fix: Update pre-commit/action version (#30)

This is needed to switch to the new cache:
https://gh.io/gha-cache-sunset

Signed-off-by: Nikolai Mishin <sanduku.default@gmail.com>

.github/.container-structure-test-config.yaml

@@ -11,7 +11,7 @@ commandTests:
     expectedOutput: ["^pre-commit ([0-9]+\\.){2}[0-9]+\\n$"]
 
   - name: "tofu"
-    command: "terrtofuaform"
+    command: "tofu"
     args: ["-version"]
     expectedOutput: ["^OpenTofu v([0-9]+\\.){2}[0-9]+\\non linux_amd64\\n$"]
 

.github/.dive-ci.yaml

@@ -1,13 +0,0 @@
-rules:
-  # If the efficiency is measured below X%, mark as failed.
-  # Expressed as a ratio between 0-1.
-  lowestEfficiency: 0.981
-
-  # If the amount of wasted space is at least X or larger than X, mark as failed.
-  # Expressed in B, KB, MB, and GB.
-  highestWastedBytes: 32MB
-
-  # If the amount of wasted space makes up for X% or more of the image, mark as failed.
-  # Note: the base image layer is NOT included in the total image size.
-  # Expressed as a ratio between 0-1; fails if the threshold is met or crossed.
-  highestUserWastedPercent: 0.036

.github/CODEOWNERS

@@ -1 +1 @@
-* @maxymvlasov @yermulnik
+* @Nmishin @anastasiiakozlova245 @kvendingoldo

.github/dependabot.yml

@@ -0,0 +1,10 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: /
+    schedule:
+      interval: daily
+      time: "11:00"
+    commit-message:
+      prefix: "gh-actions:"

.github/workflows/build-image-test.yaml

@@ -15,7 +15,7 @@ jobs:
 
       - name: Get changed Dockerfile
         id: changed-files-specific
-        uses: tj-actions/changed-files@2c85495a7bb72f2734cb5181e29b2ee5e08e61f7 # v13.1
+        uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
         with:
           files: |
             Dockerfile
@@ -52,7 +52,7 @@ jobs:
 
       - name: Dive - check image for waste files
         if: steps.changed-files-specific.outputs.any_changed == 'true'
-        uses: MaxymVlasov/dive-action@0035999cae50d4ef657ac94be84f01812aa192a5 # v0.1.0
+        uses: MaxymVlasov/dive-action@b08c8287e603d028c986d7044e83fa76bcca6a65 # v1.5.0
         with:
           image: ghcr.io/${{ github.repository }}:${{ env.IMAGE_TAG }}
           config-file: ${{ github.workspace }}/.github/.dive-ci.yaml

.github/workflows/build-image.yaml

@@ -13,27 +13,28 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@v4
+
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+        uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+        uses: docker/setup-buildx-action@v3
-      - name: Login to GitHub Container Registry
+
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+      - name: Login to ghcr.io
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Set tag for image
         run: |
           echo IMAGE_TAG=$([ ${{ github.ref_type }} == 'tag' ] && echo ${{ github.ref_name }} || echo 'latest') >> $GITHUB_ENV
 
-      - name: Set up Docker Buildx
+      - name: Build and Push release to ghcr.io
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
-
-      - name: Build and Push release
         if: github.event_name != 'schedule'
-        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        uses: docker/build-push-action@v5
         with:
           context: .
           build-args: |
@@ -48,9 +49,9 @@ jobs:
           secrets: |
             "github_token=${{ secrets.GITHUB_TOKEN }}"
 
-      - name: Build and Push nightly
+      - name: Build and Push nightly to ghcr.io
         if: github.event_name == 'schedule'
-        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        uses: docker/build-push-action@v5
         with:
           context: .
           build-args: |
@@ -63,3 +64,38 @@ jobs:
           provenance: false
           secrets: |
             "github_token=${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Login to DockerHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: registry.hub.docker.com
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Build and Push release to DockerHub
+        if: github.event_name != 'schedule'
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          build-args: |
+            INSTALL_ALL=true
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            registry.hub.docker.com/tofuutils/pre-commit-opentofu:${{ env.IMAGE_TAG }}
+            registry.hub.docker.com/tofuutils/pre-commit-opentofu:latest
+          provenance: false
+
+      - name: Build and Push nightly to DockerHub
+        if: github.event_name == 'schedule'
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          build-args: |
+            INSTALL_ALL=true
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            registry.hub.docker.com/tofuutils/pre-commit-opentofu:nightly
+          provenance: false
+

.github/workflows/pr-title.yml

@@ -14,7 +14,7 @@ jobs:
     steps:
       # Please look up the latest version from
       # https://github.com/amannn/action-semantic-pull-request/releases
-      - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
+      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.github/workflows/pre-commit.yaml

@@ -36,11 +36,11 @@ jobs:
         fetch-depth: 0
         ref: ${{ github.event.pull_request.head.sha }}
     # Skip tofu_tflint which interferes to commit pre-commit auto-fixes
-    - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+    - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
       with:
         python-version: '3.9'
     - name: Execute pre-commit
-      uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe # v2.0.3
+      uses: pre-commit/action@576ff52938d158a24ac7e009dfa94b1455e7df99
       env:
         SKIP: no-commit-to-branch,hadolint
       with:
@@ -49,7 +49,7 @@ jobs:
     # Run only skipped checks
     - name: Execute pre-commit check that have no auto-fixes
       if: always()
-      uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe # v2.0.3
+      uses: pre-commit/action@576ff52938d158a24ac7e009dfa94b1455e7df99
       env:
         SKIP: check-added-large-files,check-merge-conflict,check-vcs-permalinks,forbid-new-submodules,no-commit-to-branch,end-of-file-fixer,trailing-whitespace,check-yaml,check-merge-conflict,check-executables-have-shebangs,check-case-conflict,mixed-line-ending,detect-aws-credentials,detect-private-key,shfmt,shellcheck
       with:

.github/workflows/release.yml

@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - master
+      - main
     paths:
       - '**/*.py'
       - '**/*.sh'
@@ -24,7 +24,7 @@ jobs:
           fetch-depth: 0
 
       - name: Release
-        uses: cycjimmy/semantic-release-action@61680d0e9b02ff86f5648ade99e01be17f0260a4 # v4.0.0
+        uses: cycjimmy/semantic-release-action@0a51e81a6baff2acad3ee88f4121c589c73d0f0e # v4.2.0
         with:
           semantic_version: 18.0.0
           extra_plugins: |

.github/workflows/stale-actions.yaml

@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+    - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         # Staling issues and PR's

.pre-commit-hooks.yaml

@@ -4,7 +4,7 @@
   entry: hooks/infracost_breakdown.sh
   language: script
   require_serial: true
-  files: \.(tf(vars)?|hcl)$
+  files: \.((tf|tofu)(vars)?|hcl)$
   exclude: \.terraform\/.*$
 
 - id: tofu_fmt
@@ -12,34 +12,38 @@
   description: Rewrites all OpenTofu configuration files to a canonical format.
   entry: hooks/tofu_fmt.sh
   language: script
-  files: (\.tf|\.tfvars)$
+  files: \.(tf|tofu)(vars)?$
   exclude: \.terraform\/.*$
 
 - id: tofu_docs
   name: OpenTofu docs
-  description: Inserts input and output documentation into README.md (using terraform-docs).
+  description:
+    Inserts input and output documentation into README.md (using
+    terraform-docs).
   require_serial: true
   entry: hooks/tofu_docs.sh
   language: script
-  files: (\.tf|\.terraform\.lock\.hcl)$
+  files: (\.(tf|tofu)|\.terraform\.lock\.hcl)$
   exclude: \.terraform\/.*$
 
 - id: tofu_docs_without_aggregate_type_defaults
   name: OpenTofu docs (without aggregate type defaults)
-  description: Inserts input and output documentation into README.md (using terraform-docs). Identical to terraform_docs.
+  description:
+    Inserts input and output documentation into README.md (using
+    terraform-docs). Identical to terraform_docs.
   require_serial: true
   entry: hooks/tofu_docs.sh
   language: script
-  files: (\.tf)$
+  files: \.(tf|tofu)$
   exclude: \.terraform\/.*$
 
 - id: tofu_docs_replace
   name: OpenTofu docs (overwrite README.md)
   description: Overwrite content of README.md with terraform-docs.
   require_serial: true
-  entry: terraform_docs_replace
+  entry: hooks/tofu_docs_replace.py
   language: python
-  files: (\.tf)$
+  files: \.(tf|tofu)$
   exclude: \.terraform\/.*$
 
 - id: tofu_validate
@@ -48,7 +52,7 @@
   require_serial: true
   entry: hooks/tofu_validate.sh
   language: script
-  files: (\.tf|\.tfvars)$
+  files: \.(tf|tofu)(vars)?$
   exclude: \.terraform\/.*$
 
 - id: tofu_providers_lock
@@ -66,12 +70,13 @@
   require_serial: true
   entry: hooks/tofu_tflint.sh
   language: script
-  files: (\.tf|\.tfvars)$
+  files: \.(tf|tofu)(vars)?$
   exclude: \.terraform\/.*$
 
 - id: terragrunt_fmt
   name: Terragrunt fmt
-  description: Rewrites all Terragrunt configuration files to a canonical format.
+  description:
+    Rewrites all Terragrunt configuration files to a canonical format.
   entry: hooks/terragrunt_fmt.sh
   language: script
   files: (\.hcl)$
@@ -87,18 +92,20 @@
 
 - id: tofu_tfsec
   name: OpenTofu validate with tfsec (deprecated, use "tofu_trivy")
-  description: Static analysis of OpenTofu templates to spot potential security issues.
+  description:
+    Static analysis of OpenTofu templates to spot potential security issues.
   require_serial: true
   entry: hooks/tofu_tfsec.sh
-  files: \.tf(vars)?$
+  files: \.(tf|tofu)(vars)?$
   language: script
 
 - id: tofu_trivy
   name: OpenTofu validate with trivy
-  description: Static analysis of OpenTofu templates to spot potential security issues.
+  description:
+    Static analysis of OpenTofu templates to spot potential security issues.
   require_serial: true
   entry: hooks/tofu_trivy.sh
-  files: \.tf(vars)?$
+  files: \.(tf|tofu)(vars)?$
   language: script
 
 - id: checkov
@@ -118,7 +125,7 @@
   entry: hooks/tofu_checkov.sh
   language: script
   always_run: false
-  files: \.tf$
+  files: \.(tf|tofu)$
   exclude: \.terraform\/.*$
   require_serial: true
 
@@ -138,7 +145,7 @@
   description: Runs terrascan on OpenTofu templates.
   language: script
   entry: hooks/terrascan.sh
-  files: \.tf$
+  files: \.(tf|tofu)$
   exclude: \.terraform\/.*$
   require_serial: true
 
@@ -149,5 +156,5 @@
   entry: hooks/tfupdate.sh
   args:
     - --args=terraform
-  files: \.tf$
+  files: \.(tf|tofu)$
   require_serial: true

CHANGELOG.md

@@ -2,6 +2,56 @@
 
 All notable changes to this project will be documented in this file.
 
+# [2.2.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.1.0...v2.2.0) (2025-03-29)
+
+
+### Features
+
+* make release ([e625db1](https://github.com/tofuutils/pre-commit-opentofu/commit/e625db13ec285e132f43cdf6e5aa3f3272e45451))
+
+# [2.1.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v2.0.0...v2.1.0) (2024-10-16)
+
+
+### Features
+
+* spport .tofu files ([#6](https://github.com/tofuutils/pre-commit-opentofu/issues/6)) ([e059c58](https://github.com/tofuutils/pre-commit-opentofu/commit/e059c5859bceddf1ca018f55851f6940ad51f1c2))
+
+# [2.0.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.4...v2.0.0) (2024-09-25)
+
+
+### Features
+
+* **tofu:** add handling for missing tofu binary in Docker image  This commit introduces logic to gracefully handle the case when the tofu binary is not found in the Docker image, improving the overall user experience.  BREAKING CHANGE: The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes. ([14fc63e](https://github.com/tofuutils/pre-commit-opentofu/commit/14fc63eb5b04e3ad1525d06e437b15935841775f))
+
+
+### BREAKING CHANGES
+
+* **tofu:** The previous behavior of the application when the tofu binary was missing may have caused unexpected crashes."
+
+## [1.0.4](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.3...v1.0.4) (2024-09-21)
+
+
+### Bug Fixes
+
+* docker image reference in README.md ([7b04f0c](https://github.com/tofuutils/pre-commit-opentofu/commit/7b04f0c24940f1642c8f599bfd0794dd46b0b274))
+* docker image reference in README.md ([f9b71fe](https://github.com/tofuutils/pre-commit-opentofu/commit/f9b71fe08fedd4ceb23ced6fe2171edf24add290))
+* dockerhub ([0fac591](https://github.com/tofuutils/pre-commit-opentofu/commit/0fac59197f2f2cb4bc417917e5adb6ac92a20b7a))
+* entry for tofu_docs_replace ([f146463](https://github.com/tofuutils/pre-commit-opentofu/commit/f146463ac8effcfa441f3f6b21e811095f0da73c))
+
+## [1.0.2](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.1...v1.0.2) (2024-03-08)
+
+
+### Bug Fixes
+
+* remove obsolete terraform checks and awk file hack ([97cba7a](https://github.com/tofuutils/pre-commit-opentofu/commit/97cba7a646996c7cae3719f1b6241d47da5882d9))
+
+## [1.0.1](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.0...v1.0.1) (2024-03-07)
+
+
+### Bug Fixes
+
+* dockerfile ([65b197c](https://github.com/tofuutils/pre-commit-opentofu/commit/65b197c841dc10aa772c7fc2594a213a9158d2f4))
+
 # [1.0.0](https://github.com/tofuutils/pre-commit-opentofu/compare/v1.0.0) (2023-12-21)
 
 

Dockerfile

@@ -10,22 +10,22 @@ RUN apk add --no-cache \
     curl=~8 && \
     # Upgrade packages for be able get latest Checkov
     python3 -m pip install --no-cache-dir --upgrade \
-        pip \
+    pip \
-        setuptools
+    setuptools
 
 ARG PRE_COMMIT_VERSION=${PRE_COMMIT_VERSION:-latest}
-ARG TOFU_VERSION=${TOFU_VERSION:-latest}
+ARG TOFU_VERSION=${TOFU_VERSION:-1.9.0}
 
 # Install pre-commit
 RUN [ ${PRE_COMMIT_VERSION} = "latest" ] && pip3 install --no-cache-dir pre-commit \
     || pip3 install --no-cache-dir pre-commit==${PRE_COMMIT_VERSION}
 
-# TODO Install OpenTofu because pre-commit needs it
+RUN curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip \
-RUN if [ "${TOFU_VERSION}" = "latest" ]; then \
+    && curl -LO https://github.com/opentofu/opentofu/releases/download/v${TOFU_VERSION}/tofu_${TOFU_VERSION}_SHA256SUMS \
-        TOFU_VERSION="$(curl -s https://api.github.com/repos/hashicorp/terraform/releases/latest | grep tag_name | grep -o -E -m 1 "[0-9.]+")" \
+    && [ $(sha256sum "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" | cut -f 1 -d ' ') = "$(grep "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" tofu_*_SHA256SUMS | cut -f 1 -d ' ')" ] \
-    ; fi && \
+    && unzip tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip -d /usr/bin/ \
-    curl -L "https://releases.hashicorp.com/terraform/${TOFU_VERSION}/terraform_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" > terraform.zip && \
+    && rm "tofu_${TOFU_VERSION}_${TARGETOS}_${TARGETARCH}.zip" \
-    unzip terraform.zip terraform && rm terraform.zip
+    && rm "tofu_${TOFU_VERSION}_SHA256SUMS"
 
 #
 # Install tools
@@ -47,18 +47,18 @@ ARG HCLEDIT_VERSION=${HCLEDIT_VERSION:-false}
 # specified in step below
 ARG INSTALL_ALL=${INSTALL_ALL:-false}
 RUN if [ "$INSTALL_ALL" != "false" ]; then \
-        echo "export CHECKOV_VERSION=latest" >> /.env && \
+    echo "export CHECKOV_VERSION=latest" >> /.env && \
-        echo "export INFRACOST_VERSION=latest" >> /.env && \
+    echo "export INFRACOST_VERSION=latest" >> /.env && \
-        echo "export TERRAFORM_DOCS_VERSION=latest" >> /.env && \
+    echo "export TERRAFORM_DOCS_VERSION=latest" >> /.env && \
-        echo "export TERRAGRUNT_VERSION=latest" >> /.env && \
+    echo "export TERRAGRUNT_VERSION=latest" >> /.env && \
-        echo "export TERRASCAN_VERSION=latest" >> /.env && \
+    echo "export TERRASCAN_VERSION=latest" >> /.env && \
-        echo "export TFLINT_VERSION=latest" >> /.env && \
+    echo "export TFLINT_VERSION=latest" >> /.env && \
-        echo "export TFSEC_VERSION=latest" >> /.env && \
+    echo "export TFSEC_VERSION=latest" >> /.env && \
-        echo "export TRIVY_VERSION=latest" >> /.env && \
+    echo "export TRIVY_VERSION=latest" >> /.env && \
-        echo "export TFUPDATE_VERSION=latest" >> /.env && \
+    echo "export TFUPDATE_VERSION=latest" >> /.env && \
-        echo "export HCLEDIT_VERSION=latest" >> /.env \
+    echo "export HCLEDIT_VERSION=latest" >> /.env \
     ; else \
-        touch /.env \
+    touch /.env \
     ; fi
 
 
@@ -66,10 +66,10 @@ RUN if [ "$INSTALL_ALL" != "false" ]; then \
 RUN . /.env && \
     if [ "$CHECKOV_VERSION" != "false" ]; then \
     ( \
-        apk add --no-cache gcc=~12 libffi-dev=~3 musl-dev=~1; \
+    apk add --no-cache gcc=~12 libffi-dev=~3 musl-dev=~1; \
-        [ "$CHECKOV_VERSION" = "latest" ] && pip3 install --no-cache-dir checkov \
+    [ "$CHECKOV_VERSION" = "latest" ] && pip3 install --no-cache-dir checkov \
-        || pip3 install --no-cache-dir checkov==${CHECKOV_VERSION}; \
+    || pip3 install --no-cache-dir checkov==${CHECKOV_VERSION}; \
-        apk del gcc libffi-dev musl-dev \
+    apk del gcc libffi-dev musl-dev \
     ) \
     ; fi
 
@@ -77,9 +77,9 @@ RUN . /.env && \
 RUN . /.env && \
     if [ "$INFRACOST_VERSION" != "false" ]; then \
     ( \
-        INFRACOST_RELEASES="https://api.github.com/repos/infracost/infracost/releases" && \
+    INFRACOST_RELEASES="https://api.github.com/repos/infracost/infracost/releases" && \
-        [ "$INFRACOST_VERSION" = "latest" ] && curl -L "$(curl -s ${INFRACOST_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \
+    [ "$INFRACOST_VERSION" = "latest" ] && curl -L "$(curl -s ${INFRACOST_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \
-        || curl -L "$(curl -s ${INFRACOST_RELEASES} | grep -o -E "https://.+?v${INFRACOST_VERSION}/infracost-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \
+    || curl -L "$(curl -s ${INFRACOST_RELEASES} | grep -o -E "https://.+?v${INFRACOST_VERSION}/infracost-${TARGETOS}-${TARGETARCH}.tar.gz")" > infracost.tgz \
     ) && tar -xzf infracost.tgz && rm infracost.tgz && mv infracost-${TARGETOS}-${TARGETARCH} infracost \
     ; fi
 
@@ -87,9 +87,9 @@ RUN . /.env && \
 RUN . /.env && \
     if [ "$TERRAFORM_DOCS_VERSION" != "false" ]; then \
     ( \
-        TERRAFORM_DOCS_RELEASES="https://api.github.com/repos/terraform-docs/terraform-docs/releases" && \
+    TERRAFORM_DOCS_RELEASES="https://api.github.com/repos/terraform-docs/terraform-docs/releases" && \
-        [ "$TERRAFORM_DOCS_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \
+    [ "$TERRAFORM_DOCS_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES}/latest | grep -o -E -m 1 "https://.+?-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \
-        || curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES} | grep -o -E "https://.+?v${TERRAFORM_DOCS_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \
+    || curl -L "$(curl -s ${TERRAFORM_DOCS_RELEASES} | grep -o -E "https://.+?v${TERRAFORM_DOCS_VERSION}-${TARGETOS}-${TARGETARCH}.tar.gz")" > terraform-docs.tgz \
     ) && tar -xzf terraform-docs.tgz terraform-docs && rm terraform-docs.tgz && chmod +x terraform-docs \
     ; fi
 
@@ -97,9 +97,9 @@ RUN . /.env && \
 RUN . /.env \
     && if [ "$TERRAGRUNT_VERSION" != "false" ]; then \
     ( \
-        TERRAGRUNT_RELEASES="https://api.github.com/repos/gruntwork-io/terragrunt/releases" && \
+    TERRAGRUNT_RELEASES="https://api.github.com/repos/gruntwork-io/terragrunt/releases" && \
-        [ "$TERRAGRUNT_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAGRUNT_RELEASES}/latest | grep -o -E -m 1 "https://.+?/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \
+    [ "$TERRAGRUNT_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRAGRUNT_RELEASES}/latest | grep -o -E -m 1 "https://.+?/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \
-        || curl -L "$(curl -s ${TERRAGRUNT_RELEASES} | grep -o -E -m 1 "https://.+?v${TERRAGRUNT_VERSION}/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \
+    || curl -L "$(curl -s ${TERRAGRUNT_RELEASES} | grep -o -E -m 1 "https://.+?v${TERRAGRUNT_VERSION}/terragrunt_${TARGETOS}_${TARGETARCH}")" > terragrunt \
     ) && chmod +x terragrunt \
     ; fi
 
@@ -111,9 +111,9 @@ RUN . /.env && \
     # Convert the first letter to Uppercase
     OS="$(echo ${TARGETOS} | cut -c1 | tr '[:lower:]' '[:upper:]' | xargs echo -n; echo ${TARGETOS} | cut -c2-)"; \
     ( \
-        TERRASCAN_RELEASES="https://api.github.com/repos/tenable/terrascan/releases" && \
+    TERRASCAN_RELEASES="https://api.github.com/repos/tenable/terrascan/releases" && \
-        [ "$TERRASCAN_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRASCAN_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \
+    [ "$TERRASCAN_VERSION" = "latest" ] && curl -L "$(curl -s ${TERRASCAN_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \
-        || curl -L "$(curl -s ${TERRASCAN_RELEASES} | grep -o -E "https://.+?${TERRASCAN_VERSION}_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \
+    || curl -L "$(curl -s ${TERRASCAN_RELEASES} | grep -o -E "https://.+?${TERRASCAN_VERSION}_${OS}_${ARCH}.tar.gz")" > terrascan.tar.gz \
     ) && tar -xzf terrascan.tar.gz terrascan && rm terrascan.tar.gz && \
     ./terrascan init \
     ; fi
@@ -122,9 +122,9 @@ RUN . /.env && \
 RUN . /.env && \
     if [ "$TFLINT_VERSION" != "false" ]; then \
     ( \
-        TFLINT_RELEASES="https://api.github.com/repos/terraform-linters/tflint/releases" && \
+    TFLINT_RELEASES="https://api.github.com/repos/terraform-linters/tflint/releases" && \
-        [ "$TFLINT_VERSION" = "latest" ] && curl -L "$(curl -s ${TFLINT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \
+    [ "$TFLINT_VERSION" = "latest" ] && curl -L "$(curl -s ${TFLINT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \
-        || curl -L "$(curl -s ${TFLINT_RELEASES} | grep -o -E "https://.+?/v${TFLINT_VERSION}/tflint_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \
+    || curl -L "$(curl -s ${TFLINT_RELEASES} | grep -o -E "https://.+?/v${TFLINT_VERSION}/tflint_${TARGETOS}_${TARGETARCH}.zip")" > tflint.zip \
     ) && unzip tflint.zip && rm tflint.zip \
     ; fi
 
@@ -132,9 +132,9 @@ RUN . /.env && \
 RUN . /.env && \
     if [ "$TFSEC_VERSION" != "false" ]; then \
     ( \
-        TFSEC_RELEASES="https://api.github.com/repos/aquasecurity/tfsec/releases" && \
+    TFSEC_RELEASES="https://api.github.com/repos/aquasecurity/tfsec/releases" && \
-        [ "$TFSEC_VERSION" = "latest" ] && curl -L "$(curl -s ${TFSEC_RELEASES}/latest | grep -o -E -m 1 "https://.+?/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \
+    [ "$TFSEC_VERSION" = "latest" ] && curl -L "$(curl -s ${TFSEC_RELEASES}/latest | grep -o -E -m 1 "https://.+?/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \
-        || curl -L "$(curl -s ${TFSEC_RELEASES} | grep -o -E -m 1 "https://.+?v${TFSEC_VERSION}/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \
+    || curl -L "$(curl -s ${TFSEC_RELEASES} | grep -o -E -m 1 "https://.+?v${TFSEC_VERSION}/tfsec-${TARGETOS}-${TARGETARCH}")" > tfsec \
     ) && chmod +x tfsec \
     ; fi
 
@@ -143,9 +143,9 @@ RUN . /.env && \
     if [ "$TRIVY_VERSION" != "false" ]; then \
     if [ "$TARGETARCH" != "amd64" ]; then ARCH="$TARGETARCH"; else ARCH="64bit"; fi; \
     ( \
-        TRIVY_RELEASES="https://api.github.com/repos/aquasecurity/trivy/releases" && \
+    TRIVY_RELEASES="https://api.github.com/repos/aquasecurity/trivy/releases" && \
-        [ "$TRIVY_VERSION" = "latest" ] && curl -L "$(curl -s ${TRIVY_RELEASES}/latest | grep -o -E -i -m 1 "https://.+?/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \
+    [ "$TRIVY_VERSION" = "latest" ] && curl -L "$(curl -s ${TRIVY_RELEASES}/latest | grep -o -E -i -m 1 "https://.+?/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \
-        || curl -L "$(curl -s ${TRIVY_RELEASES} | grep -o -E -i -m 1 "https://.+?/v${TRIVY_VERSION}/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \
+    || curl -L "$(curl -s ${TRIVY_RELEASES} | grep -o -E -i -m 1 "https://.+?/v${TRIVY_VERSION}/trivy_.+?_${TARGETOS}-${ARCH}.tar.gz")" > trivy.tar.gz \
     ) && tar -xzf trivy.tar.gz trivy && rm trivy.tar.gz \
     ; fi
 
@@ -153,9 +153,9 @@ RUN . /.env && \
 RUN . /.env && \
     if [ "$TFUPDATE_VERSION" != "false" ]; then \
     ( \
-        TFUPDATE_RELEASES="https://api.github.com/repos/minamijoyo/tfupdate/releases" && \
+    TFUPDATE_RELEASES="https://api.github.com/repos/minamijoyo/tfupdate/releases" && \
-        [ "$TFUPDATE_VERSION" = "latest" ] && curl -L "$(curl -s ${TFUPDATE_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \
+    [ "$TFUPDATE_VERSION" = "latest" ] && curl -L "$(curl -s ${TFUPDATE_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \
-        || curl -L "$(curl -s ${TFUPDATE_RELEASES} | grep -o -E -m 1 "https://.+?${TFUPDATE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \
+    || curl -L "$(curl -s ${TFUPDATE_RELEASES} | grep -o -E -m 1 "https://.+?${TFUPDATE_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > tfupdate.tgz \
     ) && tar -xzf tfupdate.tgz tfupdate && rm tfupdate.tgz \
     ; fi
 
@@ -163,9 +163,9 @@ RUN . /.env && \
 RUN . /.env && \
     if [ "$HCLEDIT_VERSION" != "false" ]; then \
     ( \
-        HCLEDIT_RELEASES="https://api.github.com/repos/minamijoyo/hcledit/releases" && \
+    HCLEDIT_RELEASES="https://api.github.com/repos/minamijoyo/hcledit/releases" && \
-        [ "$HCLEDIT_VERSION" = "latest" ] && curl -L "$(curl -s ${HCLEDIT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \
+    [ "$HCLEDIT_VERSION" = "latest" ] && curl -L "$(curl -s ${HCLEDIT_RELEASES}/latest | grep -o -E -m 1 "https://.+?_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \
-        || curl -L "$(curl -s ${HCLEDIT_RELEASES} | grep -o -E -m 1 "https://.+?${HCLEDIT_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \
+    || curl -L "$(curl -s ${HCLEDIT_RELEASES} | grep -o -E -m 1 "https://.+?${HCLEDIT_VERSION}_${TARGETOS}_${TARGETARCH}.tar.gz")" > hcledit.tgz \
     ) && tar -xzf hcledit.tgz hcledit && rm hcledit.tgz \
     ; fi
 
@@ -208,8 +208,9 @@ COPY --from=builder \
     /usr/local/bin/pre-commit \
     # Hooks and terraform binaries
     /bin_dir/ \
+    /usr/bin/tofu \
     /usr/local/bin/checkov* \
-        /usr/bin/
+    /usr/bin/
 # Copy pre-commit packages
 COPY --from=builder /usr/local/lib/python3.12/site-packages/ /usr/local/lib/python3.12/site-packages/
 # Copy terrascan policies
@@ -217,10 +218,10 @@ COPY --from=builder /root/ /root/
 
 # Install hooks extra deps
 RUN if [ "$(grep -o '^terraform-docs SKIPPED$' /usr/bin/tools_versions_info)" = "" ]; then \
-        apk add --no-cache perl=~5 \
+    apk add --no-cache perl=~5 \
     ; fi && \
     if [ "$(grep -o '^infracost SKIPPED$' /usr/bin/tools_versions_info)" = "" ]; then \
-        apk add --no-cache jq=~1 \
+    apk add --no-cache jq=~1 \
     ; fi && \
     # Fix git runtime fatal:
     # unsafe repository ('/lint' is owned by someone else)
@@ -234,3 +235,4 @@ ENV INFRACOST_API_KEY=${INFRACOST_API_KEY:-}
 ENV INFRACOST_SKIP_UPDATE_CHECK=${INFRACOST_SKIP_UPDATE_CHECK:-false}
 
 ENTRYPOINT [ "/entrypoint.sh" ]
+

LICENSE

@@ -1,5 +1,5 @@
-Copyright (c) 2017 Anton Babenko
+Copyright (c) 2017 Anton Babenko, https://github.com/antonbabenko/pre-commit-terraform
-Copyright (c) 2024 ttofuutils authors
+Copyright (c) 2024 tofuutils authors
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

README.md

@@ -1,6 +1,6 @@
 # Collection of git hooks for OpenTofu to be used with [pre-commit framework](http://pre-commit.com/)
 
-[![Github tag](https://img.shields.io/github/tag/tofuutils/pre-commit-opentofu.svg)](https://github.com/tofuutils/pre-commit-opentofu/releases) ![maintenance status](https://img.shields.io/maintenance/yes/2023.svg) [![Help Contribute to Open Source](https://www.codetriage.com/tofuutils/pre-commit-opentofu/badges/users.svg)](https://www.codetriage.com/tofuutils/pre-commit-opentofu)
+[![Github tag](https://img.shields.io/github/tag/tofuutils/pre-commit-opentofu.svg)](https://github.com/tofuutils/pre-commit-opentofu/releases) ![maintenance status](https://img.shields.io/maintenance/yes/2024.svg) [![Help Contribute to Open Source](https://www.codetriage.com/tofuutils/pre-commit-opentofu/badges/users.svg)](https://www.codetriage.com/tofuutils/pre-commit-opentofu)
 
 Want to contribute? Check [open issues](https://github.com/tofuutils/pre-commit-opentofu/issues?q=label%3A%22good+first+issue%22+is%3Aopen+sort%3Aupdated-desc) and [contributing notes](/.github/CONTRIBUTING.md).
 
@@ -10,7 +10,6 @@ If you are using `pre-commit-opentofu` already or want to support its developmen
 
 ## Table of content
 
-* [Sponsors](#sponsors)
 * [Table of content](#table-of-content)
 * [How to install](#how-to-install)
   * [1. Install dependencies](#1-install-dependencies)
@@ -49,7 +48,7 @@ If you are using `pre-commit-opentofu` already or want to support its developmen
 <!-- markdownlint-disable no-inline-html -->
 
 * [`pre-commit`](https://pre-commit.com/#install),
-  <sub><sup>[`terraform`](https://www.terraform.io/downloads.html),
+  <sub><sup>[`opentofu`](https://opentofu.org/docs/intro/install/),
   <sub><sup>[`git`](https://git-scm.com/downloads),
   <sub><sup>POSIX compatible shell,
   <sub><sup>Internet connection (on first run),
@@ -59,17 +58,17 @@ If you are using `pre-commit-opentofu` already or want to support its developmen
   <sub><sup>Some basic physical laws,
   <sub><sup>Hope that it all will work.
   </sup></sub></sup></sub></sup></sub></sup></sub></sup></sub></sup></sub></sup></sub></sup></sub></sup></sub><br><br>
-* [`checkov`](https://github.com/bridgecrewio/checkov) required for `terraform_checkov` hook.
+* [`checkov`](https://github.com/bridgecrewio/checkov) required for `tofu_checkov` hook.
-* [`terraform-docs`](https://github.com/terraform-docs/terraform-docs) required for `terraform_docs` hook.
+* [`terraform-docs`](https://github.com/terraform-docs/terraform-docs) required for `tofu_docs` hook.
 * [`terragrunt`](https://terragrunt.gruntwork.io/docs/getting-started/install/) required for `terragrunt_validate` hook.
 * [`terrascan`](https://github.com/tenable/terrascan) required for `terrascan` hook.
-* [`TFLint`](https://github.com/terraform-linters/tflint) required for `terraform_tflint` hook.
+* [`TFLint`](https://github.com/terraform-linters/tflint) required for `tofu_tflint` hook.
-* [`TFSec`](https://github.com/liamg/tfsec) required for `terraform_tfsec` hook.
+* [`TFSec`](https://github.com/liamg/tfsec) required for `tofu_tfsec` hook.
-* [`Trivy`](https://github.com/aquasecurity/trivy) required for `terraform_trivy` hook.
+* [`Trivy`](https://github.com/aquasecurity/trivy) required for `tofu_trivy` hook.
 * [`infracost`](https://github.com/infracost/infracost) required for `infracost_breakdown` hook.
 * [`jq`](https://github.com/stedolan/jq) required for `tofu_validate` with `--retry-once-with-cleanup` flag, and for `infracost_breakdown` hook.
 * [`tfupdate`](https://github.com/minamijoyo/tfupdate) required for `tfupdate` hook.
-* [`hcledit`](https://github.com/minamijoyo/hcledit) required for `terraform_wrapper_module_for_each` hook.
+* [`hcledit`](https://github.com/minamijoyo/hcledit) required for `tofu_wrapper_module_for_each` hook.
 
 <details><summary><b>Docker</b></summary><br>
 
@@ -77,7 +76,7 @@ If you are using `pre-commit-opentofu` already or want to support its developmen
 
 ```bash
 TAG=latest
-docker pull ghcr.io/tofuutils/pre-commit-opentofu:$TAG
+docker pull tofuutils/pre-commit-opentofu:$TAG
 ```
 
 All available tags [here](https://github.com/tofuutils/pre-commit-opentofu/pkgs/container/pre-commit-opentofu/versions).
@@ -87,7 +86,7 @@ All available tags [here](https://github.com/tofuutils/pre-commit-opentofu/pkgs/
 > **Note**: To build image you need to have [`docker buildx`](https://docs.docker.com/build/install-buildx/) enabled as default builder.  
 > Otherwise - provide `TARGETOS` and `TARGETARCH` as additional `--build-arg`'s to `docker build`.
 
-When hooks-related `--build-arg`s are not specified, only the latest version of `pre-commit` and `terraform` will be installed.
+When hooks-related `--build-arg`s are not specified, only the latest version of `pre-commit` and `opentofu` will be installed.
 
 ```bash
 git clone git@github.com:tofuutils/pre-commit-opentofu.git
@@ -173,6 +172,28 @@ curl -L "$(curl -s https://api.github.com/repos/minamijoyo/hcledit/releases/late
 
 </details>
 
+<details><summary><b>Ubuntu 22.04</b></summary><br>
+
+```bash
+sudo apt update
+sudo apt install -y unzip software-properties-common python3 python3-pip
+python3 -m pip install --upgrade pip
+pip3 install --no-cache-dir pre-commit
+pip3 install --no-cache-dir checkov
+curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E -m 1 "https://.+?-linux-amd64.tar.gz")" > terraform-docs.tgz && tar -xzf terraform-docs.tgz terraform-docs && rm terraform-docs.tgz && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/
+curl -L "$(curl -s https://api.github.com/repos/tenable/terrascan/releases/latest | grep -o -E -m 1 "https://.+?_Linux_x86_64.tar.gz")" > terrascan.tar.gz && tar -xzf terrascan.tar.gz terrascan && rm terrascan.tar.gz && sudo mv terrascan /usr/bin/ && terrascan init
+curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E -m 1 "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/
+curl -L "$(curl -s https://api.github.com/repos/aquasecurity/tfsec/releases/latest | grep -o -E -m 1 "https://.+?tfsec-linux-amd64")" > tfsec && chmod +x tfsec && sudo mv tfsec /usr/bin/
+curl -L "$(curl -s https://api.github.com/repos/aquasecurity/trivy/releases/latest | grep -o -E -i -m 1 "https://.+?/trivy_.+?_Linux-64bit.tar.gz")" > trivy.tar.gz && tar -xzf trivy.tar.gz trivy && rm trivy.tar.gz && sudo mv trivy /usr/bin
+sudo apt install -y jq && \
+curl -L "$(curl -s https://api.github.com/repos/infracost/infracost/releases/latest | grep -o -E -m 1 "https://.+?-linux-amd64.tar.gz")" > infracost.tgz && tar -xzf infracost.tgz && rm infracost.tgz && sudo mv infracost-linux-amd64 /usr/bin/infracost && infracost register
+curl -L "$(curl -s https://api.github.com/repos/minamijoyo/tfupdate/releases/latest | grep -o -E -m 1 "https://.+?_linux_amd64.tar.gz")" > tfupdate.tar.gz && tar -xzf tfupdate.tar.gz tfupdate && rm tfupdate.tar.gz && sudo mv tfupdate /usr/bin/
+curl -L "$(curl -s https://api.github.com/repos/minamijoyo/hcledit/releases/latest | grep -o -E -m 1 "https://.+?_linux_amd64.tar.gz")" > hcledit.tar.gz && tar -xzf hcledit.tar.gz hcledit && rm hcledit.tar.gz && sudo mv hcledit /usr/bin/
+```
+
+</details>
+
+
 <details><summary><b>Windows 10/11</b></summary>
 
 We highly recommend using [WSL/WSL2](https://docs.microsoft.com/en-us/windows/wsl/install) with Ubuntu and following the Ubuntu installation guide. Or use Docker.
@@ -235,39 +256,39 @@ Or, using Docker ([available tags](https://github.com/tofuutils/pre-commit-opent
 
 ```bash
 TAG=latest
-docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:$TAG run -a
+docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint tofuutils/pre-commit-opentofu:$TAG run -a
 ```
 
 Execute this command to list the versions of the tools in Docker:
 
 ```bash
 TAG=latest
-docker run --rm --entrypoint cat ghcr.io/tofuutils/pre-commit-opentofu:$TAG /usr/bin/tools_versions_info
+docker run --rm --entrypoint cat tofuutils/pre-commit-opentofu:$TAG /usr/bin/tools_versions_info
 ```
 
 ## Available Hooks
 
-There are several [pre-commit](https://pre-commit.com/) hooks to keep Terraform configurations (both `*.tf` and `*.tfvars`) and Terragrunt configurations (`*.hcl`) in a good shape:
+There are several [pre-commit](https://pre-commit.com/) hooks to keep OpenTofu configurations (both `*.tf` and `*.tfvars`) and Terragrunt configurations (`*.hcl`) in a good shape:
 
 <!-- markdownlint-disable no-inline-html -->
 | Hook name                                              | Description                                                                                                                                                                                                                                  | Dependencies<br><sup>[Install instructions here](#1-install-dependencies)</sup>      |
 | ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ |
 | `checkov` and `tofu_checkov`                      | [checkov](https://github.com/bridgecrewio/checkov) static analysis of OpenTofu templates to spot potential security issues. [Hook notes](#checkov-deprecated-and-tofu_checkov)                                                         | `checkov`<br>Ubuntu deps: `python3`, `python3-pip`                                   |
 | `infracost_breakdown`                                  | Check how much your infra costs with [infracost](https://github.com/infracost/infracost). [Hook notes](#infracost_breakdown)                                                                                                                 | `infracost`, `jq`, [Infracost API key](https://www.infracost.io/docs/#2-get-api-key) |
-| `terraform_docs`                                       | Inserts input and output documentation into `README.md`. Recommended. [Hook notes](#terraform_docs)                                                                                                                                          | `terraform-docs`                                                                     |
+| `tofu_docs`                                       | Inserts input and output documentation into `README.md`. Recommended. [Hook notes](#terraform_docs)                                                                                                                                          | `terraform-docs`                                                                     |
-| `terraform_docs_replace`                               | Runs `terraform-docs` and pipes the output directly to README.md. **DEPRECATED**, see [#248](https://github.com/tofuutils/pre-commit-opentofu/issues/248). [Hook notes](#terraform_docs_replace-deprecated)                              | `python3`, `terraform-docs`                                                          |
+| `tofu_docs_replace`                               | Runs `terraform-docs` and pipes the output directly to README.md. **DEPRECATED**. [Hook notes](#terraform_docs_replace-deprecated)                              | `python3`, `terraform-docs`                                                          |
-| `terraform_docs_without_`<br>`aggregate_type_defaults` | Inserts input and output documentation into `README.md` without aggregate type defaults. Hook notes same as for [terraform_docs](#terraform_docs)                                                                                            | `terraform-docs`                                                                     |
+| `tofu_docs_without_`<br>`aggregate_type_defaults` | Inserts input and output documentation into `README.md` without aggregate type defaults. Hook notes same as for [tofu_docs](#terraform_docs)                                                                                            | `tofu-docs`                                                                     |
-| `terraform_fmt`                                        | Reformat all Terraform configuration files to a canonical format. [Hook notes](#terraform_fmt)                                                                                                                                               | -                                                                                    |
+| `tofu_fmt`                                        | Reformat all OpenTofu configuration files to a canonical format. [Hook notes](#terraform_fmt)                                                                                                                                               | -                                                                                    |
-| `terraform_providers_lock`                             | Updates provider signatures in [dependency lock files](https://www.terraform.io/docs/cli/commands/providers/lock.html). [Hook notes](#terraform_providers_lock)                                                                              | -                                                                                    |
+| `tofu_providers_lock`                             | Updates provider signatures in [dependency lock files](https://www.terraform.io/docs/cli/commands/providers/lock.html). [Hook notes](#terraform_providers_lock)                                                                              | -                                                                                    |
-| `terraform_tflint`                                     | Validates all Terraform configuration files with [TFLint](https://github.com/terraform-linters/tflint). [Available TFLint rules](https://github.com/terraform-linters/tflint/tree/master/docs/rules#rules). [Hook notes](#terraform_tflint). | `tflint`                                                                             |
+| `tofu_tflint`                                     | Validates all OpenTofu configuration files with [TFLint](https://github.com/terraform-linters/tflint). [Available TFLint rules](https://github.com/terraform-linters/tflint/tree/master/docs/rules#rules). [Hook notes](#terraform_tflint). | `tflint`                                                                             |
-| `terraform_tfsec`                                      | [TFSec](https://github.com/aquasecurity/tfsec) static analysis of terraform templates to spot potential security issues. **DEPRECATED**, use `tofu_trivy`. [Hook notes](#terraform_tfsec-deprecated)                                   | `tfsec`                                                                              |
+| `tofu_tfsec`                                      | [TFSec](https://github.com/aquasecurity/tfsec) static analysis of terraform templates to spot potential security issues. **DEPRECATED**, use `tofu_trivy`. [Hook notes](#terraform_tfsec-deprecated)                                   | `tfsec`                                                                              |
-| `terraform_trivy`                                      | [Trivy](https://github.com/aquasecurity/trivy) static analysis of terraform templates to spot potential security issues. [Hook notes](#terraform_trivy)                                                                                      | `trivy`                                                                              |
+| `tofu_trivy`                                      | [Trivy](https://github.com/aquasecurity/trivy) static analysis of terraform templates to spot potential security issues. [Hook notes](#terraform_trivy)                                                                                      | `trivy`                                                                              |
 | `tofu_validate`                                   | Validates all Terraform configuration files. [Hook notes](#tofu_validate)                                                                                                                                                               | `jq`, only for `--retry-once-with-cleanup` flag                                      |
 | `terragrunt_fmt`                                       | Reformat all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`) to a canonical format.                                                                                                                   | `terragrunt`                                                                         |
 | `terragrunt_validate`                                  | Validates all [Terragrunt](https://github.com/gruntwork-io/terragrunt) configuration files (`*.hcl`)                                                                                                                                         | `terragrunt`                                                                         |
 | `tofu_wrapper_module_for_each`                    | Generates OpenTofu wrappers with `for_each` in module. [Hook notes](#terraform_wrapper_module_for_each)                                                                                                                                     | `hcledit`                                                                            |
 | `terrascan`                                            | [terrascan](https://github.com/tenable/terrascan) Detect compliance and security violations. [Hook notes](#terrascan)                                                                                                                        | `terrascan`                                                                          |
-| `tfupdate`                                             | [tfupdate](https://github.com/minamijoyo/tfupdate) Update version constraints of Terraform core, providers, and modules. [Hook notes](#tfupdate)                                                                                             | `tfupdate`                                                                           |
+| `tfupdate`                                             | [tfupdate](https://github.com/minamijoyo/tfupdate) Update version constraints of OpenTofu core, providers, and modules. [Hook notes](#tfupdate)                                                                                             | `tfupdate`                                                                           |
 <!-- markdownlint-enable no-inline-html -->
 
 Check the [source file](https://github.com/tofuutils/pre-commit-opentofu/blob/master/.pre-commit-hooks.yaml) to know arguments used for each hook.
@@ -276,7 +297,7 @@ Check the [source file](https://github.com/tofuutils/pre-commit-opentofu/blob/ma
 
 ### Known limitations
 
-OpenTOfu operates on a per-dir basis, while `pre-commit` framework only supports files and files that exist. This means if you only remove the TF-related file without any other changes in the same dir, checks will be skipped. Example and details [here](https://github.com/pre-commit/pre-commit/issues/3048).
+OpenTofu operates on a per-dir basis, while `pre-commit` framework only supports files and files that exist. This means if you only remove the TF-related file without any other changes in the same dir, checks will be skipped. Example and details [here](https://github.com/pre-commit/pre-commit/issues/3048).
 
 ### All hooks: Usage of environment variables in `--args`
 
@@ -350,17 +371,17 @@ For deprecated hook you need to specify each argument separately:
   ]
 ```
 
-2. When you have multiple directories and want to run `terraform_checkov` in all of them and share a single config file - use the `__GIT_WORKING_DIR__` placeholder. It will be replaced by `terraform_checkov` hooks with the Git working directory (repo root) at run time. For example:
+2. When you have multiple directories and want to run `tofu_checkov` in all of them and share a single config file - use the `__GIT_WORKING_DIR__` placeholder. It will be replaced by `tofu_checkov` hooks with the Git working directory (repo root) at run time. For example:
 
     ```yaml
-    - id: terraform_checkov
+    - id: tofu_checkov
       args:
         - --args=--config-file __GIT_WORKING_DIR__/.checkov.yml
     ```
 
 ### infracost_breakdown
 
-`infracost_breakdown` executes `infracost breakdown` command and compare the estimated costs with those specified in the hook-config. `infracost breakdown` parses Terraform HCL code, and calls Infracost Cloud Pricing API (remote version or [self-hosted version](https://www.infracost.io/docs/cloud_pricing_api/self_hosted)).
+`infracost_breakdown` executes `infracost breakdown` command and compare the estimated costs with those specified in the hook-config. `infracost breakdown` parses OpenTofu HCL code, and calls Infracost Cloud Pricing API (remote version or [self-hosted version](https://www.infracost.io/docs/cloud_pricing_api/self_hosted)).
 
 Unlike most other hooks, this hook triggers once if there are any changed files in the repository.
 
@@ -450,9 +471,9 @@ Unlike most other hooks, this hook triggers once if there are any changed files
     * You need to provide [Infracost API key](https://www.infracost.io/docs/integrations/environment_variables/#infracost_api_key) via `-e INFRACOST_API_KEY=<your token>`. By default, it is saved in `~/.config/infracost/credentials.yml`
     * Set `-e INFRACOST_SKIP_UPDATE_CHECK=true` to [skip the Infracost update check](https://www.infracost.io/docs/integrations/environment_variables/#infracost_skip_update_check) if you use this hook as part of your CI/CD pipeline.
 
-### terraform_docs
+### tofu_docs
 
-1. `tofu_docs` and `terraform_docs_without_aggregate_type_defaults` will insert/update documentation generated by [terraform-docs](https://github.com/terraform-docs/terraform-docs) framed by markers:
+1. `tofu_docs` and `tofu_docs_without_aggregate_type_defaults` will insert/update documentation generated by [terraform-docs](https://github.com/terraform-docs/terraform-docs) framed by markers:
 
     ```txt
     <!-- BEGINNING OF PRE-COMMIT-OPENTOFU DOCS HOOK -->
@@ -668,7 +689,7 @@ To replicate functionality in `tofu_docs` hook:
         - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
     ```
 
-3. By default, pre-commit-opentofu performs directory switching into the terraform modules for you. If you want to delgate the directory changing to the binary - this will allow tflint to determine the full paths for error/warning messages, rather than just module relative paths. *Note: this requires `tflint>=0.44.0`.* For example:
+3. By default, pre-commit-opentofu performs directory switching into the OpenTofu modules for you. If you want to delgate the directory changing to the binary - this will allow tflint to determine the full paths for error/warning messages, rather than just module relative paths. *Note: this requires `tflint>=0.44.0`.* For example:
 
     ```yaml
     - id: tofu_tflint
@@ -840,7 +861,7 @@ To replicate functionality in `tofu_docs` hook:
 
     **Warning**: If you use OpenTofu workspaces, DO NOT use this option ([details](https://github.com/tofuutils/pre-commit-opentofu/issues/203#issuecomment-918791847)). Consider the first option, or wait for [`force-init`](https://github.com/tofuutils/pre-commit-opentofu/issues/224) option implementation.
 
-4. `tofu_validate` in a repo with TerrOpenTofuaform module, written using OpenTofu 1.6.0+ and which uses provider `configuration_aliases` ([Provider Aliases Within Modules](https://www.terraform.io/language/modules/develop/providers#provider-aliases-within-modules)), errors out.
+4. `tofu_validate` in a repo with OpenTofu module, written using OpenTofu 1.6.0+ and which uses provider `configuration_aliases` ([Provider Aliases Within Modules](https://www.terraform.io/language/modules/develop/providers#provider-aliases-within-modules)), errors out.
 
    When running the hook against OpenTofu code where you have provider `configuration_aliases` defined in a `required_providers` configuration block, OpenTofu will throw an error like:
 
@@ -976,7 +997,7 @@ The [recommended command](#4-run) to run the Docker container is:
 
 ```bash
 TAG=latest
-docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:$TAG run -a
+docker run -e "USERID=$(id -u):$(id -g)" -v $(pwd):/lint -w /lint tofuutils/pre-commit-opentofu:$TAG run -a
 ```
 
 which uses your current session's user ID and group ID to set the variable in the run command.  Without this setting, you may find files and directories owned by `root` in your local repository.
@@ -1020,7 +1041,7 @@ Finally, you can execute `docker run` with an additional volume mount so that th
 # run pre-commit-opentofu with docker
 # adding volume for .netrc file
 # .netrc needs to be in /root/ dir
-docker run --rm -e "USERID=$(id -u):$(id -g)" -v ~/.netrc:/root/.netrc -v $(pwd):/lint -w /lint ghcr.io/tofuutils/pre-commit-opentofu:latest run -a
+docker run --rm -e "USERID=$(id -u):$(id -g)" -v ~/.netrc:/root/.netrc -v $(pwd):/lint -w /lint tofuutils/pre-commit-opentofu:latest run -a
 ```
 
 ## Authors

hooks/tofu_docs.sh

@@ -26,18 +26,17 @@ function main {
     ARGS[i]=${ARGS[i]/--config=/--config=$(pwd)\/}
   done
   # shellcheck disable=SC2153 # False positive
-  terraform_docs_ "${HOOK_CONFIG[*]}" "${ARGS[*]}" "${FILES[@]}"
+  tofu_check_ "${HOOK_CONFIG[*]}" "${ARGS[*]}" "${FILES[@]}"
 }
 
 #######################################################################
-# TODO Function which prepares hacks for old versions of `terraform` and
+# TODO Function which checks `terraform-docs` exists
-# `terraform-docs` that them call `terraform_docs`
 # Arguments:
 #   hook_config (string with array) arguments that configure hook behavior
 #   args (string with array) arguments that configure wrapped tool behavior
 #   files (array) filenames to check
 #######################################################################
-function tofu_docs_ {
+function tofu_check_ {
   local -r hook_config="$1"
   local -r args="$2"
   shift 2
@@ -46,40 +45,12 @@ function tofu_docs_ {
   # Get hook settings
   IFS=";" read -r -a configs <<< "$hook_config"
 
-  local hack_tofu_docs
-  hack_terraform_docs=$(tofu version | sed -n 1p | grep -c 0.12) || true
-
   if [[ ! $(command -v terraform-docs) ]]; then
-    echo "ERROR: terraform-docs is required by terraform_docs pre-commit hook but is not installed or in the system's PATH."
+    echo "ERROR: terraform-docs is required by tofu_docs pre-commit hook but is not installed or in the system's PATH."
     exit 1
   fi
 
-  local is_old_terraform_docs
+  tofu_docs "${configs[*]}" "${args[*]}" "${files[@]}"
-  is_old_terraform_docs=$(terraform-docs version | grep -o "v0.[1-7]\." | tail -1) || true
-
-  if [[ -z "$is_old_terraform_docs" ]]; then # Using terraform-docs 0.8+ (preferred)
-
-    terraform_docs "0" "${configs[*]}" "$args" "${files[@]}"
-
-  elif [[ "$hack_terraform_docs" == "1" ]]; then # Using awk script because terraform-docs is older than 0.8 and terraform 0.12 is used
-
-    if [[ ! $(command -v awk) ]]; then
-      # TODO: pls check it
-      echo "ERROR: awk is required for terraform-docs hack to work with Terraform 0.12."
-      exit 1
-    fi
-
-    local tmp_file_awk
-    tmp_file_awk=$(mktemp "${TMPDIR:-/tmp}/tofu-docs-XXXXXXXXXX")
-    tofu_docs_awk "$tmp_file_awk"
-    tofu_docs "$tmp_file_awk" "${configs[*]}" "$args" "${files[@]}"
-    rm -f "$tmp_file_awk"
-
-  else # Using terraform 0.11 and no awk script is needed for that
-    # TODO: should be deleted for OpenTofu.
-    tofu_docs "0" "${configs[*]}" "$args" "${files[@]}"
-
-  fi
 }
 
 #######################################################################
@@ -87,18 +58,14 @@ function tofu_docs_ {
 # (depends on provided hook_config) OpenTofu documentation in
 # markdown format
 # Arguments:
-#   terraform_docs_awk_file (string) filename where awk hack for old
-#     `terraform-docs` was written. Needed for TF 0.12+.
-#     Hack skipped when `tofu_docs_awk_file == "0"`
 #   hook_config (string with array) arguments that configure hook behavior
 #   args (string with array) arguments that configure wrapped tool behavior
 #   files (array) filenames to check
 #######################################################################
 function tofu_docs {
-  local -r tofu_docs_awk_file="$1"
+  local -r hook_config="$1"
-  local -r hook_config="$2"
+  local -r args="$2"
-  local args="$3"
+  shift 2
-  shift 3
   local -a -r files=("$@")
 
   local -a paths
@@ -188,7 +155,7 @@ function tofu_docs {
     #
     if $create_if_not_exist && [[ ! -f "$text_file" ]]; then
       dir_have_tf_files="$(
-        find . -maxdepth 1 -type f | sed 's|.*\.||' | sort -u | grep -oE '^tf$|^tfvars$' ||
+        find . -maxdepth 1 -type f | sed 's|.*\.||' | sort -u | grep -oE '^tofu|^tf$|^tfvars$' ||
           exit 0
       )"
 
@@ -224,22 +191,8 @@ function tofu_docs {
       fi
     fi
 
-    if [[ "$terraform_docs_awk_file" == "0" ]]; then
+    # shellcheck disable=SC2086
-      # shellcheck disable=SC2086
+    terraform-docs $tf_docs_formatter $args ./ > "$tmp_file"
-      terraform-docs $tf_docs_formatter $args ./ > "$tmp_file"
-    else
-      # Can't append extension for mktemp, so renaming instead
-      local tmp_file_docs
-      tmp_file_docs=$(mktemp "${TMPDIR:-/tmp}/tofu-docs-XXXXXXXXXX")
-      mv "$tmp_file_docs" "$tmp_file_docs.tf"
-      local tmp_file_docs_tf
-      tmp_file_docs_tf="$tmp_file_docs.tf"
-
-      awk -f "$terraform_docs_awk_file" ./*.tf > "$tmp_file_docs_tf"
-      # shellcheck disable=SC2086
-      terraform-docs $tf_docs_formatter $args "$tmp_file_docs_tf" > "$tmp_file"
-      rm -f "$tmp_file_docs_tf"
-    fi
 
     # Use of insertion markers to insert the terraform-docs output between the markers
     # Replace content between markers with the placeholder - https://stackoverflow.com/questions/1212799/how-do-i-extract-lines-between-two-line-delimiters-in-perl#1212834
@@ -258,169 +211,4 @@ function tofu_docs {
   rm -f "$config_file_no_color"
 }
 
-#######################################################################
-# Function which creates file with `awk` hacks for old versions of
-# `terraform-docs`
-# Arguments:
-#   output_file (string) filename where hack will be written to
-#######################################################################
-function tofu_docs_awk {
-  local -r output_file=$1
-
-  cat << "EOF" > "$output_file"
-# This script converts Terraform 0.12 variables/outputs to something suitable for `terraform-docs`
-# As of terraform-docs v0.6.0, HCL2 is not supported. This script is a *dirty hack* to get around it.
-# https://github.com/terraform-docs/terraform-docs/
-# https://github.com/terraform-docs/terraform-docs/issues/62
-# Script was originally found here: https://github.com/cloudposse/build-harness/blob/master/bin/terraform-docs.awk
-{
-  if ( $0 ~ /\{/ ) {
-    braceCnt++
-  }
-  if ( $0 ~ /\}/ ) {
-    braceCnt--
-  }
-  # ----------------------------------------------------------------------------------------------
-  # variable|output "..." {
-  # ----------------------------------------------------------------------------------------------
-  # [END] variable/output block
-  if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
-    if (braceCnt == 0 && blockCnt > 0) {
-      blockCnt--
-      print $0
-    }
-  }
-  # [START] variable or output block started
-  if ($0 ~ /^[[:space:]]*(variable|output)[[:space:]][[:space:]]*"(.*?)"/) {
-    # Normalize the braceCnt and block (should be 1 now)
-    braceCnt = 1
-    blockCnt = 1
-    # [CLOSE] "default" and "type" block
-    blockDefaultCnt = 0
-    blockTypeCnt = 0
-    # Print variable|output line
-    print $0
-  }
-  # ----------------------------------------------------------------------------------------------
-  # default = ...
-  # ----------------------------------------------------------------------------------------------
-  # [END] multiline "default" continues/ends
-  if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt > 0) {
-      print $0
-      # Count opening blocks
-      blockDefaultCnt += gsub(/\(/, "")
-      blockDefaultCnt += gsub(/\[/, "")
-      blockDefaultCnt += gsub(/\{/, "")
-      # Count closing blocks
-      blockDefaultCnt -= gsub(/\)/, "")
-      blockDefaultCnt -= gsub(/\]/, "")
-      blockDefaultCnt -= gsub(/\}/, "")
-  }
-  # [START] multiline "default" statement started
-  if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
-    if ($0 ~ /^[[:space:]][[:space:]]*(default)[[:space:]][[:space:]]*=/) {
-      if ($3 ~ "null") {
-        print "  default = \"null\""
-      } else {
-        print $0
-        # Count opening blocks
-        blockDefaultCnt += gsub(/\(/, "")
-        blockDefaultCnt += gsub(/\[/, "")
-        blockDefaultCnt += gsub(/\{/, "")
-        # Count closing blocks
-        blockDefaultCnt -= gsub(/\)/, "")
-        blockDefaultCnt -= gsub(/\]/, "")
-        blockDefaultCnt -= gsub(/\}/, "")
-      }
-    }
-  }
-  # ----------------------------------------------------------------------------------------------
-  # type  = ...
-  # ----------------------------------------------------------------------------------------------
-  # [END] multiline "type" continues/ends
-  if (blockCnt > 0 && blockTypeCnt > 0 && blockDefaultCnt == 0) {
-    # The following 'print $0' would print multiline type definitions
-    #print $0
-    # Count opening blocks
-    blockTypeCnt += gsub(/\(/, "")
-    blockTypeCnt += gsub(/\[/, "")
-    blockTypeCnt += gsub(/\{/, "")
-    # Count closing blocks
-    blockTypeCnt -= gsub(/\)/, "")
-    blockTypeCnt -= gsub(/\]/, "")
-    blockTypeCnt -= gsub(/\}/, "")
-  }
-  # [START] multiline "type" statement started
-  if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
-    if ($0 ~ /^[[:space:]][[:space:]]*(type)[[:space:]][[:space:]]*=/ ) {
-      if ($3 ~ "object") {
-        print "  type = \"object\""
-      } else {
-        # Convert multiline stuff into single line
-        if ($3 ~ /^[[:space:]]*list[[:space:]]*\([[:space:]]*$/) {
-          type = "list"
-        } else if ($3 ~ /^[[:space:]]*string[[:space:]]*\([[:space:]]*$/) {
-          type = "string"
-        } else if ($3 ~ /^[[:space:]]*map[[:space:]]*\([[:space:]]*$/) {
-          type = "map"
-        } else {
-          type = $3
-        }
-        # legacy quoted types: "string", "list", and "map"
-        if (type ~ /^[[:space:]]*"(.*?)"[[:space:]]*$/) {
-          print "  type = " type
-        } else {
-          print "  type = \"" type "\""
-        }
-      }
-      # Count opening blocks
-      blockTypeCnt += gsub(/\(/, "")
-      blockTypeCnt += gsub(/\[/, "")
-      blockTypeCnt += gsub(/\{/, "")
-      # Count closing blocks
-      blockTypeCnt -= gsub(/\)/, "")
-      blockTypeCnt -= gsub(/\]/, "")
-      blockTypeCnt -= gsub(/\}/, "")
-    }
-  }
-  # ----------------------------------------------------------------------------------------------
-  # description = ...
-  # ----------------------------------------------------------------------------------------------
-  # [PRINT] single line "description"
-  if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
-    if ($0 ~ /^[[:space:]][[:space:]]*description[[:space:]][[:space:]]*=/) {
-      print $0
-    }
-  }
-  # ----------------------------------------------------------------------------------------------
-  # value = ...
-  # ----------------------------------------------------------------------------------------------
-  ## [PRINT] single line "value"
-  #if (blockCnt > 0 && blockTypeCnt == 0 && blockDefaultCnt == 0) {
-  #  if ($0 ~ /^[[:space:]][[:space:]]*value[[:space:]][[:space:]]*=/) {
-  #    print $0
-  #  }
-  #}
-  # ----------------------------------------------------------------------------------------------
-  # Newlines, comments, everything else
-  # ----------------------------------------------------------------------------------------------
-  #if (blockTypeCnt == 0 && blockDefaultCnt == 0) {
-  # Comments with '#'
-  if ($0 ~ /^[[:space:]]*#/) {
-    print $0
-  }
-  # Comments with '//'
-  if ($0 ~ /^[[:space:]]*\/\//) {
-    print $0
-  }
-  # Newlines
-  if ($0 ~ /^[[:space:]]*$/) {
-    print $0
-  }
-  #}
-}
-EOF
-
-}
-
 [ "${BASH_SOURCE[0]}" != "$0" ] || main "$@"

hooks/tofu_docs_replace.py

@@ -7,30 +7,41 @@ import sys
 def main(argv=None):
     parser = argparse.ArgumentParser(
         description="""Run terraform-docs on a set of files. Follows the standard convention of
-                       pulling the documentation from main.tf in order to replace the entire
+                       pulling the documentation from main.(tf|tofu) in order to replace the entire
                        README.md file each time."""
     )
     parser.add_argument(
-        '--dest', dest='dest', default='README.md',
+        "--dest",
+        dest="dest",
+        default="README.md",
     )
     parser.add_argument(
-        '--sort-inputs-by-required', dest='sort', action='store_true',
+        "--sort-inputs-by-required",
-        help='[deprecated] use --sort-by-required instead',
+        dest="sort",
+        action="store_true",
+        help="[deprecated] use --sort-by-required instead",
     )
     parser.add_argument(
-        '--sort-by-required', dest='sort', action='store_true',
+        "--sort-by-required",
+        dest="sort",
+        action="store_true",
     )
     parser.add_argument(
-        '--with-aggregate-type-defaults', dest='aggregate', action='store_true',
+        "--with-aggregate-type-defaults",
-        help='[deprecated]',
+        dest="aggregate",
+        action="store_true",
+        help="[deprecated]",
     )
-    parser.add_argument('filenames', nargs='*', help='Filenames to check.')
+    parser.add_argument("filenames", nargs="*", help="Filenames to check.")
     args = parser.parse_args(argv)
 
     dirs = []
     for filename in args.filenames:
-        if (os.path.realpath(filename) not in dirs and
+        if os.path.realpath(filename) not in dirs and (
-                (filename.endswith(".tf") or filename.endswith(".tfvars"))):
+            filename.endswith(".tf")
+            or filename.endswith(".tofu")
+            or filename.endswith(".tfvars")
+        ):
             dirs.append(os.path.dirname(filename))
 
     retval = 0
@@ -38,12 +49,12 @@ def main(argv=None):
     for dir in dirs:
         try:
             procArgs = []
-            procArgs.append('terraform-docs')
+            procArgs.append("terraform-docs")
             if args.sort:
-                procArgs.append('--sort-by-required')
+                procArgs.append("--sort-by-required")
-            procArgs.append('md')
+            procArgs.append("md")
             procArgs.append("./{dir}".format(dir=dir))
-            procArgs.append('>')
+            procArgs.append(">")
             procArgs.append("./{dir}/{dest}".format(dir=dir, dest=args.dest))
             subprocess.check_call(" ".join(procArgs), shell=True)
         except subprocess.CalledProcessError as e:
@@ -52,5 +63,5 @@ def main(argv=None):
     return retval
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     sys.exit(main())

hooks/tofu_providers_lock.sh

@@ -134,7 +134,7 @@ function per_dir_hook_unique_part {
   # TODO: Remove in 2.0
   if [ ! "$mode" ]; then
     common::colorify "yellow" "DEPRECATION NOTICE: We introduced '--mode' flag for this hook.
-Check migration instructions at https://github.com/tofuutils/pre-commit-opentofu#terraform_providers_lock
+Check migration instructions at https://github.com/tofuutils/pre-commit-opentofu#tofu_providers_lock
 "
     common::tofu_init 'OpenTofu providers lock' "$dir_path" || {
       exit_code=$?

hooks/tofu_tfsec.sh

@@ -23,7 +23,7 @@ function main {
   fi
 
   common::colorify "yellow" "tfsec tool was deprecated, and replaced by trivy. You can check trivy hook here:"
-  common::colorify "yellow" "https://github.com/tofuutils/pre-commit-opentofu/tree/master#terraform_trivy"
+  common::colorify "yellow" "https://github.com/tofuutils/pre-commit-opentofu/tree/master#tofu_trivy"
 
   common::per_dir_hook "$HOOK_ID" "${#ARGS[@]}" "${ARGS[@]}" "${FILES[@]}"
 }

hooks/tofu_validate.sh

@@ -111,7 +111,7 @@ function per_dir_hook_unique_part {
     esac
   done
 
-  # First try `terratofuform validate` with the hope that all deps are
+  # First try `tofu validate` with the hope that all deps are
   # pre-installed. That is needed for cases when `.terraform/modules`
   # or `.terraform/providers` missed AND that is expected.
   tofu validate "${args[@]}" &> /dev/null && {

hooks/tofu_wrapper_module_for_each.sh

@@ -312,10 +312,10 @@ EOF
 
     # Read content of all OpenTofu files
     # shellcheck disable=SC2207
-    all_tf_content=$(find "${full_module_dir}" -name '*.tf' -maxdepth 1 -type f -exec cat {} +)
+    all_tf_content=$(find "${full_module_dir}" -regex '.*\.(tf|tofu)' -maxdepth 1 -type f -exec cat {} +)
 
     if [[ ! $all_tf_content ]]; then
-      common::colorify "yellow" "Skipping ${full_module_dir} because there are no *.tf files."
+      common::colorify "yellow" "Skipping ${full_module_dir} because there are no *.(tf|tofu) files."
       continue
     fi