/antonbabenko/pre-commit-terraform/issues/113))
- docs: Fixed the docs to use the latest config syntax([#106](https://github.com/antonbabenko/pre-commit-terraform/issues/106))
- docs: Added coreutils as requirements in README.md ([#105](https://github.com/antonbabenko/pre-commit-terraform/issues/105))
<a name="v1.30.0"></a>
## [v1.30.0] - 2020-04-23
- Updated pre-commit deps
- feat: Support for TFSec ([#103](https://github.com/antonbabenko/pre-commit-terraform/issues/103))
<a name="v1.29.0"></a>
## [v1.29.0] - 2020-04-04
- fix: Change terraform_validate hook functionality for subdirectories with terraform files ([#100](https://github.com/antonbabenko/pre-commit-terraform/issues/100))
###
configuration for the appropriate working directory.
* Neglected to change the terraform validate call to use the default of the
current directory.
* Several changes to improve functionality:
- Switch to checking the path for '*.tf' instead of always checking the current
directory.
- Try to find a '.terraform' directory (which indicates a `terraform init`) and
change to that directory before running `terraform validate`.
* Fix the description for the terraform_validate hook to reflect changes that were
made in:
https://github.com/antonbabenko/pre-commit-terraform/commit/35e0356188b64a4c5af9a4e7200d936e514cba71
* - Clean up comments.
- Adjust variable names to better reflect what they are holding.
<a name="v1.28.0"></a>
## [v1.28.0] - 2020-04-04
- Allow passing multiple args to terraform-docs ([#98](https://github.com/antonbabenko/pre-commit-terraform/issues/98))
- Update installation instructions ([#79](https://github.com/antonbabenko/pre-commit-terraform/issues/79))
<a name="v1.27.0"></a>
## [v1.27.0] - 2020-03-02
- corrected tflint documentation ([#95](https://github.com/antonbabenko/pre-commit-terraform/issues/95))
<a name="v1.26.0"></a>
## [v1.26.0] - 2020-02-21
- Updated pre-commit-hooks
- Fixed exit code for terraform 0.11 branch in terraform_docs ([#94](https://github.com/antonbabenko/pre-commit-terraform/issues/94))
<a name="v1.25.0"></a>
## [v1.25.0] - 2020-01-30
- Fixed tflint hook to iterate over files ([#77](https://github.com/antonbabenko/pre-commit-terraform/issues/77))
<a name="v1.24.0"></a>
## [v1.24.0] - 2020-01-21
- Added shfmt to autoformat shell scripts ([#86](https://github.com/antonbabenko/pre-commit-terraform/issues/86))
<a name="v1.23.0"></a>
## [v1.23.0] - 2020-01-21
- Added support for terraform-docs 0.8.0 with proper support for Terraform 0.12 syntax (bye-bye awk) ([#85](https://github.com/antonbabenko/pre-commit-terraform/issues/85))
<a name="v1.22.0"></a>
## [v1.22.0] - 2020-01-13
- move terraform-docs args after markdown command ([#83](https://github.com/antonbabenko/pre-commit-terraform/issues/83))
<a name="v1.21.0"></a>
## [v1.21.0] - 2019-11-16
- use getopt for args in the tflint hook, following the approach in terraform-docs ([#75](https://github.com/antonbabenko/pre-commit-terraform/issues/75))
<a name="v1.20.0"></a>
## [v1.20.0] - 2019-11-02
- Fixes [#65](https://github.com/antonbabenko/pre-commit-terraform/issues/65): terraform-docs should not fail if complex types contain 'description' keyword ([#73](https://github.com/antonbabenko/pre-commit-terraform/issues/73))
- Added FUNDING.yml
- Improve installation instructions and make README more readable ([#72](https://github.com/antonbabenko/pre-commit-terraform/issues/72))
- Update rev in README.md ([#70](https://github.com/antonbabenko/pre-commit-terraform/issues/70))
<a name="v1.19.0"></a>
## [v1.19.0] - 2019-08-20
- Updated README with terraform_tflint hook
- Added support for TFLint with --deep parameter ([#53](https://github.com/antonbabenko/pre-commit-terraform/issues/53))
<a name="v1.18.0"></a>
## [v1.18.0] - 2019-08-20
- Updated README with terragrunt_fmt hook
- Formatter for Terragrunt HCL files ([#60](https://github.com/antonbabenko/pre-commit-terraform/issues/60))
<a name="v1.17.0"></a>
## [v1.17.0] - 2019-06-25
- Fixed enquoted types in terraform_docs (fixed [#52](https://github.com/antonbabenko/pre-commit-terraform/issues/52))
- Fix typo in README ([#51](https://github.com/antonbabenko/pre-commit-terraform/issues/51))
<a name="v1.16.0"></a>
## [v1.16.0] - 2019-06-18
- Add slash to mktemp dir (fixed [#50](https://github.com/antonbabenko/pre-commit-terraform/issues/50))
<a name="v1.15.0"></a>
## [v1.15.0] - 2019-06-18
- Fixed awk script for terraform-docs (kudos [@cytopia](https://github.com/cytopia)) and mktemp on Mac (closes [#47](https://github.com/antonbabenko/pre-commit-terraform/issues/47), [#48](https://github.com/antonbabenko/pre-commit-terraform/issues/48), [#49](https://github.com/antonbabenko/pre-commit-terraform/issues/49))
- Fix version in README.md ([#46](https://github.com/antonbabenko/pre-commit-terraform/issues/46))
<a name="v1.14.0"></a>
## [v1.14.0] - 2019-06-17
- Upgraded to work with Terraform >= 0.12 ([#44](https://github.com/antonbabenko/pre-commit-terraform/issues/44))
<a name="v1.13.0"></a>
## [v1.13.0] - 2019-06-17
- Added support for terraform_docs for Terraform 0.12 ([#45](https://github.com/antonbabenko/pre-commit-terraform/issues/45))
<a name="v1.12.0"></a>
## [v1.12.0] - 2019-05-27
- Added note about incompatibility of terraform-docs with Terraform 0.12 ([#41](https://github.com/antonbabenko/pre-commit-terraform/issues/41))
- Fixed broken "maintained badge"
- Update README.md ([#36](https://github.com/antonbabenko/pre-commit-terraform/issues/36))
<a name="v1.11.0"></a>
## [v1.11.0] - 2019-03-01
- Updated changelog
- fix check for errors at the end ([#35](https://github.com/antonbabenko/pre-commit-terraform/issues/35))
<a name="v1.10.0"></a>
## [v1.10.0] - 2019-02-21
- Bump new version
- Add exit code for 'terraform validate' so pre-commit check fails ([#34](https://github.com/antonbabenko/pre-commit-terraform/issues/34))
<a name="v1.9.0"></a>
## [v1.9.0] - 2019-02-18
- Added chglog (hi [@robinbowes](https://github.com/robinbowes) :))
- Require terraform-docs runs in serial to avoid pre-commit doing parallel operations on similar file paths
<a name="v1.8.1"></a>
## [v1.8.1] - 2018-12-15
- Fix bug not letting terraform_docs_replace work in the root directory of a repo
<a name="v1.8.0"></a>
## [v1.8.0] - 2018-12-14
- fix typo
- Address requested changes
- Add `--dest` argument
- Address requested changes
- Add new hook for running terraform-docs with replacing README.md from doc in main.tf
<a name="v1.7.4"></a>
## [v1.7.4] - 2018-12-11
- Merge remote-tracking branch 'origin/master' into pr25
- Added followup after [#25](https://github.com/antonbabenko/pre-commit-terraform/issues/25)
- Add feature to pass options to terraform-docs.
- Added license file (fixed [#21](https://github.com/antonbabenko/pre-commit-terraform/issues/21))
<a name="v1.7.3"></a>
## [v1.7.3] - 2018-05-24
- Updated README
- Only run validate if .tf files exist in the directory. ([#20](https://github.com/antonbabenko/pre-commit-terraform/issues/20))
<a name="v1.7.2"></a>
## [v1.7.2] - 2018-05-20
- Replace terraform_docs use of GNU sed with perl ([#15](https://github.com/antonbabenko/pre-commit-terraform/issues/15))
- Fixes use of md5 for tempfile name ([#16](https://github.com/antonbabenko/pre-commit-terraform/issues/16))
<a name="v1.7.1"></a>
## [v1.7.1] - 2018-05-16
- Run terraform_docs only if README.md is present
- Run terraform_docs only if README.md is present
<a name="v1.7.0"></a>
## [v1.7.0] - 2018-05-16
- Added terraform-docs integration ([#13](https://github.com/antonbabenko/pre-commit-terraform/issues/13))
<a name="v1.6.0"></a>
## [v1.6.0] - 2018-04-21
- Allow to have spaces in directories ([#11](https://github.com/antonbabenko/pre-commit-terraform/issues/11))
<a name="v1.5.0"></a>
## [v1.5.0] - 2018-03-06
- Bump new version
- Format tfvars files explicitely, because terraform fmt ignores them ([#9](https://github.com/antonbabenko/pre-commit-terraform/issues/9))
<a name="v1.4.0"></a>
## [v1.4.0] - 2018-01-24
- Updated readme
- Show failed path
- Show failed path
- Show failed path
- Updated scripts
- Added scripts to validate terraform files
<a name="v1.3.0"></a>
## [v1.3.0] - 2018-01-15
- Added badges
- Added formatting for tfvars (fixes [#4](https://github.com/antonbabenko/pre-commit-terraform/issues/4)) ([#6](https://github.com/antonbabenko/pre-commit-terraform/issues/6))
<a name="v1.2.0"></a>
## [v1.2.0] - 2017-06-08
- Renamed shell script file to the correct one
- Updated .pre-commit-hooks.yaml
- Updated sha in README
- Exclude .terraform even on subfolders
<a name="v1.1.0"></a>
## [v1.1.0] - 2017-02-04
- Copied to .pre-commit-hooks.yaml for compatibility (closes [#1](https://github.com/antonbabenko/pre-commit-terraform/issues/1))
<a name="v1.0.0"></a>
## v1.0.0 - 2016-09-27
- Updated README
- Ready, probably :)
- Initial commit
- Initial commit
[Unreleased]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.61.0...HEAD
[v1.61.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.60.0...v1.61.0
[v1.60.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.59.0...v1.60.0
[v1.59.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.58.0...v1.59.0
[v1.58.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.57.0...v1.58.0
[v1.57.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.56.0...v1.57.0
[v1.56.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.55.0...v1.56.0
[v1.55.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.54.0...v1.55.0
[v1.54.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.53.0...v1.54.0
[v1.53.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.52.0...v1.53.0
[v1.52.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.51.0...v1.52.0
[v1.51.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.50.0...v1.51.0
[v1.50.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.49.0...v1.50.0
[v1.49.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.48.0...v1.49.0
[v1.48.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.47.0...v1.48.0
[v1.47.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.46.0...v1.47.0
[v1.46.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.45.0...v1.46.0
[v1.45.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.44.0...v1.45.0
[v1.44.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.43.1...v1.44.0
[v1.43.1]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.43.0...v1.43.1
[v1.43.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.42.0...v1.43.0
[v1.42.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.41.0...v1.42.0
[v1.41.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.40.0...v1.41.0
[v1.40.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.39.0...v1.40.0
[v1.39.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.38.0...v1.39.0
[v1.38.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.37.0...v1.38.0
[v1.37.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.36.0...v1.37.0
[v1.36.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.35.0...v1.36.0
[v1.35.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.34.0...v1.35.0
[v1.34.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.33.0...v1.34.0
[v1.33.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.32.0...v1.33.0
[v1.32.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.31.0...v1.32.0
[v1.31.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.30.0...v1.31.0
[v1.30.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.29.0...v1.30.0
[v1.29.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.28.0...v1.29.0
[v1.28.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.27.0...v1.28.0
[v1.27.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.26.0...v1.27.0
[v1.26.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.25.0...v1.26.0
[v1.25.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.24.0...v1.25.0
[v1.24.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.23.0...v1.24.0
[v1.23.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.22.0...v1.23.0
[v1.22.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.21.0...v1.22.0
[v1.21.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.20.0...v1.21.0
[v1.20.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.19.0...v1.20.0
[v1.19.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.18.0...v1.19.0
[v1.18.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.17.0...v1.18.0
[v1.17.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.16.0...v1.17.0
[v1.16.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.15.0...v1.16.0
[v1.15.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.14.0...v1.15.0
[v1.14.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.13.0...v1.14.0
[v1.13.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.12.0...v1.13.0
[v1.12.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.11.0...v1.12.0
[v1.11.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.10.0...v1.11.0
[v1.10.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.9.0...v1.10.0
[v1.9.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.8.1...v1.9.0
[v1.8.1]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.8.0...v1.8.1
[v1.8.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.7.4...v1.8.0
[v1.7.4]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.7.3...v1.7.4
[v1.7.3]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.7.2...v1.7.3
[v1.7.2]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.7.1...v1.7.2
[v1.7.1]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.7.0...v1.7.1
[v1.7.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.6.0...v1.7.0
[v1.6.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.5.0...v1.6.0
[v1.5.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.4.0...v1.5.0
[v1.4.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.3.0...v1.4.0
[v1.3.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.2.0...v1.3.0
[v1.2.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.1.0...v1.2.0
[v1.1.0]: https://github.com/antonbabenko/pre-commit-terraform/compare/v1.0.0...v1.1.0
* TODO

10
Dockerfile
View file

@ -14,17 +14,17 @@ RUN apk add --no-cache \
setuptools
ARG PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION:-latest}
ARG TERRAFORM_VERSION=${TERRAFORM_VERSION:-latest}
ARG TOFU_VERSION=${TOFU_VERSION:-latest}
# Install pre-commit
RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-commit \
|| pip3 install --no-cache-dir pre-commit==${PRE_COMMIT_VERSION}
# Install terraform because pre-commit needs it
RUN if [ "${TERRAFORM_VERSION}" = "latest" ]; then \
TERRAFORM_VERSION="$(curl -s https://api.github.com/repos/hashicorp/terraform/releases/latest | grep tag_name | grep -o -E -m 1 "[0-9.]+")" \
# TODO Install OpenTofu because pre-commit needs it
RUN if [ "${TOFU_VERSION}" = "latest" ]; then \
TOFU_VERSION="$(curl -s https://api.github.com/repos/hashicorp/terraform/releases/latest | grep tag_name | grep -o -E -m 1 "[0-9.]+")" \
; fi && \
curl -L "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_${TARGETOS}_${TARGETARCH}.zip" > terraform.zip && \
curl -L "https://releases.hashicorp.com/terraform/${TOFU_VERSION}/terraform_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" > terraform.zip && \
unzip terraform.zip terraform && rm terraform.zip
#

1
LICENSE
View file

@ -1,4 +1,5 @@
Copyright (c) 2017 Anton Babenko
Copyright (c) 2024 ttofuutils authors
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the

326
README.md
View file

@ -1,28 +1,11 @@
# Collection of git hooks for Terraform to be used with [pre-commit framework](http://pre-commit.com/)
# Collection of git hooks for OpenTofu to be used with [pre-commit framework](http://pre-commit.com/)
[![Github tag](https://img.shields.io/github/tag/antonbabenko/pre-commit-terraform.svg)](https://github.com/antonbabenko/pre-commit-terraform/releases) ![maintenance status](https://img.shields.io/maintenance/yes/2023.svg) [![Help Contribute to Open Source](https://www.codetriage.com/antonbabenko/pre-commit-terraform/badges/users.svg)](https://www.codetriage.com/antonbabenko/pre-commit-terraform)
[![Github tag](https://img.shields.io/github/tag/tofuutils/pre-commit-opentofu.svg)](https://github.com/tofuutils/pre-commit-opentofu/releases) ![maintenance status](https://img.shields.io/maintenance/yes/2023.svg) [![Help Contribute to Open Source](https://www.codetriage.com/tofuutils/pre-commit-opentofu/badges/users.svg)](https://www.codetriage.com/tofuutils/pre-commit-opentofu)
[![SWUbanner](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner-direct.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)
Want to contribute? Check [open issues](https://github.com/antonbabenko/pre-commit-terraform/issues?q=label%3A%22good+first+issue%22+is%3Aopen+sort%3Aupdated-desc) and [contributing notes](/.github/CONTRIBUTING.md).
Want to contribute? Check [open issues](https://github.com/tofuutils/pre-commit-opentofu/issues?q=label%3A%22good+first+issue%22+is%3Aopen+sort%3Aupdated-desc) and [contributing notes](/.github/CONTRIBUTING.md).
## Sponsors
<!-- markdownlint-disable no-inline-html -->
<br />
<a href="https://www.env0.com/?utm_campaign=pre-commit-terraform&utm_source=sponsorship&utm_medium=social"><img src="https://raw.githubusercontent.com/antonbabenko/pre-commit-terraform/master/assets/env0.png" alt="env0" width="180" height="44" />
Automated provisioning of Terraform workflows and Infrastructure as Code.</a>
<br />
<a href="https://www.infracost.io/?utm_campaign=pre-commit-terraform&utm_source=sponsorship&utm_medium=social"><img src="https://raw.githubusercontent.com/antonbabenko/pre-commit-terraform/master/assets/infracost.png" alt="infracost" width="200" height="38" />
<!-- markdownlint-enable no-inline-html -->
Cloud cost estimates for Terraform.</a>
If you are using `pre-commit-terraform` already or want to support its development and [many other open-source projects](https://github.com/antonbabenko/terraform-aws-devops), please become a [GitHub Sponsor](https://github.com/sponsors/antonbabenko)!
If you are using `pre-commit-opentofu` already or want to support its development and [many other open-source projects](https://github.com/tofuutils), please become a [GitHub Sponsor](https://github.com/sponsors/tofuutils)!
## Table of content
@ -40,25 +23,24 @@ If you are using `pre-commit-terraform` already or want to support its developme
* [All hooks: Usage of environment variables in `--args`](#all-hooks-usage-of-environment-variables-in---args)
* [All hooks: Set env vars inside hook at runtime](#all-hooks-set-env-vars-inside-hook-at-runtime)
* [All hooks: Disable color output](#all-hooks-disable-color-output)
* [checkov (deprecated) and terraform\_checkov](#checkov-deprecated-and-terraform_checkov)
* [checkov (deprecated) and tofu\_checkov](#checkov-deprecated-and-tofu_checkov)
* [infracost\_breakdown](#infracost_breakdown)
* [terraform\_docs](#terraform_docs)
* [terraform\_docs\_replace (deprecated)](#terraform_docs_replace-deprecated)
* [terraform\_fmt](#terraform_fmt)
* [terraform\_providers\_lock](#terraform_providers_lock)
* [terraform\_tflint](#terraform_tflint)
* [terraform\_tfsec (deprecated)](#terraform_tfsec-deprecated)
* [terraform\_trivy](#terraform_trivy)
* [terraform\_validate](#terraform_validate)
* [terraform\_wrapper\_module\_for\_each](#terraform_wrapper_module_for_each)
* [tofu\_docs](#tofu_docs)
* [tofu\_docs\_replace (deprecated)](#tofu_docs_replace-deprecated)
* [tofu\_fmt](#tofu_fmt)
* [tofu\_providers\_lock](#tofu_providers_lock)
* [tofu\_tflint](#tofu_tflint)
* [tofu\_tfsec (deprecated)](#tofu_tfsec-deprecated)
* [tofu\_trivy](#tofu_trivy)
* [tofu\_validate](#tofu_validate)
* [tofu\_wrapper\_module\_for\_each](#tofu_wrapper_module_for_each)
* [terrascan](#terrascan)
* [tfupdate](#tfupdate)
* [Docker Usage](#docker-usage)
* [File Permissions](#file-permissions)
* [Download Terraform modules from private GitHub repositories](#download-terraform-modules-from-private-github-repositories)
* [Download OpenTofu modules from private GitHub repositories](#download-tofu-modules-from-private-github-repositories)
* [Authors](#authors)
* [License](#license)
* [Additional information for users from Russia and Belarus](#additional-information-for-users-from-russia-and-belarus)
## How to install
@ -85,7 +67,7 @@ If you are using `pre-commit-terraform` already or want to support its developme
* [`TFSec`](https://github.com/liamg/tfsec) required for `terraform_tfsec` hook.
* [`Trivy`](https://github.com/aquasecurity/trivy) required for `terraform_trivy` hook.
* [`infracost`](https://github.com/infracost/infracost) required for `infracost_breakdown` hook.
* [`jq`](https://github.com/stedolan/jq) required for `terraform_validate` with `--retry-once-with-cleanup` flag, and for `infracost_breakdown` hook.
* [`jq`](https://github.com/stedolan/jq) required for `tofu_validate` with `--retry-once-with-cleanup` flag, and for `infracost_breakdown` hook.
* [`tfupdate`](https://github.com/minamijoyo/tfupdate) required for `tfupdate` hook.
* [`hcledit`](https://github.com/minamijoyo/hcledit) required for `terraform_wrapper_module_for_each` hook.
@ -95,10 +77,10 @@ If you are using `pre-commit-terraform` already or want to support its developme
```bash
TAG=latest
docker pull ghcr.io/antonbabenko/pre-commit-terraform:$TAG
docker pull ghcr.io/tofuutils/pre-commit-opentofu:$TAG
```
All available tags [here](https://github.com/antonbabenko/pre-commit-terraform/pkgs/container/pre-commit-terraform/versions).
All available tags [here](https://github.com/tofuutils/pre-commit-opentofu/pkgs/container/pre-commit-opentofu/versions).
**Build from scratch**:
@ -108,18 +90,18 @@ All available tags [here](https://github.com/antonbabenko/pre-commit-terraform/p
When hooks-related `--build-arg`s are not specified, only the latest version of `pre-commit` and `terraform` will be installed.
```bash
git clone git@github.com:antonbabenko/pre-commit-terraform.git
cd pre-commit-terraform
git clone git@github.com:tofuutils/pre-commit-opentofu.git
cd pre-commit-opentofu
# Install the latest versions of all the tools
docker build -t pre-commit-terraform --build-arg INSTALL_ALL=true .
docker build -t pre-commit-opentofu --build-arg INSTALL_ALL=true .
```
To install a specific version of individual tools, define it using `--build-arg` arguments or set it to `latest`:
```bash
docker build -t pre-commit-terraform \
docker build -t pre-commit-opentofu \
--build-arg PRE_COMMIT_VERSION=latest \
--build-arg TERRAFORM_VERSION=latest \
--build-arg TOFU_VERSION=latest \
--build-arg CHECKOV_VERSION=2.0.405 \
--build-arg INFRACOST_VERSION=latest \
--build-arg TERRAFORM_DOCS_VERSION=0.15.0 \
@ -231,11 +213,11 @@ Step into the repository you want to have the pre-commit hooks installed and run
git init
cat <<EOF > .pre-commit-config.yaml
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: <VERSION> # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
- repo: https://github.com/tofuutils/pre-commit-opentofu
rev: <VERSION> # Get the latest from: https://github.com/tofuutils/pre-commit-opentofu/releases
hooks:
- id: terraform_fmt
- id: terraform_docs
- id: tofu_fmt
- id: tofu_docs
EOF
```
@ -247,20 +229,20 @@ Execute this command to run `pre-commit` on all files in the repository (not onl
pre-commit run -a
```
Or, using Docker ([available tags](https://github.com/antonbabenko/pre-commit-terraform/pkgs/container/pre-commit-terraform/versions)):
Or, using Docker ([available tags](https://github.com/tofuutils/pre-commit-opentofu/pkgs/container/pre-commit-opentofu/versions)):
> **Note**: This command uses your user id and group id for the docker container to use to access the local files. If the files are owned by another user, update the `USERID` environment variable. See [File Permissions section](#file-permissions) for more information.
```bash
TAG=latest
docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:$TAG run -a
docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:$TAG run -a
```
Execute this command to list the versions of the tools in Docker:
```bash
TAG=latest
docker run --rm --entrypoint cat ghcr.io/antonbabenko/pre-commit-terraform:$TAG /usr/bin/tools_versions_info
docker run --rm --entrypoint cat ghcr.io/tofuutils/pre-commit-opentofu:$TAG /usr/bin/tools_versions_info
```
## Available Hooks
@ -270,35 +252,35 @@ There are several [pre-commit](https://pre-commit.com/) hooks to keep Terraform
<!-- markdownlint-disable no-inline-html -->
| Hook name | Description | Dependencies<br><sup>[Install instructions here](#1-install-dependencies)</sup> |
| ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ |
| `checkov` and `terraform_checkov` | [checkov](https://github.com/bridgecrewio/checkov) static analysis of terraform templates to spot potential security issues. [Hook notes](#checkov-deprecated-and-terraform_checkov) | `checkov`<br>Ubuntu deps: `python3`, `python3-pip` |
| `checkov` and `tofu_checkov` | [checkov](https://github.com/bridgecrewio/checkov) static analysis of OpenTofu templates to spot potential security issues. [Hook notes](#checkov-deprecated-and-tofu_checkov) | `checkov`<br>Ubuntu deps: `python3`, `python3-pip` |
| `infracost_breakdown` | Check how much your infra costs with [infracost](https://github.com/infracost/infracost). [Hook notes](#infracost_breakdown) | `infracost`, `jq`, [Infracost API key](https://www.infracost.io/docs/#2-get-api-key) |
| `terraform_docs` | Inserts input and output documentation into `README.md`. Recommended. [Hook notes](#terraform_docs) | `terraform-docs` |
| `terraform_docs_replace` | Runs `terraform-docs` and pipes the output directly to README.md. **DEPRECATED**, see [#248](https://github.com/antonbabenko/pre-commit-terraform/issues/248). [Hook notes](#terraform_docs_replace-deprecated) | `python3`, `terraform-docs` |
| `terraform_docs_replace` | Runs `terraform-docs` and pipes the output directly to README.md. **DEPRECATED**, see [#248](https://github.com/tofuutils/pre-commit-opentofu/issues/248). [Hook notes](#terraform_docs_replace-deprecated) | `python3`, `terraform-docs` |
| `terraform_docs_without_`<br>`aggregate_type_defaults` | Inserts input and output documentation into `README.md` without aggregate type defaults. Hook notes same as for [terraform_docs](#terraform_docs) | `terraform-docs` |
| `terraform_fmt` | Reformat all Terraform configuration files to a canonical format. [Hook notes](#terraform_fmt) | - |
| `terraform_providers_lock` | Updates provider signatures in [dependency lock files](https://www.terraform.io/docs/cli/commands/providers/lock.html). [Hook notes](#terraform_providers_lock) | - |
| `terraform_tflint` | Validates all Terraform configuration files with [TFLint](https://github.com/terraform-linters/tflint). [Available TFLint rules](https://github.com/terraform-linters/tflint/tree/master/docs/rules#rules). [Hook notes](#terraform_tflint). | `tflint` |
| `terraform_tfsec` | [TFSec](https://github.com/aquasecurity/tfsec) static analysis of terraform templates to spot potential security issues. **DEPRECATED**, use `terraform_trivy`. [Hook notes](#terraform_tfsec-deprecated) | `tfsec` |
| `terraform_tfsec` | [TFSec](https://github.com/aquasecurity/tfsec) static analysis of terraform templates to spot potential security issues. **DEPRECATED**, use `tofu_trivy`. [Hook notes](#terraform_tfsec-deprecated) | `tfsec` |
| `terraform_trivy` | [Trivy](https://github.com/aquasecurity/trivy) static analysis of terraform templates to spot potential security issues. [Hook notes](#terraform_trivy) | `trivy` |
| `terraform_validate` | Validates all Terraform configuration files. [Hook notes](#terraform_validate) | `jq`, only for `--retry-once-with-cleanup` flag |
| `tofu_validate` | Validates all Terraform configuration files. [Hook notes](#tofu_validate) | `jq`, only for `--retry-once-with-cleanup` flag |
| `terragrunt_fmt` | Reformat all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) to a canonical format. | `terragrunt` |
| `terragrunt_validate` | Validates all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) | `terragrunt` |
| `terraform_wrapper_module_for_each` | Generates Terraform wrappers with `for_each` in module. [Hook notes](#terraform_wrapper_module_for_each) | `hcledit` |
| `tofu_wrapper_module_for_each` | Generates OpenTofu wrappers with `for_each` in module. [Hook notes](#terraform_wrapper_module_for_each) | `hcledit` |
| `terrascan` | [terrascan](https://github.com/tenable/terrascan) Detect compliance and security violations. [Hook notes](#terrascan) | `terrascan` |
| `tfupdate` | [tfupdate](https://github.com/minamijoyo/tfupdate) Update version constraints of Terraform core, providers, and modules. [Hook notes](#tfupdate) | `tfupdate` |
<!-- markdownlint-enable no-inline-html -->
Check the [source file](https://github.com/antonbabenko/pre-commit-terraform/blob/master/.pre-commit-hooks.yaml) to know arguments used for each hook.
Check the [source file](https://github.com/tofuutils/pre-commit-opentofu/blob/master/.pre-commit-hooks.yaml) to know arguments used for each hook.
## Hooks usage notes and examples
### Known limitations
Terraform operates on a per-dir basis, while `pre-commit` framework only supports files and files that exist. This means if you only remove the TF-related file without any other changes in the same dir, checks will be skipped. Example and details [here](https://github.com/pre-commit/pre-commit/issues/3048).
OpenTOfu operates on a per-dir basis, while `pre-commit` framework only supports files and files that exist. This means if you only remove the TF-related file without any other changes in the same dir, checks will be skipped. Example and details [here](https://github.com/pre-commit/pre-commit/issues/3048).
### All hooks: Usage of environment variables in `--args`
> All, except deprecated hooks: `checkov`, `terraform_docs_replace`
> All, except deprecated hooks: `checkov`, `tofu_docs_replace`
You can use environment variables for the `--args` section.
@ -307,7 +289,7 @@ You can use environment variables for the `--args` section.
Config example:
```yaml
- id: terraform_tflint
- id: tofu_tflint
args:
- --args=--config=${CONFIG_NAME}.${CONFIG_EXT}
- --args=--module
@ -317,14 +299,14 @@ If for config above set up `export CONFIG_NAME=.tflint; export CONFIG_EXT=hcl` b
### All hooks: Set env vars inside hook at runtime
> All, except deprecated hooks: `checkov`, `terraform_docs_replace`
> All, except deprecated hooks: `checkov`, `tofu_docs_replace`
You can specify environment variables that will be passed to the hook at runtime.
Config example:
```yaml
- id: terraform_validate
- id: tofu_validate
args:
- --env-vars=AWS_DEFAULT_REGION="us-west-2"
- --env-vars=AWS_ACCESS_KEY_ID="anaccesskey"
@ -333,7 +315,7 @@ Config example:
### All hooks: Disable color output
> All, except deprecated hooks: `checkov`, `terraform_docs_replace`
> All, except deprecated hooks: `checkov`, `tofu_docs_replace`
To disable color output for all hooks, set `PRE_COMMIT_COLOR=never` var. Eg:
@ -341,16 +323,16 @@ To disable color output for all hooks, set `PRE_COMMIT_COLOR=never` var. Eg:
PRE_COMMIT_COLOR=never pre-commit run
```
### checkov (deprecated) and terraform_checkov
### checkov (deprecated) and tofu_checkov
> `checkov` hook is deprecated, please use `terraform_checkov`.
> `checkov` hook is deprecated, please use `tofu_checkov`.
Note that `terraform_checkov` runs recursively during `-d .` usage. That means, for example, if you change `.tf` file in repo root, all existing `.tf` files in the repo will be checked.
Note that `tofu_checkov` runs recursively during `-d .` usage. That means, for example, if you change `.tf` file in repo root, all existing `.tf` files in the repo will be checked.
1. You can specify custom arguments. E.g.:
```yaml
- id: terraform_checkov
- id: tofu_checkov
args:
- --args=--quiet
- --args=--skip-check CKV2_AWS_8
@ -470,17 +452,17 @@ Unlike most other hooks, this hook triggers once if there are any changed files
### terraform_docs
1. `terraform_docs` and `terraform_docs_without_aggregate_type_defaults` will insert/update documentation generated by [terraform-docs](https://github.com/terraform-docs/terraform-docs) framed by markers:
1. `tofu_docs` and `terraform_docs_without_aggregate_type_defaults` will insert/update documentation generated by [terraform-docs](https://github.com/terraform-docs/terraform-docs) framed by markers:
```txt
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
<!-- BEGINNING OF PRE-COMMIT-OPENTOFU DOCS HOOK -->
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
<!-- END OF PRE-COMMIT-OPENTOFU DOCS HOOK -->
```
if they are present in `README.md`.
2. It is possible to pass additional arguments to shell scripts when using `terraform_docs` and `terraform_docs_without_aggregate_type_defaults`.
2. It is possible to pass additional arguments to shell scripts when using `tofu_docs` and `tofu_docs_without_aggregate_type_defaults`.
3. It is possible to automatically:
* create a documentation file
@ -490,12 +472,12 @@ Unlike most other hooks, this hook triggers once if there are any changed files
To migrate to `terraform-docs` insertion markers, run in repo root:
```bash
grep -rl 'BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK' . | xargs sed -i 's/BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK/BEGIN_TF_DOCS/g'
grep -rl 'END OF PRE-COMMIT-TERRAFORM DOCS HOOK' . | xargs sed -i 's/END OF PRE-COMMIT-TERRAFORM DOCS HOOK/END_TF_DOCS/g'
grep -rl 'BEGINNING OF PRE-COMMIT-OPENTOFU DOCS HOOK' . | xargs sed -i 's/BEGINNING OF PRE-COMMIT-OPENTOFU DOCS HOOK/BEGIN_TF_DOCS/g'
grep -rl 'END OF PRE-COMMIT-OPENTOFU DOCS HOOK' . | xargs sed -i 's/END OF PRE-COMMIT-OPENTOFU DOCS HOOK/END_TF_DOCS/g'
```
```yaml
- id: terraform_docs
- id: tofu_docs
args:
- --hook-config=--path-to-file=README.md # Valid UNIX path. I.e. ../TFDOC.md or docs/README.md etc.
- --hook-config=--add-to-existing-file=true # Boolean. true or false
@ -503,10 +485,10 @@ Unlike most other hooks, this hook triggers once if there are any changed files
- --hook-config=--use-standard-markers=true # Boolean. Defaults in v1.x to false. Set to true for compatibility with terraform-docs
```
4. You can provide [any configuration available in `terraform-docs`](https://terraform-docs.io/user-guide/configuration/) as an argument to `terraform_doc` hook, for example:
4. You can provide [any configuration available in `tofu-docs`](https://terraform-docs.io/user-guide/configuration/) as an argument to `tofu_doc` hook, for example:
```yaml
- id: terraform_docs
- id: tofu_docs
args:
- --args=--config=.terraform-docs.yml
```
@ -516,18 +498,18 @@ Unlike most other hooks, this hook triggers once if there are any changed files
5. If you need some exotic settings, it can be done too. I.e. this one generates HCL files:
```yaml
- id: terraform_docs
- id: tofu_docs
args:
- tfvars hcl --output-file terraform.tfvars.model .
```
### terraform_docs_replace (deprecated)
### tofu_docs_replace (deprecated)
**DEPRECATED**. Will be merged in [`terraform_docs`](#terraform_docs).
**DEPRECATED**. Will be merged in [`tofu_docs`](#tofu_docs).
`terraform_docs_replace` replaces the entire `README.md` rather than doing string replacement between markers. Put your additional documentation at the top of your `main.tf` for it to be pulled in.
`tofu_docs_replace` replaces the entire `README.md` rather than doing string replacement between markers. Put your additional documentation at the top of your `main.tf` for it to be pulled in.
To replicate functionality in `terraform_docs` hook:
To replicate functionality in `tofu_docs` hook:
1. Create `.terraform-docs.yml` in the repo root with the following content:
@ -541,48 +523,48 @@ To replicate functionality in `terraform_docs` hook:
{{/** End of file fixer */}}
```
2. Replace `terraform_docs_replace` hook config in `.pre-commit-config.yaml` with:
2. Replace `tofu_docs_replace` hook config in `.pre-commit-config.yaml` with:
```yaml
- id: terraform_docs
- id: tofu_docs
args:
- --args=--config=.terraform-docs.yml
```
### terraform_fmt
### terraftofu_fmtorm_fmt
1. `terraform_fmt` supports custom arguments so you can pass [supported flags](https://www.terraform.io/docs/cli/commands/fmt.html#usage). Eg:
1. `tofu_fmt` supports custom arguments so you can pass [supported flags](https://www.terraform.io/docs/cli/commands/fmt.html#usage). Eg:
```yaml
- id: terraform_fmt
- id: tofu_fmt
args:
- --args=-no-color
- --args=-diff
- --args=-write=false
```
### terraform_providers_lock
### tofu_providers_lock
> **Note**: The hook requires Terraform 0.14 or later.
> **Note**: The hook requires OpenTofu 1.6.0 or later.
> **Note**: The hook can invoke `terraform providers lock` that can be really slow and requires fetching metadata from remote Terraform registries - not all of that metadata is currently being cached by Terraform.
> **Note**: The hook can invoke `tofu providers lock` that can be really slow and requires fetching metadata from remote OpenTofu registries - not all of that metadata is currently being cached by OpenTofu.
> <details><summary><b>Note</b>: Read this if you used this hook before v1.80.0 | Planned breaking changes in v2.0</summary>
> We introduced '--mode' flag for this hook. If you'd like to continue using this hook as before, please:
>
> * Specify `--hook-config=--mode=always-regenerate-lockfile` in `args:`
> * Before `terraform_providers_lock`, add `terraform_validate` hook with `--hook-config=--retry-once-with-cleanup=true`
> * Move `--tf-init-args=` to `terraform_validate` hook
> * Before `tofu_providers_lock`, add `tofu_validate` hook with `--hook-config=--retry-once-with-cleanup=true`
> * Move `--tf-init-args=` to `tofu_validate` hook
>
> In the end, you should get config like this:
>
> ```yaml
> - id: terraform_validate
> - id: tofu_validate
> args:
> - --hook-config=--retry-once-with-cleanup=true
> # - --tf-init-args=-upgrade
>
> - id: terraform_providers_lock
> - id: tofu_providers_lock
> args:
> - --hook-config=--mode=always-regenerate-lockfile
> ```
@ -593,113 +575,113 @@ To replicate functionality in `terraform_docs` hook:
> </details>
1. The hook can work in a few different modes: `only-check-is-current-lockfile-cross-platform` with and without [terraform_validate hook](#terraform_validate) and `always-regenerate-lockfile` - only with terraform_validate hook.
1. The hook can work in a few different modes: `only-check-is-current-lockfile-cross-platform` with and without [tofu_validate hook](#tofu_validate) and `always-regenerate-lockfile` - only with tofu_validate hook.
* `only-check-is-current-lockfile-cross-platform` without terraform_validate - only checks that lockfile has all required SHAs for all providers already added to lockfile.
* `only-check-is-current-lockfile-cross-platform` without tofu_validate - only checks that lockfile has all required SHAs for all providers already added to lockfile.
```yaml
- id: terraform_providers_lock
- id: tofu_providers_lock
args:
- --hook-config=--mode=only-check-is-current-lockfile-cross-platform
```
* `only-check-is-current-lockfile-cross-platform` with [terraform_validate hook](#terraform_validate) - make up-to-date lockfile by adding/removing providers and only then check that lockfile has all required SHAs.
* `only-check-is-current-lockfile-cross-platform` with [tofu_validate hook](#tofu_validate) - make up-to-date lockfile by adding/removing providers and only then check that lockfile has all required SHAs.
> **Note**: Next `terraform_validate` flag requires additional dependency to be installed: `jq`. Also, it could run another slow and time consuming command - `terraform init`
> **Note**: Next `tofu_validate` flag requires additional dependency to be installed: `jq`. Also, it could run another slow and time consuming command - `tofu init`
```yaml
- id: terraform_validate
- id: tofu_validate
args:
- --hook-config=--retry-once-with-cleanup=true
- id: terraform_providers_lock
- id: tofu_providers_lock
args:
- --hook-config=--mode=only-check-is-current-lockfile-cross-platform
```
* `always-regenerate-lockfile` only with [terraform_validate hook](#terraform_validate) - regenerate lockfile from scratch. Can be useful for upgrading providers in lockfile to latest versions
* `always-regenerate-lockfile` only with [tofu_validate hook](#tofu_validate) - regenerate lockfile from scratch. Can be useful for upgrading providers in lockfile to latest versions
```yaml
- id: terraform_validate
- id: tofu_validate
args:
- --hook-config=--retry-once-with-cleanup=true
- --tf-init-args=-upgrade
- id: terraform_providers_lock
- id: tofu_providers_lock
args:
- --hook-config=--mode=always-regenerate-lockfile
```
3. `terraform_providers_lock` supports custom arguments:
3. `tofu_providers_lock` supports custom arguments:
```yaml
- id: terraform_providers_lock
- id: tofu_providers_lock
args:
- --args=-platform=windows_amd64
- --args=-platform=darwin_amd64
```
4. It may happen that Terraform working directory (`.terraform`) already exists but not in the best condition (eg, not initialized modules, wrong version of Terraform, etc.). To solve this problem, you can find and delete all `.terraform` directories in your repository:
4. It may happen that OpenTofu working directory (`.terraform`) already exists but not in the best condition (eg, not initialized modules, wrong version of OpenTofu, etc.). To solve this problem, you can find and delete all `.terraform` directories in your repository:
```bash
echo "
function rm_terraform {
function rm_tofu {
find . \( -iname ".terraform*" ! -iname ".terraform-docs*" \) -print0 | xargs -0 rm -r
}
" >>~/.bashrc
# Reload shell and use `rm_terraform` command in the repo root
# Reload shell and use `rm_tofu` command in the repo root
```
`terraform_providers_lock` hook will try to reinitialize directories before running the `terraform providers lock` command.
`tofu_providers_lock` hook will try to reinitialize directories before running the `tofu providers lock` command.
5. `terraform_providers_lock` support passing custom arguments to its `terraform init`:
5. `tofu_providers_lock` support passing custom arguments to its `tofu init`:
> **Warning** - DEPRECATION NOTICE: This is available only in `no-mode` mode, which will be removed in v2.0. Please provide this keys to [`terraform_validate`](#terraform_validate) hook, which, to take effect, should be called before `terraform_providers_lock`
> **Warning** - DEPRECATION NOTICE: This is available only in `no-mode` mode, which will be removed in v2.0. Please provide this keys to [`tofu_validate`](#tofu_validate) hook, which, to take effect, should be called before `tofu_providers_lock`
```yaml
- id: terraform_providers_lock
- id: tofu_providers_lock
args:
- --tf-init-args=-upgrade
```
### terraform_tflint
### tofu_tflint
1. `terraform_tflint` supports custom arguments so you can enable module inspection, enable / disable rules, etc.
1. `tofu_tflint` supports custom arguments so you can enable module inspection, enable / disable rules, etc.
Example:
```yaml
- id: terraform_tflint
- id: tofu_tflint
args:
- --args=--module
- --args=--enable-rule=terraform_documented_variables
```
2. When you have multiple directories and want to run `tflint` in all of them and share a single config file, it is impractical to hard-code the path to the `.tflint.hcl` file. The solution is to use the `__GIT_WORKING_DIR__` placeholder which will be replaced by `terraform_tflint` hooks with the Git working directory (repo root) at run time. For example:
2. When you have multiple directories and want to run `tflint` in all of them and share a single config file, it is impractical to hard-code the path to the `.tflint.hcl` file. The solution is to use the `__GIT_WORKING_DIR__` placeholder which will be replaced by `tofu_tflint` hooks with the Git working directory (repo root) at run time. For example:
```yaml
- id: terraform_tflint
- id: tofu_tflint
args:
- --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
```
3. By default, pre-commit-terraform performs directory switching into the terraform modules for you. If you want to delgate the directory changing to the binary - this will allow tflint to determine the full paths for error/warning messages, rather than just module relative paths. *Note: this requires `tflint>=0.44.0`.* For example:
3. By default, pre-commit-opentofu performs directory switching into the terraform modules for you. If you want to delgate the directory changing to the binary - this will allow tflint to determine the full paths for error/warning messages, rather than just module relative paths. *Note: this requires `tflint>=0.44.0`.* For example:
```yaml
- id: terraform_tflint
- id: tofu_tflint
args:
- --hook-config=--delegate-chdir
```
### terraform_tfsec (deprecated)
### tofu_tfsec (deprecated)
**DEPRECATED**. [tfsec was replaced by trivy](https://github.com/aquasecurity/tfsec/discussions/1994), so please use [`terraform_trivy`](#terraform_trivy).
**DEPRECATED**. [tfsec was replaced by trivy](https://github.com/aquasecurity/tfsec/discussions/1994), so please use [`tofu_trivy`](#tofu_trivy).
1. `terraform_tfsec` will consume modified files that pre-commit
1. `tofu_tfsec` will consume modified files that pre-commit
passes to it, so you can perform whitelisting of directories
or files to run against via [files](https://pre-commit.com/#config-files)
pre-commit flag
@ -707,7 +689,7 @@ To replicate functionality in `terraform_docs` hook:
Example:
```yaml
- id: terraform_tfsec
- id: tofu_tfsec
files: ^prd-infra/
```
@ -727,10 +709,10 @@ To replicate functionality in `terraform_docs` hook:
}
```
3. `terraform_tfsec` supports custom arguments, so you can pass supported `--no-color` or `--format` (output), `-e` (exclude checks) flags:
3. `tofu_tfsec` supports custom arguments, so you can pass supported `--no-color` or `--format` (output), `-e` (exclude checks) flags:
```yaml
- id: terraform_tfsec
- id: tofu_tfsec
args:
- >
--args=--format json
@ -738,10 +720,10 @@ To replicate functionality in `terraform_docs` hook:
-e aws-s3-enable-bucket-logging,aws-s3-specify-public-access-block
```
4. When you have multiple directories and want to run `tfsec` in all of them and share a single config file - use the `__GIT_WORKING_DIR__` placeholder. It will be replaced by `terraform_tfsec` hooks with Git working directory (repo root) at run time. For example:
4. When you have multiple directories and want to run `tfsec` in all of them and share a single config file - use the `__GIT_WORKING_DIR__` placeholder. It will be replaced by `tofu_tfsec` hooks with Git working directory (repo root) at run time. For example:
```yaml
- id: terraform_tfsec
- id: tofu_tfsec
args:
- --args=--config-file=__GIT_WORKING_DIR__/.tfsec.json
```
@ -749,14 +731,14 @@ To replicate functionality in `terraform_docs` hook:
Otherwise, will be used files that located in sub-folders:
```yaml
- id: terraform_tfsec
- id: tofu_tfsec
args:
- --args=--config-file=.tfsec.json
```
### terraform_trivy
### tofu_trivy
1. `terraform_trivy` will consume modified files that pre-commit
1. `tofu_trivy` will consume modified files that pre-commit
passes to it, so you can perform whitelisting of directories
or files to run against via [files](https://pre-commit.com/#config-files)
pre-commit flag
@ -764,7 +746,7 @@ To replicate functionality in `terraform_docs` hook:
Example:
```yaml
- id: terraform_trivy
- id: tofu_trivy
files: ^prd-infra/
```
@ -786,51 +768,51 @@ To replicate functionality in `terraform_docs` hook:
}
```
3. `terraform_trivy` supports custom arguments, so you can pass supported `--format` (output), `--skip-dirs` (exclude directories) and other flags:
3. `tofu_trivy` supports custom arguments, so you can pass supported `--format` (output), `--skip-dirs` (exclude directories) and other flags:
```yaml
- id: terraform_trivy
- id: tofu_trivy
args:
- >
--args=--format json
--skip-dirs="**/.terragrunt-cache"
```
### terraform_validate
### tofu_validate
1. `terraform_validate` supports custom arguments so you can pass supported `-no-color` or `-json` flags:
1. `tofu_validate` supports custom arguments so you can pass supported `-no-color` or `-json` flags:
```yaml
- id: terraform_validate
- id: tofu_validate
args:
- --args=-json
- --args=-no-color
```
2. `terraform_validate` also supports passing custom arguments to its `terraform init`:
2. `tofu_validate` also supports passing custom arguments to its `tofu init`:
```yaml
- id: terraform_validate
- id: tofu_validate
args:
- --tf-init-args=-upgrade
- --tf-init-args=-lockfile=readonly
```
3. It may happen that Terraform working directory (`.terraform`) already exists but not in the best condition (eg, not initialized modules, wrong version of Terraform, etc.). To solve this problem, you can delete broken `.terraform` directories in your repository:
3. It may happen that OpenTofu working directory (`.terraform`) already exists but not in the best condition (eg, not initialized modules, wrong version of OpenTofu, etc.). To solve this problem, you can delete broken `.terraform` directories in your repository:
**Option 1**
```yaml
- id: terraform_validate
- id: tofu_validate
args:
- --hook-config=--retry-once-with-cleanup=true # Boolean. true or false
```
> **Note**: The flag requires additional dependency to be installed: `jq`.
> **Note**: Reinit can be very slow and require downloading data from remote Terraform registries, and not all of that downloaded data or meta-data is currently being cached by Terraform.
> **Note**: Reinit can be very slow and require downloading data from remote OpenTofu registries, and not all of that downloaded data or meta-data is currently being cached by OpenTofu.
When `--retry-once-with-cleanup=true`, in each failed directory the cached modules and providers from the `.terraform` directory will be deleted, before retrying once more. To avoid unnecessary deletion of this directory, the cleanup and retry will only happen if Terraform produces any of the following error messages:
When `--retry-once-with-cleanup=true`, in each failed directory the cached modules and providers from the `.terraform` directory will be deleted, before retrying once more. To avoid unnecessary deletion of this directory, the cleanup and retry will only happen if OpenTofu produces any of the following error messages:
* "Missing or corrupted provider plugins"
* "Module source has changed"
@ -846,30 +828,30 @@ To replicate functionality in `terraform_docs` hook:
```bash
echo "
function rm_terraform {
function rm_tofu {
find . \( -iname ".terraform*" ! -iname ".terraform-docs*" \) -print0 | xargs -0 rm -r
}
" >>~/.bashrc
# Reload shell and use `rm_terraform` command in the repo root
# Reload shell and use `rm_tofu` command in the repo root
```
`terraform_validate` hook will try to reinitialize them before running the `terraform validate` command.
`tofu_validate` hook will try to reinitialize them before running the `tofu validate` command.
**Warning**: If you use Terraform workspaces, DO NOT use this option ([details](https://github.com/antonbabenko/pre-commit-terraform/issues/203#issuecomment-918791847)). Consider the first option, or wait for [`force-init`](https://github.com/antonbabenko/pre-commit-terraform/issues/224) option implementation.
**Warning**: If you use OpenTofu workspaces, DO NOT use this option ([details](https://github.com/tofuutils/pre-commit-opentofu/issues/203#issuecomment-918791847)). Consider the first option, or wait for [`force-init`](https://github.com/tofuutils/pre-commit-opentofu/issues/224) option implementation.
4. `terraform_validate` in a repo with Terraform module, written using Terraform 0.15+ and which uses provider `configuration_aliases` ([Provider Aliases Within Modules](https://www.terraform.io/language/modules/develop/providers#provider-aliases-within-modules)), errors out.
4. `tofu_validate` in a repo with TerrOpenTofuaform module, written using OpenTofu 1.6.0+ and which uses provider `configuration_aliases` ([Provider Aliases Within Modules](https://www.terraform.io/language/modules/develop/providers#provider-aliases-within-modules)), errors out.
When running the hook against Terraform code where you have provider `configuration_aliases` defined in a `required_providers` configuration block, terraform will throw an error like:
When running the hook against OpenTofu code where you have provider `configuration_aliases` defined in a `required_providers` configuration block, OpenTofu will throw an error like:
> Error: Provider configuration not present
> To work with `<resource>` its original provider configuration at provider `["registry.terraform.io/hashicorp/aws"].<provider_alias>` is required, but it has been removed. This occurs when a provider configuration is removed while
> objects created by that provider still exist in the state. Re-add the provider configuration to destroy `<resource>`, after which you can remove the provider configuration again.
This is a [known issue](https://github.com/hashicorp/terraform/issues/28490) with Terraform and how providers are initialized in Terraform 0.15 and later. To work around this you can add an `exclude` parameter to the configuration of `terraform_validate` hook like this:
This is a [known issue](https://github.com/hashicorp/terraform/issues/28490) with OpenTofu and how providers are initialized in OpenTofu 1.6.0 and later. To work around this you can add an `exclude` parameter to the configuration of `tofu_validate` hook like this:
```yaml
- id: terraform_validate
- id: tofu_validate
exclude: '^[^/]+$'
```
@ -895,8 +877,8 @@ To replicate functionality in `terraform_docs` hook:
- repos:
- repo: local
hooks:
- id: generate-terraform-providers
name: generate-terraform-providers
- id: generate-tofu-providers
name: generate-tofu-providers
require_serial: true
entry: .generate-providers.sh
language: script
@ -909,9 +891,9 @@ To replicate functionality in `terraform_docs` hook:
> Note: The latter method will leave an "aliased-providers.tf.json" file in your repo. You will either want to automate a way to clean this up or add it to your `.gitignore` or both.
### terraform_wrapper_module_for_each
### tofu_wrapper_module_for_each
`terraform_wrapper_module_for_each` generates module wrappers for Terraform modules (useful for Terragrunt where `for_each` is not supported). When using this hook without arguments it will create wrappers for the root module and all modules available in "modules" directory.
`tofu_wrapper_module_for_each` generates module wrappers for OpenTofu modules (useful for Terragrunt where `for_each` is not supported). When using this hook without arguments it will create wrappers for the root module and all modules available in "modules" directory.
You may want to customize some of the options:
@ -923,7 +905,7 @@ You may want to customize some of the options:
Sample configuration:
```yaml
- id: terraform_wrapper_module_for_each
- id: tofu_wrapper_module_for_each
args:
- --args=--module-dir=. # Process only root module
- --args=--dry-run # No files will be created/updated
@ -931,11 +913,11 @@ Sample configuration:
```
**If you use hook inside Docker:**
The `terraform_wrapper_module_for_each` hook attempts to determine the module's short name to be inserted into the generated `README.md` files for the `source` URLs. Since the container uses a bind mount at a static location, it can cause this short name to be incorrect.
The `tofu_wrapper_module_for_each` hook attempts to determine the module's short name to be inserted into the generated `README.md` files for the `source` URLs. Since the container uses a bind mount at a static location, it can cause this short name to be incorrect.
If the generated name is incorrect, set them by providing the `module-repo-shortname` option to the hook:
```yaml
- id: terraform_wrapper_module_for_each
- id: tofu_wrapper_module_for_each
args:
- '--args=--module-repo-shortname=ec2-instance'
```
@ -947,7 +929,7 @@ If the generated name is incorrect, set them by providing the `module-repo-short
```yaml
- id: terrascan
args:
- --args=--non-recursive # avoids scan errors on subdirectories without Terraform config files
- --args=--non-recursive # avoids scan errors on subdirectories without OpenTofu config files
- --args=--policy-type=azure
```
@ -959,11 +941,11 @@ If the generated name is incorrect, set them by providing the `module-repo-short
### tfupdate
1. Out of the box `tfupdate` will pin the terraform version:
1. Out of the box `tfupdate` will pin the OpenTofu version:
```yaml
- id: tfupdate
name: Autoupdate Terraform versions
name: Autoupdate OpenTofu versions
```
2. If you'd like to pin providers, etc., use custom arguments, i.e `provider=PROVIDER_NAME`:
@ -994,7 +976,7 @@ The [recommended command](#4-run) to run the Docker container is:
```bash
TAG=latest
docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:$TAG run -a
docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:$TAG run -a
```
which uses your current session's user ID and group ID to set the variable in the run command. Without this setting, you may find files and directories owned by `root` in your local repository.
@ -1006,9 +988,9 @@ $ ls -aldn .
drwxr-xr-x 9 1000 1000 4096 Sep 1 16:23 .
```
### Download Terraform modules from private GitHub repositories
### Download OpenTofu modules from private GitHub repositories
If you use a private Git repository as your Terraform module source, you are required to authenticate to GitHub using a [Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).
If you use a private Git repository as your OpenTofu module source, you are required to authenticate to GitHub using a [Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).
When running pre-commit on Docker, both locally or on CI, you need to configure the [~/.netrc](https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html) file, which contains login and initialization information used by the auto-login process.
@ -1035,27 +1017,27 @@ machine github.com
Finally, you can execute `docker run` with an additional volume mount so that the `~/.netrc` is accessible within the container
```bash
# run pre-commit-terraform with docker
# run pre-commit-opentofu with docker
# adding volume for .netrc file
# .netrc needs to be in /root/ dir
docker run --rm -e "USERID=$(id -u):$(id -g)" -v ~/.netrc:/root/.netrc -v $(pwd):/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:latest run -a
docker run --rm -e "USERID=$(id -u):$(id -g)" -v ~/.netrc:/root/.netrc -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:latest run -a
```
## Authors
This repository is managed by [Anton Babenko](https://github.com/antonbabenko) with help from these awesome contributors:
This repository is managed by [Alexander Sharov](https://github.com/kvendingoldo), [Nikolay Mishin](https://github.com/Nmishin), and [Anastasiia Kozlova](https://github.com/anastasiiakozlova245) with help from these awesome contributors:
<!-- markdownlint-disable no-inline-html -->
<a href="https://github.com/antonbabenko/pre-commit-terraform/graphs/contributors">
<img src="https://contrib.rocks/image?repo=antonbabenko/pre-commit-terraform" />
<a href="https://github.com/tofuutils/pre-commit-opentofu/graphs/contributors">
<img src="https://contrib.rocks/image?repo=tofuutils/pre-commit-opentofu" />
</a>
<a href="https://star-history.com/#antonbabenko/pre-commit-terraform&Date">
<a href="https://star-history.com/#tofuutils/pre-commit-opentofu&Date">
<picture>
<source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=antonbabenko/pre-commit-terraform&type=Date&theme=dark" />
<source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=antonbabenko/pre-commit-terraform&type=Date" />
<img alt="Star History Chart" src="https://api.star-history.com/svg?repos=antonbabenko/pre-commit-terraform&type=Date" />
<source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=tofuutils/pre-commit-opentofu&type=Date&theme=dark" />
<source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=tofuutils/pre-commit-opentofu&type=Date" />
<img alt="Star History Chart" src="https://api.star-history.com/svg?repos=tofuutils/pre-commit-opentofu&type=Date" />
</picture>
</a>
@ -1064,9 +1046,3 @@ This repository is managed by [Anton Babenko](https://github.com/antonbabenko) w
## License
MIT licensed. See [LICENSE](LICENSE) for full details.
### Additional information for users from Russia and Belarus
* Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine).
* Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee.
* [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!)

BIN
assets/env0.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 10 KiB

BIN
assets/infracost.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 7.1 KiB

4
hooks/__init__.py
View file

@ -1,4 +1,4 @@
print(
'`terraform_docs_replace` hook is DEPRECATED.'
'For migration instructions see https://github.com/antonbabenko/pre-commit-terraform/issues/248#issuecomment-1290829226'
'`tofu_docs_replace` hook is DEPRECATED.'
'TODO: For migration instructions see https://github.com/tofuutils/pre-commit-opentofu/issues/248#issuecomment-1290829226'
)

24
hooks/_common.sh
View file

@ -25,7 +25,7 @@ function common::initialize {
# Globals (init and populate):
# ARGS (array) arguments that configure wrapped tool behavior
# HOOK_CONFIG (array) arguments that configure hook behavior
# TF_INIT_ARGS (array) arguments for `terraform init` command
# TF_INIT_ARGS (array) arguments for `tofu init` command
# ENV_VARS (array) environment variables will be available
# for all 3rd-party tools executed by a hook.
# FILES (array) filenames to check
@ -37,7 +37,7 @@ function common::parse_cmdline {
# common global arrays.
# Populated via `common::parse_cmdline` and can be used inside hooks' functions
ARGS=() HOOK_CONFIG=() FILES=()
# Used inside `common::terraform_init` function
# Used inside `common::tofu_init` function
TF_INIT_ARGS=()
# Used inside `common::export_provided_env_vars` function
ENV_VARS=()
@ -135,7 +135,7 @@ function common::parse_and_export_env_vars {
#######################################################################
# This is a workaround to improve performance when all files are passed
# See: https://github.com/antonbabenko/pre-commit-terraform/issues/309
# See: https://github.com/tofuutils/pre-commit-opentofu/issues/309
# Arguments:
# hook_id (string) hook ID, see `- id` for details in .pre-commit-hooks.yaml file
# files (array) filenames to check
@ -302,38 +302,38 @@ function common::colorify {
}
#######################################################################
# Run terraform init command
# Run tofu init command
# Arguments:
# command_name (string) command that will tun after successful init
# dir_path (string) PATH to dir relative to git repo root.
# Can be used in error logging
# Globals (init and populate):
# TF_INIT_ARGS (array) arguments for `terraform init` command
# TF_INIT_ARGS (array) arguments for `tofu init` command
# Outputs:
# If failed - print out terraform init output
# If failed - print out tofu init output
#######################################################################
# TODO: v2.0: Move it inside terraform_validate.sh
function common::terraform_init {
# TODO: v2.0: Move it inside tofu_validate.sh
function common::tofu_init {
local -r command_name=$1
local -r dir_path=$2
local exit_code=0
local init_output
# Suppress terraform init color
# Suppress tofu init color
if [ "$PRE_COMMIT_COLOR" = "never" ]; then
TF_INIT_ARGS+=("-no-color")
fi
if [ ! -d .terraform/modules ] || [ ! -d .terraform/providers ]; then
init_output=$(terraform init -backend=false "${TF_INIT_ARGS[@]}" 2>&1)
init_output=$(tofu init -backend=false "${TF_INIT_ARGS[@]}" 2>&1)
exit_code=$?
if [ $exit_code -ne 0 ]; then
common::colorify "red" "'terraform init' failed, '$command_name' skipped: $dir_path"
common::colorify "red" "'tofu init' failed, '$command_name' skipped: $dir_path"
echo -e "$init_output\n\n"
else
common::colorify "green" "Command 'terraform init' successfully done: $dir_path"
common::colorify "green" "Command 'tofu init' successfully done: $dir_path"
fi
fi

4
hooks/terrascan.sh
View file

@ -40,7 +40,7 @@ function per_dir_hook_unique_part {
local -a -r args=("$@")
# pass the arguments to hook
terrascan scan -i terraform "${args[@]}"
terrascan scan -i tofu "${args[@]}"
# return exit code to common::per_dir_hook
local exit_code=$?
@ -57,7 +57,7 @@ function run_hook_on_whole_repo {
local -a -r args=("$@")
# pass the arguments to hook
terrascan scan -i terraform "${args[@]}"
terrascan scan -i tofu "${args[@]}"
# return exit code to common::per_dir_hook
local exit_code=$?

0
hooks/terraform_checkov.sh → hooks/tofu_checkov.sh
View file

35
hooks/terraform_docs.sh → hooks/tofu_docs.sh
View file

@ -9,8 +9,8 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
# set up default insertion markers. These will be changed to the markers used by
# terraform-docs if the hook config contains `--use-standard-markers=true`
insertion_marker_begin="<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->"
insertion_marker_end="<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->"
insertion_marker_begin="<!-- BEGINNING OF PRE-COMMIT-OPENTOFU DOCS HOOK -->"
insertion_marker_end="<!-- END OF PRE-COMMIT-OPENTOFU DOCS HOOK -->"
# these are the standard insertion markers used by terraform-docs
readonly standard_insertion_marker_begin="<!-- BEGIN_TF_DOCS -->"
@ -30,14 +30,14 @@ function main {
}
#######################################################################
# Function which prepares hacks for old versions of `terraform` and
# TODO Function which prepares hacks for old versions of `terraform` and
# `terraform-docs` that them call `terraform_docs`
# Arguments:
# hook_config (string with array) arguments that configure hook behavior
# args (string with array) arguments that configure wrapped tool behavior
# files (array) filenames to check
#######################################################################
function terraform_docs_ {
function tofu_docs_ {
local -r hook_config="$1"
local -r args="$2"
shift 2
@ -46,8 +46,8 @@ function terraform_docs_ {
# Get hook settings
IFS=";" read -r -a configs <<< "$hook_config"
local hack_terraform_docs
hack_terraform_docs=$(terraform version | sed -n 1p | grep -c 0.12) || true
local hack_tofu_docs
hack_terraform_docs=$(tofu version | sed -n 1p | grep -c 0.12) || true
if [[ ! $(command -v terraform-docs) ]]; then
echo "ERROR: terraform-docs is required by terraform_docs pre-commit hook but is not installed or in the system's PATH."
@ -64,37 +64,38 @@ function terraform_docs_ {
elif [[ "$hack_terraform_docs" == "1" ]]; then # Using awk script because terraform-docs is older than 0.8 and terraform 0.12 is used
if [[ ! $(command -v awk) ]]; then
# TODO: pls check it
echo "ERROR: awk is required for terraform-docs hack to work with Terraform 0.12."
exit 1
fi
local tmp_file_awk
tmp_file_awk=$(mktemp "${TMPDIR:-/tmp}/terraform-docs-XXXXXXXXXX")
terraform_docs_awk "$tmp_file_awk"
terraform_docs "$tmp_file_awk" "${configs[*]}" "$args" "${files[@]}"
tmp_file_awk=$(mktemp "${TMPDIR:-/tmp}/tofu-docs-XXXXXXXXXX")
tofu_docs_awk "$tmp_file_awk"
tofu_docs "$tmp_file_awk" "${configs[*]}" "$args" "${files[@]}"
rm -f "$tmp_file_awk"
else # Using terraform 0.11 and no awk script is needed for that
terraform_docs "0" "${configs[*]}" "$args" "${files[@]}"
# TODO: should be deleted for OpenTofu.
tofu_docs "0" "${configs[*]}" "$args" "${files[@]}"
fi
}
#######################################################################
# Wrapper around `terraform-docs` tool that check and change/create
# (depends on provided hook_config) terraform documentation in
# (depends on provided hook_config) OpenTofu documentation in
# markdown format
# Arguments:
# terraform_docs_awk_file (string) filename where awk hack for old
# `terraform-docs` was written. Needed for TF 0.12+.
# Hack skipped when `terraform_docs_awk_file == "0"`
# Hack skipped when `tofu_docs_awk_file == "0"`
# hook_config (string with array) arguments that configure hook behavior
# args (string with array) arguments that configure wrapped tool behavior
# files (array) filenames to check
#######################################################################
function terraform_docs {
local -r terraform_docs_awk_file="$1"
function tofu_docs {
local -r tofu_docs_awk_file="$1"
local -r hook_config="$2"
local args="$3"
shift 3
@ -229,7 +230,7 @@ function terraform_docs {
else
# Can't append extension for mktemp, so renaming instead
local tmp_file_docs
tmp_file_docs=$(mktemp "${TMPDIR:-/tmp}/terraform-docs-XXXXXXXXXX")
tmp_file_docs=$(mktemp "${TMPDIR:-/tmp}/tofu-docs-XXXXXXXXXX")
mv "$tmp_file_docs" "$tmp_file_docs.tf"
local tmp_file_docs_tf
tmp_file_docs_tf="$tmp_file_docs.tf"
@ -263,7 +264,7 @@ function terraform_docs {
# Arguments:
# output_file (string) filename where hack will be written to
#######################################################################
function terraform_docs_awk {
function tofu_docs_awk {
local -r output_file=$1
cat << "EOF" > "$output_file"

0
hooks/terraform_docs_replace.py → hooks/tofu_docs_replace.py
View file

4
hooks/terraform_fmt.sh → hooks/tofu_fmt.sh
View file

@ -13,7 +13,7 @@ function main {
common::export_provided_env_vars "${ENV_VARS[@]}"
common::parse_and_export_env_vars
# Suppress terraform fmt color
# Suppress tofu fmt color
if [ "$PRE_COMMIT_COLOR" = "never" ]; then
ARGS+=("-no-color")
fi
@ -44,7 +44,7 @@ function per_dir_hook_unique_part {
local -a -r args=("$@")
# pass the arguments to hook
terraform fmt "${args[@]}"
tofu fmt "${args[@]}"
# return exit code to common::per_dir_hook
local exit_code=$?

10
hooks/terraform_providers_lock.sh → hooks/tofu_providers_lock.sh
View file

@ -13,7 +13,7 @@ function main {
common::parse_cmdline "$@"
common::export_provided_env_vars "${ENV_VARS[@]}"
common::parse_and_export_env_vars
# JFYI: suppress color for `terraform providers lock` is N/A`
# JFYI: suppress color for `tofu providers lock` is N/A`
# shellcheck disable=SC2153 # False positive
common::per_dir_hook "$HOOK_ID" "${#ARGS[@]}" "${ARGS[@]}" "${FILES[@]}"
@ -134,9 +134,9 @@ function per_dir_hook_unique_part {
# TODO: Remove in 2.0
if [ ! "$mode" ]; then
common::colorify "yellow" "DEPRECATION NOTICE: We introduced '--mode' flag for this hook.
Check migration instructions at https://github.com/antonbabenko/pre-commit-terraform#terraform_providers_lock
Check migration instructions at https://github.com/tofuutils/pre-commit-opentofu#terraform_providers_lock
"
common::terraform_init 'terraform providers lock' "$dir_path" || {
common::tofu_init 'OpenTofu providers lock' "$dir_path" || {
exit_code=$?
return $exit_code
}
@ -149,9 +149,9 @@ Check migration instructions at https://github.com/antonbabenko/pre-commit-terra
fi
#? Don't require `tf init` for providers, but required `tf init` for modules
#? Mitigated by `function match_validate_errors` from terraform_validate hook
#? Mitigated by `function match_validate_errors` from tofu_validate hook
# pass the arguments to hook
terraform providers lock "${args[@]}"
tofu providers lock "${args[@]}"
# return exit code to common::per_dir_hook
exit_code=$?

0
hooks/terraform_tflint.sh → hooks/tofu_tflint.sh
View file

2
hooks/terraform_tfsec.sh → hooks/tofu_tfsec.sh
View file

@ -23,7 +23,7 @@ function main {
fi
common::colorify "yellow" "tfsec tool was deprecated, and replaced by trivy. You can check trivy hook here:"
common::colorify "yellow" "https://github.com/antonbabenko/pre-commit-terraform/tree/master#terraform_trivy"
common::colorify "yellow" "https://github.com/tofuutils/pre-commit-opentofu/tree/master#terraform_trivy"
common::per_dir_hook "$HOOK_ID" "${#ARGS[@]}" "${ARGS[@]}" "${FILES[@]}"
}

0
hooks/terraform_trivy.sh → hooks/tofu_trivy.sh
View file

34
hooks/terraform_validate.sh → hooks/tofu_validate.sh
View file

@ -7,7 +7,7 @@ readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
# shellcheck source=_common.sh
. "$SCRIPT_DIR/_common.sh"
# `terraform validate` requires this env variable to be set
# `tofu validate` requires this env variable to be set
export AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-us-east-1}
function main {
@ -16,7 +16,7 @@ function main {
common::export_provided_env_vars "${ENV_VARS[@]}"
common::parse_and_export_env_vars
# Suppress terraform validate color
# Suppress tofu validate color
if [ "$PRE_COMMIT_COLOR" = "never" ]; then
ARGS+=("-no-color")
fi
@ -25,9 +25,9 @@ function main {
}
#######################################################################
# Run `terraform validate` and match errors. Requires `jq`
# Run `tofu validate` and match errors. Requires `jq`
# Arguments:
# validate_output (string with json) output of `terraform validate` command
# validate_output (string with json) output of `tofu validate` command
# Outputs:
# Returns integer:
# - 0 (no errors)
@ -66,8 +66,8 @@ function match_validate_errors {
#######################################################################
# Unique part of `common::per_dir_hook`. The function is executed in loop
# on each provided dir path. Run wrapped tool with specified arguments
# 1. Check if `.terraform` dir exists and if not - run `terraform init`
# 2. Run `terraform validate`
# 1. Check if `.terraform` dir exists and if not - run `tofu init`
# 2. Run `tofu validate`
# 3. If at least 1 check failed - change the exit code to non-zero
# Arguments:
# dir_path (string) PATH to dir relative to git repo root.
@ -111,28 +111,28 @@ function per_dir_hook_unique_part {
esac
done
# First try `terraform validate` with the hope that all deps are
# First try `terratofuform validate` with the hope that all deps are
# pre-installed. That is needed for cases when `.terraform/modules`
# or `.terraform/providers` missed AND that is expected.
terraform validate "${args[@]}" &> /dev/null && {
tofu validate "${args[@]}" &> /dev/null && {
exit_code=$?
return $exit_code
}
# In case `terraform validate` failed to execute
# - check is simple `terraform init` will help
common::terraform_init 'terraform validate' "$dir_path" || {
# In case `tofu validate` failed to execute
# - check is simple `tofu init` will help
common::tofu_init 'tofu validate' "$dir_path" || {
exit_code=$?
return $exit_code
}
if [ "$retry_once_with_cleanup" != "true" ]; then
# terraform validate only
validate_output=$(terraform validate "${args[@]}" 2>&1)
# tofu validate only
validate_output=$(tofu validate "${args[@]}" 2>&1)
exit_code=$?
else
# terraform validate, plus capture possible errors
validate_output=$(terraform validate -json "${args[@]}" 2>&1)
# tofu validate, plus capture possible errors
validate_output=$(tofu validate -json "${args[@]}" 2>&1)
exit_code=$?
# Match specific validation errors
@ -150,12 +150,12 @@ function per_dir_hook_unique_part {
common::colorify "yellow" "Re-validating: $dir_path"
common::terraform_init 'terraform validate' "$dir_path" || {
common::tofu_init 'tofu validate' "$dir_path" || {
exit_code=$?
return $exit_code
}
validate_output=$(terraform validate "${args[@]}" 2>&1)
validate_output=$(tofu validate "${args[@]}" 2>&1)
exit_code=$?
fi
fi

28
hooks/terraform_wrapper_module_for_each.sh → hooks/tofu_wrapper_module_for_each.sh
View file

@ -17,7 +17,7 @@ function main {
check_dependencies
# shellcheck disable=SC2153 # False positive
terraform_module_wrapper_ "${ARGS[*]}"
tofu_module_wrapper_ "${ARGS[*]}"
}
readonly CONTENT_MAIN_TF='module "wrapper" {}'
@ -38,12 +38,12 @@ readonly CONTENT_OUTPUTS_TF='output "wrapper" {
WRAPPER_OUTPUT_SENSITIVE
}'
readonly CONTENT_VERSIONS_TF='terraform {
required_version = ">= 0.13.1"
required_version = ">= 1.6.0"
}'
# shellcheck disable=SC2016 # False positive
readonly CONTENT_README='# WRAPPER_TITLE
The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native Terraform 0.13+ `for_each` feature is not feasible (e.g., with Terragrunt).
The configuration in this directory contains an implementation of a single module wrapper pattern, which allows managing several copies of a module in places where using the native OpenTofu 1.6.0+ `for_each` feature is not feasible (e.g., with Terragrunt).
You may want to use a single Terragrunt configuration file to manage multiple resources without duplicating `terragrunt.hcl` files for each copy of the same module.
@ -64,7 +64,7 @@ inputs = {
defaults = { # Default values
create = true
tags = {
Terraform = "true"
OpenTofu = "true"
Environment = "dev"
}
}
@ -81,7 +81,7 @@ inputs = {
}
```
## Usage with Terraform
## Usage with OpenTofu
```hcl
module "wrapper" {
@ -90,7 +90,7 @@ module "wrapper" {
defaults = { # Default values
create = true
tags = {
Terraform = "true"
OpenTofu = "true"
Environment = "dev"
}
}
@ -142,7 +142,7 @@ inputs = {
}
```'
function terraform_module_wrapper_ {
function tofu_module_wrapper_ {
local args
read -r -a args <<< "$1"
@ -197,7 +197,7 @@ function terraform_module_wrapper_ {
cat << EOF
ERROR: Unrecognized argument: $key
Hook ID: $HOOK_ID.
Generate Terraform module wrapper. Available arguments:
Generate OpenTofu module wrapper. Available arguments:
--root-dir=... - Root dir of the repository (Optional)
--module-dir=... - Single module directory. Options: "." (means just root module),
"modules/iam-user" (a single module), or empty (means include all
@ -212,7 +212,7 @@ Generate Terraform module wrapper. Available arguments:
Example:
--module-dir=modules/object - Generate wrapper for one specific submodule.
--module-dir=. - Generate wrapper for the root module.
--module-repo-org=terraform-google-modules --module-repo-shortname=network --module-repo-provider=google - Generate wrappers for repository available by name "terraform-google-modules/network/google" in the Terraform registry and it includes all modules (root and in "modules/*").
--module-repo-org=terraform-google-modules --module-repo-shortname=network --module-repo-provider=google - Generate wrappers for repository available by name "terraform-google-modules/network/google" in the OpenTofu registry and it includes all modules (root and in "modules/*").
EOF
exit 1
;;
@ -310,7 +310,7 @@ EOF
echo
fi
# Read content of all terraform files
# Read content of all OpenTofu files
# shellcheck disable=SC2207
all_tf_content=$(find "${full_module_dir}" -name '*.tf' -maxdepth 1 -type f -exec cat {} +)
@ -319,15 +319,15 @@ EOF
continue
fi
# Get names of module variables in all terraform files
# Get names of module variables in all OpenTofu files
# shellcheck disable=SC2207
module_vars=($(echo "$all_tf_content" | hcledit block list | { grep "^variable\." | cut -d'.' -f 2 | sort || true; }))
# Get names of module outputs in all terraform files
# Get names of module outputs in all OpenTofu files
# shellcheck disable=SC2207
module_outputs=($(echo "$all_tf_content" | hcledit block list | { grep "^output\." | cut -d'.' -f 2 || true; }))
# Get names of module providers in all terraform files
# Get names of module providers in all OpenTofu files
module_providers=$(echo "$all_tf_content" | hcledit block list | { grep "^provider\." || true; })
if [[ $module_providers ]]; then
@ -342,7 +342,7 @@ EOF
# At least one output is sensitive - the wrapper's output should be sensitive, too
if [[ "$module_output_sensitive" == "true" ]]; then
wrapper_output_sensitive="sensitive = true # At least one sensitive module output (${module_output}) found (requires Terraform 0.14+)"
wrapper_output_sensitive="sensitive = true # At least one sensitive module output (${module_output}) found (requires OpenTofu 1.6.0+)"
break
fi
done

8
setup.py
View file

@ -3,9 +3,9 @@ from setuptools import setup
setup(
name='pre-commit-terraform',
description='Pre-commit hooks for terraform_docs_replace',
url='https://github.com/antonbabenko/pre-commit-terraform',
name='pre-commit-opentofu',
description='Pre-commit hooks for tofu_docs_replace',
url='https://github.com/tofuutils/pre-commit-opentofu',
version_format='{tag}+{gitsha}',
author='Contributors',
@ -27,7 +27,7 @@ setup(
],
entry_points={
'console_scripts': [
'terraform_docs_replace = hooks.terraform_docs_replace:main',
'tofu_docs_replace = hooks.tofu_docs_replace:main',
],
},
)

2
tests/Dockerfile
View file

@ -1,4 +1,4 @@
FROM pre-commit-terraform:latest
FROM pre-commit-opentofu:latest
RUN apt update && \
apt install -y \

6
tests/hooks_performance_test.sh
View file

@ -1,10 +1,10 @@
#!/usr/bin/env bash
TEST_NUM=$1 # 1000
TEST_COMMAND=$2 # 'pre-commit try-repo -a /tmp/159/pre-commit-terraform terraform_tfsec'
TEST_COMMAND=$2 # 'pre-commit try-repo -a /tmp/159/pre-commit-opentofu tofu_tfsec'
TEST_DIR=$3 # '/tmp/infrastructure'
TEST_DESCRIPTION="$TEST_NUM runs '$4'" # '`terraform_tfsec` PR #123:'
RAW_TEST_RESULTS_FILE_NAME=$5 # terraform_tfsec_pr123
TEST_DESCRIPTION="$TEST_NUM runs '$4'" # '`tofu_tfsec` PR #123:'
RAW_TEST_RESULTS_FILE_NAME=$5 # tofu_tfsec_pr123
function run_tests {
local TEST_NUM=$1

2
tools/entrypoint.sh
View file

@ -15,7 +15,7 @@ function echo_error_and_exit {
if [[ $(id -u) -ne 0 ]]; then
echo_error_and_exit "Container must run as root. Use environment variable USERID to set user.\n" \
"Example: \"TAG=latest && " \
"docker run -e USERID=$(id -u):$(id -g) -v $(pwd):/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:$TAG run -a\""
"docker run -e USERID=$(id -u):$(id -g) -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:$TAG run -a\""
fi
# make sure USERID makes sense as UID:GID