weeheavy/pre-commit-opentofu
1
0
Fork 0
forked from github/pre-commit-opentofu
Code Pull requests Activity

feat: rename pre-commit-terraform to pre-commit-opentofu, pt VIII

Browse source
This commit is contained in:
Alexander Sharov 2024-01-17 01:10:38 +01:00
commit 527cbe98cb
5 changed files with 48 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.github/CONTRIBUTING.md vendored
View file

@ -50,10 +50,10 @@ Script accept next options:
| # | Name | Example value | Description |
| --- | ---------------------------------- | ------------------------------------------------------------------------ | ---------------------------------------------------- |
| 1 | `TEST_NUM` | `200` | How many times need repeat test |
| 2 | `TEST_COMMAND` | `'pre-commit try-repo -a /tmp/159/pre-commit-opentofu terraform_tfsec'` | Valid pre-commit command |
| 2 | `TEST_COMMAND` | `'pre-commit try-repo -a /tmp/159/pre-commit-opentofu tofu_tfsec'` | Valid pre-commit command |
| 3 | `TEST_DIR` | `'/tmp/infrastructure'` | Dir on what you run tests. |
| 4 | `TEST_DESCRIPTION` | ```'`terraform_tfsec` PR #123:'``` | Text that you'd like to see in result |
| 5 | `RAW_TEST_`<br>`RESULTS_FILE_NAME` | `terraform_tfsec_pr123` | (Temporary) File where all test data will be stored. |
| 4 | `TEST_DESCRIPTION` | ```'`tofu_tfsec` PR #123:'``` | Text that you'd like to see in result |
| 5 | `RAW_TEST_`<br>`RESULTS_FILE_NAME` | `tofu_tfsec_pr123` | (Temporary) File where all test data will be stored. |
<!-- markdownlint-enable no-inline-html -->
> **Note:** To make test results repeatable and comparable, be sure that on the test machine nothing generates an unstable workload. During tests good to stop any other apps and do not interact with the test machine.
@ -66,7 +66,7 @@ Script accept next options:
# Install deps
sudo apt install -y datamash
# Run tests
./hooks_performance_test.sh 200 'pre-commit try-repo -a /tmp/159/pre-commit-opentofu terraform_tfsec' '/tmp/infrastructure' '`terraform_tfsec` v1.51.0:' 'terraform_tfsec_pr159'
./hooks_performance_test.sh 200 'pre-commit try-repo -a /tmp/159/pre-commit-opentofu tofu_tfsec' '/tmp/infrastructure' '`tofu_tfsec` v1.51.0:' 'tofu_tfsec_pr159'
```
### Run via Docker
@ -80,9 +80,9 @@ docker build -t pre-commit-tests tests/
TEST_NUM=1
TEST_DIR='/tmp/infrastructure'
PRE_COMMIT_DIR="$(pwd)"
TEST_COMMAND='pre-commit try-repo -a /pct terraform_tfsec'
TEST_DESCRIPTION='`terraform_tfsec` v1.51.0:'
RAW_TEST_RESULTS_FILE_NAME='terraform_tfsec_pr159'
TEST_COMMAND='pre-commit try-repo -a /pct tofu_tfsec'
TEST_DESCRIPTION='`tofu_tfsec` v1.51.0:'
RAW_TEST_RESULTS_FILE_NAME='tofu_tfsec_pr159'
docker run -v "$PRE_COMMIT_DIR:/pct:rw" -v "$TEST_DIR:/lint:ro" pre-commit-tests \
$TEST_NUM "$TEST_COMMAND" '/lint' "$RAW_TEST_RESULTS_FILE_NAME" "$RAW_TEST_RESULTS_FILE_NAME"

30
.pre-commit-hooks.yaml
View file

@ -19,7 +19,7 @@
name: OpenTofu docs
description: Inserts input and output documentation into README.md (using terraform-docs).
require_serial: true
entry: hooks/terraform_docs.sh
entry: hooks/tofu_docs.sh
language: script
files: (\.tf|\.terraform\.lock\.hcl)$
exclude: \.terraform\/.*$
@ -33,8 +33,8 @@
files: (\.tf)$
exclude: \.terraform\/.*$
- id: terraform_docs_replace
name: Terraform docs (overwrite README.md)
- id: tofu_docs_replace
name: OpenTofu docs (overwrite README.md)
description: Overwrite content of README.md with terraform-docs.
require_serial: true
entry: terraform_docs_replace
@ -51,7 +51,7 @@
files: (\.tf|\.tfvars)$
exclude: \.terraform\/.*$
- id: terraform_providers_lock
- id: tofu_providers_lock
name: Lock OpenTofu provider versions
description: Updates provider signatures in dependency lock files.
require_serial: true
@ -60,11 +60,11 @@
files: (\.terraform\.lock\.hcl)$
exclude: \.terraform\/.*$
- id: terraform_tflint
- id: tofu_tflint
name: OpenTofu validate with tflint
description: Validates all OpenTofu configuration files with TFLint.
require_serial: true
entry: hooks/terraform_tflint.sh
entry: hooks/tofu_tflint.sh
language: script
files: (\.tf|\.tfvars)$
exclude: \.terraform\/.*$
@ -85,24 +85,24 @@
files: (\.hcl)$
exclude: \.terraform\/.*$
- id: terraform_tfsec
name: OpenTofu validate with tfsec (deprecated, use "terraform_trivy")
- id: tofu_tfsec
name: OpenTofu validate with tfsec (deprecated, use "tofu_trivy")
description: Static analysis of OpenTofu templates to spot potential security issues.
require_serial: true
entry: hooks/terraform_tfsec.sh
entry: hooks/tofu_tfsec.sh
files: \.tf(vars)?$
language: script
- id: terraform_trivy
- id: tofu_trivy
name: OpenTofu validate with trivy
description: Static analysis of OpenTofu templates to spot potential security issues.
require_serial: true
entry: hooks/terraform_trivy.sh
entry: hooks/tofu_trivy.sh
files: \.tf(vars)?$
language: script
- id: checkov
name: checkov (deprecated, use "terraform_checkov")
name: checkov (deprecated, use "tofu_checkov")
description: Runs checkov on OpenTofu templates.
entry: checkov -d .
language: python
@ -122,10 +122,10 @@
exclude: \.terraform\/.*$
require_serial: true
- id: terraform_wrapper_module_for_each
name: Terraform wrapper with for_each in module
- id: tofu_wrapper_module_for_each
name: OpenTofu wrapper with for_each in module
description: Generate OpenTofu wrappers with for_each in module.
entry: hooks/terraform_wrapper_module_for_each.sh
entry: hooks/tofu_wrapper_module_for_each.sh
language: script
pass_filenames: false
always_run: false

43
README.md
View file

@ -23,25 +23,24 @@ If you are using `pre-commit-opentofu` already or want to support its developmen
* [All hooks: Usage of environment variables in `--args`](#all-hooks-usage-of-environment-variables-in---args)
* [All hooks: Set env vars inside hook at runtime](#all-hooks-set-env-vars-inside-hook-at-runtime)
* [All hooks: Disable color output](#all-hooks-disable-color-output)
* [checkov (deprecated) and terraform\_checkov](#checkov-deprecated-and-terraform_checkov)
* [checkov (deprecated) and tofu\_checkov](#checkov-deprecated-and-tofu_checkov)
* [infracost\_breakdown](#infracost_breakdown)
* [terraform\_docs](#terraform_docs)
* [terraform\_docs\_replace (deprecated)](#terraform_docs_replace-deprecated)
* [terraform\_fmt](#terraform_fmt)
* [terraform\_providers\_lock](#terraform_providers_lock)
* [terraform\_tflint](#terraform_tflint)
* [terraform\_tfsec (deprecated)](#terraform_tfsec-deprecated)
* [terraform\_trivy](#terraform_trivy)
* [terraform\_validate](#terraform_validate)
* [terraform\_wrapper\_module\_for\_each](#terraform_wrapper_module_for_each)
* [tofu\_docs](#tofu_docs)
* [tofu\_docs\_replace (deprecated)](#tofu_docs_replace-deprecated)
* [tofu\_fmt](#tofu_fmt)
* [tofu\_providers\_lock](#tofu_providers_lock)
* [tofu\_tflint](#tofu_tflint)
* [tofu\_tfsec (deprecated)](#tofu_tfsec-deprecated)
* [tofu\_trivy](#tofu_trivy)
* [tofu\_validate](#tofu_validate)
* [tofu\_wrapper\_module\_for\_each](#tofu_wrapper_module_for_each)
* [terrascan](#terrascan)
* [tfupdate](#tfupdate)
* [Docker Usage](#docker-usage)
* [File Permissions](#file-permissions)
* [Download Terraform modules from private GitHub repositories](#download-terraform-modules-from-private-github-repositories)
* [Download OpenTofu modules from private GitHub repositories](#download-tofu-modules-from-private-github-repositories)
* [Authors](#authors)
* [License](#license)
* [Additional information for users from Russia and Belarus](#additional-information-for-users-from-russia-and-belarus)
## How to install
@ -68,7 +67,7 @@ If you are using `pre-commit-opentofu` already or want to support its developmen
* [`TFSec`](https://github.com/liamg/tfsec) required for `terraform_tfsec` hook.
* [`Trivy`](https://github.com/aquasecurity/trivy) required for `terraform_trivy` hook.
* [`infracost`](https://github.com/infracost/infracost) required for `infracost_breakdown` hook.
* [`jq`](https://github.com/stedolan/jq) required for `terraform_validate` with `--retry-once-with-cleanup` flag, and for `infracost_breakdown` hook.
* [`jq`](https://github.com/stedolan/jq) required for `tofu_validate` with `--retry-once-with-cleanup` flag, and for `infracost_breakdown` hook.
* [`tfupdate`](https://github.com/minamijoyo/tfupdate) required for `tfupdate` hook.
* [`hcledit`](https://github.com/minamijoyo/hcledit) required for `terraform_wrapper_module_for_each` hook.
@ -263,7 +262,7 @@ There are several [pre-commit](https://pre-commit.com/) hooks to keep Terraform
| `terraform_tflint` | Validates all Terraform configuration files with [TFLint](https://github.com/terraform-linters/tflint). [Available TFLint rules](https://github.com/terraform-linters/tflint/tree/master/docs/rules#rules). [Hook notes](#terraform_tflint). | `tflint` |
| `terraform_tfsec` | [TFSec](https://github.com/aquasecurity/tfsec) static analysis of terraform templates to spot potential security issues. **DEPRECATED**, use `tofu_trivy`. [Hook notes](#terraform_tfsec-deprecated) | `tfsec` |
| `terraform_trivy` | [Trivy](https://github.com/aquasecurity/trivy) static analysis of terraform templates to spot potential security issues. [Hook notes](#terraform_trivy) | `trivy` |
| `terraform_validate` | Validates all Terraform configuration files. [Hook notes](#terraform_validate) | `jq`, only for `--retry-once-with-cleanup` flag |
| `tofu_validate` | Validates all Terraform configuration files. [Hook notes](#tofu_validate) | `jq`, only for `--retry-once-with-cleanup` flag |
| `terragrunt_fmt` | Reformat all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) to a canonical format. | `terragrunt` |
| `terragrunt_validate` | Validates all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) | `terragrunt` |
| `terraform_wrapper_module_for_each` | Generates Terraform wrappers with `for_each` in module. [Hook notes](#terraform_wrapper_module_for_each) | `hcledit` |
@ -290,7 +289,7 @@ You can use environment variables for the `--args` section.
Config example:
```yaml
- id: terraform_tflint
- id: tofu_tflint
args:
- --args=--config=${CONFIG_NAME}.${CONFIG_EXT}
- --args=--module
@ -307,7 +306,7 @@ You can specify environment variables that will be passed to the hook at runtime
Config example:
```yaml
- id: terraform_validate
- id: tofu_validate
args:
- --env-vars=AWS_DEFAULT_REGION="us-west-2"
- --env-vars=AWS_ACCESS_KEY_ID="anaccesskey"
@ -453,7 +452,7 @@ Unlike most other hooks, this hook triggers once if there are any changed files
### terraform_docs
1. `terraform_docs` and `terraform_docs_without_aggregate_type_defaults` will insert/update documentation generated by [terraform-docs](https://github.com/terraform-docs/terraform-docs) framed by markers:
1. `tofu_docs` and `terraform_docs_without_aggregate_type_defaults` will insert/update documentation generated by [terraform-docs](https://github.com/terraform-docs/terraform-docs) framed by markers:
```txt
<!-- BEGINNING OF PRE-COMMIT-OPENTOFU DOCS HOOK -->
@ -463,7 +462,7 @@ Unlike most other hooks, this hook triggers once if there are any changed files
if they are present in `README.md`.
2. It is possible to pass additional arguments to shell scripts when using `terraform_docs` and `terraform_docs_without_aggregate_type_defaults`.
2. It is possible to pass additional arguments to shell scripts when using `tofu_docs` and `tofu_docs_without_aggregate_type_defaults`.
3. It is possible to automatically:
* create a documentation file
@ -478,7 +477,7 @@ Unlike most other hooks, this hook triggers once if there are any changed files
```
```yaml
- id: terraform_docs
- id: tofu_docs
args:
- --hook-config=--path-to-file=README.md # Valid UNIX path. I.e. ../TFDOC.md or docs/README.md etc.
- --hook-config=--add-to-existing-file=true # Boolean. true or false
@ -486,10 +485,10 @@ Unlike most other hooks, this hook triggers once if there are any changed files
- --hook-config=--use-standard-markers=true # Boolean. Defaults in v1.x to false. Set to true for compatibility with terraform-docs
```
4. You can provide [any configuration available in `terraform-docs`](https://terraform-docs.io/user-guide/configuration/) as an argument to `terraform_doc` hook, for example:
4. You can provide [any configuration available in `tofu-docs`](https://terraform-docs.io/user-guide/configuration/) as an argument to `tofu_doc` hook, for example:
```yaml
- id: terraform_docs
- id: tofu_docs
args:
- --args=--config=.terraform-docs.yml
```
@ -499,7 +498,7 @@ Unlike most other hooks, this hook triggers once if there are any changed files
5. If you need some exotic settings, it can be done too. I.e. this one generates HCL files:
```yaml
- id: terraform_docs
- id: tofu_docs
args:
- tfvars hcl --output-file terraform.tfvars.model .
```

6
hooks/tofu_docs.sh
View file

@ -30,14 +30,14 @@ function main {
}
#######################################################################
# Function which prepares hacks for old versions of `terraform` and
# TODO Function which prepares hacks for old versions of `terraform` and
# `terraform-docs` that them call `terraform_docs`
# Arguments:
# hook_config (string with array) arguments that configure hook behavior
# args (string with array) arguments that configure wrapped tool behavior
# files (array) filenames to check
#######################################################################
function terraform_docs_ {
function tofu_docs_ {
local -r hook_config="$1"
local -r args="$2"
shift 2
@ -46,7 +46,7 @@ function terraform_docs_ {
# Get hook settings
IFS=";" read -r -a configs <<< "$hook_config"
local hack_terraform_docs
local hack_tofu_docs
hack_terraform_docs=$(terraform version | sed -n 1p | grep -c 0.12) || true
if [[ ! $(command -v terraform-docs) ]]; then

4
setup.py
View file

@ -4,7 +4,7 @@ from setuptools import setup
setup(
name='pre-commit-opentofu',
description='Pre-commit hooks for terraform_docs_replace',
description='Pre-commit hooks for tofu_docs_replace',
url='https://github.com/tofuutils/pre-commit-opentofu',
version_format='{tag}+{gitsha}',
@ -27,7 +27,7 @@ setup(
],
entry_points={
'console_scripts': [
'terraform_docs_replace = hooks.terraform_docs_replace:main',
'tofu_docs_replace = hooks.tofu_docs_replace:main',
],
},
)