From 5e0e10c2d800cc2597e295ec145dcaa264cb9454 Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Sun, 21 Jan 2024 21:01:18 +0100 Subject: [PATCH 01/33] fix: docs --- CHANGELOG.md | 2 +- LICENSE | 4 ++-- README.md | 47 ++++++++++++++++++++++++++++++++++------------- 3 files changed, 37 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a922d3..6e64c70 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,4 +7,4 @@ All notable changes to this project will be documented in this file. ### Features -* TODO \ No newline at end of file +* TODO diff --git a/LICENSE b/LICENSE index 5822c23..ffe0bba 100644 --- a/LICENSE +++ b/LICENSE @@ -1,5 +1,5 @@ -Copyright (c) 2017 Anton Babenko -Copyright (c) 2024 ttofuutils authors +Copyright (c) 2017 Anton Babenko, https://github.com/antonbabenko/pre-commit-terraform +Copyright (c) 2024 tofuutils authors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/README.md b/README.md index 5fcff2b..e78bb72 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Collection of git hooks for OpenTofu to be used with [pre-commit framework](http://pre-commit.com/) -[![Github tag](https://img.shields.io/github/tag/tofuutils/pre-commit-opentofu.svg)](https://github.com/tofuutils/pre-commit-opentofu/releases) ![maintenance status](https://img.shields.io/maintenance/yes/2023.svg) [![Help Contribute to Open Source](https://www.codetriage.com/tofuutils/pre-commit-opentofu/badges/users.svg)](https://www.codetriage.com/tofuutils/pre-commit-opentofu) +[![Github tag](https://img.shields.io/github/tag/tofuutils/pre-commit-opentofu.svg)](https://github.com/tofuutils/pre-commit-opentofu/releases) ![maintenance status](https://img.shields.io/maintenance/yes/2024.svg) [![Help Contribute to Open Source](https://www.codetriage.com/tofuutils/pre-commit-opentofu/badges/users.svg)](https://www.codetriage.com/tofuutils/pre-commit-opentofu) Want to contribute? Check [open issues](https://github.com/tofuutils/pre-commit-opentofu/issues?q=label%3A%22good+first+issue%22+is%3Aopen+sort%3Aupdated-desc) and [contributing notes](/.github/CONTRIBUTING.md). @@ -10,7 +10,6 @@ If you are using `pre-commit-opentofu` already or want to support its developmen ## Table of content -* [Sponsors](#sponsors) * [Table of content](#table-of-content) * [How to install](#how-to-install) * [1. Install dependencies](#1-install-dependencies) @@ -49,7 +48,7 @@ If you are using `pre-commit-opentofu` already or want to support its developmen * [`pre-commit`](https://pre-commit.com/#install), - [`terraform`](https://www.terraform.io/downloads.html), + [`opentofu`](https://opentofu.org/docs/intro/install/), [`git`](https://git-scm.com/downloads), POSIX compatible shell, Internet connection (on first run), @@ -59,17 +58,17 @@ If you are using `pre-commit-opentofu` already or want to support its developmen Some basic physical laws, Hope that it all will work.

-* [`checkov`](https://github.com/bridgecrewio/checkov) required for `terraform_checkov` hook. -* [`terraform-docs`](https://github.com/terraform-docs/terraform-docs) required for `terraform_docs` hook. +* [`checkov`](https://github.com/bridgecrewio/checkov) required for `tofu_checkov` hook. +* [`terraform-docs`](https://github.com/terraform-docs/terraform-docs) required for `tofu_docs` hook. * [`terragrunt`](https://terragrunt.gruntwork.io/docs/getting-started/install/) required for `terragrunt_validate` hook. * [`terrascan`](https://github.com/tenable/terrascan) required for `terrascan` hook. -* [`TFLint`](https://github.com/terraform-linters/tflint) required for `terraform_tflint` hook. -* [`TFSec`](https://github.com/liamg/tfsec) required for `terraform_tfsec` hook. -* [`Trivy`](https://github.com/aquasecurity/trivy) required for `terraform_trivy` hook. +* [`TFLint`](https://github.com/terraform-linters/tflint) required for `tofu_tflint` hook. +* [`TFSec`](https://github.com/liamg/tfsec) required for `tofu_tfsec` hook. +* [`Trivy`](https://github.com/aquasecurity/trivy) required for `tofu_trivy` hook. * [`infracost`](https://github.com/infracost/infracost) required for `infracost_breakdown` hook. * [`jq`](https://github.com/stedolan/jq) required for `tofu_validate` with `--retry-once-with-cleanup` flag, and for `infracost_breakdown` hook. * [`tfupdate`](https://github.com/minamijoyo/tfupdate) required for `tfupdate` hook. -* [`hcledit`](https://github.com/minamijoyo/hcledit) required for `terraform_wrapper_module_for_each` hook. +* [`hcledit`](https://github.com/minamijoyo/hcledit) required for `tofu_wrapper_module_for_each` hook.
Docker
@@ -87,7 +86,7 @@ All available tags [here](https://github.com/tofuutils/pre-commit-opentofu/pkgs/ > **Note**: To build image you need to have [`docker buildx`](https://docs.docker.com/build/install-buildx/) enabled as default builder. > Otherwise - provide `TARGETOS` and `TARGETARCH` as additional `--build-arg`'s to `docker build`. -When hooks-related `--build-arg`s are not specified, only the latest version of `pre-commit` and `terraform` will be installed. +When hooks-related `--build-arg`s are not specified, only the latest version of `pre-commit` and `opentofu` will be installed. ```bash git clone git@github.com:tofuutils/pre-commit-opentofu.git @@ -173,6 +172,28 @@ curl -L "$(curl -s https://api.github.com/repos/minamijoyo/hcledit/releases/late
+
Ubuntu 22.04
+ +```bash +sudo apt update +sudo apt install -y unzip software-properties-common python3 python3-pip +python3 -m pip install --upgrade pip +pip3 install --no-cache-dir pre-commit +pip3 install --no-cache-dir checkov +curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E -m 1 "https://.+?-linux-amd64.tar.gz")" > terraform-docs.tgz && tar -xzf terraform-docs.tgz terraform-docs && rm terraform-docs.tgz && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ +curl -L "$(curl -s https://api.github.com/repos/tenable/terrascan/releases/latest | grep -o -E -m 1 "https://.+?_Linux_x86_64.tar.gz")" > terrascan.tar.gz && tar -xzf terrascan.tar.gz terrascan && rm terrascan.tar.gz && sudo mv terrascan /usr/bin/ && terrascan init +curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E -m 1 "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ +curl -L "$(curl -s https://api.github.com/repos/aquasecurity/tfsec/releases/latest | grep -o -E -m 1 "https://.+?tfsec-linux-amd64")" > tfsec && chmod +x tfsec && sudo mv tfsec /usr/bin/ +curl -L "$(curl -s https://api.github.com/repos/aquasecurity/trivy/releases/latest | grep -o -E -i -m 1 "https://.+?/trivy_.+?_Linux-64bit.tar.gz")" > trivy.tar.gz && tar -xzf trivy.tar.gz trivy && rm trivy.tar.gz && sudo mv trivy /usr/bin +sudo apt install -y jq && \ +curl -L "$(curl -s https://api.github.com/repos/infracost/infracost/releases/latest | grep -o -E -m 1 "https://.+?-linux-amd64.tar.gz")" > infracost.tgz && tar -xzf infracost.tgz && rm infracost.tgz && sudo mv infracost-linux-amd64 /usr/bin/infracost && infracost register +curl -L "$(curl -s https://api.github.com/repos/minamijoyo/tfupdate/releases/latest | grep -o -E -m 1 "https://.+?_linux_amd64.tar.gz")" > tfupdate.tar.gz && tar -xzf tfupdate.tar.gz tfupdate && rm tfupdate.tar.gz && sudo mv tfupdate /usr/bin/ +curl -L "$(curl -s https://api.github.com/repos/minamijoyo/hcledit/releases/latest | grep -o -E -m 1 "https://.+?_linux_amd64.tar.gz")" > hcledit.tar.gz && tar -xzf hcledit.tar.gz hcledit && rm hcledit.tar.gz && sudo mv hcledit /usr/bin/ +``` + +
+ +
Windows 10/11 We highly recommend using [WSL/WSL2](https://docs.microsoft.com/en-us/windows/wsl/install) with Ubuntu and following the Ubuntu installation guide. Or use Docker. @@ -247,16 +268,16 @@ docker run --rm --entrypoint cat ghcr.io/tofuutils/pre-commit-opentofu:$TAG /usr ## Available Hooks -There are several [pre-commit](https://pre-commit.com/) hooks to keep Terraform configurations (both `*.tf` and `*.tfvars`) and Terragrunt configurations (`*.hcl`) in a good shape: +There are several [pre-commit](https://pre-commit.com/) hooks to keep OpenTofu configurations (both `*.tf` and `*.tfvars`) and Terragrunt configurations (`*.hcl`) in a good shape: | Hook name | Description | Dependencies
[Install instructions here](#1-install-dependencies) | | ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ | | `checkov` and `tofu_checkov` | [checkov](https://github.com/bridgecrewio/checkov) static analysis of OpenTofu templates to spot potential security issues. [Hook notes](#checkov-deprecated-and-tofu_checkov) | `checkov`
Ubuntu deps: `python3`, `python3-pip` | | `infracost_breakdown` | Check how much your infra costs with [infracost](https://github.com/infracost/infracost). [Hook notes](#infracost_breakdown) | `infracost`, `jq`, [Infracost API key](https://www.infracost.io/docs/#2-get-api-key) | -| `terraform_docs` | Inserts input and output documentation into `README.md`. Recommended. [Hook notes](#terraform_docs) | `terraform-docs` | +| `tofu_docs` | Inserts input and output documentation into `README.md`. Recommended. [Hook notes](#terraform_docs) | `terraform-docs` | | `terraform_docs_replace` | Runs `terraform-docs` and pipes the output directly to README.md. **DEPRECATED**, see [#248](https://github.com/tofuutils/pre-commit-opentofu/issues/248). [Hook notes](#terraform_docs_replace-deprecated) | `python3`, `terraform-docs` | -| `terraform_docs_without_`
`aggregate_type_defaults` | Inserts input and output documentation into `README.md` without aggregate type defaults. Hook notes same as for [terraform_docs](#terraform_docs) | `terraform-docs` | +| `terraform_docs_without_`
`aggregate_type_defaults` | Inserts input and output documentation into `README.md` without aggregate type defaults. Hook notes same as for [tofu_docs](#terraform_docs) | `terraform-docs` | | `terraform_fmt` | Reformat all Terraform configuration files to a canonical format. [Hook notes](#terraform_fmt) | - | | `terraform_providers_lock` | Updates provider signatures in [dependency lock files](https://www.terraform.io/docs/cli/commands/providers/lock.html). [Hook notes](#terraform_providers_lock) | - | | `terraform_tflint` | Validates all Terraform configuration files with [TFLint](https://github.com/terraform-linters/tflint). [Available TFLint rules](https://github.com/terraform-linters/tflint/tree/master/docs/rules#rules). [Hook notes](#terraform_tflint). | `tflint` | From b137a0f5c876f1a89d87284ae0883a9f4f17ffa0 Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Sun, 21 Jan 2024 21:11:37 +0100 Subject: [PATCH 02/33] fix: docs --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e78bb72..ee57a69 100644 --- a/README.md +++ b/README.md @@ -277,11 +277,11 @@ There are several [pre-commit](https://pre-commit.com/) hooks to keep OpenTofu c | `infracost_breakdown` | Check how much your infra costs with [infracost](https://github.com/infracost/infracost). [Hook notes](#infracost_breakdown) | `infracost`, `jq`, [Infracost API key](https://www.infracost.io/docs/#2-get-api-key) | | `tofu_docs` | Inserts input and output documentation into `README.md`. Recommended. [Hook notes](#terraform_docs) | `terraform-docs` | | `terraform_docs_replace` | Runs `terraform-docs` and pipes the output directly to README.md. **DEPRECATED**, see [#248](https://github.com/tofuutils/pre-commit-opentofu/issues/248). [Hook notes](#terraform_docs_replace-deprecated) | `python3`, `terraform-docs` | -| `terraform_docs_without_`
`aggregate_type_defaults` | Inserts input and output documentation into `README.md` without aggregate type defaults. Hook notes same as for [tofu_docs](#terraform_docs) | `terraform-docs` | -| `terraform_fmt` | Reformat all Terraform configuration files to a canonical format. [Hook notes](#terraform_fmt) | - | -| `terraform_providers_lock` | Updates provider signatures in [dependency lock files](https://www.terraform.io/docs/cli/commands/providers/lock.html). [Hook notes](#terraform_providers_lock) | - | -| `terraform_tflint` | Validates all Terraform configuration files with [TFLint](https://github.com/terraform-linters/tflint). [Available TFLint rules](https://github.com/terraform-linters/tflint/tree/master/docs/rules#rules). [Hook notes](#terraform_tflint). | `tflint` | -| `terraform_tfsec` | [TFSec](https://github.com/aquasecurity/tfsec) static analysis of terraform templates to spot potential security issues. **DEPRECATED**, use `tofu_trivy`. [Hook notes](#terraform_tfsec-deprecated) | `tfsec` | +| `terraform_docs_without_`
`aggregate_type_defaults` | Inserts input and output documentation into `README.md` without aggregate type defaults. Hook notes same as for [tofu_docs](#terraform_docs) | `tofu-docs` | +| `tofu_fmt` | Reformat all OpenTofu configuration files to a canonical format. [Hook notes](#terraform_fmt) | - | +| `tofu_providers_lock` | Updates provider signatures in [dependency lock files](https://www.terraform.io/docs/cli/commands/providers/lock.html). [Hook notes](#terraform_providers_lock) | - | +| `tofu_tflint` | Validates all OpenTofu configuration files with [TFLint](https://github.com/terraform-linters/tflint). [Available TFLint rules](https://github.com/terraform-linters/tflint/tree/master/docs/rules#rules). [Hook notes](#terraform_tflint). | `tflint` | +| `tofu_tfsec` | [TFSec](https://github.com/aquasecurity/tfsec) static analysis of terraform templates to spot potential security issues. **DEPRECATED**, use `tofu_trivy`. [Hook notes](#terraform_tfsec-deprecated) | `tfsec` | | `terraform_trivy` | [Trivy](https://github.com/aquasecurity/trivy) static analysis of terraform templates to spot potential security issues. [Hook notes](#terraform_trivy) | `trivy` | | `tofu_validate` | Validates all Terraform configuration files. [Hook notes](#tofu_validate) | `jq`, only for `--retry-once-with-cleanup` flag | | `terragrunt_fmt` | Reformat all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) to a canonical format. | `terragrunt` | From 65ac74a0fd483b19b93293918c088067a9979e6d Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Sun, 21 Jan 2024 21:19:16 +0100 Subject: [PATCH 03/33] fix: docs --- README.md | 24 ++++++++++++------------ hooks/tofu_providers_lock.sh | 2 +- hooks/tofu_tfsec.sh | 2 +- hooks/tofu_validate.sh | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index ee57a69..1cd4a21 100644 --- a/README.md +++ b/README.md @@ -276,19 +276,19 @@ There are several [pre-commit](https://pre-commit.com/) hooks to keep OpenTofu c | `checkov` and `tofu_checkov` | [checkov](https://github.com/bridgecrewio/checkov) static analysis of OpenTofu templates to spot potential security issues. [Hook notes](#checkov-deprecated-and-tofu_checkov) | `checkov`
Ubuntu deps: `python3`, `python3-pip` | | `infracost_breakdown` | Check how much your infra costs with [infracost](https://github.com/infracost/infracost). [Hook notes](#infracost_breakdown) | `infracost`, `jq`, [Infracost API key](https://www.infracost.io/docs/#2-get-api-key) | | `tofu_docs` | Inserts input and output documentation into `README.md`. Recommended. [Hook notes](#terraform_docs) | `terraform-docs` | -| `terraform_docs_replace` | Runs `terraform-docs` and pipes the output directly to README.md. **DEPRECATED**, see [#248](https://github.com/tofuutils/pre-commit-opentofu/issues/248). [Hook notes](#terraform_docs_replace-deprecated) | `python3`, `terraform-docs` | -| `terraform_docs_without_`
`aggregate_type_defaults` | Inserts input and output documentation into `README.md` without aggregate type defaults. Hook notes same as for [tofu_docs](#terraform_docs) | `tofu-docs` | +| `tofu_docs_replace` | Runs `terraform-docs` and pipes the output directly to README.md. **DEPRECATED**. [Hook notes](#terraform_docs_replace-deprecated) | `python3`, `terraform-docs` | +| `tofu_docs_without_`
`aggregate_type_defaults` | Inserts input and output documentation into `README.md` without aggregate type defaults. Hook notes same as for [tofu_docs](#terraform_docs) | `tofu-docs` | | `tofu_fmt` | Reformat all OpenTofu configuration files to a canonical format. [Hook notes](#terraform_fmt) | - | | `tofu_providers_lock` | Updates provider signatures in [dependency lock files](https://www.terraform.io/docs/cli/commands/providers/lock.html). [Hook notes](#terraform_providers_lock) | - | | `tofu_tflint` | Validates all OpenTofu configuration files with [TFLint](https://github.com/terraform-linters/tflint). [Available TFLint rules](https://github.com/terraform-linters/tflint/tree/master/docs/rules#rules). [Hook notes](#terraform_tflint). | `tflint` | | `tofu_tfsec` | [TFSec](https://github.com/aquasecurity/tfsec) static analysis of terraform templates to spot potential security issues. **DEPRECATED**, use `tofu_trivy`. [Hook notes](#terraform_tfsec-deprecated) | `tfsec` | -| `terraform_trivy` | [Trivy](https://github.com/aquasecurity/trivy) static analysis of terraform templates to spot potential security issues. [Hook notes](#terraform_trivy) | `trivy` | +| `tofu_trivy` | [Trivy](https://github.com/aquasecurity/trivy) static analysis of terraform templates to spot potential security issues. [Hook notes](#terraform_trivy) | `trivy` | | `tofu_validate` | Validates all Terraform configuration files. [Hook notes](#tofu_validate) | `jq`, only for `--retry-once-with-cleanup` flag | | `terragrunt_fmt` | Reformat all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) to a canonical format. | `terragrunt` | | `terragrunt_validate` | Validates all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) | `terragrunt` | | `tofu_wrapper_module_for_each` | Generates OpenTofu wrappers with `for_each` in module. [Hook notes](#terraform_wrapper_module_for_each) | `hcledit` | | `terrascan` | [terrascan](https://github.com/tenable/terrascan) Detect compliance and security violations. [Hook notes](#terrascan) | `terrascan` | -| `tfupdate` | [tfupdate](https://github.com/minamijoyo/tfupdate) Update version constraints of Terraform core, providers, and modules. [Hook notes](#tfupdate) | `tfupdate` | +| `tfupdate` | [tfupdate](https://github.com/minamijoyo/tfupdate) Update version constraints of OpenTofu core, providers, and modules. [Hook notes](#tfupdate) | `tfupdate` | Check the [source file](https://github.com/tofuutils/pre-commit-opentofu/blob/master/.pre-commit-hooks.yaml) to know arguments used for each hook. @@ -297,7 +297,7 @@ Check the [source file](https://github.com/tofuutils/pre-commit-opentofu/blob/ma ### Known limitations -OpenTOfu operates on a per-dir basis, while `pre-commit` framework only supports files and files that exist. This means if you only remove the TF-related file without any other changes in the same dir, checks will be skipped. Example and details [here](https://github.com/pre-commit/pre-commit/issues/3048). +OpenTofu operates on a per-dir basis, while `pre-commit` framework only supports files and files that exist. This means if you only remove the TF-related file without any other changes in the same dir, checks will be skipped. Example and details [here](https://github.com/pre-commit/pre-commit/issues/3048). ### All hooks: Usage of environment variables in `--args` @@ -371,17 +371,17 @@ For deprecated hook you need to specify each argument separately: ] ``` -2. When you have multiple directories and want to run `terraform_checkov` in all of them and share a single config file - use the `__GIT_WORKING_DIR__` placeholder. It will be replaced by `terraform_checkov` hooks with the Git working directory (repo root) at run time. For example: +2. When you have multiple directories and want to run `tofu_checkov` in all of them and share a single config file - use the `__GIT_WORKING_DIR__` placeholder. It will be replaced by `tofu_checkov` hooks with the Git working directory (repo root) at run time. For example: ```yaml - - id: terraform_checkov + - id: tofu_checkov args: - --args=--config-file __GIT_WORKING_DIR__/.checkov.yml ``` ### infracost_breakdown -`infracost_breakdown` executes `infracost breakdown` command and compare the estimated costs with those specified in the hook-config. `infracost breakdown` parses Terraform HCL code, and calls Infracost Cloud Pricing API (remote version or [self-hosted version](https://www.infracost.io/docs/cloud_pricing_api/self_hosted)). +`infracost_breakdown` executes `infracost breakdown` command and compare the estimated costs with those specified in the hook-config. `infracost breakdown` parses OpenTofu HCL code, and calls Infracost Cloud Pricing API (remote version or [self-hosted version](https://www.infracost.io/docs/cloud_pricing_api/self_hosted)). Unlike most other hooks, this hook triggers once if there are any changed files in the repository. @@ -471,9 +471,9 @@ Unlike most other hooks, this hook triggers once if there are any changed files * You need to provide [Infracost API key](https://www.infracost.io/docs/integrations/environment_variables/#infracost_api_key) via `-e INFRACOST_API_KEY=`. By default, it is saved in `~/.config/infracost/credentials.yml` * Set `-e INFRACOST_SKIP_UPDATE_CHECK=true` to [skip the Infracost update check](https://www.infracost.io/docs/integrations/environment_variables/#infracost_skip_update_check) if you use this hook as part of your CI/CD pipeline. -### terraform_docs +### tofu_docs -1. `tofu_docs` and `terraform_docs_without_aggregate_type_defaults` will insert/update documentation generated by [terraform-docs](https://github.com/terraform-docs/terraform-docs) framed by markers: +1. `tofu_docs` and `tofu_docs_without_aggregate_type_defaults` will insert/update documentation generated by [terraform-docs](https://github.com/terraform-docs/terraform-docs) framed by markers: ```txt @@ -689,7 +689,7 @@ To replicate functionality in `tofu_docs` hook: - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl ``` -3. By default, pre-commit-opentofu performs directory switching into the terraform modules for you. If you want to delgate the directory changing to the binary - this will allow tflint to determine the full paths for error/warning messages, rather than just module relative paths. *Note: this requires `tflint>=0.44.0`.* For example: +3. By default, pre-commit-opentofu performs directory switching into the OpenTofu modules for you. If you want to delgate the directory changing to the binary - this will allow tflint to determine the full paths for error/warning messages, rather than just module relative paths. *Note: this requires `tflint>=0.44.0`.* For example: ```yaml - id: tofu_tflint @@ -861,7 +861,7 @@ To replicate functionality in `tofu_docs` hook: **Warning**: If you use OpenTofu workspaces, DO NOT use this option ([details](https://github.com/tofuutils/pre-commit-opentofu/issues/203#issuecomment-918791847)). Consider the first option, or wait for [`force-init`](https://github.com/tofuutils/pre-commit-opentofu/issues/224) option implementation. -4. `tofu_validate` in a repo with TerrOpenTofuaform module, written using OpenTofu 1.6.0+ and which uses provider `configuration_aliases` ([Provider Aliases Within Modules](https://www.terraform.io/language/modules/develop/providers#provider-aliases-within-modules)), errors out. +4. `tofu_validate` in a repo with OpenTofu module, written using OpenTofu 1.6.0+ and which uses provider `configuration_aliases` ([Provider Aliases Within Modules](https://www.terraform.io/language/modules/develop/providers#provider-aliases-within-modules)), errors out. When running the hook against OpenTofu code where you have provider `configuration_aliases` defined in a `required_providers` configuration block, OpenTofu will throw an error like: diff --git a/hooks/tofu_providers_lock.sh b/hooks/tofu_providers_lock.sh index c1015e1..666400b 100755 --- a/hooks/tofu_providers_lock.sh +++ b/hooks/tofu_providers_lock.sh @@ -134,7 +134,7 @@ function per_dir_hook_unique_part { # TODO: Remove in 2.0 if [ ! "$mode" ]; then common::colorify "yellow" "DEPRECATION NOTICE: We introduced '--mode' flag for this hook. -Check migration instructions at https://github.com/tofuutils/pre-commit-opentofu#terraform_providers_lock +Check migration instructions at https://github.com/tofuutils/pre-commit-opentofu#tofu_providers_lock " common::tofu_init 'OpenTofu providers lock' "$dir_path" || { exit_code=$? diff --git a/hooks/tofu_tfsec.sh b/hooks/tofu_tfsec.sh index 3ae742c..0d26156 100755 --- a/hooks/tofu_tfsec.sh +++ b/hooks/tofu_tfsec.sh @@ -23,7 +23,7 @@ function main { fi common::colorify "yellow" "tfsec tool was deprecated, and replaced by trivy. You can check trivy hook here:" - common::colorify "yellow" "https://github.com/tofuutils/pre-commit-opentofu/tree/master#terraform_trivy" + common::colorify "yellow" "https://github.com/tofuutils/pre-commit-opentofu/tree/master#tofu_trivy" common::per_dir_hook "$HOOK_ID" "${#ARGS[@]}" "${ARGS[@]}" "${FILES[@]}" } diff --git a/hooks/tofu_validate.sh b/hooks/tofu_validate.sh index 0827b9f..3999b9f 100755 --- a/hooks/tofu_validate.sh +++ b/hooks/tofu_validate.sh @@ -111,7 +111,7 @@ function per_dir_hook_unique_part { esac done - # First try `terratofuform validate` with the hope that all deps are + # First try `tofu validate` with the hope that all deps are # pre-installed. That is needed for cases when `.terraform/modules` # or `.terraform/providers` missed AND that is expected. tofu validate "${args[@]}" &> /dev/null && { From 3c7a432c3a9661324f28ff49cb5155f4d3723ef4 Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Thu, 7 Mar 2024 14:03:48 +0200 Subject: [PATCH 04/33] fix: issues with CI --- .github/.container-structure-test-config.yaml | 2 +- .github/.dive-ci.yaml | 13 ------------- .github/CODEOWNERS | 2 +- .github/ISSUE_TEMPLATE/custom.md | 0 .github/workflows/release.yml | 2 +- 5 files changed, 3 insertions(+), 16 deletions(-) delete mode 100644 .github/.dive-ci.yaml create mode 100644 .github/ISSUE_TEMPLATE/custom.md diff --git a/.github/.container-structure-test-config.yaml b/.github/.container-structure-test-config.yaml index c06624f..a84ccf7 100644 --- a/.github/.container-structure-test-config.yaml +++ b/.github/.container-structure-test-config.yaml @@ -11,7 +11,7 @@ commandTests: expectedOutput: ["^pre-commit ([0-9]+\\.){2}[0-9]+\\n$"] - name: "tofu" - command: "terrtofuaform" + command: "tofu" args: ["-version"] expectedOutput: ["^OpenTofu v([0-9]+\\.){2}[0-9]+\\non linux_amd64\\n$"] diff --git a/.github/.dive-ci.yaml b/.github/.dive-ci.yaml deleted file mode 100644 index 3c526cd..0000000 --- a/.github/.dive-ci.yaml +++ /dev/null @@ -1,13 +0,0 @@ -rules: - # If the efficiency is measured below X%, mark as failed. - # Expressed as a ratio between 0-1. - lowestEfficiency: 0.981 - - # If the amount of wasted space is at least X or larger than X, mark as failed. - # Expressed in B, KB, MB, and GB. - highestWastedBytes: 32MB - - # If the amount of wasted space makes up for X% or more of the image, mark as failed. - # Note: the base image layer is NOT included in the total image size. - # Expressed as a ratio between 0-1; fails if the threshold is met or crossed. - highestUserWastedPercent: 0.036 diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e8de356..80824bc 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -* @maxymvlasov @yermulnik +* @Nmishin @anastasiiakozlova245 @kvendingoldo diff --git a/.github/ISSUE_TEMPLATE/custom.md b/.github/ISSUE_TEMPLATE/custom.md new file mode 100644 index 0000000..e69de29 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 99ed765..4aa0df1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,7 +4,7 @@ on: workflow_dispatch: push: branches: - - master + - main paths: - '**/*.py' - '**/*.sh' From 65b197c841dc10aa772c7fc2594a213a9158d2f4 Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Thu, 7 Mar 2024 14:09:39 +0200 Subject: [PATCH 05/33] fix: dockerfile --- Dockerfile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0084c13..0f7426d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,18 +14,18 @@ RUN apk add --no-cache \ setuptools ARG PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION:-latest} -ARG TOFU_VERSION=${TOFU_VERSION:-latest} +ARG TOFU_VERSION=${TOFU_VERSION:-1.6.1} # Install pre-commit RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-commit \ || pip3 install --no-cache-dir pre-commit==${PRE_COMMIT_VERSION} -# TODO Install OpenTofu because pre-commit needs it -RUN if [ "${TOFU_VERSION}" = "latest" ]; then \ - TOFU_VERSION="$(curl -s https://api.github.com/repos/hashicorp/terraform/releases/latest | grep tag_name | grep -o -E -m 1 "[0-9.]+")" \ - ; fi && \ - curl -L "https://releases.hashicorp.com/terraform/${TOFU_VERSION}/terraform_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" > terraform.zip && \ - unzip terraform.zip terraform && rm terraform.zip + +RUN curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ + && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \ + && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ + && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ + && mv tofu /usr/bin/tofu # # Install tools From 650713c08836af89965fcd8d060b64de01197109 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 7 Mar 2024 12:21:12 +0000 Subject: [PATCH 06/33] chore(release): version 1.0.1 [skip ci] ## [1.0.1](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.0...v1.0.1) (2024-03-07) ### Bug Fixes * dockerfile ([65b197c](https://github.com/tofuutils/pre-commit-opentofu/commit/65b197c841dc10aa772c7fc2594a213a9158d2f4)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e64c70..8febd9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [1.0.1](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.0...v1.0.1) (2024-03-07) + + +### Bug Fixes + +* dockerfile ([65b197c](https://github.com/tofuutils/pre-commit-opentofu/commit/65b197c841dc10aa772c7fc2594a213a9158d2f4)) + # [1.0.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.0) (2023-12-21) From 97cba7a646996c7cae3719f1b6241d47da5882d9 Mon Sep 17 00:00:00 2001 From: bmelbourne Date: Fri, 8 Mar 2024 09:23:05 +0000 Subject: [PATCH 07/33] fix: remove obsolete terraform checks and awk file hack Signed-off-by: bmelbourne --- hooks/tofu_docs.sh | 232 ++------------------------------------------- 1 file changed, 10 insertions(+), 222 deletions(-) diff --git a/hooks/tofu_docs.sh b/hooks/tofu_docs.sh index 308b26f..b7c9e30 100755 --- a/hooks/tofu_docs.sh +++ b/hooks/tofu_docs.sh @@ -26,18 +26,17 @@ function main { ARGS[i]=${ARGS[i]/--config=/--config=$(pwd)\/} done # shellcheck disable=SC2153 # False positive - terraform_docs_ "${HOOK_CONFIG[*]}" "${ARGS[*]}" "${FILES[@]}" + tofu_check_ "${HOOK_CONFIG[*]}" "${ARGS[*]}" "${FILES[@]}" } ####################################################################### -# TODO Function which prepares hacks for old versions of `terraform` and -# `terraform-docs` that them call `terraform_docs` +# TODO Function which checks `terraform-docs` exists # Arguments: # hook_config (string with array) arguments that configure hook behavior # args (string with array) arguments that configure wrapped tool behavior # files (array) filenames to check ####################################################################### -function tofu_docs_ { +function tofu_check_ { local -r hook_config="$1" local -r args="$2" shift 2 @@ -46,40 +45,12 @@ function tofu_docs_ { # Get hook settings IFS=";" read -r -a configs <<< "$hook_config" - local hack_tofu_docs - hack_terraform_docs=$(tofu version | sed -n 1p | grep -c 0.12) || true - if [[ ! $(command -v terraform-docs) ]]; then - echo "ERROR: terraform-docs is required by terraform_docs pre-commit hook but is not installed or in the system's PATH." + echo "ERROR: terraform-docs is required by tofu_docs pre-commit hook but is not installed or in the system's PATH." exit 1 fi - local is_old_terraform_docs - is_old_terraform_docs=$(terraform-docs version | grep -o "v0.[1-7]\." | tail -1) || true - - if [[ -z "$is_old_terraform_docs" ]]; then # Using terraform-docs 0.8+ (preferred) - - terraform_docs "0" "${configs[*]}" "$args" "${files[@]}" - - elif [[ "$hack_terraform_docs" == "1" ]]; then # Using awk script because terraform-docs is older than 0.8 and terraform 0.12 is used - - if [[ ! $(command -v awk) ]]; then - # TODO: pls check it - echo "ERROR: awk is required for terraform-docs hack to work with Terraform 0.12." - exit 1 - fi - - local tmp_file_awk - tmp_file_awk=$(mktemp "${TMPDIR:-/tmp}/tofu-docs-XXXXXXXXXX") - tofu_docs_awk "$tmp_file_awk" - tofu_docs "$tmp_file_awk" "${configs[*]}" "$args" "${files[@]}" - rm -f "$tmp_file_awk" - - else # Using terraform 0.11 and no awk script is needed for that - # TODO: should be deleted for OpenTofu. - tofu_docs "0" "${configs[*]}" "$args" "${files[@]}" - - fi + tofu_docs "${configs[*]}" "${args[*]}" "${files[@]}" } ####################################################################### @@ -87,18 +58,14 @@ function tofu_docs_ { # (depends on provided hook_config) OpenTofu documentation in # markdown format # Arguments: -# terraform_docs_awk_file (string) filename where awk hack for old -# `terraform-docs` was written. Needed for TF 0.12+. -# Hack skipped when `tofu_docs_awk_file == "0"` # hook_config (string with array) arguments that configure hook behavior # args (string with array) arguments that configure wrapped tool behavior # files (array) filenames to check ####################################################################### function tofu_docs { - local -r tofu_docs_awk_file="$1" - local -r hook_config="$2" - local args="$3" - shift 3 + local -r hook_config="$1" + local -r args="$2" + shift 2 local -a -r files=("$@") local -a paths @@ -224,22 +191,8 @@ function tofu_docs { fi fi - if [[ "$terraform_docs_awk_file" == "0" ]]; then - # shellcheck disable=SC2086 - terraform-docs $tf_docs_formatter $args ./ > "$tmp_file" - else - # Can't append extension for mktemp, so renaming instead - local tmp_file_docs - tmp_file_docs=$(mktemp "${TMPDIR:-/tmp}/tofu-docs-XXXXXXXXXX") - mv "$tmp_file_docs" "$tmp_file_docs.tf" - local tmp_file_docs_tf - tmp_file_docs_tf="$tmp_file_docs.tf" - - awk -f "$terraform_docs_awk_file" ./*.tf > "$tmp_file_docs_tf" - # shellcheck disable=SC2086 - terraform-docs $tf_docs_formatter $args "$tmp_file_docs_tf" > "$tmp_file" - rm -f "$tmp_file_docs_tf" - fi + # shellcheck disable=SC2086 + terraform-docs $tf_docs_formatter $args ./ > "$tmp_file" # Use of insertion markers to insert the terraform-docs output between the markers # Replace content between markers with the placeholder - https://stackoverflow.com/questions/1212799/how-do-i-extract-lines-between-two-line-delimiters-in-perl#1212834 @@ -258,169 +211,4 @@ function tofu_docs { rm -f "$config_file_no_color" } -####################################################################### -# Function which creates file with `awk` hacks for old versions of -# `terraform-docs` -# Arguments: -# output_file (string) filename where hack will be written to -####################################################################### -function tofu_docs_awk { - local -r output_file=$1 - - cat << "EOF" > "$output_file" -# This script converts Terraform 0.12 variables/outputs to something suitable for `terraform-docs` -# As of terraform-docs v0.6.0, HCL2 is not supported. This script is a *dirty hack* to get around it. -# https://github.com/terraform-docs/terraform-docs/ -# https://github.com/terraform-docs/terraform-docs/issues/62 -# Script was originally found here: https://github.com/cloudposse/build-harness/blob/master/bin/terraform-docs.awk -{ - if ( $0 ~ /\{/ ) { - braceCnt++ - } - if ( $0 ~ /\}/ ) { - braceCnt-- - } - # ---------------------------------------------------------------------------------------------- - # variable|output "..." { - # ---------------------------------------------------------------------------------------------- - # [END] variable/output block - if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) { - if (braceCnt == 0 && blockCnt > 0) { - blockCnt-- - print $0 - } - } - # [START] variable or output block started - if ($0 ~ /^[[:space:]]*(variable|output)[[:space:]][[:space:]]*"(.*?)"/) { - # Normalize the braceCnt and block (should be 1 now) - braceCnt = 1 - blockCnt = 1 - # [CLOSE] "default" and "type" block - blockDefaultCnt = 0 - blockTypeCnt = 0 - # Print variable|output line - print $0 - } - # ---------------------------------------------------------------------------------------------- - # default = ... - # ---------------------------------------------------------------------------------------------- - # [END] multiline "default" continues/ends - if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt > 0) { - print $0 - # Count opening blocks - blockDefaultCnt += gsub(/\(/, "") - blockDefaultCnt += gsub(/\[/, "") - blockDefaultCnt += gsub(/\{/, "") - # Count closing blocks - blockDefaultCnt -= gsub(/\)/, "") - blockDefaultCnt -= gsub(/\]/, "") - blockDefaultCnt -= gsub(/\}/, "") - } - # [START] multiline "default" statement started - if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) { - if ($0 ~ /^[[:space:]][[:space:]]*(default)[[:space:]][[:space:]]*=/) { - if ($3 ~ "null") { - print " default = \"null\"" - } else { - print $0 - # Count opening blocks - blockDefaultCnt += gsub(/\(/, "") - blockDefaultCnt += gsub(/\[/, "") - blockDefaultCnt += gsub(/\{/, "") - # Count closing blocks - blockDefaultCnt -= gsub(/\)/, "") - blockDefaultCnt -= gsub(/\]/, "") - blockDefaultCnt -= gsub(/\}/, "") - } - } - } - # ---------------------------------------------------------------------------------------------- - # type = ... - # ---------------------------------------------------------------------------------------------- - # [END] multiline "type" continues/ends - if (blockCnt > 0 && blockTypeCnt > 0 && blockDefaultCnt == 0) { - # The following 'print $0' would print multiline type definitions - #print $0 - # Count opening blocks - blockTypeCnt += gsub(/\(/, "") - blockTypeCnt += gsub(/\[/, "") - blockTypeCnt += gsub(/\{/, "") - # Count closing blocks - blockTypeCnt -= gsub(/\)/, "") - blockTypeCnt -= gsub(/\]/, "") - blockTypeCnt -= gsub(/\}/, "") - } - # [START] multiline "type" statement started - if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) { - if ($0 ~ /^[[:space:]][[:space:]]*(type)[[:space:]][[:space:]]*=/ ) { - if ($3 ~ "object") { - print " type = \"object\"" - } else { - # Convert multiline stuff into single line - if ($3 ~ /^[[:space:]]*list[[:space:]]*\([[:space:]]*$/) { - type = "list" - } else if ($3 ~ /^[[:space:]]*string[[:space:]]*\([[:space:]]*$/) { - type = "string" - } else if ($3 ~ /^[[:space:]]*map[[:space:]]*\([[:space:]]*$/) { - type = "map" - } else { - type = $3 - } - # legacy quoted types: "string", "list", and "map" - if (type ~ /^[[:space:]]*"(.*?)"[[:space:]]*$/) { - print " type = " type - } else { - print " type = \"" type "\"" - } - } - # Count opening blocks - blockTypeCnt += gsub(/\(/, "") - blockTypeCnt += gsub(/\[/, "") - blockTypeCnt += gsub(/\{/, "") - # Count closing blocks - blockTypeCnt -= gsub(/\)/, "") - blockTypeCnt -= gsub(/\]/, "") - blockTypeCnt -= gsub(/\}/, "") - } - } - # ---------------------------------------------------------------------------------------------- - # description = ... - # ---------------------------------------------------------------------------------------------- - # [PRINT] single line "description" - if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) { - if ($0 ~ /^[[:space:]][[:space:]]*description[[:space:]][[:space:]]*=/) { - print $0 - } - } - # ---------------------------------------------------------------------------------------------- - # value = ... - # ---------------------------------------------------------------------------------------------- - ## [PRINT] single line "value" - #if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) { - # if ($0 ~ /^[[:space:]][[:space:]]*value[[:space:]][[:space:]]*=/) { - # print $0 - # } - #} - # ---------------------------------------------------------------------------------------------- - # Newlines, comments, everything else - # ---------------------------------------------------------------------------------------------- - #if (blockTypeCnt == 0 && blockDefaultCnt == 0) { - # Comments with '#' - if ($0 ~ /^[[:space:]]*#/) { - print $0 - } - # Comments with '//' - if ($0 ~ /^[[:space:]]*\/\//) { - print $0 - } - # Newlines - if ($0 ~ /^[[:space:]]*$/) { - print $0 - } - #} -} -EOF - -} - [ "${BASH_SOURCE[0]}" != "$0" ] || main "$@" From 061cc7c398ad971aa4554fbf7ed12aaa4a9a8118 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 8 Mar 2024 13:00:34 +0000 Subject: [PATCH 08/33] chore(release): version 1.0.2 [skip ci] ## [1.0.2](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.1...v1.0.2) (2024-03-08) ### Bug Fixes * remove obsolete terraform checks and awk file hack ([97cba7a](https://github.com/tofuutils/pre-commit-opentofu/commit/97cba7a646996c7cae3719f1b6241d47da5882d9)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8febd9c..9ff70da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [1.0.2](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.1...v1.0.2) (2024-03-08) + + +### Bug Fixes + +* remove obsolete terraform checks and awk file hack ([97cba7a](https://github.com/tofuutils/pre-commit-opentofu/commit/97cba7a646996c7cae3719f1b6241d47da5882d9)) + ## [1.0.1](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.0...v1.0.1) (2024-03-07) From e723f9027fba5dce487b41ec46ad8b775b562adb Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Fri, 14 Jun 2024 14:50:49 +0300 Subject: [PATCH 09/33] feat: add dockerhub support --- .github/workflows/build-image.yaml | 60 ++++++++++++++++++++++++------ 1 file changed, 48 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index 3f79fb2..629150a 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -13,27 +13,28 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@v4 + - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - - name: Login to GitHub Container Registry - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/setup-buildx-action@v3 + + - name: Login to ghcr.io + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Set tag for image run: | echo IMAGE_TAG=$([ ${{ github.ref_type }} == 'tag' ] && echo ${{ github.ref_name }} || echo 'latest') >> $GITHUB_ENV - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - - - name: Build and Push release + - name: Build and Push release to ghcr.io if: github.event_name != 'schedule' - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@v5 with: context: . build-args: | @@ -48,9 +49,9 @@ jobs: secrets: | "github_token=${{ secrets.GITHUB_TOKEN }}" - - name: Build and Push nightly + - name: Build and Push nightly to ghcr.io if: github.event_name == 'schedule' - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@v5 with: context: . build-args: | @@ -63,3 +64,38 @@ jobs: provenance: false secrets: | "github_token=${{ secrets.GITHUB_TOKEN }}" + + - name: Login to DockerHub Container Registry + uses: docker/login-action@v3 + with: + registry: registry.hub.docker.com + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Build and Push release to DockerHub + if: github.event_name != 'schedule' + uses: docker/build-push-action@v5 + with: + context: . + build-args: | + INSTALL_ALL=true + platforms: linux/amd64,linux/arm64 + push: true + tags: | + tofuutils/pre-commit-opentofu:${{ env.IMAGE_TAG }} + tofuutils/pre-commit-opentofu:latest + provenance: false + + - name: Build and Push nightly to DockerHub + if: github.event_name == 'schedule' + uses: docker/build-push-action@v5 + with: + context: . + build-args: | + INSTALL_ALL=true + platforms: linux/amd64,linux/arm64 + push: true + tags: | + tofuutils/pre-commit-opentofu:nightly + provenance: false + From 0fac59197f2f2cb4bc417917e5adb6ac92a20b7a Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Fri, 14 Jun 2024 14:59:53 +0300 Subject: [PATCH 10/33] fix: dockerhub --- .github/workflows/build-image.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index 629150a..2d0c497 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -82,8 +82,8 @@ jobs: platforms: linux/amd64,linux/arm64 push: true tags: | - tofuutils/pre-commit-opentofu:${{ env.IMAGE_TAG }} - tofuutils/pre-commit-opentofu:latest + registry.hub.docker.com/tofuutils/pre-commit-opentofu:${{ env.IMAGE_TAG }} + registry.hub.docker.com/tofuutils/pre-commit-opentofu:latest provenance: false - name: Build and Push nightly to DockerHub @@ -96,6 +96,6 @@ jobs: platforms: linux/amd64,linux/arm64 push: true tags: | - tofuutils/pre-commit-opentofu:nightly + registry.hub.docker.com/tofuutils/pre-commit-opentofu:nightly provenance: false From f9b71fe08fedd4ceb23ced6fe2171edf24add290 Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Fri, 14 Jun 2024 17:32:43 +0300 Subject: [PATCH 11/33] fix: docker image reference in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1cd4a21..e2d941c 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,7 @@ If you are using `pre-commit-opentofu` already or want to support its developmen ```bash TAG=latest -docker pull ghcr.io/tofuutils/pre-commit-opentofu:$TAG +docker pull tofuutils/pre-commit-opentofu:$TAG ``` All available tags [here](https://github.com/tofuutils/pre-commit-opentofu/pkgs/container/pre-commit-opentofu/versions). From 7b04f0c24940f1642c8f599bfd0794dd46b0b274 Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Fri, 14 Jun 2024 18:49:55 +0300 Subject: [PATCH 12/33] fix: docker image reference in README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e2d941c..73c4bb0 100644 --- a/README.md +++ b/README.md @@ -256,14 +256,14 @@ Or, using Docker ([available tags](https://github.com/tofuutils/pre-commit-opent ```bash TAG=latest -docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:$TAG run -a +docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint tofuutils/pre-commit-opentofu:$TAG run -a ``` Execute this command to list the versions of the tools in Docker: ```bash TAG=latest -docker run --rm --entrypoint cat ghcr.io/tofuutils/pre-commit-opentofu:$TAG /usr/bin/tools_versions_info +docker run --rm --entrypoint cat tofuutils/pre-commit-opentofu:$TAG /usr/bin/tools_versions_info ``` ## Available Hooks @@ -997,7 +997,7 @@ The [recommended command](#4-run) to run the Docker container is: ```bash TAG=latest -docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:$TAG run -a +docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint tofuutils/pre-commit-opentofu:$TAG run -a ``` which uses your current session's user ID and group ID to set the variable in the run command. Without this setting, you may find files and directories owned by `root` in your local repository. @@ -1041,7 +1041,7 @@ Finally, you can execute `docker run` with an additional volume mount so that th # run pre-commit-opentofu with docker # adding volume for .netrc file # .netrc needs to be in /root/ dir -docker run --rm -e "USERID=$(id -u):$(id -g)" -v ~/.netrc:/root/.netrc -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:latest run -a +docker run --rm -e "USERID=$(id -u):$(id -g)" -v ~/.netrc:/root/.netrc -v $(pwd):/lint -w /lint tofuutils/pre-commit-opentofu:latest run -a ``` ## Authors From f146463ac8effcfa441f3f6b21e811095f0da73c Mon Sep 17 00:00:00 2001 From: Nikolai Mishin Date: Sat, 21 Sep 2024 21:36:30 +0200 Subject: [PATCH 13/33] fix: entry for tofu_docs_replace Signed-off-by: Nikolai Mishin --- .pre-commit-hooks.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index d92c532..0dbc918 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -37,7 +37,7 @@ name: OpenTofu docs (overwrite README.md) description: Overwrite content of README.md with terraform-docs. require_serial: true - entry: terraform_docs_replace + entry: hooks/tofu_docs_replace.py language: python files: (\.tf)$ exclude: \.terraform\/.*$ From 1c56b206df0d03c865232e63bfe48f723e24b091 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 21 Sep 2024 20:23:14 +0000 Subject: [PATCH 14/33] chore(release): version 1.0.4 [skip ci] ## [1.0.4](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.3...v1.0.4) (2024-09-21) ### Bug Fixes * docker image reference in README.md ([7b04f0c](https://github.com/tofuutils/pre-commit-opentofu/commit/7b04f0c24940f1642c8f599bfd0794dd46b0b274)) * docker image reference in README.md ([f9b71fe](https://github.com/tofuutils/pre-commit-opentofu/commit/f9b71fe08fedd4ceb23ced6fe2171edf24add290)) * dockerhub ([0fac591](https://github.com/tofuutils/pre-commit-opentofu/commit/0fac59197f2f2cb4bc417917e5adb6ac92a20b7a)) * entry for tofu_docs_replace ([f146463](https://github.com/tofuutils/pre-commit-opentofu/commit/f146463ac8effcfa441f3f6b21e811095f0da73c)) --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9ff70da..995d405 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ All notable changes to this project will be documented in this file. +## [1.0.4](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.3...v1.0.4) (2024-09-21) + + +### Bug Fixes + +* docker image reference in README.md ([7b04f0c](https://github.com/tofuutils/pre-commit-opentofu/commit/7b04f0c24940f1642c8f599bfd0794dd46b0b274)) +* docker image reference in README.md ([f9b71fe](https://github.com/tofuutils/pre-commit-opentofu/commit/f9b71fe08fedd4ceb23ced6fe2171edf24add290)) +* dockerhub ([0fac591](https://github.com/tofuutils/pre-commit-opentofu/commit/0fac59197f2f2cb4bc417917e5adb6ac92a20b7a)) +* entry for tofu_docs_replace ([f146463](https://github.com/tofuutils/pre-commit-opentofu/commit/f146463ac8effcfa441f3f6b21e811095f0da73c)) + ## [1.0.2](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.1...v1.0.2) (2024-03-08) From fc98a63dd8cad6d88444433b37387435507150dc Mon Sep 17 00:00:00 2001 From: SOHAN-cyber <66588130+SOHAN-cyber@users.noreply.github.com> Date: Tue, 24 Sep 2024 21:57:46 +0530 Subject: [PATCH 15/33] Update Dockerfile --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0f7426d..1fd6207 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,8 +24,9 @@ RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-comm RUN curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \ && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ - && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ - && mv tofu /usr/bin/tofu + && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/tofu \ + && rm "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" \ + && rm "tofu_${TOFU_VERSION}_SHA256SUMS" # # Install tools @@ -208,6 +209,7 @@ COPY --from=builder \ /usr/local/bin/pre-commit \ # Hooks and terraform binaries /bin_dir/ \ + /usr/bin/tofu \ /usr/local/bin/checkov* \ /usr/bin/ # Copy pre-commit packages From d2f129a4be155422bf3a06809b81b6cda6e31f07 Mon Sep 17 00:00:00 2001 From: SOHAN-cyber <66588130+SOHAN-cyber@users.noreply.github.com> Date: Tue, 24 Sep 2024 21:59:24 +0530 Subject: [PATCH 16/33] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1fd6207..7444d07 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,7 +24,7 @@ RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-comm RUN curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \ && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ - && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/tofu \ + && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/ \ && rm "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" \ && rm "tofu_${TOFU_VERSION}_SHA256SUMS" From 14fc63eb5b04e3ad1525d06e437b15935841775f Mon Sep 17 00:00:00 2001 From: SOHAN-cyber <66588130+SOHAN-cyber@users.noreply.github.com> Date: Tue, 24 Sep 2024 22:10:26 +0530 Subject: [PATCH 17/33] feat(tofu): add handling for missing tofu binary in Docker image This commit introduces logic to gracefully handle the case when the tofu binary is not found in the Docker image, improving the overall user experience. BREAKING CHANGE: The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes. git commit -m "feat(tofu): add handling for missing tofu binary in Docker image This commit introduces logic to gracefully handle the case when the tofu binary is not found in the Docker image, improving the overall user experience. BREAKING CHANGE: The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes." --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7444d07..39255fc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,6 @@ ARG TOFU_VERSION=${TOFU_VERSION:-1.6.1} RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-commit \ || pip3 install --no-cache-dir pre-commit==${PRE_COMMIT_VERSION} - RUN curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \ && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ From 81b78c8fd708225995ac1568dd2ba5e15770d12e Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 25 Sep 2024 00:39:10 +0000 Subject: [PATCH 18/33] chore(release): version 2.0.0 [skip ci] # [2.0.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.4...v2.0.0) (2024-09-25) ### Features * **tofu:** add handling for missing tofu binary in Docker image This commit introduces logic to gracefully handle the case when the tofu binary is not found in the Docker image, improving the overall user experience. BREAKING CHANGE: The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes. ([14fc63e](https://github.com/tofuutils/pre-commit-opentofu/commit/14fc63eb5b04e3ad1525d06e437b15935841775f)) ### BREAKING CHANGES * **tofu:** The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes." --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 995d405..e02f1ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. +# [2.0.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.4...v2.0.0) (2024-09-25) + + +### Features + +* **tofu:** add handling for missing tofu binary in Docker image This commit introduces logic to gracefully handle the case when the tofu binary is not found in the Docker image, improving the overall user experience. BREAKING CHANGE: The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes. ([14fc63e](https://github.com/tofuutils/pre-commit-opentofu/commit/14fc63eb5b04e3ad1525d06e437b15935841775f)) + + +### BREAKING CHANGES + +* **tofu:** The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes." + ## [1.0.4](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.3...v1.0.4) (2024-09-21) From e059c5859bceddf1ca018f55851f6940ad51f1c2 Mon Sep 17 00:00:00 2001 From: "T. Hinrichsmeyer" Date: Wed, 2 Oct 2024 15:05:21 +0200 Subject: [PATCH 19/33] feat: spport .tofu files (#6) Signed-off-by: T. Hinrichsmeyer --- .pre-commit-hooks.yaml | 41 ++++++++++++++++----------- hooks/tofu_docs.sh | 2 +- hooks/tofu_docs_replace.py | 41 +++++++++++++++++---------- hooks/tofu_wrapper_module_for_each.sh | 4 +-- 4 files changed, 53 insertions(+), 35 deletions(-) diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 0dbc918..c5c5f66 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -4,7 +4,7 @@ entry: hooks/infracost_breakdown.sh language: script require_serial: true - files: \.(tf(vars)?|hcl)$ + files: \.((tf|tofu)(vars)?|hcl)$ exclude: \.terraform\/.*$ - id: tofu_fmt @@ -12,25 +12,29 @@ description: Rewrites all OpenTofu configuration files to a canonical format. entry: hooks/tofu_fmt.sh language: script - files: (\.tf|\.tfvars)$ + files: \.(tf|tofu)(vars)?$ exclude: \.terraform\/.*$ - id: tofu_docs name: OpenTofu docs - description: Inserts input and output documentation into README.md (using terraform-docs). + description: + Inserts input and output documentation into README.md (using + terraform-docs). require_serial: true entry: hooks/tofu_docs.sh language: script - files: (\.tf|\.terraform\.lock\.hcl)$ + files: (\.(tf|tofu)|\.terraform\.lock\.hcl)$ exclude: \.terraform\/.*$ - id: tofu_docs_without_aggregate_type_defaults name: OpenTofu docs (without aggregate type defaults) - description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs. + description: + Inserts input and output documentation into README.md (using + terraform-docs). Identical to terraform_docs. require_serial: true entry: hooks/tofu_docs.sh language: script - files: (\.tf)$ + files: \.(tf|tofu)$ exclude: \.terraform\/.*$ - id: tofu_docs_replace @@ -39,7 +43,7 @@ require_serial: true entry: hooks/tofu_docs_replace.py language: python - files: (\.tf)$ + files: \.(tf|tofu)$ exclude: \.terraform\/.*$ - id: tofu_validate @@ -48,7 +52,7 @@ require_serial: true entry: hooks/tofu_validate.sh language: script - files: (\.tf|\.tfvars)$ + files: \.(tf|tofu)(vars)?$ exclude: \.terraform\/.*$ - id: tofu_providers_lock @@ -66,12 +70,13 @@ require_serial: true entry: hooks/tofu_tflint.sh language: script - files: (\.tf|\.tfvars)$ + files: \.(tf|tofu)(vars)?$ exclude: \.terraform\/.*$ - id: terragrunt_fmt name: Terragrunt fmt - description: Rewrites all Terragrunt configuration files to a canonical format. + description: + Rewrites all Terragrunt configuration files to a canonical format. entry: hooks/terragrunt_fmt.sh language: script files: (\.hcl)$ @@ -87,18 +92,20 @@ - id: tofu_tfsec name: OpenTofu validate with tfsec (deprecated, use "tofu_trivy") - description: Static analysis of OpenTofu templates to spot potential security issues. + description: + Static analysis of OpenTofu templates to spot potential security issues. require_serial: true entry: hooks/tofu_tfsec.sh - files: \.tf(vars)?$ + files: \.(tf|tofu)(vars)?$ language: script - id: tofu_trivy name: OpenTofu validate with trivy - description: Static analysis of OpenTofu templates to spot potential security issues. + description: + Static analysis of OpenTofu templates to spot potential security issues. require_serial: true entry: hooks/tofu_trivy.sh - files: \.tf(vars)?$ + files: \.(tf|tofu)(vars)?$ language: script - id: checkov @@ -118,7 +125,7 @@ entry: hooks/tofu_checkov.sh language: script always_run: false - files: \.tf$ + files: \.(tf|tofu)$ exclude: \.terraform\/.*$ require_serial: true @@ -138,7 +145,7 @@ description: Runs terrascan on OpenTofu templates. language: script entry: hooks/terrascan.sh - files: \.tf$ + files: \.(tf|tofu)$ exclude: \.terraform\/.*$ require_serial: true @@ -149,5 +156,5 @@ entry: hooks/tfupdate.sh args: - --args=terraform - files: \.tf$ + files: \.(tf|tofu)$ require_serial: true diff --git a/hooks/tofu_docs.sh b/hooks/tofu_docs.sh index b7c9e30..8b8d136 100755 --- a/hooks/tofu_docs.sh +++ b/hooks/tofu_docs.sh @@ -155,7 +155,7 @@ function tofu_docs { # if $create_if_not_exist && [[ ! -f "$text_file" ]]; then dir_have_tf_files="$( - find . -maxdepth 1 -type f | sed 's|.*\.||' | sort -u | grep -oE '^tf$|^tfvars$' || + find . -maxdepth 1 -type f | sed 's|.*\.||' | sort -u | grep -oE '^tofu|^tf$|^tfvars$' || exit 0 )" diff --git a/hooks/tofu_docs_replace.py b/hooks/tofu_docs_replace.py index a9cf6c9..26f1d06 100644 --- a/hooks/tofu_docs_replace.py +++ b/hooks/tofu_docs_replace.py @@ -7,30 +7,41 @@ import sys def main(argv=None): parser = argparse.ArgumentParser( description="""Run terraform-docs on a set of files. Follows the standard convention of - pulling the documentation from main.tf in order to replace the entire + pulling the documentation from main.(tf|tofu) in order to replace the entire README.md file each time.""" ) parser.add_argument( - '--dest', dest='dest', default='README.md', + "--dest", + dest="dest", + default="README.md", ) parser.add_argument( - '--sort-inputs-by-required', dest='sort', action='store_true', - help='[deprecated] use --sort-by-required instead', + "--sort-inputs-by-required", + dest="sort", + action="store_true", + help="[deprecated] use --sort-by-required instead", ) parser.add_argument( - '--sort-by-required', dest='sort', action='store_true', + "--sort-by-required", + dest="sort", + action="store_true", ) parser.add_argument( - '--with-aggregate-type-defaults', dest='aggregate', action='store_true', - help='[deprecated]', + "--with-aggregate-type-defaults", + dest="aggregate", + action="store_true", + help="[deprecated]", ) - parser.add_argument('filenames', nargs='*', help='Filenames to check.') + parser.add_argument("filenames", nargs="*", help="Filenames to check.") args = parser.parse_args(argv) dirs = [] for filename in args.filenames: - if (os.path.realpath(filename) not in dirs and - (filename.endswith(".tf") or filename.endswith(".tfvars"))): + if os.path.realpath(filename) not in dirs and ( + filename.endswith(".tf") + or filename.endswith(".tofu") + or filename.endswith(".tfvars") + ): dirs.append(os.path.dirname(filename)) retval = 0 @@ -38,12 +49,12 @@ def main(argv=None): for dir in dirs: try: procArgs = [] - procArgs.append('terraform-docs') + procArgs.append("terraform-docs") if args.sort: - procArgs.append('--sort-by-required') - procArgs.append('md') + procArgs.append("--sort-by-required") + procArgs.append("md") procArgs.append("./{dir}".format(dir=dir)) - procArgs.append('>') + procArgs.append(">") procArgs.append("./{dir}/{dest}".format(dir=dir, dest=args.dest)) subprocess.check_call(" ".join(procArgs), shell=True) except subprocess.CalledProcessError as e: @@ -52,5 +63,5 @@ def main(argv=None): return retval -if __name__ == '__main__': +if __name__ == "__main__": sys.exit(main()) diff --git a/hooks/tofu_wrapper_module_for_each.sh b/hooks/tofu_wrapper_module_for_each.sh index f1a70ef..c87db22 100755 --- a/hooks/tofu_wrapper_module_for_each.sh +++ b/hooks/tofu_wrapper_module_for_each.sh @@ -312,10 +312,10 @@ EOF # Read content of all OpenTofu files # shellcheck disable=SC2207 - all_tf_content=$(find "${full_module_dir}" -name '*.tf' -maxdepth 1 -type f -exec cat {} +) + all_tf_content=$(find "${full_module_dir}" -regex '.*\.(tf|tofu)' -maxdepth 1 -type f -exec cat {} +) if [[ ! $all_tf_content ]]; then - common::colorify "yellow" "Skipping ${full_module_dir} because there are no *.tf files." + common::colorify "yellow" "Skipping ${full_module_dir} because there are no *.(tf|tofu) files." continue fi From 5af24ae7a6d7f043fafc1a5b8387c33f0c521302 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 16 Oct 2024 20:56:03 +0000 Subject: [PATCH 20/33] chore(release): version 2.1.0 [skip ci] # [2.1.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.0.0...v2.1.0) (2024-10-16) ### Features * spport .tofu files ([#6](https://github.com/tofuutils/pre-commit-opentofu/issues/6)) ([e059c58](https://github.com/tofuutils/pre-commit-opentofu/commit/e059c5859bceddf1ca018f55851f6940ad51f1c2)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e02f1ca..71bf459 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +# [2.1.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.0.0...v2.1.0) (2024-10-16) + + +### Features + +* spport .tofu files ([#6](https://github.com/tofuutils/pre-commit-opentofu/issues/6)) ([e059c58](https://github.com/tofuutils/pre-commit-opentofu/commit/e059c5859bceddf1ca018f55851f6940ad51f1c2)) + # [2.0.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.4...v2.0.0) (2024-09-25) From 7b4692fe47cf98ce0cf5840ae38477c3e4991e09 Mon Sep 17 00:00:00 2001 From: Jim Date: Tue, 18 Mar 2025 19:40:25 -0500 Subject: [PATCH 21/33] Update docker build to install newer tofu binary The current 1.6 that gets installed does not have the provider-defined functions feature, which has a new syntax. The new syntax causes `tofu fmt` fails on code that uses this feature. Using the latest current release should fix this and possibly other issues. Better solutions certainly exist, just trying to keep this simple. Signed-off-by: jimbocoder --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 39255fc..567440f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ RUN apk add --no-cache \ setuptools ARG PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION:-latest} -ARG TOFU_VERSION=${TOFU_VERSION:-1.6.1} +ARG TOFU_VERSION=${TOFU_VERSION:-1.9.0} # Install pre-commit RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-commit \ From e625db13ec285e132f43cdf6e5aa3f3272e45451 Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Sat, 29 Mar 2025 18:50:17 +0100 Subject: [PATCH 22/33] feat: make release --- Dockerfile | 105 +++++++++++++++++++++++++++-------------------------- 1 file changed, 53 insertions(+), 52 deletions(-) diff --git a/Dockerfile b/Dockerfile index 567440f..1616bfd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,8 +10,8 @@ RUN apk add --no-cache \ curl=~8 && \ # Upgrade packages for be able get latest Checkov python3 -m pip install --no-cache-dir --upgrade \ - pip \ - setuptools + pip \ + setuptools ARG PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION:-latest} ARG TOFU_VERSION=${TOFU_VERSION:-1.9.0} @@ -21,11 +21,11 @@ RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-comm || pip3 install --no-cache-dir pre-commit==${PRE_COMMIT_VERSION} RUN curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \ - && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \ - && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ - && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/ \ - && rm "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" \ - && rm "tofu_${TOFU_VERSION}_SHA256SUMS" + && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \ + && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \ + && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/ \ + && rm "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" \ + && rm "tofu_${TOFU_VERSION}_SHA256SUMS" # # Install tools @@ -47,18 +47,18 @@ ARG HCLEDIT_VERSION=${HCLEDIT_VERSION:-false} # specified in step below ARG INSTALL_ALL=${INSTALL_ALL:-false} RUN if [ "$INSTALL_ALL" != "false" ]; then \ - echo "export CHECKOV_VERSION=latest" >> /.env && \ - echo "export INFRACOST_VERSION=latest" >> /.env && \ - echo "export TERRAFORM_DOCS_VERSION=latest" >> /.env && \ - echo "export TERRAGRUNT_VERSION=latest" >> /.env && \ - echo "export TERRASCAN_VERSION=latest" >> /.env && \ - echo "export TFLINT_VERSION=latest" >> /.env && \ - echo "export TFSEC_VERSION=latest" >> /.env && \ - echo "export TRIVY_VERSION=latest" >> /.env && \ - echo "export TFUPDATE_VERSION=latest" >> /.env && \ - echo "export HCLEDIT_VERSION=latest" >> /.env \ + echo "export CHECKOV_VERSION=latest" >> /.env && \ + echo "export INFRACOST_VERSION=latest" >> /.env && \ + echo "export TERRAFORM_DOCS_VERSION=latest" >> /.env && \ + echo "export TERRAGRUNT_VERSION=latest" >> /.env && \ + echo "export TERRASCAN_VERSION=latest" >> /.env && \ + echo "export TFLINT_VERSION=latest" >> /.env && \ + echo "export TFSEC_VERSION=latest" >> /.env && \ + echo "export TRIVY_VERSION=latest" >> /.env && \ + echo "export TFUPDATE_VERSION=latest" >> /.env && \ + echo "export HCLEDIT_VERSION=latest" >> /.env \ ; else \ - touch /.env \ + touch /.env \ ; fi @@ -66,10 +66,10 @@ RUN if [ "$INSTALL_ALL" != "false" ]; then \ RUN . /.env && \ if [ "$CHECKOV_VERSION" != "false" ]; then \ ( \ - apk add --no-cache gcc=~12 libffi-dev=~3 musl-dev=~1; \ - [ "$CHECKOV_VERSION" = "latest" ] && pip3 install --no-cache-dir checkov \ - || pip3 install --no-cache-dir checkov==${CHECKOV_VERSION}; \ - apk del gcc libffi-dev musl-dev \ + apk add --no-cache gcc=~12 libffi-dev=~3 musl-dev=~1; \ + [ "$CHECKOV_VERSION" = "latest" ] && pip3 install --no-cache-dir checkov \ + || pip3 install --no-cache-dir checkov==${CHECKOV_VERSION}; \ + apk del gcc libffi-dev musl-dev \ ) \ ; fi @@ -77,9 +77,9 @@ RUN . /.env && \ RUN . /.env && \ if [ "$INFRACOST_VERSION" != "false" ]; then \ ( \ - INFRACOST_RELEASES="https://api.github.com/repos/infracost/infracost/releases" && \ - [ "$INFRACOST_VERSION" = "latest" ] && curl -L "$(curl -s ${INFRACOST_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \ - || curl -L "$(curl -s ${INFRACOST_RELEASES} | grep -o -E "https://.+?v${INFRACOST_VERSION}/infracost-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \ + INFRACOST_RELEASES="https://api.github.com/repos/infracost/infracost/releases" && \ + [ "$INFRACOST_VERSION" = "latest" ] && curl -L "$(curl -s ${INFRACOST_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \ + || curl -L "$(curl -s ${INFRACOST_RELEASES} | grep -o -E "https://.+?v${INFRACOST_VERSION}/infracost-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \ ) && tar -xzf infracost.tgz && rm infracost.tgz && mv infracost-${TARGETOS}-${TARGETARCH} infracost \ ; fi @@ -87,9 +87,9 @@ RUN . /.env && \ RUN . /.env && \ if [ "$TERRAFORM_DOCS_VERSION" != "false" ]; then \ ( \ - TERRAFORM_DOCS_RELEASES="https://api.github.com/repos/terraform-docs/terraform-docs/releases" && \ - [ "$TERRAFORM_DOCS_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \ - || curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES} | grep -o -E "https://.+?v${TERRAFORM_DOCS_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \ + TERRAFORM_DOCS_RELEASES="https://api.github.com/repos/terraform-docs/terraform-docs/releases" && \ + [ "$TERRAFORM_DOCS_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \ + || curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES} | grep -o -E "https://.+?v${TERRAFORM_DOCS_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \ ) && tar -xzf terraform-docs.tgz terraform-docs && rm terraform-docs.tgz && chmod +x terraform-docs \ ; fi @@ -97,9 +97,9 @@ RUN . /.env && \ RUN . /.env \ && if [ "$TERRAGRUNT_VERSION" != "false" ]; then \ ( \ - TERRAGRUNT_RELEASES="https://api.github.com/repos/gruntwork-io/terragrunt/releases" && \ - [ "$TERRAGRUNT_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAGRUNT_RELEASES}/latest | grep -o -E -m 1 "https://.+?/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \ - || curl -L "$(curl -s ${TERRAGRUNT_RELEASES} | grep -o -E -m 1 "https://.+?v${TERRAGRUNT_VERSION}/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \ + TERRAGRUNT_RELEASES="https://api.github.com/repos/gruntwork-io/terragrunt/releases" && \ + [ "$TERRAGRUNT_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAGRUNT_RELEASES}/latest | grep -o -E -m 1 "https://.+?/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \ + || curl -L "$(curl -s ${TERRAGRUNT_RELEASES} | grep -o -E -m 1 "https://.+?v${TERRAGRUNT_VERSION}/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \ ) && chmod +x terragrunt \ ; fi @@ -111,9 +111,9 @@ RUN . /.env && \ # Convert the first letter to Uppercase OS="$(echo ${TARGETOS} | cut -c1 | tr '[:lower:]' '[:upper:]' | xargs echo -n; echo ${TARGETOS} | cut -c2-)"; \ ( \ - TERRASCAN_RELEASES="https://api.github.com/repos/tenable/terrascan/releases" && \ - [ "$TERRASCAN_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRASCAN_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \ - || curl -L "$(curl -s ${TERRASCAN_RELEASES} | grep -o -E "https://.+?${TERRASCAN_VERSION}_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \ + TERRASCAN_RELEASES="https://api.github.com/repos/tenable/terrascan/releases" && \ + [ "$TERRASCAN_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRASCAN_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \ + || curl -L "$(curl -s ${TERRASCAN_RELEASES} | grep -o -E "https://.+?${TERRASCAN_VERSION}_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \ ) && tar -xzf terrascan.tar.gz terrascan && rm terrascan.tar.gz && \ ./terrascan init \ ; fi @@ -122,9 +122,9 @@ RUN . /.env && \ RUN . /.env && \ if [ "$TFLINT_VERSION" != "false" ]; then \ ( \ - TFLINT_RELEASES="https://api.github.com/repos/terraform-linters/tflint/releases" && \ - [ "$TFLINT_VERSION" = "latest" ] && curl -L "$(curl -s ${TFLINT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \ - || curl -L "$(curl -s ${TFLINT_RELEASES} | grep -o -E "https://.+?/v${TFLINT_VERSION}/tflint_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \ + TFLINT_RELEASES="https://api.github.com/repos/terraform-linters/tflint/releases" && \ + [ "$TFLINT_VERSION" = "latest" ] && curl -L "$(curl -s ${TFLINT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \ + || curl -L "$(curl -s ${TFLINT_RELEASES} | grep -o -E "https://.+?/v${TFLINT_VERSION}/tflint_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \ ) && unzip tflint.zip && rm tflint.zip \ ; fi @@ -132,9 +132,9 @@ RUN . /.env && \ RUN . /.env && \ if [ "$TFSEC_VERSION" != "false" ]; then \ ( \ - TFSEC_RELEASES="https://api.github.com/repos/aquasecurity/tfsec/releases" && \ - [ "$TFSEC_VERSION" = "latest" ] && curl -L "$(curl -s ${TFSEC_RELEASES}/latest | grep -o -E -m 1 "https://.+?/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \ - || curl -L "$(curl -s ${TFSEC_RELEASES} | grep -o -E -m 1 "https://.+?v${TFSEC_VERSION}/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \ + TFSEC_RELEASES="https://api.github.com/repos/aquasecurity/tfsec/releases" && \ + [ "$TFSEC_VERSION" = "latest" ] && curl -L "$(curl -s ${TFSEC_RELEASES}/latest | grep -o -E -m 1 "https://.+?/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \ + || curl -L "$(curl -s ${TFSEC_RELEASES} | grep -o -E -m 1 "https://.+?v${TFSEC_VERSION}/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \ ) && chmod +x tfsec \ ; fi @@ -143,9 +143,9 @@ RUN . /.env && \ if [ "$TRIVY_VERSION" != "false" ]; then \ if [ "$TARGETARCH" != "amd64" ]; then ARCH="$TARGETARCH"; else ARCH="64bit"; fi; \ ( \ - TRIVY_RELEASES="https://api.github.com/repos/aquasecurity/trivy/releases" && \ - [ "$TRIVY_VERSION" = "latest" ] && curl -L "$(curl -s ${TRIVY_RELEASES}/latest | grep -o -E -i -m 1 "https://.+?/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \ - || curl -L "$(curl -s ${TRIVY_RELEASES} | grep -o -E -i -m 1 "https://.+?/v${TRIVY_VERSION}/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \ + TRIVY_RELEASES="https://api.github.com/repos/aquasecurity/trivy/releases" && \ + [ "$TRIVY_VERSION" = "latest" ] && curl -L "$(curl -s ${TRIVY_RELEASES}/latest | grep -o -E -i -m 1 "https://.+?/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \ + || curl -L "$(curl -s ${TRIVY_RELEASES} | grep -o -E -i -m 1 "https://.+?/v${TRIVY_VERSION}/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \ ) && tar -xzf trivy.tar.gz trivy && rm trivy.tar.gz \ ; fi @@ -153,9 +153,9 @@ RUN . /.env && \ RUN . /.env && \ if [ "$TFUPDATE_VERSION" != "false" ]; then \ ( \ - TFUPDATE_RELEASES="https://api.github.com/repos/minamijoyo/tfupdate/releases" && \ - [ "$TFUPDATE_VERSION" = "latest" ] && curl -L "$(curl -s ${TFUPDATE_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \ - || curl -L "$(curl -s ${TFUPDATE_RELEASES} | grep -o -E -m 1 "https://.+?${TFUPDATE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \ + TFUPDATE_RELEASES="https://api.github.com/repos/minamijoyo/tfupdate/releases" && \ + [ "$TFUPDATE_VERSION" = "latest" ] && curl -L "$(curl -s ${TFUPDATE_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \ + || curl -L "$(curl -s ${TFUPDATE_RELEASES} | grep -o -E -m 1 "https://.+?${TFUPDATE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \ ) && tar -xzf tfupdate.tgz tfupdate && rm tfupdate.tgz \ ; fi @@ -163,9 +163,9 @@ RUN . /.env && \ RUN . /.env && \ if [ "$HCLEDIT_VERSION" != "false" ]; then \ ( \ - HCLEDIT_RELEASES="https://api.github.com/repos/minamijoyo/hcledit/releases" && \ - [ "$HCLEDIT_VERSION" = "latest" ] && curl -L "$(curl -s ${HCLEDIT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \ - || curl -L "$(curl -s ${HCLEDIT_RELEASES} | grep -o -E -m 1 "https://.+?${HCLEDIT_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \ + HCLEDIT_RELEASES="https://api.github.com/repos/minamijoyo/hcledit/releases" && \ + [ "$HCLEDIT_VERSION" = "latest" ] && curl -L "$(curl -s ${HCLEDIT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \ + || curl -L "$(curl -s ${HCLEDIT_RELEASES} | grep -o -E -m 1 "https://.+?${HCLEDIT_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \ ) && tar -xzf hcledit.tgz hcledit && rm hcledit.tgz \ ; fi @@ -210,7 +210,7 @@ COPY --from=builder \ /bin_dir/ \ /usr/bin/tofu \ /usr/local/bin/checkov* \ - /usr/bin/ + /usr/bin/ # Copy pre-commit packages COPY --from=builder /usr/local/lib/python3.12/site-packages/ /usr/local/lib/python3.12/site-packages/ # Copy terrascan policies @@ -218,10 +218,10 @@ COPY --from=builder /root/ /root/ # Install hooks extra deps RUN if [ "$(grep -o '^terraform-docs SKIPPED$' /usr/bin/tools_versions_info)" = "" ]; then \ - apk add --no-cache perl=~5 \ + apk add --no-cache perl=~5 \ ; fi && \ if [ "$(grep -o '^infracost SKIPPED$' /usr/bin/tools_versions_info)" = "" ]; then \ - apk add --no-cache jq=~1 \ + apk add --no-cache jq=~1 \ ; fi && \ # Fix git runtime fatal: # unsafe repository ('/lint' is owned by someone else) @@ -235,3 +235,4 @@ ENV INFRACOST_API_KEY=${INFRACOST_API_KEY:-} ENV INFRACOST_SKIP_UPDATE_CHECK=${INFRACOST_SKIP_UPDATE_CHECK:-false} ENTRYPOINT [ "/entrypoint.sh" ] + From 08c520a2f2013297b33df80965ae8aae6e9f06b5 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 29 Mar 2025 17:51:48 +0000 Subject: [PATCH 23/33] chore(release): version 2.2.0 [skip ci] # [2.2.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.1.0...v2.2.0) (2025-03-29) ### Features * make release ([e625db1](https://github.com/tofuutils/pre-commit-opentofu/commit/e625db13ec285e132f43cdf6e5aa3f3272e45451)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 71bf459..5bbab38 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +# [2.2.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.1.0...v2.2.0) (2025-03-29) + + +### Features + +* make release ([e625db1](https://github.com/tofuutils/pre-commit-opentofu/commit/e625db13ec285e132f43cdf6e5aa3f3272e45451)) + # [2.1.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.0.0...v2.1.0) (2024-10-16) From 0cbe56181770a552451150b34272a7db64c1fb66 Mon Sep 17 00:00:00 2001 From: Nikolai Mishin Date: Sun, 1 Jun 2025 01:53:20 +0200 Subject: [PATCH 24/33] Create dependabot.yml --- .github/dependabot.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..c6ee553 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: / + schedule: + interval: daily + time: "11:00" + commit-message: + prefix: "gh-actions:" From f8089e96a80166523f0f9b2663185698ea827a58 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 May 2025 23:54:03 +0000 Subject: [PATCH 25/33] gh-actions: bump cycjimmy/semantic-release-action from 4.0.0 to 4.2.0 Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 4.0.0 to 4.2.0. - [Release notes](https://github.com/cycjimmy/semantic-release-action/releases) - [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/cycjimmy/semantic-release-action/compare/61680d0e9b02ff86f5648ade99e01be17f0260a4...0a51e81a6baff2acad3ee88f4121c589c73d0f0e) --- updated-dependencies: - dependency-name: cycjimmy/semantic-release-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4aa0df1..385b387 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Release - uses: cycjimmy/semantic-release-action@61680d0e9b02ff86f5648ade99e01be17f0260a4 # v4.0.0 + uses: cycjimmy/semantic-release-action@0a51e81a6baff2acad3ee88f4121c589c73d0f0e # v4.2.0 with: semantic_version: 18.0.0 extra_plugins: | From 6be1b27016de6e1be0a048754ad392929bd12e42 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 May 2025 23:54:06 +0000 Subject: [PATCH 26/33] gh-actions: bump MaxymVlasov/dive-action from 0.1.0 to 1.5.0 Bumps [MaxymVlasov/dive-action](https://github.com/maxymvlasov/dive-action) from 0.1.0 to 1.5.0. - [Release notes](https://github.com/maxymvlasov/dive-action/releases) - [Commits](https://github.com/maxymvlasov/dive-action/compare/0035999cae50d4ef657ac94be84f01812aa192a5...b08c8287e603d028c986d7044e83fa76bcca6a65) --- updated-dependencies: - dependency-name: MaxymVlasov/dive-action dependency-version: 1.5.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-image-test.yaml b/.github/workflows/build-image-test.yaml index f83e11e..b659041 100644 --- a/.github/workflows/build-image-test.yaml +++ b/.github/workflows/build-image-test.yaml @@ -52,7 +52,7 @@ jobs: - name: Dive - check image for waste files if: steps.changed-files-specific.outputs.any_changed == 'true' - uses: MaxymVlasov/dive-action@0035999cae50d4ef657ac94be84f01812aa192a5 # v0.1.0 + uses: MaxymVlasov/dive-action@b08c8287e603d028c986d7044e83fa76bcca6a65 # v1.5.0 with: image: ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }} config-file: ${{ github.workspace }}/.github/.dive-ci.yaml From 700b083394832ef5bdaafa583530c9c4f4c0bbfd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 May 2025 23:54:10 +0000 Subject: [PATCH 27/33] gh-actions: bump tj-actions/changed-files from 13.1 to 26.1 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 13.1 to 26.1. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/2c85495a7bb72f2734cb5181e29b2ee5e08e61f7...58ae566dc69a926834e4798bcfe0436ff97c0599) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-version: '26.1' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-image-test.yaml b/.github/workflows/build-image-test.yaml index f83e11e..54b75d0 100644 --- a/.github/workflows/build-image-test.yaml +++ b/.github/workflows/build-image-test.yaml @@ -15,7 +15,7 @@ jobs: - name: Get changed Dockerfile id: changed-files-specific - uses: tj-actions/changed-files@2c85495a7bb72f2734cb5181e29b2ee5e08e61f7 # v13.1 + uses: tj-actions/changed-files@58ae566dc69a926834e4798bcfe0436ff97c0599 # v26.1 with: files: | Dockerfile From 10393e2209e71f962d73c3fc824540b4ecc6db51 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 May 2025 23:54:13 +0000 Subject: [PATCH 28/33] gh-actions: bump amannn/action-semantic-pull-request from 5.4.0 to 5.5.3 Bumps [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) from 5.4.0 to 5.5.3. - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](https://github.com/amannn/action-semantic-pull-request/compare/e9fabac35e210fea40ca5b14c0da95a099eff26f...0723387faaf9b38adef4775cd42cfd5155ed6017) --- updated-dependencies: - dependency-name: amannn/action-semantic-pull-request dependency-version: 5.5.3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/pr-title.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 7a8b642..19e48a4 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 + - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: From df38ee3d39d6122b4c6448553258f2c5eb70b512 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 31 May 2025 23:54:00 +0000 Subject: [PATCH 29/33] gh-actions: bump pre-commit/action from 2.0.3 to 3.0.1 Bumps [pre-commit/action](https://github.com/pre-commit/action) from 2.0.3 to 3.0.1. - [Release notes](https://github.com/pre-commit/action/releases) - [Commits](https://github.com/pre-commit/action/compare/9b88afc9cd57fd75b655d5c71bd38146d07135fe...2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd) --- updated-dependencies: - dependency-name: pre-commit/action dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/pre-commit.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 1085384..95b8c1a 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -40,7 +40,7 @@ jobs: with: python-version: '3.9' - name: Execute pre-commit - uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe # v2.0.3 + uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 env: SKIP: no-commit-to-branch,hadolint with: @@ -49,7 +49,7 @@ jobs: # Run only skipped checks - name: Execute pre-commit check that have no auto-fixes if: always() - uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe # v2.0.3 + uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 env: SKIP: check-added-large-files,check-merge-conflict,check-vcs-permalinks,forbid-new-submodules,no-commit-to-branch,end-of-file-fixer,trailing-whitespace,check-yaml,check-merge-conflict,check-executables-have-shebangs,check-case-conflict,mixed-line-ending,detect-aws-credentials,detect-private-key,shfmt,shellcheck with: From 8604934d93bc5dbc1eb3905e8d958fba78e5b37b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Jun 2025 12:10:49 +0000 Subject: [PATCH 30/33] gh-actions: bump actions/stale from 9.0.0 to 9.1.0 Bumps [actions/stale](https://github.com/actions/stale) from 9.0.0 to 9.1.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/28ca1036281a5e5922ead5184a1bbf96e5fc984e...5bef64f19d7facfb25b37b414482c7164d639639) --- updated-dependencies: - dependency-name: actions/stale dependency-version: 9.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/stale-actions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml index 32f08e7..802c138 100644 --- a/.github/workflows/stale-actions.yaml +++ b/.github/workflows/stale-actions.yaml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} # Staling issues and PR's From ed9b22cc377c092f70dd7e7de4d71299f55c57b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Jun 2025 12:16:54 +0000 Subject: [PATCH 31/33] gh-actions: bump actions/setup-python from 5.0.0 to 5.6.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.0.0 to 5.6.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/0a5c61591373683505ea898e09a3ea4f39ef2b9c...a26af69be951a213d495a4c3e4e4022e16d87065) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 5.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/pre-commit.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 95b8c1a..85bfe4c 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -36,7 +36,7 @@ jobs: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} # Skip tofu_tflint which interferes to commit pre-commit auto-fixes - - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: '3.9' - name: Execute pre-commit From 98a556422ae637e3824d45c7c639734a68bfc8ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Jun 2025 12:20:13 +0000 Subject: [PATCH 32/33] gh-actions: bump tj-actions/changed-files from 26.1 to 46 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 26.1 to 46. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/58ae566dc69a926834e4798bcfe0436ff97c0599...ed68ef82c095e0d48ec87eccea555d944a631a4c) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-version: '46' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-image-test.yaml b/.github/workflows/build-image-test.yaml index 2df3cfd..1003867 100644 --- a/.github/workflows/build-image-test.yaml +++ b/.github/workflows/build-image-test.yaml @@ -15,7 +15,7 @@ jobs: - name: Get changed Dockerfile id: changed-files-specific - uses: tj-actions/changed-files@58ae566dc69a926834e4798bcfe0436ff97c0599 # v26.1 + uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5 with: files: | Dockerfile From 44c7b5dec9362d2fe7ed5e8786f4d95956791d3d Mon Sep 17 00:00:00 2001 From: Nikolai Mishin Date: Wed, 4 Jun 2025 00:11:35 +0200 Subject: [PATCH 33/33] fix: Update pre-commit/action version (#30) This is needed to switch to the new cache: https://gh.io/gha-cache-sunset Signed-off-by: Nikolai Mishin --- .github/workflows/pre-commit.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 85bfe4c..3fab3c2 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -40,7 +40,7 @@ jobs: with: python-version: '3.9' - name: Execute pre-commit - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 + uses: pre-commit/action@576ff52938d158a24ac7e009dfa94b1455e7df99 env: SKIP: no-commit-to-branch,hadolint with: @@ -49,7 +49,7 @@ jobs: # Run only skipped checks - name: Execute pre-commit check that have no auto-fixes if: always() - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 + uses: pre-commit/action@576ff52938d158a24ac7e009dfa94b1455e7df99 env: SKIP: check-added-large-files,check-merge-conflict,check-vcs-permalinks,forbid-new-submodules,no-commit-to-branch,end-of-file-fixer,trailing-whitespace,check-yaml,check-merge-conflict,check-executables-have-shebangs,check-case-conflict,mixed-line-ending,detect-aws-credentials,detect-private-key,shfmt,shellcheck with: